“Virus! Trojan! MALWARE! Why didn’t my Anti-Virus protect me?”
To answer this question, we have to understand what makes a virus tick first…
A ‘virus’ is a category of malware — ‘malware’ is short for malicious software
To identify malicious code (or ‘malware’), traditional Anti-Virus (AV) solutions use signatures. Like a fingerprint, signatures contain a unique string of bits or binary patterns. Once this signature is identified by the AV Vendor, it is pushed out to the customers AV Endpoint in the form of signature updates. These are all the annoying update requests you are getting from your Anti-Virus Software. Make sure to apply them.
At this point you should ask yourself:
What if my AV doesn’t know all the signatures?
What if the signature was changed?
What if the malicious code is unknown or new?
The answer is pretty simple; you will not be protected against such malicious codes. It can only protect you against what is known.
Open House closed its doors with Next-Generation Endpoints
Next-Generation Endpoints doesn’t just have a fancy name, they are also very unique in tackling malicious codes: They analyze processes, changes and connections to find and remediate the malicious code. In other words, they look at behaviors and everything that is out of norm, and then conclude if it has malicious intent or not.
This allows Next-Gen Endpoints not to rely on the known anymore, but to protect you from the unknown.
Not having to know all these signatures, also allows for minute software that hardly uses any of your computer resources when running. (YAY! — Less “my computer is slow” tickets for your IT support staff.) Of course, no solution will protect you 100%, but Next-Gen Endpoints get you a step closer.
According to 2016 Verizon Breach Investigation Report, more than 60% of attacks didn’t use any malware but instead leveraged non-malware vulnerabilities. Yes, you heard right, non-malware attacks are a thing (this usually means they use weak, default or stolen credentials. So, stop clicking on things you don’t know). Most traditional AV’s are unable to prevent a majority of these attacks, but Next-Gen Endpoints claim to have found a solution by utilizing this behavior based prediction. They also claim to eliminate the threat of ransomware, which encrypts your files and makes them inaccessible until you pay ransom
What to look for in a Next-Gen Endpoint?
Blocking all threats before execution of the code. Cloud technology helps Next-Gen Endpoints to share information because “sharing is caring” (ironically also the slogan of websites where you can download the newest malwares from all over the world).
Identifying and preventing all advanced threats during the executions of the malicious code by prediction behaviors and outcome.
Your organization is vulnerable with a malicious code on the network until the threat is completely neutralized. A good response feature is to isolate the affected machine from your network. Some Next-Generation Endpoints even offer a rollback feature.
Being asked, “How did this happen?” from management. A good forensic tool that shows process sequences and answers the where, how and what. (Be aware, sometimes you need see the bigger picture and not just that one malicious code file.)
The Next-Generation Endpoint market is pretty new. They all claim to be better than the others.
The AV-Comparatives — Independent Tests of Anti-Virus Software — website www.av-comparatives.org claims that the protection rates are quite high compared to scores reached by conventional AV products. The truth is, none of them might be the best but they are all unique in their own ways. What is less unique is the pricing. For good reason, they are all a little more expensive than the traditional AV Solution. However, you need to decide if a higher risk vulnerability is something you can live with or if you sleep better by lowering your risk rate and spending a little more money.
-Lamar Schadler, IT Security Specialist – MITTERA