The proliferation of numerous recent successful attacks can be tied to an increasingly diverse and sophisticated threat landscape, and in most cases, these new techniques are designed to circumvent traditional technologies. We saw the WannaCry attack wreak havoc around the world and notably here in the UK with the NHS earlier this year, and this is just the latest manifestation of increasingly-sophisticated attacks perpetrated by a diverse range of groups. Together, these actors are creating and distributing new generations of threats, ranging from banking Trojans, ransomware attacks, data-stealing software and more.
A recent ESG survey found that 45 percent of IT professionals agreed that they will need to switch vendors to improve their endpoint security posture and better combat against modern threats. With security threats showing no sign of abating, and more and more large organisations suffering high-profile breaches, businesses are being forced to reevaluate their approach to cyber-attack prevention, detection, and mitigation and with this, move away from legacy AV technology.
Time to put antiquated technology in storage
Most traditional AV technologies still rely on a signature-based approach that can only identify known threats, making it fairly simple for attackers to bypass these by simply making small changes to malware in between signature updates. This effectively makes them invisible to established monitoring and detection systems, without the attacker having to invest time and resources in writing entirely new code. Moreover, traditional AV technology cannot detect fileless attacks, or techniques that use trusted Windows system tools like PowerShell to perform malicious actions. This leaves organisations vulnerable to an attack with no way of seeing it coming.
But if there is a single overarching shortcoming to traditional AV, it is that it takes a reactive approach, which is entirely unsuited to the constantly evolving threats that organisations face today. Traditional AV might be able to target yesterday's “known” threats, but it is powerless in the face of new attacks. What is needed is new technology, and a new, proactive approach to cyber-defence.
Out with the old, in with the new
To combat the latest generation of sophisticated malware requires an entirely new approach that utilises the latest behavioural-based AI/machine learning technologies. Modern approaches such as this seek to determine whether a file is malicious with no previous knowledge of the file. Through effectively trained algorithms and large amounts of big data, machine learning can offer complete protection against malware and malware-free attacks. This analysis is completed much faster than could be with human cognition.
Machine learning, behavioural analytics, and other emerging technologies are key to a successful prevention strategy, and they represent a new standard in endpoint security, one where more attacks are stopped and all attacks are identified and remediated more quickly.
Picking the right solution
It's clear that modern tools are vastly more capable of identifying and eliminating new threats compared with traditional AV, but technology must work hand-in-hand with the right processes and strategy to deliver the best possible protection.
First, an organisation must assess the maturity of their cyber-security efforts and determine where their network vulnerabilities lie. The best and fastest way of doing this is by conducting a compromise assessment – one that is based on the assumption that they have already been compromised.
Following the initial assessment, an organisation can determine the shortcomings of their current security and what exactly needs to be done to reduce its exposure to new cyber-attacks. But this risk assessment must be closely linked with an organisation's defined security goals, and it's important to resist the temptation to “rip and replace” existing security infrastructure without a clear understanding of the benefits you want to achieve. It goes without saying that any next-generation AV solution should provide better protection, better performance and be easier to implement. It should also create opportunities to eliminate complexity in a security architecture and consolidate endpoint agents.
It's more than likely that most organisations will have to refresh legacy security technology, in which case these companies should consider time-to-value and the ease of replacement. These are key considerations, as one of the main reasons why organisations delay adopting much-needed new security technologies is the fear of slowing down their systems and damaging their operational performance. Integration with other systems like security monitoring, analytics and orchestration solutions is also a critical factor in choosing the right solution. According to the same ESG study, lack of integration and automation between tools is one of the top three endpoint security challenges for organisations.
The first step in the never ending battle with hackers is to utilise the right tools, processes, technology and intelligence. By doing so, organisations can enhance their overall protection and take meaningful steps to prevent a breach and stay out of news headlines.
Contributed by Con Mallon, senior director of product marketing, CrowdStrike.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.