How to spot the critical signs that your Endpoint protection needs updating
November 20, 2018
Rob Collins, APAC Director of Pre-sales Systems Engineering at Cylance, shares some timely insight about endpoint protection.
Despite a new wave of endpoint protection (EPP) solutions available on the market to protect against code-based attacks, many organisations are still running outdated legacy solutions. The benefits of EPP solutions are there for all to see; but instead, organisations have become complacent. Most would rather take the easy option of renewing current contracts with out-of-date, and thus ineffective security. Organisations may assume that with this approach, systems are still being protected; however, this is certainly not the case and they must come to this realisation quickly, before it’s too late.
A key indicator it is time for an update is when the EPP solution is still using signature-based antivirus (AV). With hackers deploying extravagant attack methods on a daily basis, the lengthy process involved to test and roll out defences via signature-based technology means the organisation will always be two or three steps behind and ultimately left defenceless.
Another issue with signature-based AV is it has a limited capacity and so malware signatures are eventually dropped if they are considered to only exist in the research lab rather than ‘in the wild’. Unfortunately, old malware strains such as WannaCry have been detected on file servers by Next Generation AV despite it being over a year since its initial outbreak. In this instance, if security teams are measuring the number of machines with up-to-date signatures, the EPP needs to be updated. Moreover, with Next Generation AV, scanning is not required as the technology does not use signature detection.
So, is Endpoint Detect and Response (EDR) the answer? Within the cyber security industry, there are those that see EDR as the leading light to supplement current EPP offerings. Yet, there are two views towards an EDR approach. Some see it as needless layer of defence that will be utilised alongside the current legacy AV offering to help restrict the damage done by the malware. Others see EDR as a preventative solution that can give insight and analysis into how the malware attacked the endpoint. Either way, if faith is lost with the current EPP offering, and alternatives like application whitelisting, sandboxing, behaviour-based malware detection are being sought after, it is time to review the security currently in place.
Over the past few years, ransomware has certainly made the headlines and naturally, for all the wrong reasons. In 2017, the global attacks of WannaCry and NotPetya caused endless destruction to critical infrastructures and in 2018, ransomware still remains the top malware threat to organisations. These are strong indicators that legacy AV solutions are now obsolete, and businesses have caught onto this fact. Many have taken steps to improve backup processes, implement rollback software and application whitelisting to help improve the organisations response to a ransomware attack.
However, there are more subtle attacks like Remote Access Trojans (RATs), Keyloggers and Advanced Persistent Threats (APTs) that can go undetected and infiltrate an organisations system. Therefore, the security strategy going forward should be one that incorporates Next Generation solutions which can prevent ransomware, other advanced strains of malware and zero-day attacks.
Then there’s the well documented skills gap which businesses need to factor in. With there being a dearth of skilled security personnel, having technology that is efficient and requires minimal management is extremely desired. If you find your team having to continuously manage the AV solution, it is time to upgrade as Next Generation AV solutions allow security staff to be productive with their time and carry out more critical tasks like threat hunting.
Furthermore, organisations needn’t worry about having to update operating systems for fear that the AV solution would no longer be compatible. For example, it is well known that health services function on older operating systems. This is because budget is rightly allocated to saving lives. Still, much of the operational technology within hospitals are locked-in to using the operating systems that were first installed with no scope to upgrade. You only have to go back to the WannaCry attack to see the devastation the malware caused the outdated systems within the NHS in the UK. Thankfully, Next Generation AV is adaptive and can support older machines with older operating systems thus enabling the product to be fully protected.
‘Don’t delay, review today’ may sound like a cheesy salesman line, but it is no truer regarding endpoint protection. Organisations and security teams are being kept up at night, worrying about whether systems are adequately protected against the latest cyber threat. To put these concerns at rest, refrain from investing time and resources into additional layers of security as this will lead to compatibility issues and snail-paced performances for systems. If you want your security teams to be more productive, Next generation AV security will provide that as well as offer the desired levels of protection your organisation needs.
Almost a year on from the WannaCry ransomware attack, TEISS talks with Kevin Cunningham, Chief Strategy Officer and Co-Founder of SailPoint about cyber education, leadership and what it will take to change the …