One of the most iconic films has to be Casablanca, the Humphrey Bogart and Ingrid Bergman classic about a nightclub in North Africa. One of the most remembered lines (apart from the line that is not actually in the film, “play it again Sam”) has to be the comment from the corrupt policeman Captain Renault, played by Claude Rains, spoken in response to the commitment of a crime, “Round up the usual suspects”.
The irony is that in the movie Captain Renault says this as a way of avoiding actually doing any real police work (while it looks like he actually is).
In today’s digital world, we use a very similar approach, where detection of “known” malware is often seen as enough to protect systems. When you read reviews of security solutions, you will often see a measure of what percentage of known malware was detected.
In just the same way that the police only “rounding up usual suspects” after a crime is considered incomplete and ineffective, surely only protecting against malware that has already been detected is incomplete and ineffective as well.
Quite simply all malware starts its life as undetected new malware, and stays that way until it is “detected”, identified by a malware lab, analyzed and whitelisted or blacklisted, and then has its identity or “signature” distributed. All of which could take a considerable amount of time, sometimes days or weeks or more. Why should we consider it reasonable to allow any new, unknown file, that has not previously been found to be malware, unfettered access to all our digital goodies? The truth is quite simply that we should not.
Detection is definitely an important part of the process, but it must be combined with prevention of infection from new threats to provide a viable and complete security answer to the challenge of preventing all breaches and infections.
There are systems that do offer this level of security protection (known as default deny security posture), combining detection of known malware with prevention of infection technology to manage unknown malware such that it is never a true threat.
And there is a solution on the market that can do this without significant impact on system performance or employee usability. To find out more please visit https://enterprise.comodo.com and you may find that this is the beginning of a beautiful friendship.