defensive-approach-to-malware-attacks Reading Time: 4 minutes


It’s a mad, mad, mad, malware world. The good news is that the number of malware attacks is decreasing. The bad news is that malware forms are proliferating, attackers are getting smarter, and companies are still vulnerable.

Just how bad is the problem? The answer is: very. While known threats are largely preventable, more than 350,000 new instances of malware are unleashed daily.

Previously, IT teams have tried to educate workforces not to open phishing emails and click on malicious links. Those emails have gotten better than ever, as hackers spoof global brands like PayPal, Google, LinkedIn and Microsoft, lowering employee defenses. In addition, IT teams must manage other threats such as mobile ransomware, Trojans, bot attacks, formjacking, cryptomining and PowerShell attacks.

Nation-states are among the most virulent of attackers, because they can invest millions of dollars in attacks and play the long game. As a recent example, North Korean hackers attacked the computer networks of more than 100 companies in the U.S. and around the globe as President Donald Trump met with North Korean leader Kim-Jong-un in Hanoi in February 2019 to discuss nuclear disarmament.

IT teams operate on the front lines of cyber warfare

So what should companies do?

The current wisdom goes something like this: Companies should put up their best defense by running enterprise security, malware protection and endpoint security programs. These programs run on a “Default Allow” platform, giving unknown files free access to endpoints. With a “Default Allow” platform if a solution cannot detect the bad indicators it was told to look for, it assumes the file is good and allows it to run.

It’s easy to see where this goes: New or uncategorized forms of malware get a fast pass to company networks and spread. Then the burden shifts to detection. IT teams work continuously to identify penetrations by new forms of malware.

Despite those efforts, post-breach analysis shows that increasingly sophisticated malware attacks can often go undetected for months or even years, giving hackers all the time they need to steal data and monitor corporate decisions.

Once an incident has been detected, IT teams are on the clock to determine the attack’s origin, intent and severity. Their efforts turn to response, threat hunting and remediation, tracking down threats and removing them endpoint by endpoint, server by server, incident by incident.

How a defensive approach harms enterprise security

This approach can compromise networks while exhausting IT teams. And it’s simply not scalable: There is no way reactive human effort can meet the challenge of exploding threats, proliferating endpoints and soon—weaponized AI.

Here are some statistics from TechBeacon that prove the limitations of a “Keep out the bad files blocking approach:”

  • A staggering 1,946,181,599 records containing personal and other sensitive data were compromised between Jan. 1, 2017, and March 20, 2018.
  • 75% of data breaches were caused by external attackers.
  • It takes an average of 191 days for organizations to identify a data breach.
  • It took IT teams an average of 66 days to contain a data breach in 2017.

Take an offensive approach to managing malware

What if you could take a “default deny” approach to security without harming the user experience and workforce productivity?

Advanced endpoint protection (AEP) platforms backed up by a cloud-based analysis system can do just that. AEP provides anti-virus scanning and auto-containment of unknown executables. Known good files run unhindered, known bad files are blocked automatically and unknown files that can potentially cause harm are trapped in a lightweight virtual container. Users can continue working uninterrupted, but that container prevents anything bad from happening or spreading.

At the same time, the unknown executable is sent to the cloud for real-time verdicting using advanced AI and machine learning technologies combined with humans in the loop for advanced analysis of the complex processes normally found in new malware. Once the file is analyzed, it is either added to the known good list or the known bad list. If it is bad, the AEP is alerted and the already contained process is terminated without any harm to the endpoint or spread through the network having taken place.

Rendering a verdict on unknown files takes approximately 45 seconds. However, users are still able to access and use them for work in the container technology, making the verdicting process invisible to employees.

AEP helps protect your business in an era of constant attacks

If you haven’t deployed an AEP backed up by a cloud-based verdicting platform, you should. Preventing the damage on the endpoint without signatures or previously trained algorithms that look for bad indicators is the only way to ensure your data and assets are safe from new attacks. At organizations today, endpoints are proliferating, and they are an easy access point for cyber attackers.

AEP platforms and online file verdicting help enable mobile workforces while protecting your devices, systems and data from attackers. Your business can grow and scale, without worries that you are increasing online gaps and risks.

Why online file verdicting is essential in the digital era

As your business becomes ever more digital, you’re likely interacting with more partners and customers and exchanging more data than ever. Thus, it’s almost certain that your organization will receive more unknown files with each passing year.

Fortunately, online verdicting is up to the challenge. Crowd-sourced platforms like Comodo’s Valkyrie platform get better and better with every submission. Plus, with AI backed up by human security analysts in the loop, new complex malware can be identified and stopped before the endpoint or network is compromised. Once a file is identified as bad or safe, it is included in Comodo’s antivirus engine, allowing all organizations that use Comodo’s AEP platform to benefit equally from online file analysis.

Valkyrie processes over 200 million unknown file submissions each day, uncovering more than 300 million unknown files every year. Valkyrie uses both static and behavioral checks in order to identify those that are malicious. Because Valkyrie analyzes the entire run-time behavior of a file, it is more effective at detecting zero-day threats missed by the signature-based detection systems of classic antivirus products. Since even global brands get hit by zero-day threats, it’s best to detect them and stop them in their tracks before they create online carnage.

So what can you do to stop threats in their tracks? Here is your three point-plan for success.

  1. Learn about Comodo’s Advanced Endpoint Protection platform and how it can help protect your organization.
  2. Check out the power of Valkyrie. Simply enter your unknown file here and run the scan.
  3. Get a free threat analysis from Comodo. We’ll run 200 different breach testing factors on your organization’s LAN/Web or cloud-based services to evaluate your preparedness.

Get your free threat analysis today.

Related Resources

Cyber Security

Cyber Security Solutions

Virus Scan

Website Malware Scanner