Today’s businesses are spending more than ever before on cybersecurity solutions. But, all this spending is doing little to curtail the damage cybercrime is causing or to reduce companies’ vulnerability and risk. Worldwide spending on cybersecurity products and services exceeded $114 billion in 2018, and Gartner forecasts the market will grow at a vigorous 8.7% to reach $124 billion by the end of 2019. Yet, cybercrime is already estimated to cost global businesses more than $3 trillion per year, with annual losses predicted to increase to over $6 trillion by 2021. This makes it the fastest growing crime in the world, putting more money in criminals’ pockets than the global trade of all illegal drugs combined.
One thing is clear: what’s being done to protect businesses against cybercrime simply isn’t working. Leaders continue to rely on antiquated legacy tools and solutions. They continue to base decisions on outdated ways of thinking that are no longer adequate to secure today’s digitally transforming, borderless networks against tireless, well-resourced (often nation-state funded) attackers. Even the so-called “next gen” endpoint protection products fail to prevent 100% of attacks.
As long as we continue to evaluate systems and solutions with yesterday’s paradigms in mind, we can’t expect to turn the tide in the war against cybercrime. Instead, we need to adopt proactive approaches to security infrastructure design, to choosing technologies, and to endpoint protection.
Today’s IT environments are nothing like yesterday’s
Far too many decision-makers are still selecting cybersecurity technologies with legacy network architectures in mind. In the past, security gateways or firewalls were situated at the borders of a defined corporate network perimeter, and all traffic inside that perimeter was considered “trusted.” Employee desktop computers or workstations stayed behind in the office at the end of the workday and were accessible only to attackers who had breached the network or infiltrated the physical building itself.
Today’s information technology ecosystems are diverse and heterogeneous. Employees use mobile devices alongside their enterprise desktops, while those working from home access corporate resources via household wireless routers, and those working in the office check their personal email accounts on the company’s computers. Networks incorporate many combinations of devices in a wide array of disparate geographical locations. Their makeup is ever-changing as these devices connect and disconnect, and their shape amorphous.
We need security that can travel with data as it moves throughout this complex landscape. And, we need to shift our focus to securing endpoints, and especially end-user devices, since they’ve become the most attractive—and often, the softest—target for cybercriminals seeking to gain broader access to enterprise networks.
A Single Failure is Too Much
The earliest legacy endpoint protection platforms (EPP) detected malware using signature-based approaches. This means that they routinely scanned all files downloaded to or run on an endpoint device for those with hash values matching the signatures of known malware files. By design, none of these legacy solutions could stop 100% of malware. Each new threat had to be identified, cataloged, and added to the “known-malware” database before its signature could be detected. Any novel strain of malware in this system—no matter how dangerous—would be allowed to run, write to disk, and make changes to system files.
Criminals began bypassing signature-based anti-malware’s protections by packaging malicious software programs inside shape-shifting code. Polymorphic malware is designed to partially rewrite itself each time it executes so that subsequent iterations of the code won’t be recognized by signature-based detection methods. Experts say that as much as 94% of today’s malware is polymorphic in form.
To combat these more sophisticated threats, vendors now offer dynamic behavior-based endpoint protection solutions. These tools focus on detecting and investigating suspicious or malicious activities performed on endpoints so as to restrict malware from accessing the broader network. The file in question is allowed to execute, and if it attempts to perform an action that’s abnormal or unauthorized, like installing a rootkit or disabling a security control, it’s flagged as potentially malicious.
The problem with this approach is it remains reactive in nature. Once the file has been permitted to execute in the endpoint environment, it has been given the power to cause damage. And, today’s more sophisticated strains of malware are programmed to search for and bypass any behavior-based detection methods they find immediately upon execution. Or attackers may hide their malicious intentions in code that issues seemingly benign instructions initially while allowing them to return and install a backdoor to gain network access at a later time.
Even vendors advertising “advanced” or “next-gen” endpoint protection offerings cannot guarantee that they’ll stop all attacks. Though artificial intelligence- and machine learning-based approaches are gaining popularity, media attention, and market share, these technologies simply haven’t yet involved to the point of being foolproof. In rule-based approaches, algorithms are trained to look for file characteristics that are statistically similar to features of known malicious code. This takes time and requires large data sets. Meanwhile, attackers identify new targets, invent new tactics, and code new files every day—all while themselves using machine learning to identify vulnerabilities in systems and commercial software.
But given the scale and volume of today’s cyber attacks, all approaches that aren’t foolproof are doomed to eventual failure. And one single failure is all it takes for your environment to be compromised, your customers’ confidential data to be breached, your reputation to be damaged, and your costs and losses to skyrocket.
We must protect every endpoint, all the time, without relying on trust
One thing legacy network architectures and legacy EPP solutions have in common is an over-reliance on trust. In today’s distributed and diverse computing environments, there’s no longer an “inside” zone that can be trusted. And with more than 350,000 new and unique malware files being detected daily, it’s not reasonable to assume that unknown files can be trusted to run on endpoint devices.
Implementing an advanced endpoint protection (AEP) platform that includes cloud-based analysis and verdict of every unknown file is essential for today’s digitally transforming businesses. As more and more core business processes move online, as increasing numbers of workloads move to the cloud, and as a wider variety of device types need to connect to your network, the attack surface will continue to expand. And as customers come to expect better—more seamless, more available, and more reliable—digital experiences from every business, the consequences of a breach will only grow more severe.
Advanced endpoint protection allows today’s businesses to move beyond trust and instead adopt a truly robust security posture. If you can prevent all unknown files from executing on your endpoints, and combine analysis techniques—examining signatures, whitelisting and blacklisting known safe/malicious files, performing AI-based static and dynamic behavioral analysis, and identifying fileless PowerShell and rootkit attacks—all without allowing potentially unsafe applications access to endpoint operating systems, you’ll have the strongest defenses available today. With those, you’ll have taken the critical steps needed to move beyond outdated security paradigms—and towards true protection from today’s complex and ever-evolving threats.
To learn more about how to evaluate endpoint protection platforms to find real value amidst the hype in today’s crowded cybersecurity market, download our guide, Everything You Wanted to Know About Endpoint Protection But Were Afraid to Ask, today.
TEST YOUR EMAIL SECURITY