Not your father’s antivirus: How new malware detection gives IT a leg up in cybersecurity
IT security is a fundamentally uneven playing field: You have to win every day, but attackers have to win just once. Cyber criminals spend mere pennies compared to the huge investments that organizations make on network defenses, specialized security and compliance systems, and employee education. And IT is always chasing a new target – yesterday’s biggest risk was a Trojan horse, today’s threat is ransomware, but tomorrow’s threat is unknown.
Even IT’s best methods – whitelisting, quarantining, and sandboxing – still can’t prevent the majority of attacks, and they often disrupt employee productivity or increase the burden on IT. So is there a way to prevent malware, like ransomware, even if it’s never been seen before? And can you do so without impacting user productivity? The short answer is yes. Here’s how.
The modern threat landscape: Complex and rapid
A decade ago, broad-based attacks like viruses, Trojans, and spyware blanketed networks and burrowed into as many machines as possible. Viruses and malware gained access when employees opened infected links or documents, and these threats mined data on machines and networks for months. IT’s response was adopting signature-based anti-virus solutions capable of detecting and quarantining threats to minimize damage.
Today, malware threats are more targeted, sophisticated, and rapid than ever. Malware is so prevalent that devices can be infected just minutes after they connect to the internet for the first time. Ransomware attacks, the newest billion dollar crime, often target hospitals and health care organizations. Nine out of 10 phishing emails are infected with ransomware, which itself is constantly evolving to avoid detection and inflict damage – more than 390,000 lines of new malicious code appear daily.
Detection remains a challenge: In 2015, networks were compromised for an average of 146 days before the malware breach was spotted and remediated. But in this new landscape, simply detecting and quarantining threats doesn’t offer the same protection it used to; ransomware can wreck entire networks until a payment is made, and other malware can sit and spy on unsuspecting users.
An intelligent, proactive method of IT security
Organizations must invest in layered security technologies that defend every inch of an IT environment. If you’re still relying on signature-based tools that can only identify and blacklist known threats, you’re leaving your organization exposed. A good defense starts with a front line of gatekeepers that can scrutinize, single out, and stop previously unknown threats, while granting access to other unknown, innocuous files.
Sophisticated malware can mask itself as a harmless file to traditional defense systems. Proactive security tools can lock out threats by identifying malicious code, even if that code has never been seen before. These systems rely on mathematical models and artificial intelligence to identify any suspicious code in a file’s DNA. This method of threat prevention goes beyond comparing files with previously blacklisted code, as it analyzes every single program, file, process, or executable and evaluates millions of file attributes to determine if new, unknown malicious code is present.
Using this new approach, the endpoint agent can stop malware before it can even run. It also requires very few updates and works even when not connected to the internet since it doesn’t require constant signature updates.
Improving your odds through better detection
No one ever bats 1.000, which is why IT security is so challenging — organizations are always at risk of the threat du jour. The threat landscape outpaces what many IT security protocols offer, leaving a gap in organizations’ protection.
A proactive IT security infrastructure can prevent known and unknown threats from infecting your network and inflicting damage. By using mathematical models and artificial intelligence, these security solutions improve the odds of detecting new strains of malware and keeping unseen threats locked out of your endpoints.
“JRB” has over 15 years of experience in the IT industry and has worked across the Asia Pacific and North American markets. As the Sr. Global Product Marketing Manager for Dell Data Security Solutions, JRB handles a portfolio of Data Protection via Encryption products and the Advanced Threat Prevention portfolio.