Traditional antivirus has long been a staple of securing endpoints. It’s done its job well in the past and is still considered a core piece of system security. Attacks have grown more sophisticated over the years, and this has exposed a weakness in the technology’s design. This in turn has opened the user’s system up to possible infection, even with up to date virus signatures.
Some of you may be asking yourselves, what is an endpoint? The answer is simple. An endpoint refers to any device on the network capable of reaching the Internet. We most often think of desktops and laptops when we think of endpoints. However, the term encompasses more than just those two items. Nowadays, they also include smart phones and tablets, as well as printers and point-of-sale terminals. Though the traditional definition can include them, we often exclude routers, switches, firewalls, and similar networking devices when we discuss endpoints.
Where traditional antivirus has faltered, recent endpoint security tools have risen. While the former focuses more on preventing known threats, next generation endpoint security tools are geared more towards detection and prevention of all threats, even zero-day ones. Different vendors vary their detection method. Still, it typically looks for anomalies by analyzing processes, changes, and connections.
Some product offerings look to identify malicious patterns in the kernel-level processes. Others look to use application control and whitelisting as a way to keep malware from being installed on the endpoints in the first place (be it limiting software installs to certain trusted vendors only or with IT approval only). With this whole picture approach, the next generation of endpoint security can address other, non virus related threats as well, such as botnet infections. As time goes on, we may see the next generation endpoint security solutions replace traditional antivirus entirely. As the technology develops further, more of these offerings are likely to be certified as well.
If anything, antivirus has evolved to meet the security demands of our time. Rather than stick with signatures, it has switched its focus from the known to unknown threats and adapted to better detect both of them. The technology is still relatively young compared to traditional antivirus, but it has shown a lot of growth and promise in the last two years. Will we see it continue to rise and eventually replace traditional antivirus in its entirety? Or will we see organizations utilize both of them in tandem with each other instead? Time, in the end, will be the final judge of this contest.
So is antivirus dead? That’s doubtful. The traditional style of relying on signatures clearly doesn’t work as well for modern threats as it did in the past. The current offering of next generation endpoint security tools seems to accomplish the same thing, albeit in a different way. Still, if the end goal is to stop viruses and other threats to the endpoint, doesn’t that still count as a form of antivirus?
Throughout the years, ransomware has plagued many people. From schools to hospitals, major corporations to home users, no target has been off limits for them. According to CSO, the first ransomware appeared in 1989. Its next appearance was in 2006 and has since grown to be a consistent threat to the public.
As the name implies, ransomware is a type of malware that interferes with a system and demands payment from the user. The malware itself is a Trojan that installs itself onto a computer. There have been many variants in that time, including Reveton and CryptoLocker, which have their own ways of accomplishing their goal. Most forms of ransomware break down into two categories.
At the end of the day, extorting money is the end goal of ransomware. This leaves us with just one simple question. Do we pay or do we refuse to pay? If we refuse to pay, then the machine remains locked or the file(s) remain encrypted. If recent backups have been made, then we could revert to them. If not, then we run the risk of either restoring it to out-of-date data or not being able to restore it at all. On the other hand, say we did pay the ransom...would the attacker even make good on their word? They could very well take the payment and run, leaving your machine/file(s) locked anyway. If they do undo their changes, who’s to say they won’t just hit us with more ransoms in the future? Unfortunately, there is no “one size fits all” solution to this. Ultimately, it is up to the user whether or not to pay the ransom. However, this is not something that is recommended by the Information Security community.
That is not to say that all is lost and that there is nothing you can do to protect yourself. There is no single action you can take. Whether its file backups, software updates, antivirus or other security solution, there is always something you can try. It would be better, though, to employ a strategy that incorporates some form of each, rather than rely on just a single control.
A Zero Day threat prevention solution can help you out at the perimeter level. Such tools can analyze files and links that come in through email. In this way, the solution can keep an eye out for malware, exploits, malicious URLs, as well as strange behaviors of files. This can be done proactively, thus allowing for near real time detection. Different solutions offer different features and outcomes. Some also allow for endpoint detection and analysis, as well as a database of known threats that the solution can communicate and provide data in order to help other users protect themselves.
The weakest link in all of these situations is the end user. It is recommended to run periodic Security Awareness training sessions to cover the company defined security practices. Given its prevalence in spreading ransomware, email is one of the biggest items to cover during training. The basics are still the most applicable rule here: do not open any attachments nor click on any links in an email when you do not know the sender.
Ransomware further illustrates the need for a comprehensive security approach.
On their own, neither piece can fully stand up to the threat. Combining each practice together, however, may just give you a shot. Sequris offers consultation on all of these solutions, and can help you put a plan in place to secure your IT profile. What are you doing to protect your organization?
How do you measure progress and success? Do your IT Cyber Security initiatives have a priority action map or a timeline?
In a business world as fraught with new risks as it is entwined with new technology, business executives are increasingly aware that IT-related problems can become a staggering cost to an organization’s bottom line and reputation. This means, among other things, identifying the right people to manage risks and providing them with appropriate training.
Q|Frame is a way to increase your IT Cybersecurity profile and posture and build your IT security program!
With one of the most experienced management teams in the industry, Sequris can develop and implement solutions in a variety of challenging environments and meet specific client requirements that have gone unmet in the past.
Sequris Solution: Q|FRAME
Q|Frame is an IT security framework model that allows you to do a facilitated score of 20 critical controls and 145 sub controls to get a heat map. This gives you a starting place of where you are today. Then we put action behind the score in the way of a Priority Action Map.
We guarantee if you engage in a Q|Frame partnership, your IT security profile will increase ….and chances of breach will decrease.
The Q in Q|Frame stands for Quantifiable. We want to be able to measure everything in your IT security program. Our approach allows us to do just that.
Then we rinse and repeat.
Let us help you find your Q|score and bring great advancement to your IT security program with Q|Frame!
Great Lakes Region
In today's age of successful attacks on major organizations such as the US government, Sony, Target, and Home Depot, it is imperative that information security be a major component of your information technology plan. One way to help assure success in this endeavor is the implementation of a security operations platform, such as Sequris SEQ|OPS, within your enterprise.
The first step in implementation is to conduct a security assessment, such as Sequris Q|FrameTM, to help identify where your organization is at from a security perspective. The report that is generated from such an assessment allows us to pinpoint exactly where your organization needs a helping hand and how the security operations platform can specifically benefit you and your business. Smart implementation can then begin and results can be realized and measured!
Using the security assessment as a guide, we begin deploying the security operations platform. Technologies and services such as SIM, security device analysis, vulnerability scanning and remediation, event response, consulting, and support are all provided as a managed service. The managed service becomes a holistic security operations program that offers a critical perspective into your business' IT risk and allows for rapid deployment of new technology and highly effective tools at your disposal to deal with emerging threats.
Sure, you can implement many of these tools on your own - however, in this day and age of dwindling resources and shrinking budgets, leveraging a managed service can actually offer you a better degree of security at a lower cost point without requiring additional resources from you. We can achieve this by staffing a world-class security operations center with industry leading talent. By sharing this talent among multiple organizations, we are able to deliver outstanding results at a fraction of what it would cost to achieve internally.
Give Sequris Group a call today at 248-837-1400 and let us show you how, together, we can venture beyond risk!