As cybercriminals continue to come up with new, more sophisticated attacks on businesses, those businesses need new ways to respond. Most companies are doing a good job of allocating money towards the problem; corporate spending on cybersecurity is projected to grow eight percent this year (from 2015). Companies are spending money both on preventative security products, such as firewalls, and products meant to detect threats that have penetrated the network. This is generally a good sign; according to Elizabeth Kim, a senior research analyst at Gartner, “Organizations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks. We strongly advise businesses to balance their spending to include both.”
So what’s the problem here? Well, for starters, these businesses need new security solutions – spending money is only a start. One good method that is proactive in nature is endpoint protection (also called endpoint security). The goal of endpoint protection is to cover a wider “surface area” of possible attack points for an enterprise. In the past, placing malware protection (e.g. firewalls) at the edge of the network has proved difficult for enterprises. The introduction of new technologies, such as encrypted malware, has made firewall detection difficult. While companies once placed detection measures at the network edges, newer firewalls have focused on filtering internal traffic. These products include the Palo Alto Networks’ firewalls and the VMware NSX, two products that use a network-centric approach to address this security challenge.
In general, endpoint protection offers a number of advantages over traditional anti-virus measures. One of these is that it accounts for malware that does not involve viruses; while all viruses are malware, not all malware are viruses. Another issue lies with the scalability of traditional anti-virus products. Anti-virus protection identifies unique signatures and then categorizes malware or viruses accordingly. However, every time a piece of malware is run through this identification process, a new key or hash is generated, so the anti-virus software must keep a new record of this ID. While this is fine for low numbers of possible malware intrusions, modern security challenges do not involve only a few types of viruses. Newer types of viruses, polymorphic viruses, can change their own source code automatically, which results in new fingerprints being generated. It’s not difficult to see how this results in a dramatic increase in the number of fingerprints, and the resultant scaling up of databases needed to store this information.
So what is the next step for companies who do not wish to get stuck in the past? With next-generation endpoint security, the behavior of potentially malicious software is monitored in real time, across the network. This behavior-focused approach takes away the need to constantly scan every piece of new or updated software that might be malicious. Instead, the monitoring of select processes allows endpoint software to pinpoint situations that are the most likely to be the site of an attack. This uses less processing power, which is particularly important for mobile devices and virtual machines. Vendors have responded appropriately, with companies such as Kaspersky Labs, Webroot, and tech startup Illumio among the competitors in this new market. It is time for enterprises to take the next step forward in bringing their malware protection into the next generation.