The changing face of anti-virus
Security used to be so simple.
Install anti-virus, train employees not to click on unknown links and keep the software, hardware and websites up-to-date. Throw in a firewall with some country-filtering and what more could you need?
Those days are gone.
Many of us love being able to use a variety of devices and move effortlessly between our office, car and home office, even the coffee shop. In the traditional model, all the computers were on the network and all devices ran through the network, therefore they could all be secured. The most common solutions for work now include a growing number of apps and cloud services, neither of which are under the IT team's control.
Some companies keep confidential files outside their network in solutions like Dropbox or Slack. Most companies allow employees to use their own devices, which saves capital equipment costs but allows unmanaged devices on your network accessing your data.
Anti-virus alone just doesn't cut it anymore. AV is designed to look for known signatures and stop them. When AV software is updated with the latest definition files, it's the new things that are now "known."
Basically, something has to be identified as a bad actor in order to be added to these definition files to avoid future compromises. This is a race with the hackers that is a never-ending battle and difficult to win.
According to Egnyte, 85% of all breaches involve a human element, which is echoed throughout our industry. Our teams are pounded with phishing attempts, business email compromises, lost or stolen credentials, the chronic use of insecure credentials (weak passwords) and human error. Mobile devices and home devices are the weakest link when it comes to IT security; people tend to be less cautious when they're on-the-go or at home.
Here are four of the new risks:
• Documents that look like PDF attachments but when opened execute attacks over the network;
• Attacks that are not files but execute from memory, making them difficult to identify;
• Zero-day threats that find a vulnerability in a computer or operating system and exploit it before the manufacturers even know about it; and
• Ransomware attacks, which include a demand for a lot of money to restore your data, which you hope will work, and pray they don't add another "bomb" that will go off at a future date.
The pattern of the threats is changing, so the type of software protection needs to be more sophisticated. Newer threats don't have "signatures," which is what AV solutions use to find the threat in the first place. Managed Endpoint Detection Response (EDR) uses artificial intelligence to stay on top of new threats and it monitors processes, something traditional AV can't do. Here are a few reasons and outcomes from using EDR:
• There is a rollback feature that will be available on the laptops and desktops, rolling back to a pre-infection state.
• Using artificial intelligence, current and emerging threats can be detected, with continual updates to the platform. No more waiting for a new AV release to get the latest protection in place.
• EDR monitors processes before, during, and after execution to prevent new threats from slipping in.
• With continual monitoring, possible performance slowness is reduced, as when traditional AV scans run while you're trying to work.
As a longtime Managed Service Provider who has tested this next-generation solution internally, we are using this new threat protection for both our business and clients.
Bring this topic to your IT team; it's time for a change to meet the latest threats to your business' data.
• Catherine Wendt is president of Syscon, Inc., in Hinsdale.