In today’s hyper-connected world, end points and user authentication have become the new perimeter and cybercriminals will continue toward breaching both. Current Anti-Virus tools rely mainly on signature and/or cloud-based updates to protect end points however, cyber criminals know this and know how to circumvent it.
No longer can users wait for updates to be sent out to protect against malware signatures or zero-days to be caught and have a CVE number or Microsoft patch custom-made to “fix” them. Now, it’s a matter of seconds before attackers break in and begin their work to take over a network, asset and/or gain access to company data.
The “why” doesn’t matter to the victims of these breaches. To add to this, users are accessing data that is available from numerous sources that include cloud all while on or off the network and cyber attackers often successfully ‘recycle’ known malware given that signature databases can only hold so many updates without becoming to large. So the ultimate question is how can organizations protect their data be protected in a way that is not intrusive to users that doesn’t rely on updates? Stop it before it happens.
So with all these challenges, what are three items to ask your current Anti-Virus Provider?
1. Does your current end point solution rely on signature based updates?
Signature based updates have served useful over the past several decades however given that attackers change their approaches at warp speed, signature updates are at a disadvantage. Thankfully, there have two recent advancements regarding protecting end points. Machine-learning and using mathematical algorithms to protect against both known and unknown threats.
2. Can your existing end point capability protect users on or off the network?
One topic I hear from organizations is that their current Anti-Virus has been challenged with protecting their mobile devices. I think there are several reasons for this status and while delivering updates has improved over the years, it still has not kept up with new attack methodologies and vectors. Consequently, an Anti-Virus that can effectively protect end points without requiring an update will be needed to ensure the appropriate protections are in place.
3. Can your existing end point solution identify ransomware activities in an automated and orchestrated methodology?
Unfortunately, malware such as Crypto Locker, will continue to grow in size, scope and (unfortunately) success in breaching end points and organizations unless a new approach is taken. Current end point technologies are struggling to automate a response particularly if the end point is unable to communicate with its signature update and/or cloud-based update process.
While this is not a complete list of questions to ask, these do represent some of the main areas of focus based upon our discussions with many organizations.