Businesses struggle to protect themselves from security breaches. They implement various security tools and solutions to protect their networks, applications, clouds, and endpoints. They strive to comply with regulations. Their security teams are combing seemingly endless security alerts. Nevertheless, there is a steady increase in successful cyber attacks. Palo Alto Networks, Gartner Magic Quadrant Firewall Leader for Sixth Year, takes a close look at the enterprise security for endpoints, which are still in the hands of antivirus solutions in many places.
Palo Alto Networks notes that threats and attackers have evolved, but many security solutions have not. The current threats are more sophisticated, more automated, cheaper to run and can take various forms. The attackers act in a larger style and at a faster pace. Many companies are not prepared for this. All this has escalated in recent years, according to Palo Alto Networks, while many security tools, solutions, and platforms have maintained the same practices as decades ago. Antivirus is a perfect example of how an approach is increasingly unsuitable for protecting systems from security breaches.
The following are the four key requirements that Antivirus cannot address, but which should cover an effective endpoint security solution:
- Cybersecurity incidents are on the rise, without any end!
To control security breaches and data loss, companies implement a range of different security solutions on the endpoints. Unfortunately, these solutions, and in particular traditional antivirus products, are struggling with the protection of enterprise systems – and often fail. This has led to an increase in the frequency, variety, and complexity of security breaches.
The security industry focuses primarily on improving detection and response time, which means that only the window is narrowed down from the time of an attack to the time an attack is detected. This does not add much to the need to protect valuable data before a company suffers a security incident. In order to reduce the frequency and impact of security incidents, there must be a shift away from post-incident detection and response, after critical resources have already been compromised, and towards prevention. It is important to prevent the attackers and threats from ever entering the company.
- Antivirus solutions aren’t effective in case of preventing successful cyber attacks
Cyber attackers often use free and cheap tools to generate new and unique, encrypted or polymorphic malware that can bypass detection by traditional signature-based antivirus programs. Attacks using unknown exploits and zero-day exploits are able to dodge antivirus protection. To protect against such techniques, an effective endpoint security solution must be able to protect the endpoints from known and unknown malware and exploits in the core phase of the attack.
- Mobile users increasing demand from businesses to secure endpoints outside the traditional networking edge
Organizations are opting for cloud-based software-as-a-service (SaaS) and storage solutions to connect to internal resources from anywhere in the world, both within and outside the company’s network. These services and solutions synchronize and distribute files across the enterprise, streamlining enterprise data processing and sharing. But they may also burden the entire company with malware and exploits. Threats such as malware distribution, accidental data disclosure, and exfiltration contribute to this threat in SaaS applications.
Cyber-attacks target end users and endpoints where the network is not fully observable, so employees outside the corporate network are more likely to encounter malware. To address these threats, endpoint security must also protect the systems beyond the traditional network perimeter.
- Enterprises have problems with patch management and the protection of end-of-life software and systems
Weaknesses in applications and systems can always be expected. The problem is that vulnerabilities exist long before the release of patches and the implementation of patches, critical or not, is not guaranteed. In addition, companies that use legacy systems and software that have reached the end of their useful life are particularly vulnerable as security patches are no longer available. As a result, these companies can be exposed to risks that are unknown and difficult to control.
Situations such as these pose an opportunity for attackers to exploit these vulnerabilities and compromise unpatched applications and systems. With the growing number of software vulnerabilities discovered each day and exploit kits available in the underground market, even “hobbyists” have the ability to launch sophisticated attacks. Protecting un-patched or legacy systems and software requires an effective security solution that defends against both known and unknown threats.
Three ways to measure endpoint safety
Companies should choose security products that deliver both total costs of ownership and security effectiveness. This effectiveness is measured by the ability of the technology to perform at least these three core functions:
- Performance of the intended function
Does the technology provide the security function it should perform? Two primary attack vectors are used to compromise endpoints: malicious executables (malware) and vulnerability exploits. Effective endpoint security products must ensure that endpoints and servers are not compromised by malware and exploits. They also need to prevent both known and unknown variants of malware and exploits.
- Essential resolution
Does the solution prevent attackers and users from bypassing its security features? No security tool or security technology is designed to be easily bypassed. If attackers or end users are still able to bypass the intended function of the technology, they will not fulfill their original purpose. An effective endpoint security platform should not allow attackers to bypass security or cause performance problems that could cause users to disable them.
Is technology evolving to cover and protect new applications, systems, and platforms? A few decades ago, the frequency and complexity of cyberattacks were rather low. Endpoint security tools are designed to prevent viruses from infecting the systems. However, today’s threat landscape is radically different, reducing endpoint security tools such as antivirus programs to reactive detection and response tools.
Security products must take a proactive approach to adequately protect endpoints. In order to reduce the frequency and impact of cybersecurity violations, Palo Alto Networks believes that accent must be placed on prevention.
Businesses should choose security products that offer the highest level of security. The effectiveness of a security solution can be measured by its ability to meet the three requirements above. A state-of-the-art endpoint protection solution is capable of doing so and can easily handle the above-mentioned four security challenges in enterprises.