Modern endpoint protection is smarter

Preventative protection – the key to stopping ransomware and other malware

Author: Eija Paajanen
Date: 13.06.2016
Read Time: 3 Minutes

Ransomware is big news today. What’s more, the threat of ransomware will continue to rise in the months and years to come. The same applies to all security breaches, which have been occurring at an increasing pace. Almost 60 million cyber security incidents took place in 2015. To make things worse, it is not ransomware itself that causes the most damage – it’s the downtime it causes for business.

One of the best ways to protect endpoints against modern threats is to prevent threats from making contact with their victims in the first place. The most efficient way to do this is to utilize multiple layers of protection – combine intelligent scanning, behavioral analysis, and the cloud (for up-to-date threat intelligence.)

A Gartner report “Effective Tactics to Protect Midmarket Enterprises from Advanced Threats”, 29 March 2016, by Neil MacDonald, (1 notes:

”Prevention first should be the mantra of a midmarket security professional. Don’t buy into the hype that “signatures are dead.” EPP offerings haven’t relied solely on signatures for malware detection for years. All leading EPP solutions offer advanced behavioral engines for malware prevention.”

When utilizing preventative protection, the huge majority of any malware, ransomware or other PUA is stopped by scanning engines before they even reach the harder layer of protection. And the scanning engines of today are very different from the AV solutions of the 90:s. Andy Patel from the Labs Technology Outreach unit explains:

Modern detections are designed to catch thousands, or even hundreds of thousands of samples. A far cry from the one hash per sample approach of the old days.

But, there will always be new types of malware that cannot be identified by traditional engines, and that’s when you need a different approach. To stay safe against new, emerging threats: malware, ransomware, trojans – you name it – you also need behavior-based, heuristic protection.

Proactive protection

Mikael Albrecht from the F-Secure Labs Technology Outreach department explains:

F-Secure DeepGuard takes a fundamentally different approach to malware detection. The average number of new detected malware variants for Windows is about 10,000 per day. And such variants are typically quite short-lived. However, DeepGuard detections focus on malware’s algorithms and ways of working, which allows us to recognize such patterns even before the malware has tried to engage in malicious activities. DeepGuard’s approach to detecting malware’s core functionality makes the definitions (detection rules) much more long-lived. A new malware variant has a high probability of triggering an existing definition. This makes DeepGuard truly proactive.

Additionally, even if behavioral detection fails to work, malware and ransomware can still be caught. An example of this is the Petya ransomware, which we blocked with DeepGuard’s prevalence script long before it was identified.

Andy Patel from the Technology Outreach further explains:

The fact is that the majority of malware delivery mechanisms are easily blocked behaviorally. In most cases, when we find new threats, we also discover that we had, in the distant past, already added the logic to address the mechanisms they use.

Read also our quick guide to outsmarting ransomware.

  1. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Post Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s