Preventative protection – the key to stopping ransomware and other malwareBusiness Security News, Cybersecurity, End-Point-Protection, F-Secure, Malware // 13.06.2016
Ransomware is big news today. What’s more, the threat of ransomware will continue to rise in the months and years to come. The same applies to all security breaches, which have been occurring at an increasing pace. Almost 60 million cyber security incidents took place in 2015. To make things worse, it is not ransomware itself that causes the most damage – it’s the downtime it causes for business.
One of the best ways to protect endpoints against modern threats is to prevent threats from making contact with their victims in the first place. The most efficient way to do this is to utilize multiple layers of protection – combine intelligent scanning, behavioral analysis, and the cloud (for up-to-date threat intelligence.)
A Gartner report “Effective Tactics to Protect Midmarket Enterprises from Advanced Threats”, 29 March 2016, by Neil MacDonald, (1 notes:
”Prevention first should be the mantra of a midmarket security professional. Don’t buy into the hype that “signatures are dead.” EPP offerings haven’t relied solely on signatures for malware detection for years. All leading EPP solutions offer advanced behavioral engines for malware prevention.”
When utilizing preventative protection, the huge majority of any malware, ransomware or other PUA is stopped by scanning engines before they even reach the harder layer of protection. And the scanning engines of today are very different from the AV solutions of the 90:s. Andy Patel from the Labs Technology Outreach unit explains:
Modern detections are designed to catch thousands, or even hundreds of thousands of samples. A far cry from the one hash per sample approach of the old days.
But, there will always be new types of malware that cannot be identified by traditional engines, and that’s when you need a different approach. To stay safe against new, emerging threats: malware, ransomware, trojans – you name it – you also need behavior-based, heuristic protection.
Mikael Albrecht from the F-Secure Labs Technology Outreach department explains:
F-Secure DeepGuard takes a fundamentally different approach to malware detection. The average number of new detected malware variants for Windows is about 10,000 per day. And such variants are typically quite short-lived. However, DeepGuard detections focus on malware’s algorithms and ways of working, which allows us to recognize such patterns even before the malware has tried to engage in malicious activities. DeepGuard’s approach to detecting malware’s core functionality makes the definitions (detection rules) much more long-lived. A new malware variant has a high probability of triggering an existing definition. This makes DeepGuard truly proactive.
Additionally, even if behavioral detection fails to work, malware and ransomware can still be caught. An example of this is the Petya ransomware, which we blocked with DeepGuard’s prevalence script long before it was identified.
Andy Patel from the Technology Outreach further explains:
The fact is that the majority of malware delivery mechanisms are easily blocked behaviorally. In most cases, when we find new threats, we also discover that we had, in the distant past, already added the logic to address the mechanisms they use.
Read also our quick guide to outsmarting ransomware.