No single technology can effectively protect against all cyber threatsBusiness Security News, Cybersecurity, End-Point-Protection // 16.11.2016
The so-called next-gen companies are quite aggressively targeting the AV industry, and also give statements that are absolutely false when they refer to the more traditional players in the industry as signature-based. The truth is, there are NO signature-only endpoint protection products on the market any more. All of the vendors that are worth mentioning use other technologies in addition to signatures.
When it comes to business security, prevention of attacks is a key element of cost-efficient protection. It is way easier and cheaper to stop attacks while they are still outside your network than to try and detect them after the incident has happened.
And that is why we have several layers to our endpoint protection – we think that modern endpoint protection is much more than just a selected next-gen technology that is used to build a whole product on. There are five elements that are typically used in next-gen security – and we utilize four out of those five!
Take behavior monitoring for example, which is “the thing” of some of the next-gen products – we have had behavior-based protection in our products for a decade already. And we have had that decade to learn more about malware behavior and its dependencies than anyone could claim to know in just a short time of operation.
Andy Patel from our Technology Outreach department explains:
During the year we’ve seen several ‘Next-gen’ companies aggressively marketing their “artificially intelligent” products. In our experience, machine learning systems are great at augmenting other technologies, as long as they’re given the correct input. Our own machine learning systems leverage decades’ of historical data, infrastructure and expertise, but they’re definitely not silver bullet technologies.
Using several layers allows us to identify and stop possible attacks with different tools and at different stages of the chain of compromise. Many next-gen companies for example claim that URL blocking is unnecessary. Well – tell that to a person who fell for a phishing or scamming attack on a site that looked exactly like their online banking or social media login page.
If machine learning and behavior monitoring are nothing new, why are these next-gen vendors able to collect a lot of investments, and gain market share? I would guess that people are just tired of the traditional, boring security. It is not something that you can write sexy headlines about – unless it is a successful breach against a visible company. Which is of course what the company in question would not wish to be remembered for. The next-gen story sounds interesting, and when you put enough money into spreading the story, it can become something that people believe.
In addition to modern, layered technology, cyber security today calls for human expertise. It is only with the understanding of hacker behavior and tactics that security can be achieved. We call this Live Security.
Another bold claim from the so-called next-gen companies is that the independent, third-party testing organizations are not so independent after all. Well, believe that if you will, but these organizations would not be trusted by the media, and the companies using endpoint protection, or even the traditional security vendors themselves, unless they gave real, valuable and independent input and testing results. Read more in Andy’s post “What’s the deal with next-gen?”