A New Perspective on Endpoint Security

41

Here’s a short recap of one of the more interesting observations by Nyotron’s CTO Nir Gaist during a recent Down the Rabbit Hole Podcast on endpoint security. He argues that security hasn’t really changed in over 30 years!

Most, including Gaist, acknowledge that next-generation antivirus (NGAV), which uses techniques such as artificial intelligence (AI) and machine learning (ML), is an improvement over traditional antivirus (AV). Certainly, efficacy is better than it was before.    

However, Gaist argues that the improvement NGAV delivers isn’t enough to meet the challenges of today’s advanced malware. This is where it gets interesting. He states that NGAV just uses another type of signature – in the form of a ML model – for malware detection; the only difference is that the signature is a bit more generic than the one used by traditional AV. According to Gaist, “You still have the same guard [at the door] just with a better list; it’s simply a next-gen signature.”

Gaist goes on to explain why the above is true. He says that applying AI or ML algorithms to millions of known viruses is only good at discovering variants of known malware. You need a smarter approach to tackle infinite bad behavior.

What Needs to Change?

Gaist recommends doing the exact opposite of today’s security approach. Instead of listing the bad, list the good. He doesn’t mean whitelisting, which he categorizes as yet another failed attempt to try to keep up with infinity (like with malware, applications and their updates are also practically infinite). It works at too high a level says Gaist, meaning there’s a lot of volatility that takes too much time and effort to keep up with.  

He is talking about mapping all the good ways to do dangerous activities, things like deleting files, exfiltration and encryption at the lowest logical level of an endpoint, the operating system where there’s not a lot of change. In this way, it’s possible to identify and stop malicious activity.  

Hear the Podcast

Nir shares many other thought-provoking security observations during his podcast >> Listen Now.