A New Perspective on Endpoint Security

108

Here’s a short recap of one of the more interesting observations by Nyotron’s CTO Nir Gaist during a recent Down the Security Rabbit Hole Podcast on endpoint security. He argues that security hasn’t really changed in over 30 years!

Most, including Gaist, acknowledge that next-generation antivirus (NGAV), which uses techniques such as artificial intelligence (AI) and machine learning (ML), is an improvement over traditional antivirus (AV). Certainly, efficacy is better than it was before.    

However, Gaist argues that the improvement NGAV delivers isn’t enough to meet the challenges of today’s advanced malware. This is where it gets interesting. He states that NGAV just uses another type of signature – in the form of a ML model – for malware detection; the only difference is that the signature is a bit more generic than the one used by traditional AV. According to Gaist, “You still have the same guard [at the door] just with a better list; it’s simply a next-gen signature.”

Gaist goes on to explain why the above is true. He says that applying AI or ML algorithms to millions of known viruses is only good at discovering variants of known malware. You need a smarter approach to tackle infinite bad behavior.

What Needs to Change?

Gaist recommends doing the exact opposite of today’s security approach. Instead of listing the bad, list the good. He doesn’t mean whitelisting, which he categorizes as yet another failed attempt to try to keep up with infinity (like with malware, applications and their updates are also practically infinite). It works at too high a level says Gaist, meaning there’s a lot of volatility that takes too much time and effort to keep up with.  

He is talking about mapping all the good ways to do dangerous activities, things like deleting files, exfiltration and encryption at the lowest logical level of an endpoint, the operating system where there’s not a lot of change. In this way, it’s possible to identify and stop malicious activity.  

Hear the Podcast

Nir shares many other thought-provoking security observations during his podcast >> Listen Now.

SHARE
Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.