By Nir Gaist, Founder and CTO, Nyotron
Do you ever get the sinking feeling that the bad guys are winning the war? Massive data breaches made headlines throughout 2018, affecting companies including Facebook, WhatsApp, Ticketmaster, Air Canada, MyFitnessPal, T-Mobile, Marriott Starwood hotels… the list goes on and on. As the old saying goes, “knowledge is power” and providing IT security pros with the information they need to better protect their users and systems is the mission of a new global initiative called The Cyber Startup Observatory, which asked me to examine the current state of endpoint security for the inaugural United States issue of its publication The Observatory.
The Observatory’s Chief Editor Jose Monteagudo perfectly describes the global threat landscape in the issue’s preface: “During the last few years and particularly in recent months, we have been witnessing increased activity, coordination and even innovation from the bad guys. We believe this issue can only be addressed by raising the awareness of the important challenges ahead as well as on the powerful solutions available to address those problems.”
One of those problems is the failure of endpoint security solutions and common best practices to protect organizations against the seemingly infinite number of attacks. The new Cybersecurity Insiders’ 2019 Endpoint Security Report reveals that only half of organizations are very confident or extremely confident in their endpoint security postures. Just 50% believe their current endpoint security posture can stop 75% of attacks or more. 21% estimate less than 50% of attacks will be stopped.
The Observatory asked me to explain the factors behind these alarming numbers. I reviewed the three key eras in the evolution of antivirus solutions, beginning with vendors adding more and more “gates” to their signature-based AV solutions, the rise of Endpoint Detection and Response (EDR), and the appearance of next-generation antivirus (NGAV) powered by machine learning and AI technologies. As we have moved through each era, the bad guys always found ways to gain an advantage, including using AI to beat AI-powered tools.
Still, endpoint security products remain the tip of the cyber defense spear, so do not rip out your current AV solution. Rather, build a multi-layered defense that incorporates both the Negative and Positive Security models, including implementing a solution like Nyotron PARANOID.
PARANOID automatically whitelists trusted OS behavior and rejects everything else. Our approach is threat, application and user behavior agnostic, and when combined with a traditional anti-malware solution, you gain true defense-in-depth protection against both the most advanced known and unknown attacks.
You can read my article entire issue of The Observatory, which you can access here, starting on page 91.