Simply put, you’re not fully protected by having antivirus software installed. Antivirus applications may take down weak threats, but as technology becomes more sophisticated, so do attacks.
Back when businesses were only at risk of a handful of malicious software threats, antivirus software was an effective way to protect against malware or viral code intended to harm your systems.
Programs were able to find, block and remedy the issues effortlessly. Antivirus software would compare the website’s users visited with a list of known malicious threats. Through this examination, the application was able to target threats by identifying dangerous sites and preemptively sweeping for that code.
Given the ever-evolving landscape of cyber security, there are other measures you need to implement to protect your organization’s information. Times have changed, and here’s how.
Antivirus Software Under Siege
Hackers responded to antivirus software by altering their viral code to bypass the signature files the software knew to check for. Antivirus software companies began frequently updating their master list of viral threats and dangerous websites. A cycle formed where hackers rapidly created viral code and antivirus software needed to add the code to the signature list used to examine websites.
This process continued until the number of malicious software files vastly outgrew the ability of the antivirus application to update the signature files. As a result, antivirus programmers developed a new way to detect viral code—heuristics.
This experimental method was created to make generic comparisons of malware against previously detected code from the signature file. It improved response times to blocking unwanted software, but hackers were cunning and found ways to circumvent the heuristic process.
Emerging Technology to Defend Against Threats
Fortunately, there are emerging technologies using contemporary virtualization techniques to allow for the safe extermination of unknown software. These tools allow end users to freely click without dangerous consequences caused by malware.
These new technologies take a different approach to antivirus practice. The unknown code is run seamlessly but safely with no access to the host operating system. The program creates a temporary environment that has no access to the internal computer information. If the code is detected as viral or malicious, it will immediately be moved to the temporary environment. If the code is legitimate, it will run as expected and cause no trouble for the end user or IT department.
A common workplace fix is the ability to host internet browsing in an external location. Companies can have their IT department proxy all internet traffic through a remote, virtual environment to reduce the risk of attack.
Endpoint Protection and Zero-Trust
Endpoint Protection Detection and Response (EPDR) could be the layer of protection that keeps your organization ahead of sophisticated threats when other antimalware measures miss the mark.
EPDR incorporates cloud-based signatures for malware, viruses, potentially unwanted programs (PUPs), root kits and more. There’s an engine that can block scripts, just like with traditional antimalware software. What makes EPDR different are monitoring tools that watch for processes, services and when configured, a zero-trust application model.
“Known bad” software are threats with characteristics that allow them to be identified and flagged. Most antivirus products need to have a signature to detect known bad software. If malicious software isn’t detected as known bad and is allowed to run, your system is encrypted and game over. With EPDR, even if something is not known bad, it must be verified as “known good,” in accordance with the zero-trust model.
EPDR has definitions of hundreds of thousands of known good programs. EPDR allows known good programs to run. However, if the system doesn’t know if a program is good or bad, then it’s not allowed to run. EPDR then uploads that unknown application to the cloud, where it is put through a process using AI machine learning algorithms that analyze the program to determine if it’s good or bad. This works for 99.98% of cases. The other 0.02% of the time, it goes to a human for a code review.
If the software comes back known good, the system automatically adds it to the global list and you’ll be able to run said program. If the program is flagged as bad, it gets added to the malware list and is flagged as malware for future users.
Other features of EPDR include a managed software firewall device control, such as preventing USB sticks from being used (this could also be controlled by group policy in a domain-joined environment), email attachment scanning, a convenient cloud managed web portal, analytics and reporting, remote commands (such as reboot or isolation mode) and more.
Five Best Practices for Protecting Your Computer Network
No matter what solution you use to protect your technology, it’s always best to start with these basic best practices:
- User permissions. Users on your network should only have access to the systems and information specific to their role in the organization, in accordance with the principle of least privilege.
- Dynamic passwords. Users' passwords should be too complex to bypass, yet memorable to the user. Enable multi-factor authentication when possible.
- Frequent backups. A comprehensive backup of all important data ensures that your information can be recovered in case of disaster. Here's how to get smart about data disasters.
- Employee training. Simple, ongoing training should be provided to employees to handle questionable emails, pop-ups and error messages.
- Keep your software up-to-date. Run regular updates to ensure you have the latest security features installed to protect against new threats. Software developers release security patches to fix vulnerabilities in their software. Updating your software as these patches are released will help keep you from being the victim of a cyberattack.
The cyber threat landscape is going to continue to change as technology evolves. Relying solely on antivirus software is no longer the answer. Following best practices will go a long way in protecting your technology against hazardous malware.
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a cyber security risk assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.