Today’s businesses are spending more than ever before on cybersecurity solutions. But, all this defrayment is doing very little to curtail the injury law-breaking is inflicting or to scale back companies’ vulnerability and risk. Worldwide spending on cybersecurity products and services exceeded $114 billion in 2018, and Gartner forecasts the market will grow at a vigorous 8.7% to reach $124 billion by the end of 2019. Yet, cybercrime is already estimated to cost global businesses more than $3 trillion per year, with annual losses predicted to increase to over $6 trillion by 2021. This makes it the quickest growing crime within the world, putting more money in criminals’ pockets than the global trade of all illegal drugs combined.
One thing is clear: what’s being done to protect businesses against cybercrime simply isn’t working. Leaders continue to rely on antiquated legacy tools and solutions. They still base selections on obsolete ways in which of thinking that aren't any longer equal to secure today’s digitally reworking, borderless networks against tireless, well-resourced (often nation-state funded) attackers. Even the supposed “next gen” terminus protection merchandise fail to forestall 100% of attacks.
As long as we continue to evaluate systems and solutions with yesterday’s paradigms in mind, we can’t expect to turn the tide in the war against cybercrime. Instead, we'd like to adopt proactive approaches to security infrastructure style, to choosing technologies, and to endpoint protection.
Today’s IT environments are nothing like yesterday’s
Far too several decision-makers area unit still choosing cybersecurity technologies with heritage network architectures in mind. In the past, security gateways or firewalls were situated at the borders of a defined corporate network perimeter, and all traffic inside that perimeter was considered “trusted.” Employee desktop computers or workstations stayed behind within the workplace at the top of the workday and were accessible solely to attackers United Nations agency had broken the network or infiltrated the physical building itself.
Today’s information technology ecosystems are diverse and heterogeneous. Employees use mobile devices aboard their enterprise desktops, whereas those functioning from home access company resources via unit wireless routers, and those working in the office check their personal email accounts on the company’s computers. Networks incorporate many combinations of devices in a wide array of disparate geographical locations. Their makeup is dynamic as these devices connect and disconnect, and their shape amorphous.
We need security which will travel with knowledge because it moves throughout this complicated landscape. And, we need to shift our focus to securing endpoints, and especially end-user devices, since they’ve become the most attractive—and often, the softest—target for cybercriminals seeking to gain broader access to enterprise networks.
A Single Failure is Too Much
The earliest heritage terminus protection platforms (EPP) detected malware mistreatment signature-based approaches. This means that they habitually scanned all files downloaded to or run on AN terminus device for those with hash values matching the signatures of proverbial malware files. By design, none of those heritage solutions may stop 100% of malware. Each new threat had to be known, cataloged, and added to the “known-malware” database before its signature could be detected. Any novel strain of malware during this system—no matter however dangerous—would be allowed to run, write to disk, and make changes to system files.
Criminals began bypassing signature-based anti-malware’s protections by packaging malicious software programs inside shape-shifting code. Polymorphic malware is meant to partly rewrite itself every time it executes so succeeding iterations of the code won’t be recognized by signature-based detection ways. Experts say that the maximum amount as ninety four of today’s malware is polymorphic in type.
To combat these additional refined threats, vendors currently supply dynamic behavior-based terminus protection solutions. These tools specialize in detection and investigation suspicious or malicious activities performed on endpoints thus on prohibit malware from accessing the broader network. The file in question is allowed to execute, and if it attempts to perform an action that’s abnormal or unauthorized, like installing a rootkit or disabling a security control, it’s flagged as potentially malicious.
The problem with this approach is it remains reactive in nature. Once the file has been allowable to execute within the terminus setting, it has been given the power to cause damage. And, today’s additional refined strains of malware area unit programmed to go looking for and bypass any behavior-based detection ways they realize now upon execution. Or attackers might hide their malicious intentions in code that problems on the face of it benign directions ab initio whereas permitting them to come and install a backdoor to realize network access at a later time.
Even vendors advertising “advanced” or “next-gen” terminus protection offerings cannot guarantee that they’ll stop all attacks. Though artificial intelligence- and machine learning-based approaches are gaining popularity, media attention, and market share, these technologies simply haven’t yet involved to the point of being foolproof. In rule-based approaches, algorithms are trained to look for file characteristics that are statistically similar to features of known malicious code. This takes time and requires large data sets. Meanwhile, attackers identify new targets, invent new tactics, and code new files every day—all while themselves using machine learning to identify vulnerabilities in systems and commercial software.
But given the scale and volume of today’s cyber attacks, all approaches that aren’t foolproof are doomed to eventual failure. And one single failure is all it takes for your setting to be compromised, your customers’ confidential data to be breached, your reputation to be damaged, and your costs and losses to skyrocket.
We should defend each terminus, all the time, without relying on trust
One thing legacy network architectures and legacy EPP solutions have in common is an over-reliance on trust. In today’s distributed and various computing environments, there’s no longer an “inside” zone that can be trusted. And with over 350,000 new and distinctive malware files being detected daily, it’s not affordable to assume that unknown files is trusty to run on terminus devices.