1. Next-Generation Anti-Virus
In the past, anti-virus tools required organizations to frequently update a signature database. While signature file detection is often still a cyberattack prevention component, next-generation anti-virus solutions incorporate advanced features, such as artificial intelligence, offering dynamic, proactive protection.
“Next-gen antivirus has moved from looking for just code to looking for malicious behavior,” Suby says. “That’s a big difference.”
Endpoint security software provider SentinelOne’s Singularity Core cloud-native next-generation antivirus product, for instance, scans files and scripts, monitors behavior and utilizes AI to identify and stop malware, script misuse and other attacks.
“We’ve eliminated the need to have a signature database and any prior knowledge of the attack,” says Jared Phipps, senior vice president of worldwide sales engineering at SentinelOne. “We can tell if something is good or bad using AI and behavioral analysis, and we can remove something from a machine if we need to. It’s a dramatic difference over legacy anti-virus tech.”
2. Endpoint Detection and Response (EDR)
Organizations want to quell attacks as soon as possible to minimize their effects. In addition to detection capabilities, endpoint detection and response technology can provide a fast automated response.
EDR solutions, according to Gartner, generally have several common attributes. They record endpoint-level behaviors, use data analytics to detect suspicious system behavior, contain security incidents at the endpoint and provide remediation guidance to restore affected systems.
Essentially, EDR capabilities will complement modern anti-virus solutions, according to Suby, which can often confidently identify a number of malicious activity indications but may not always be able to gather enough evidence to confidently reach a verdict.
“In some cases, next-gen anti-virus can react with a high level of certainty,” he says. “When that’s not the case, we’re looking at EDR to help us uncover more subtle threat actors. It provides another layer of defense.”
3. Mobile Threat Defense (MTD)
A third of IT and security professionals identified attacks involving employee mobile devices as one of their top three cybersecurity concerns as of mid-2020, according to a Check Point survey. Forty-three percent said they planned to implement mobile security solutions within months.
Touching on applications, networks and devices, mobile-focused defense products can include protective techniques such as monitoring network traffic and analyzing code.
Palo Alto Networks’ Cortex XDR, for instance, utilizes a mobile agent that can prevent known malware and unknown malicious APK files from running on Android endpoints while also enforcing an organization’s security policy, according to Elton Fontaine, senior director of systems engineering at Palo Alto Networks, which has worked with state and local government entities for over a decade.
“The security policy determines whether to block known malware and/or unknown files, upload unknown files for in-depth inspection and analysis to Palo Alto Networks’ cloud-based WildFire malware prevention service, treat malware as grayware or perform local analysis to determine the likelihood of an unknown file containing malware,” Fontaine says. “Administrators can also whitelist trusted signers to enable unknown apps to run before Cortex XDR receives an official verdict.”
Isolating unknown objects from key system resources to analyze how they’ll function in a controlled environment can prevent threats from reaching the network. Sandboxing, or advanced malware analysis, was the most frequently installed network security technology in 2019, used by 62 percent of organizations, a 12 percent increase from the year before.
CyberEdge Group, the research firm that sponsored the study, attributed the rise to the tools maturing and being incorporated into cloud-based security suites — and malware being perceived as the single most dangerous tool a hacker has.
Ransomware in particular, according to Phipps, has been a prevalent state and local government threat for the past two years; those governments can be targets because a number don’t have next-generation solutions in place, he says, and could be motivated to pay the ransom to get critical services like a 911 system back online quickly.
“We’ve seen a lot of high-profile cases go public,” Phipps says. “That’s what sparked people to have a strong interest in endpoint security, because they’ve seen it happen enough to other people to realize it’s only a matter of time.”