Antivirus Software is Nice, But It’s Not Enough for Full Endpoint Security
Are your current security measures enough to protect your network’s endpoints? Explore the key differences between antivirus software and EDR tools.
As we previously pointed out in our “Endpoint Security 2020: What Your Need to Know” article: “Cyberattacks are growing more complex and difficult to prevent, and this will only accelerate in the future, thus making endpoint security a top goal in 2020.” Given the news of late, there can be no doubting the importance of this..
You probably already have information-security measures in place in your organization, such as firewalls and antivirus software. But you might be wondering if what you have in place is sufficient to properly protect all of your network’s endpoints.
Unfortunately, the question—and answers—might not be that simple. As pointed out by SolutionsReview, it’s important to understand the historical significance of antivirus software. Such tools—the origins of which date back more than 30 years—represent the wellspring from which other, more sophisticated, cybersecurity tools and techniques would emerges.
The late 1980s and early 1990s marked the debut of antivirus products from developers such as Symantec, McAfee and Sophos, in addition to the founding of cybersecurity research groups such as the Computer Antivirus Research Organization.
Now, three decades later, antivirus tools are part of standard operating procedure for virtually all professional-grade desktops and laptops—as well as a considerable number of the smartphones and tablets used by enterprise staff. Plenty of consumers also use such applications.
The Inherent Limits of Antivirus Control
In the majority cases, antivirus software exists in the background, only showing its presence when a threat is detected. While certainly valuable, there is a clear limitation to antivirus software: it only functions as a defensive measure when an active threat has made itself known. It does not have much in the way of counteroffensive tools, nor does it have the broader scope of functionality available through endpoint detection and response (EDR) tools.
Additionally, many legacy antivirus programs—and even some of the more recent versions—are all too often limited to detecting the presence of signature-based cyberthreats. While a significant number of the well-known malware and exploit tools used by modern hackers have signatures embedded in their code that an up-to-date antivirus platform can identify, there are also plenty that haven’t had their signatures cataloged yet. Malware that lacks signatures altogether is also becoming increasingly common, according to TechTarget.
Perhaps most alarming of all is that many cyberattacks today eschew files entirely. Instead, they use innocuous-looking links to trigger garden-variety programs such as Flash and Windows PowerShell, the latter of which can be compromised through remote manipulation of the command line with relative ease.
As CSO explained, these collect data from the victimized machine and relay it to the hacker who originated the attack, allowing that interloper to seize further control of a device and subsequently deliver more exploits. An entire network could be devastated this way, and many antivirus tools would most likely have never seen it coming.
The Ponemon Institute’s 2018 State of Endpoint Security Report noted that 35% of that year’s malware attacks were fileless, while projecting that figure to increase to 38% for 2019. In the years to come, it’s entirely possible that fileless exploits will constitute a significant majority of the cyberattacks deployed against all businesses and public-sector organizations, leaving antivirus tools even more in the lurch.
Moving Ahead to Endpoint Protection
Back in 2015, in a guest blog post for Politico, engineer and futurist David Evans estimated that about 127 new endpoints were being added to the internet of things every second, all over the world. More recently, Gartner projected that IoT growth had reached the point at which there would be approximately 5.8 billion endpoints in the global enterprise and automotive markets alone by the end of 2020, marking 21% growth from the previous year.
According to the SANS study “Understanding the (True) Cost of Endpoint Management,” 61% of the respondents said their organizations had more than 1,000 user endpoints, while 5% claimed to have 100,000 or more. And the risk to small businesses is no less real and significant than that facing medium-sized and enterprise-level companies. Per Verizon’s Mobile Security Index 2019, 88% of firms with 500 or fewer workers acknowledged that endpoint security was a serious hazard to their operations, and that it will only get worse.
EDR to the Rescue
EDR solutions emerged as a means of addressing the security issues created by increase in endpoints, IoT-relate or not. They are deployed according to the software-as-a-service model. Rather than continuously scanning the network and its various interconnected viruses for clear signatures of malware, EDR tools monitor user behaviors, looking for actions and operations that are out of the ordinary. This is sometimes referred to as “suspicious activity validation.”
The best EDR tools perform all of the classic functions of their cybersecurity predecessors, but leverage new methods to do so, including the use of artificial intelligence and machine learning. Furthermore, they are not limited to checking for conventional signatures to look for signs of potential malware intrusions; they also examine URLs, IP addresses, file hashes, and other data points.
How EDR from Syxsense Keeps you Protected
Cyber-attackers are not exactly the kind of folks who will limit their intrusions to business hours. Whatever they are up to—from monetary gain to state-sponsored intrusion—bad actors are always on the lookout for weak spots to take advantage of. IoT endpoints are among their favorites. Your organization deserves an EDR solution that is as constantly active—and aggressive—as cybercriminals are.
Syxsense Secure and Manage both provide enterprise users with the sort of always-on protection that is necessary to mitigate the broad spectrum of cybersecurity threats out there today. By allowing for comprehensive and real-time visibility into all endpoint activity, reporting on device inventory, quickly quarantining detected threats, and automatically patching all of your devices—be they Windows, Mac, or Linux—Syxsense solutions represent an efficient and meticulous approach to information-security needs.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.