Wednesday, September 12, 2012

Antivirus alternatives: Evolving enterprise endpoint security strategy

It's easy to see why so many savvy information security professionals are skeptical about the effectiveness of enterprise antivirus systems. Today, most malware is dropped directly onto enterprise endpoints without much effort on the part of attackers. Studies have shown that a fully updated antivirus package is only about 50% effective at guarding against malware and is almost useless in preventing zero-day attacks, which are becoming increasingly common.

 Malware writers are getting smarter and their viruses more sophisticated. Criminals are using encryption in their malware, along with robust business models that include quality control checks, license keys, upgrades, support and marketing. The bad guys take beating antivirus programs very seriously, and so should we.

A standard antivirus package is no match for today's malware because it is based on signatures. Having to keep thousands of antivirus clients up to date with the latest signatures is also something that becomes an issue; as AV signatures age, their effectiveness declines. This is just a cat-and-mouse game we play with cybercriminals that they are winning. In fact, most attackers test their malware against common antivirus products before ever employing it to ensure that the malware can get through. Although antivirus is still a needed layer in the defense-in-depth paradigm and demanded by many regulations, any organization that relies on antivirus alone for its endpoint protection has cause for concern.

Consider the path a malicious file normally takes before it arrives at an endpoint: The file is sent from the malicious source and makes its way through the Internet, onto the network, through a company's systems, and eventually onto its endpoint. Along this path are multiple opportunities within the network to catch this traffic and stop it before it causes a breach or infection.

Throughout this article, we'll look at each one of these locations in the network and propose a few technologies that can assist with the process of implementing a new endpoint security strategy for stopping malware before it strikes.

Antivirus alternatives: The cloud layer

The cloud has a scary reputation when it comes to storing data, but cloud computing can be especially helpful from an antivirus perspective. Many antivirus vendors now offer services in which they combine intelligence from tens of thousands of customers, partners and even other vendors to better pinpoint potentially malicious activity. The knowledge enables a more predictive form of protection from malware before it even hits a company's network.

When attempting to stop malware from infecting an endpoint, it should be stopped as close to the source as possible; the fewer layers it penetrates, the less likely it will get anywhere near an endpoint. There are only so many new signatures, antivirus or otherwise, that can be pushed down to a multitude of endpoints. If malware can be stopped in a choke point once, it would free up these nodes. Using cloud-based systems as part of the antimalware infrastructure reduces the number of malware instances that make their way to the local network.

Services like those provided by FireEye and ValidEdge allow traffic to be scanned for malware before it hits the network. These providers' services rely on appliances that are in tune with similar systems and work together against known recent attacks. This allows for quicker and more comprehensive protection before potentially malicious traffic enters into the network. In essence, the cloud allows many systems to globally share intelligence to stop malware.

Read the rest of my article for SearchSecurity.com at: http://searchsecurity.techtarget.com/tip/Antivirus-alternatives-Evolving-enterprise-endpoint-security-strategy?utm_source=twitter&utm_medium=social&utm_campaign=searchsecurity_mpascucci_09042012_1PM_tip

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete