When traditional security doesn't cut it anymore

null

Threats have evolved considerably over the past couple of years, both in sophistication and numbers, allowing threat actors to dodge traditional security defences and penetrate infrastructures and organisations. Motivated by financial gain or political views, cybercriminals are no longer single individuals looking for self-glorification, but cybercriminal groups that are very skilled, highly funded, and that sometimes act as software outsourcing companies offering services to the highest bidder.

The gap between traditional security and cybercriminals has been constantly expanding. Only through new and next-generation security layers can the cybersecurity industry overcome these challenges and not just block threats, but also focus on preventing, investigating and responding to them. While traditional cybersecurity tools focused on preventing known threats, the next-generation protection platform is all about continuously monitoring for signs of suspicious activities associated with advanced threats, offering tools needed to perform a forensic investigation that can help identify potential security lapses in your infrastructure, and being specifically built and optimized for virtualisation as well.

Digitilization haunted by the past

The power of digitalization and the cloud has been fueled by virtualization and the ability to share physical resources – computing, networking, and storage – across multiple virtual workloads. While this brings the tremendous benefits of lower operational costs, agility, and scalability, new security challenges have emerged that traditional security solutions were not built to handle.

For instance, because virtual workloads have a limited amount of resources, traditional security solutions proved “heavy” and resource intensive, denying any of the benefits that virtualization should have brought forward. One of the biggest problems encountered by traditional security solutions in virtual environments was the issue of “AV storms”. This happened when the security solutions would all start to perform updates or scans of the virtual workloads at once, effectively rendering them inoperable throughout the entire process.

While digitalization introduced a new level of visibility, control, and management over virtual endpoints, traditional security solutions were never designed to be centrally managed by IT and security teams. They were simply designed with an install-and-forget mindset, leaving security experts in the dark regarding their effectiveness within the infrastructure. This meant a data breach or infection could have easily occurred on one or more endpoints within the organisation, and IT and security teams would have no way of knowing about it unless it either became disruptive or affected systems would become completely inoperable.

Security enables digitilization

Security that enables digitalisation had to be built from the ground up to support the same benefits that cloud and virtualisation offered: agility, performance, and scalability. Consequently, regardless of whether infrastructures had physical or virtual endpoints, the next-generation protection platform would have to automatically adapt to those environments, diverse operating systems, and hypervisor technologies, in order to cover the entire infrastructure with the same security capabilities without compromising on performance. 

With threats becoming increasingly sophisticated and leveraging everything from zero-day vulnerabilities to fileless malware and military-grade cyberweapons, a next-generation security solution has to ensure attack surface reduction by enabling IT and security teams to tightly control applications, the type of content being accessed by employees, and even the ability to patch critical vulnerabilities by applying the latest security updates and fixes.

While traditional security focuses on detecting threats as they’re executed, detecting them during pre-execution via machine learning algorithms process inspection and even sandbox analysis is mandatory when defending organisations against advanced and sophisticated threats. 

The major benefit of a next-generation protection platform is that it should have a layered approach towards security, enabling hardening and control, pre-execution detection, on-execution and post-execution detection, automatic actions, investigation and response capabilities, and also reporting and alerting, all working together to increase the overall cybersecurity posture while offering greater visibility into threats, across the entire infrastructure. 

Focusing on prevention not detection

Traditional security solutions were built for detecting threats, both known and unknown, but not for preventing them. Next-generation protection platforms have additional layers that include hardening and control, for one. This prevention layer is tasked with enabling IT and security teams to patch potentially outdated software, encrypt data stored on endpoints, prevent unauthorized external storage devices from being plugged in, detecting phishing and fraudulent websites, and even control what applications should or should not be installed on endpoints. Since these are the most common attack vectors used by threat actors, this prevention layer is unique to next-generation endpoint protection platforms.

New laws and legislation, such as GDPR, require organisations to set in place the technical capabilities to investigate potential security breaches and report them to customers within 72 hours. Having investigation and response capabilities built into the same endpoint protection platform enables IT to do much more than just quarantine, disinfect, remove, or roll back changes done by malware, but also isolate potentially compromised networks, detonate potentially suspicious files in controlled environments, and even visualize the entire timeline of events that lead to an infection, starting from the second it reached the organisation.

Next-generation endpoint protection platforms are more than just traditional security solutions – they have additional security layers and EDR (Endpoint Detection and Response) capabilities. With an ease of management and visibility driving these capabilities, organisations can instantly take action against new and unknown threats, before they turn into full-blown data breaches. 

Liviu Arsene, Senior e-Threat Analyst at Bitdefender