(Last Updated On: July 22, 2018)
Choose The Right Endpoint SolutionAntivirus is dead. The rate of detection within 24 hours of release of a new malware strain is in the low teens and criminals are deploying new strains every 3-5 hours. Almost every instance of Ransomware in a corporate environment is to attack a computer-running antivirus. This is why endpoint security is more important than ever. With network perimeters secure and valuable data being stored in the cloud, endpoints are an increasingly popular target for criminals to attack – either to hold to ransom, or to steal user credentials and hijack sessions. Modern endpoint security goes beyond malware. Different security vendors have approached it in different ways, but a robust endpoint security solution needs to consider the following:
- Global and local threat intelligence – Files that can be trusted, files that should not be trusted, and files that need additional testing before execution. With billions of computer users around the world, you will rarely be the first to receive a new file. Learn from their experiences to reduce your risks.
- Local sandboxing – With malware changing every 3-5 hours, new files need to be tested in a safe environment before allowing changes in a live environment.
- Behavioral monitoring and shielding – Much like sandboxing, except simulated in a real environment, some solutions can monitor behavior and reverse changes such as unwanted encryption, writing to registry and system configuration files.
- Application whitelisting – Many corporate environments are static enough or high risk enough to justify blocking any activity which is not proven to be safe.
- Forensics data collection and generation – To detect malware-less hacking, an increasing number of solutions are now recording process and memory forensics to detect attempts to compromise an endpoint without using malware.