5 Things Everyone Gets Wrong About Anti Virus

Security

5 Things Everyone Gets Wrong About Anti Virus

It shouldn’t be news to anyone that cyber threats are on the rise. As advanced hacking techniques continue to proliferate in the wild, the requirement to have an effective security solution has never been more pressing.

With the market awash with vendors making bold claims, and news stories making even bolder headlines, it can be hard to separate the fact from the fiction. If you’re new to offering endpoint security, here are five basic things you need to know to ensure that you get right about the options available.

1. Viruses Aren’t the Only Threat

Security threats have evolved beyond all recognition from the early days of the computer virus, but most security solutions still carry the term “anti-virus” in their name, which is really something of a misnomer in the modern threatscape.

The reality is that cyber attacks take many different forms that have nothing to do with being a virus, and they can range from the indiscriminate to the highly targeted. These include ransomware, spear-phishing, drive-by attacks and both software and hardware vulnerabilities that can lead to loss of customer and corporate data. Attackers are now even weaponizing machine learning to produce highly-targeted campaigns, at low cost to themselves.

Also, don’t forget that threats can come from within; disgruntled employees know the weaknesses of your system better than any outsider. Good endpoint security needs to be able to detect bad behaviour no matter the point of origin.

2. Malicious Files Aren’t the Whole Story

Most people think that security software works by scanning files on the local computer and deciding whether they are malicious or not. Like the term ‘anti-virus’, that’s a bit of an old-fashioned way of thinking about it. Although there are still legacy AV programs that primarily work in that way, even they will usually offer some additional functions such as blocking malicious websites or detecting excessive use of resources typically used by ransomware and crypto-miners.

However, for truly effective protection, you should be looking at security solutions that do more than that. Today’s cyber criminals are able to leverage fileless attacks, change DNS settings to re-route your network traffic and inject code into legitimate processes. A legacy AV solution that primarily focuses on scanning for malicious files is, like last week’s soup, well past its sell-by-date.

3. Trust Is a System Weak Point

As we hinted in the previous point, untrusted software is not the only danger to the endpoint. Even first-party and established software brands can be leveraged to breach a system.

While MS Office Macro attacks have a long history, Macro-less attacks such as DDE can exploit vulnerabilities that will bypass many security solutions because they appear to be coming from trusted applications. Similarly, most businesses will likely have a need for legitimate PowerShell operations, and yet PowerShell-powered attacks are becoming increasingly common. You need a security solution that’s smart enough to allow PowerShell to maintain your productivity, but also able to ensure that it can tell the difference between malicious and legitimate behaviour.

Modern malware can also run without interference on many systems running AV solutions if it is able to operate with system-level privileges, whether through a privilege escalation vulnerability or other methods of infection. This is because many AV packages take the wrong approach by granting trust by identity, rather than by behaviour. When security solutions take this kind of “whitelisting” approach, the endpoint is left vulnerable to supply chain attacks and fake certificates.

4. There’s Power in Simplicity

Security software doesn’t have to be hard to use, and you shouldn’t have to be a security expert to manage it. Unfortunately, a lot of security software gives business owners just that impression, overcomplicating things with diagnostic tools and components that require specialist training courses to master. Be sure to choose an endpoint solution that minimizes maintenance tasks, presents a clean, easy-to-understand interface and provides one-click remediation.

You want a solution that anyone in your team can quickly learn and operate. It’s important for business continuity that knowledge of your security solution is not tied to specially-trained members of staff. Who knows how long before they move on, taking their expert knowledge of your security solution with them?

5. Security Is a Mindset, Not a Product

Probably the biggest thing you can get wrong about AV software is believing that it can solve all your security issues in one fell swoop. Threats come in many shapes and forms: from indiscriminate ransomware attacks to disgruntled employees. What’s your plan of action when (don’t think “if”) a breach occurs? How will you respond? Failure to have a response plan in place could mean greater damage to your customers, your data and your reputation.

Main Takeaway

Ignore the stereotype of sophisticated cybercriminals targeting billion-dollar businesses. Most attacks are opportunistic and target not the wealthy or famous, but the unprepared. According to a 2018 SentinelOne survey of US companies, 56 percent suffered a ransomware attack in the last year. Given that the majority of organizations will be hacked over their lifetime, it is incumbent upon organizations to have a fallback position.


Network Security

How to Combat Ransonware Viruses

Network Security

Sitting around the family table last night, our discussion turned to network security. Why? Because it affects everyone from my 83 year old father using his iMac to my 16 year old nephew gaming in his basement. My brother in law, who works as an M&A consultant is concerned as is my sister the HR executive. We seem to be surrounded by cyberthreats – that are more real than perceived. The Internet is a nasty neighborhood that we all pass through daily. It is a crime ridden and dangerous Gotham that we are all stuck in, you need to know how to act.

Just like evolution from viruses, to botnets and malware families that we’ve seen over the past decade, bad actors continue to find new ways of reinventing old threats. Today, the top trend in modern malware is the proliferation of ransomware. Ransomware has come a long way from the non-encrypting lockscreen FBI scare warnings like Reveton. In 2016, there has been a constant flow of new ransomware families popping up, like Locky, Cerber, Madeba and Maktub, and this is only expected to pick up steam over the summer. Ransomware is very damaging.

 

Install the latest patches for your software, especially Adobe, Microsoft and Oracle apps

A common way in for ransomware is via exploit kits, like Angler. These bundle many application vulnerabilities into one kit, and try drive-by exploits for each one in sequence. The more your apps are outdated, the more likely, some of these exploits might work and infect you with ransomware.

Use network protection

A very important part of a comprehensive security strategy is to use network traffic monitoring system that is based on machine learning and behavior analysis. As most of these attacks come in via internet channels, make sure your network protection can parse and analyze both email and web traffic.

Use a comprehensive endpoint security solution with behavioral detection

The endpoint (user’s computer) is whether the ransomware infection takes place. So it is important to use a modern security solution here as well, with a signature-less approach. Signature-less approach, aka behavior detection is the only way to catch zero-day threats, that are new and do not have signatures written for them yet.

Turn Windows User Access Control on

Windows has added this security feature to help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you’re doing tasks that can be done as a standard user, such as reading e‑mail, listening to music, or creating documents, you have the permissions of a standard user—even if you’re logged on as an administrator. Take full advantage of it.

Be skeptical: Don’t click on anything suspicious

Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether. As most of the infections come from user action – opening attachments or visiting websites, being vigilant is the most effective way to minimize damage.

Block popups

Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.

Override your browser’s user-agent

As some exploit kits use your user-agent to tailor the write exploit for your operating system, it pays to trick them by setting the wrong user-agent  on purpose. For instance, when using Firefox on Windows, set your user-agent to say “Firefox on Linux” to confuse malware redirectors and exploits.

Use security content to detect ransomware

You’ll never entirely be able to stop people from opening a malicious email and being tricked into clicking on a phishing link. That act can open a single file that begins acting like a worm and starts propagating through your IT infrastructure or through that of your organization and wreak havoc. It’s critical to have great content so you can start detecting these bugs and squash them before it becomes a problem.

Solid threat intelligence is key

It’s critical that you know who your adversaries are – who these groups are, what ransomware they’re using and what versions, as well as what command and control infrastructure is being used by various groups that are making those calls. It’s also important to understand what the indicators of compromise are so you can set up security content to detect it as your system is being infected.

Don’t underestimate the value of continuous monitoring

Look at security vendors with a “products + services” approach. Market-leading security technologies are critical but combined with 24×7 monitoring by security experts is the best approach to securing your IT infrastructure and stopping threats like ransomware. If you have an 9-to-5 business and no one is watching your shop at night, that’s a lot of hours for a malicious bug to move through your IT infrastructure.

Have a robust, in-depth backup plan

Before your company is attacked by ransomware, it is important to have an existing backup plan in place so you can access your data. It’s imperative that an organization’s backup strategy include offline backup, this may require manual processes, but any online backups will be encrypted by attackers, making it useless to the victim. Know the pain points of restoring and recovering data, and make sure that your plan accounts for those pain points. It is important to classify your systems and data when creating your backup plan. Keep in mind which systems and data are most important to your organization and put extra care around the most critical systems in your infrastructure.

 

 


Click hear fool

Request your Free Network Evaluation