by Karine Gidali
The U.S. introduced its first stealth aircraft to the world during the Gulf War in 1991 – the F-117 Nighthawk. Its maiden flight was in 1981, but it wasn’t publicized in the U.S. until its appearance in the Gulf War. Stealth aircrafts are designed to be undetectable. The developers used multiple advanced technologies that reduce their visibility and emission of radar.
The same is true for cyber-criminals. They use advanced technologies to create malware in order to take over your network without detection. Attackers in the past almost exclusively sought to use executable files typically used to install malware.
More recently, attackers have turned their focus to utilizing software vulnerabilities. This way, the attacker will lurk in the background while everything looks normal, even though it’s making a connection and preparing to steal data behind the scenes. Attackers can sit in your network for weeks without any detection and then move on without you even knowing they were there – until it’s too late.
Today’s growing threat landscape has made it nearly impossible for endpoint security to stay up-to-date with the known attacks, let alone prevent the unknown ones. But by shifting the focus from the growing number of software vulnerabilities that need to be patched to the tools and techniques attackers use for their insidious work, you can prevent a never-been-seen-before attack and prevent infestation before it starts.
The Advanced Persistent Threat Attacks
Fail-safe prevention traditionally requires prior knowledge of a threat to be able to stop it. Typical endpoint protection scans for signatures, behaviors or irregularities, hoping to catch them early enough to prevent major invasions.
But scanning isn’t effective for advanced persistent threats (APT), which don’t display easily traceable signature behaviors or have morphed to bypass signatures. It’s simpler than you’d think for an attacker to take a known piece of malware and spin it into something new and unknown that will be much harder to detect.
Security efforts usually focus on remediating attacks rather than preventing them because they’re so hard to detect. Attack detection takes 225 days on average, according to the Ponemon Institute. Worse, 84 percent of attacks aren’t detected internally. Data breaches cost companies an average of $200 per customer, according to the Ponemon Institute. And it could take years to repair your company’s reputation.
Detection and remediation do help, but it’s often too little, too late. A better approach stops attackers before they ever breach your network.
Narrowing the Attack Field
This is where endpoint protection takes place. Focusing on the attacker’s weapons rather than the constantly expanding universe of APT variations, you narrow the threat landscape to about two dozen techniques.
Attackers have a strategy. Each weapon the attacker uses must be used in a precise sequence, so eliminating just one, no matter when they attempt to use it, will thwart the whole attack. This turns the focus to the core of the attack—the weapons that make it possible—so it doesn’t matter what or who the attacker is trying to infiltrate.
This approach can function in tandem with antivirus software, but ultimately many organizations will discover that disabling the weapon is the only protection they require. You don’t need to constantly scan for threats that have no chance of breaching your walls.
Because this type of prevention focuses on the basics, it’s also future-proof because it doesn’t require updates. While any industry will benefit from this strategy, it’s particularly valuable for financial services, retail, utility, and oil and gas companies because these systems have rigorous productions or processes making it difficult to update or patch.
Advanced endpoint protection goes from being a headache to an anxiety-free part of your business that enables you to focus on more important things. By targeting attackers’ weapons, companies never again need to worry about being attacked.