If you’ve heard the terms “NextGen Malware and Antivirus Protection”, you might think they were made up by a marketer who had a few too many lattes — but this type of security truly takes it up a notch from more familiar offerings. Today’s cybercriminals are becoming increasingly savvy and are finding ways to short-circuit or completely bypass traditional protective measures. These well-organized criminals understand white hat security procedures. They are tracking the activity of your key business leaders online or on social media. They are developing malware and viruses that can mutate to avoid detection. And make no mistake: these hackers can bring your business to a halt in a matter of hours by limiting access to your important business data or trashing crucial systems. Here’s what you need to know about the next generation of tools that cybersecurity professionals are developing to combat this escalating threat to America’s businesses.
What are these dangerous and slippery lines of code? They’re developed specifically to circumvent or defeat your security processes and procedures and are becoming extremely effective at doing their job. Traditional antiviruses are often blocked before they are able to cause a great deal of mischief, but this new generation of threats requires some next-level tools for protection. Ilan Sredni of Palindrome Consulting shares: “Advanced threat protection has changed its nature. Using artificial intelligence tools that can understand any type of malware will be the standard and the only way to stay ahead, if not current, with the threats”. Early on, threat actors figured out ways to leverage the most basic of business software, such as Microsoft Excel and Word, in order to deliver their nefarious payloads. Software engineers and security professionals grew savvy to these tactics — causing a new wave of threats to come to the forefront. As the threats continue to evolve, cybersecurity professionals will need to remain diligent if they want to protect their organizations. As endpoints become more amorphous, cyber attacks increasingly take advantage of the slipperiness of maintaining security on mobile phones, WiFi locations and other potentially risky endpoints.
While it’s difficult to tie down a single definition for “NextGen” in terms of antivirus protection, this term is often used to describe strategies and products that provide a more comprehensive and scalable approach to preventing this type of attack. This system-centric approach often leverages machine learning to improve protection capabilities, uses cloud-based computing to scan for threats and unusual actions, immediately begins resolution without requiring direct input and provides a more comprehensive set of data that can be analyzed to determine the duration and extent of a breach or hack. These forensics are particularly important as organizations seek to shore up any holes in their security grid to prevent other attacks in the future. Traditional antivirus protection is proactive to some extent, in that it is continually scanning for known signatures and performing heuristic analysis. The next generation of malware is quite crafty in the way it interacts with your systems.
According to Don Baham, President and CEO of Kraft Technology Group, “Polymorphic and metamorphic attributes of malware are harder to detect and prevent, and more dark web marketplaces are providing access to malware code. Together, this has resulted in a greater number of hard-to-detect malware variants attacking our enterprises”. Defining the difference between metamorphic and polymorphic malware starts with understanding the root of the terms: “Metamorphic viruses are considered to be more advanced threats then polymorphic malware because the internal code and signature patterns are changing with each with iteration, making metamorphic malware impossible to be detected with signature-based endpoint tools,” Sredni shares. Protecting against this type of malware requires reaching beyond a simple monitoring program and defining endpoint security solutions that will monitor for abnormal activity, analyze what rogue programs are attempting to do and either halt the activity or actively alert an admin. “Since this type of attack can happen rapidly, it’s crucial that your solution is able to report this newly learned behavior to other endpoints in the enterprise to help mitigate the spread of the malware,” notes Baham.
For information on protecting against this type of advanced threat, we turn to Keith Marchiano, Director of Operations for Kyocera Intelligence. “Your first step is to implement a password policy to have your end user passwords changed every 90 days. Having your server and network passwords changed as frequently is challenging. Second, implementing 2-factor authentication for anybody trying to log into your server or network is recommended. Third, implement a multi-layer plan for security- antivirus, malware/spyware/ransomware protection, and cloud DNS security to protect the network. Fourth, implement mandatory security training for all employees. Finally, have a disaster recovery/business continuity solution that will detect ransomware attacks and allow your network administrator to restore the network to the time prior to the attack. Taking this approach will improve your security and ensure if you are attacked, that you can restore without loss to your data or major damage to your company’s reputation. All of these steps can be implemented rather quickly without interruption to your business”.
Creating a holistic approach to security starts with a firm understanding of the threat landscape, something that you simply cannot gain overnight without assistance. Your business is depending on you to reduce the risk around malware and viruses — are your solutions and technology team ready to rise to the occasion?
Published On: 24th May 2019 by Ernie Sherman.