Webroot: Evolutions in endpoint security

The threat landscape has been rapidly evolving over the past few years, largely driven by an expansive and mature cybercrime-as-a-service (CaaS) ecosystem.

Services range from rapid trojan development, access to infected PCs and C&C hosting, all the way to the liquidation of stolen information.

These services all play a contributing role to the year-over-year growth in both the volume and complexity of today’s modern threats, as well as the increasing ineffectiveness of traditional endpoint security solutions.

One of the key challenges endpoint security products face is that of awareness.

Traditional technology has placed an intense focus on blocking malware before it can execute on a system being protected.

This is largely achieved through being aware of a specific malware variant or family, or heuristics which detect malicious behaviors.

Unfortunately, tools designed by and for cybercriminals have made large scale rapid development of new malware variants trivial.

In combination with rapid variant development, variants are distributed in very low volume which decreases the chance of being discovered by security vendors.

The end result is that many infections are not blocked up front and end up going unnoticed indefinitely.

Collective intelligence and remediation

To combat cybercrime’s effective malware distribution tactics, endpoint security solutions are adding a number of new innovations.

One such advancement has been to enable endpoint security solutions to be more aware of the system being protected, as well as all systems being protected.

In what is known as a collective intelligence model, endpoint security products are able to collect information from every endpoint, specific to encounters with new applications, and correlate that data in the cloud where big data analytics assist researchers in identifying emerging threats.

By enabling endpoint security solutions to be sensory and discovery nodes, it ensures that encounters with very low volume and targeted attacks are observed and subsequently classified.

Additionally, this model has the added benefit of becoming smarter every day and more aware with every new endpoint deployment. Another key innovation in endpoint security is the method for handling remediation.

Traditionally, remediation is tied to the research process which identifies a threat.

Based on how that threat behaves during the classification process, a remediation routine is created to disinfect a system where that threat is detected. Unfortunately, and again largely due to a robust CaaS marketplace, tools and tactics are widely available which make remediation of today’s threats very difficult.

These tactics include randomised installation, geo specific payloads and automated virtual environment detection. Again, the end result is that infections are much more difficult to remove.

Innovation in this space again ties to enabling the endpoint security software itself to play a bigger role.

As each endpoint is aware of the system being protected, it can also monitor what changes occur when new applications execute. In this way, there is no longer a tie between the research process and remediation.

Each endpoint monitors the system being protected and records system changes by new and untrusted applications.

This greatly improves remediation and ensures all changes are reverted, whether they are file payloads, encryption or registry modifications.

As cybercriminal tactics continue to evolve, so must the technology we trust to defend our systems.

By Grayson Milbourne, security intelligence director, Webroot

Follow Us
on Google+

Hilton Auckland

As more and more conferences and events arrive in New Zealand, the opportunity to gain knowledge and build networks becomes better every day. Conferences can be hard work, and there’s nothing like retiring to a nice hotel room at the end of the day to relax and rest. But how do you turn a night in a hotel room into a lesson in building brand loyalty?   Read More →

Android App Review: Vimeo

NetGuide I review a lot of apps that, for one reason or another, aren’t that good. But it’s rare to find one that’s actually irredeemably broken. Video sharing website Vimeo’s app, however, is closer than it should be for an app with such obvious potential.   Read More →