End-point security has been around for a long time; it was created to combat malicious software (malware) designed by Cyber Criminals to harm devices, networks or services. It started in the late 1980s with anti-virus software. It would require, an IT professional to install the software on a machine that would scan all data crossing the CPU for patterns or signatures of known malware, referred to as fingerprint detection. The software would search for changes in systems or applications that matched the patterns of 1’s and 0’s of known viruses; intercept it and act against it by quarantining or deleting it to block it from running on the system.
Fingerprint detection is vulnerable because there are too many ways around it, and anti-virus software only stops known malware. In today’s world, malicious hackers can do several things that will bypass fingerprint detection by encrypting the 1’s and 0’s, making the virus undetectable. Therefore end-point security is always evolving to keep up with the changing times, and the landscape of end-point protection is becoming more complicated.
From Endpoint Anti Virus Software to the Cyber-Onion Approach
With the growth of the internet, malicious attacks became more frequent, elaborate and harder to capture. Fingerprint detection was not enough. Yes, it was able to detect the viruses as they were happening, but there was no information on how it affected the computers or the network. Corporations could no longer rely on anti-virus software alone; multiple security products with different functionalities would need to be used in conjunction to help protect their machines from threats. This has been referred to as the cyber-onion approach, implementing overlapping layers of protection and visibility encompassing all threat landscape areas.
Introducing additional security layers that can handle the new complexities of malware is a solution. Still, it creates multiple management consoles that, at times, leave IT departments with patched products that have little to no integration with one another. Organizations could lose the ability to see potential threats and protect themselves from attack.
Taking a retrospective glance through the history of end-point security, we better understand how malware has evolved and what we need to do to protect our organizations from it. As technology advances, we aim for a singular, consolidated platform to monitor, report, protect, and remediate, leaving little room for hackers to access a network.
The Evolution of Endpoint Security
Anti-virus software was the first steppingstone in end-point security; it was created to detect and contain or remove viruses from computers. As we reached the end of the ’80s, we started to see software that worked faster than traditional methods.
An example of this software is Norton Antivirus; introduced in 1991, it used signatures and heuristics to identify viruses. It is one of the more notable software of the time as it created a solution to the prevalent problem of corporate PC infection in the ’90s.
However, with the rapid spread of malware in the early 2000s, we began to see the limitations of anti-virus software on its own. Organizations were struggling to prevent infections as there was a delay in identifying new forms of malware. The complexity of determining whether a file was malicious could take time, and usually, by the time the signature was determined, the malware had already evolved.
Fast forward to current times, and we have seen a move into EDR (Endpoint Detection and Response) software, which incorporates AI algorithms and cloud-based analysis to determine whether the software is malicious. End-point Detection has become more about how the data crossing the CPU came to be and how it affects the network. Not only is it protecting the system, but it’s investigating and reporting on incidents and threats.
With a product like Crowdstrike installed, you might get infected by ransomware, but the software would look at it and say, “this fingerprint looks like ransomware; I am not executing that.” The hope is that it would protect against it, but the reality is it might not. It could be a new version of malware, and the end-point would become infected. When using EDR software, it will see at a network level that the end-point is infected and will lock down all the other machines on the network to avoid becoming infected by that fingerprint. It actively prevents a virus from occurring on different devices.
As security software becomes more refined, the strategies malicious hackers use to overcome our protection continues to advance. Organizations turn to multi-layered approaches to create a unified solution using end-point protection and additional layered security measures to resolve an abundance of threats. Multiple tools mean increased administrative overhead and margin for error, as there is less visibility in one place.
With the rise of (BYOD) bring your own devices, IoT and a remote workforce, there are more end-points than ever to manage. It is no longer enough to install anti-virus software alone on each device. With employees being the weakest link in the cybersecurity fight, the trust element is not enough. Various studies have been done that show 70-90% of breaches have derived from an end-point. Offering cybersecurity training programs that target employees; educates them on avoiding phishing attacks and opening unknown emails.
Companies are beginning to move towards machine learning-based AI systems that can make much better decisions instead of “does this fingerprint match.” Artificial Intelligence can calculate millions of risks per second, allowing a machine to gather data and learn from it to recognize large scale cyber-attacks.
We expect that AI will become much more aware and much more complex in the future. Most would agree that the success of machine learning-based AI lies in the cloud. Using cloud servers makes the ability to find, learn and protect against malware quicker, easier and more affordable. Conventional servers are not large enough or fast enough to review the data and create the framework to detect and protect against malicious attacks.
Make Sure Your Protected
Fusion Computing offers a modern approach to Cyber Security with overlapping layers of protection and visibility encompassing all threat landscapes. Fusion is ready to help with all your cybersecurity needs, whether it’s SIEM, SOAR, Threat Intelligence, EDR or full cybersecurity management.
End-point protection has become more about all the devices and evolution as every person has laptops, phones, or smart homes. All these devices are susceptible to being hacked. In the modern world, we use the internet of things (IoT) end-point protection. We see end-point security going past the phones, tablets and the computers and hitting the IoT. The future is now about protecting all the end-points in the environment. It’s about looking at the broader network and putting tactics in place. Products such as Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) software can look at things in the context of the whole network and make decisions before a human needs to be involved.