The Opportunities with Layered Security
The malware ecosystem has changed drastically in the past 10 years, to the point that the old precautions are just no longer enough. Here are the three top reasons for this:
1. You don’t have to click to get hit. In the past, it was sufficient to simply avoid clicking on suspect links or to visit a hacked sites. This is no longer the case because of new attack vectors like malvertising. In a malvertising attack, a legitimate site unknowingly pulls malicious content from a bad site, and the malicious content seeks ways (often exploits) to install itself on the computer. These attacks are called “drive by downloads.” Just by visiting a good site on the wrong day, a computer is at risk of getting infected.
2. Traditional antivirus response times to new threats are too slow. According to data compiled by Panda Research, traditional AV only stops 30-50% of new zero-hour malware when it’s first seen.
Some AV solutions can take up to 8 hours to reach even the 90% level, with the majority needing a full 24 hours. And it takes them a full seven days to get to the high 90’s. That’s a whole lot of time to be missing protection!
A recent study by the Enterprise Strategy Group showed that almost half of the enterprises polled had suffered a successful malware attack even though they were running anti-virus.
3. Exploits are everywhere. Many software products, notably including Java and Flash, were designed in an era when computer security was not a serious concern. And the worst part of exploit based malware is that the time from the initial exploit to detection and remediation – is on average almost a year.
At Malwarebytes, we believe in what’s called a layered approach to security.
The layered approach is just like using a seat belt and an airbag – they both help protect, but they work in different ways. In layered security, you don’t put all your eggs in the AV basket – you use multiple types of defence, each of which has its own strengths, and does different things.
An anti-malware program is a zero-day focused, lightweight product that works with traditional anti-virus product to block threats that AV misses.
An anti-exploit program takes a different – yet still complimentary – approach.
While anti-malware concerns itself with the what – files, URLs, domains, and so forth, anti-exploit worries about the how. How is a particular application behaving, and is it only performing actions which are expected?
Using advanced behaviour analysis, anti-exploit can stop a compromise at the beginning of the attack chain, rather than waiting until malware is already installed.
Attacks and data breaches are a numbers game. It’s not a matter of if, but when, a company will face a new and unfamiliar threat. The outcome may be decided by their understanding of the fundamental differences between antivirus and anti-malware, and the importance of a layered security approach. Read the Layered Security Infographic to familiarise yourself with the challenges companies face today, what layers they need and the how you as a reseller can help them. Download a free trial of Malwarebytes Endpoint Security to see the product in practice.