365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
Cyber criminals are constantly changing their tactics to trick existing protections on PCs. Old techniques no longer work, and developers regularly devise new methods. It's a merciless contest.
Protection of office and employee PCs and laptops remains the main focus of corporate security efforts. Detection and defense against viruses, malware, and other malicious software is at the heart of security precautions. This is true not just in the office but also in the home office. The range of endpoint protection software is correspondingly extensive.
The programs formerly known as antivirus software have evolved. For a long time, the approach was to create a kind of checksum for every malware found, a so-called signature. Collections of these signatures were distributed to customers in regular updates. However, this procedure took too long, and it was later replaced by a continuous update from the cloud. Now there was a large database on the providers‘ central cloud servers with all the signatures discovered, which could be queried by clients at any time. However, according to the Federal Office for Information Security (BSI), more than 300,000 new malware variants are now discovered every day, which means that signature models are reaching their limits. In addition, attackers generate their own variant for each targeted computer on demand, and signature methods are then powerless.
There are also advanced techniques like fileless malware, also known as memory-based malware. Instead of downloading a file for execution, the malware is simply loaded into memory and executed immediately. This means that it can evade any file scan and remain undetected by that traditional approach. However, this software must be reloaded from the network or executed by the user every time the computer is restarted. This method therefore only works as long as the exploited vulnerability remains. In the meantime, however, attackers have developed sophisticated methods to counteract it.
Another danger that endpoint protection systems are often helpless against: Zero-day attacks. The vulnerabilities exploited in these attacks are typically not yet known, or no patches exist for them. As long as this state persists, attackers have an easy game, because software that relies on threat signatures doesn’t catch them. These threats, which usually arrive without warning, are ever-growing and account for a significant part of all attacks on endpoints.
Manufacturers of protection software see the solution to this dilemma in artificial intelligence. Smart algorithms are able to recognise unusual events on their own, including unusual user actions and suspicious file access. A classic example is ransomware, which encrypts files. The corresponding operations on the file system are conspicuous and so they‘re easy to identify.
However, the AI algorithms used are mostly limited to simple procedures like pattern recognition, because a PC isn’t designed for complex AI calculations. For one thing, these operations take too long, so malware could no longer be detected in real time. In that case, considerable damage may already have been done before the malware could be eliminated. On the other hand, security software can also place such a strain on workstations that system performance is impaired. That’s why tasks are often split up, and complex analyses are moved back to the cloud.
More information on the subject of endpoint protection can be found in this article.
Author: Uwe Sievers
