Although they were once considered reliable and accessible, traditional AV (anti-virus) programs are now considered by many to be dead or obsolete, due to the sophisticated and evolving nature of modern cyberattacks. Gone are the days of simple “endpoint” protection, based on traditional scanning and screening methods for the detection of malware. These kinds of anti-virus and anti-malware softwares are able to detect only a fraction of potential infections. According to FireEye, 82% of all malware only stays active for an hour and 70% of all threats surface just once before disappearing, meaning AV programs typically cannot catch it.
In recent years, scanning and screening for malware has evolved to become a more complex process, creating a need for more reliable software. Likewise, hackers too are becoming more sophisticated when designing malware to bypass detection. According to Symantec, 28% of malware are “virtual machine aware,” which means the malware can not only hide itself but also stop itself from executing if it detects it’s in a virtual machine (in a case like this, an advanced sandboxing application would come in handy).
Many organizations are therefore looking into advanced endpoint protection security solutions. So what is AEP? AEP has often been described as a “ category of security products that has emerged in response to traditional endpoint products’ inability to detect and block customized malware and unknown exploits.” To break it down a bit further, endpoint protection refers to the approach of protecting a network by securing endpoint devices like laptops, tablets, smartphones, and other wireless devices that are connected to a larger network. These devices often introduce new entry points for hackers to exploit. It becomes necessary to protect these endpoint devices to supplement existing security software that safeguard the network.
The term “advanced” refers to the ability of these products to secure endpoints against known and unknown attacks, including malware and exploits, before they can compromise a system. Most AEP products are typically offered as integrated solutions with the following capabilities: anti-malware, personal firewall, and port and device control. So, why is endpoint security so important to a business’ cybersecurity strategy?
One reason is that businesses are adopting new strategies to increase cost-effectiveness, like using cloud security services and implementing workplace policies like BYOD, which govern how employees’ personal devices connect to corporate networks. Because these endpoint devices can become targets for hackers to infiltrate a network system, they should meet basic security standards before being granted access to the network. Likewise, other entry points should also be properly secured.
Ideally then, an AEP product should provide multiple layers of protection. For example, one AEP platform may offer: sandbox application to auto-run unrecognized processes and applications in a restricted environment; antivirus to remove malware and viruses; firewall to detect and block malicious network traffic; behavior analysis application to monitor potentially harmful activity; and more. These work collectively to protect the entire endpoint environment.
AEP may be a relatively new concept but its components are not. While there is no one AEP product that can do everything, organizations should first identify which threats are most prevalent to them and prioritize addressing them. Organizations aware of the different cybersecurity strategies and diverse AEP platforms out there have a better chance of surviving in the evolving threat landscape that is currently being plagued by sophisticated attacks including malware that is “virtual machine aware.”