Remote and mobile working gives organizations the flexibility and agility they need to meet today’s operational requirements. Unfortunately, it also creates a multitude of new security challenges.
Cybercriminals are increasingly targeting endpoint devices such as laptops, tablets and mobile phones because they provide a direct route into corporate networks. A 2020 Ponemon Institute study found that more than two-thirds of companies were compromised by attacks that originated on endpoint devices, with most reporting that their endpoint security solutions simply aren’t effective at detecting advanced attacks.
Survey respondents reported that traditional antivirus products miss an average of 60 percent of endpoint attacks, and many legacy security solutions are ineffective against new and unknown threats. The problem is these solutions largely depend on signature- and rules-based defenses that look for known patterns of bytes, functions, hashes or other traits that have been previously identified and indexed as malware. However, it is believed that the majority of all malware variants now have none of those traditional characteristics.
Exposing Stealthy Malware
Malware authors use a variety of techniques to create zero-day exploits that obscure or eliminate virus signatures in order to dodge conventional security measures. According to one study, 98 percent of new malware instances use such tactics for evading detection.
Given the increased reliance on remote and mobile working, organizations clearly need a better approach for endpoint security. WatchGuard is addressing that need by using artificial intelligence (AI) and machine learning to create an endpoint security service based on zero-trust principles.
The Zero-Trust Application Service continuously monitors all applications and processes running on endpoint devices through a cloud-based AI platform, which treats everything as a threat until it has been evaluated and verified. The AI engine uses multiple machine learning algorithms to process hundreds of different behavioral and contextual behaviors in real time. Only apps and processes classified as trusted are allowed to execute on the endpoint device.
Users can choose to run the service in one of two different modes. In “hardening mode,” endpoint agents deny and evaluate all apps and processes originating from outside the organization, including those generated by web downloads, email, removable media or remote locations. In the stronger “lock mode,” all apps and processes are denied and evaluated regardless of their origin.
WatchGuard says the AI system automatically classifies 99.98 percent of all running processes, with the remaining .02 percent manually classified by the company’s malware experts. This approach minimizes the number of false positives or false negatives. Since it is a fully automated service, it does not require any input or decision from the end user or from security analysts or IT teams.
The service is included with WatchGuard EDPR, a comprehensive endpoint detection, protection and response solution that combines multiple traditional and advanced security measures. In addition to continuous endpoint monitoring and zero-trust classification, EDPR includes a threat-hunting service that uses advanced analytics and threat intelligence to actively seek and disrupt threats in advance of an attack.
The continued reliance on a remote workforce will require organizations to secure an ever-increasing number of endpoint devices that connect to the corporate network. The application monitoring service in WatchGuard’s EDPR solution can help you establish a zero-trust security model that can protect you from a variety of advanced endpoint threats. Contact us to learn more.