My day started recently with a phone conversation that followed a somewhat familiar track. The CISO of a midsized hospital was debriefing me on a security incident that had taken place on his network. Several systems were infected by ransomware and, although the hospital was able to recover its data in this instance, the CISO wanted to protect the organization against future outbreaks.
He mentioned that the hospital runs antivirus software on every device, including the devices involved in the ransomware outbreak. He summed up his frustration by saying, “I thought we were running the latest and greatest product, and we update our signatures every day. What happened?”
The reality is that traditional, signature-based anti-malware software simply isn’t sufficient to combat modern security threats. Zero-day attacks, which exploit previously unknown vulnerabilities, cannot be detected by signature-based anti-malware, because their signatures are unknown. Cybercriminals use these attacks to target enterprises of all sizes and wreak havoc.
We talked about the hospital’s security objectives and settled on deploying a proof-of-concept test that combined two emerging security technologies: advanced endpoint protection (AEP) and endpoint detection and response (EDR). The hospital had neither of these technologies in place, and I was confident that deploying them would dramatically improve its security posture.
AEP uses artificial intelligence to block previously unknown attacks. Instead of relying on security vendors to develop signatures of known attacks, AEP identifies models of normal behavior on endpoints and then flags any deviations from these models as abnormal activity that can be either automatically blocked or further investigated. Deploying AEP in conjunction with traditional anti-malware solutions packs a powerful one-two punch that stops malware before it can gain a foothold on endpoints.