FEATURE: REGIONAL CYBERSECURITY
IF MALWARE OR A HACKER IS
CONTAINED IN A SECURE VIRTUAL
CONTAINER THAT CANNOT
ESCAPE FROM OR BREACH THE
COMPANY, CONFIDENCE INCREASES
EXPONENTIALLY.
favor of the malware writers. The previous
generation of NGAV products, using their
algorithms, could accurately detect that
when approximately 20% of code in a file
changed, it was malware.
Now with metamorphic malware – the
changing code can be over 80%, making
it almost impossible to detect, predict and
defend against. The difference is quite
simple to visualize. The NGAV products were
excellent at detecting a ‘leopard changing
its spots’, but now, the leopard transforms
into a lion, which if cyber-protection is
looking only for leopards, makes it very, very
difficult to detect or predict.
EDR and MDR
In recent times we have seen explosive
growth and adoption of EDR (endpoint
detection and response) and MDR
(managed detection and response) products.
These often include NGAV, although
vendors accept that they cannot detect or
automatically defend against the latest
(metamorphic) threats so they include
monitoring, management and response in
their technologies.
Depending on the product, the vendor base,
their capability on monitoring and tracking a
breach after it has occurred, and then trying
to put in place a series of kill points where
the organization will be able to stop and roll
back from an attack.
And they are very effective. The challenge
is that as the attackers and hackers
leverage more AI and Machine Learning
technology to evade detection – will an
EDR/MDR product be able to detect the
breach in a timely manner, and then roll a
business back with minimal to zero impact
to the organization?
Containment, isolation and
sanitisation
The future of endpoint protection is
surprisingly simple, powerful and affordable.
According to Verizon last year (2019), 94%
of all data breaches start with email.
Imagine if every time a user browses the
Internet, clicks a web link, downloads a file,
opens an email attachment or clicks a web
link in an email – that session is opened in
a secure, virtual container that is almost
invisible to the user and malware simply
cannot escape from the container to infect
the organization.
42 INTELLIGENTCIO www.intelligentcio.com