In the game of cybersecurity, the attacker has the advantage. Although the constant provisioning of application updates keeps software relevant and aids in maintaining accessibility across a myriad of devices, it also serves as a hotbed of malicious activity as the development of exploits outpaces that of standard security techniques.
Antivirus software, once the most reliable tool in protecting endpoints and systems, is no longer sufficient. As antivirus relies on an up-to-date library of exploits to protect users from attacks, it cannot keep up with the escalation of attacks as a user’s environment can be infiltrated well before antivirus can deploy an update to stop the assault.
How Antivirus is Defeated
Antivirus can’t keep up and breach detection will be the leading technology in the fight against attacks. To understand how, let’s look at how antivirus works.
Antivirus engines compare files (binary, executable, text file, document, data file, DLL, archive, etc.) with a database of known malicious files. If there is a match, the file is quarantined, cleaned, and deleted. Antivirus manufacturers build their databases, known as signatures, by cataloging one or all known bad search strings (cleartext) in the malicious file, hashing part of the known bad malicious file, or hashing the entire file.
Like abbreviating a big word, hashing is the transformation of a string of characters into a shorter fixed-length value or “key” that represents the original string, this is used in databases and encryption. A hashing algorithm is a one-way (computation) that takes the contents of a file, performs a calculation, and computes a hash value such as a 32 digit hexadecimal like 0ab2fe2fb74e02b94a129ef497e34e4c.
To defeat this system of file hashes, malware can change one character in the original file and it will hash to a different value. Thus, that value will not be in the antivirus library of known bad hashes and will be able to bypass protection.
Breach Detection: The New Standard
Automated breach detection differs in that it continuously monitors file behavior for unusual activity. Developed by the Department of Defense, the National Security Agency, and other agencies, breach detection software analyzes and monitors files for abnormal operation. Once identified, the system will notify you of suspicious activity and provide you with the tools to investigate, identify, and remove offending files.
On average, an attack persists on a company network for more than 140 days. Breach detection reduces this time to 1-2 hours. With detection occurring at the file level and in background processes, you can rapidly detect insidious processes and threats even if they evade front line and perimeter defenses. Breach detection operates 24×7 and identifies a compromise before it damages the files.
Netwatch leverages breach detection in our suite of managed security to provide our customers with the very best in protection. NetWatch offers rapid detection, easy deployment, and breach remediation. We have stopped many zero-day attacks for several of our customers, including ransomware attacks. Breach detection, coupled with our other managed security tools and highly trained staff, can protect your network perimeter through you end points. Interested in learning more? Contact us and let us introduce you to our team.