The next generation of endpoint protection (EPP) against code-based attacks has been around for a few years now, but many organizations still run their legacy solution simply because they don’t know about the benefits of the newer solutions. They take the easy road and just renew year after year.
They assume they have sufficient protection, or that their jobs depend on spending all day managing the tools. So how do you know when it’s time for a change? Here are ten signs that it’s time to upgrade:
Signature-based technology is too slow to keep up with zero-day attacks, malware morphing or being recompiled with packers. There will always be victims until the signature is created by the vendor, pushed to customers, tested and rolled out – a process that can take days from the initial malware identification.
Devices that haven’t updated, even just for a day, are vulnerable to the latest malware. Dormant virtual machines, vital for business continuity in the event of a malware outbreak, are also highly exposed until they can be updated with the latest signatures. If one of your cybersecurity metrics is the number of machines with up-to-date signatures, then it’s time to review your EPP.
The other problem is that signature sets cannot be infinitely large, so legacy AV vendors drop signatures for malware they consider ‘in the zoo’, rather than ‘in the wild’. I often see old malware detected on file servers by Next Generation AV and have even heard of WannaCry infections occurring over a year after the initial outbreak. Next gen solutions are typically signature-less.
The large number of ransomware outbreaks in the last few years is an indication that legacy AV solutions have failed us. As a workaround, many businesses improved their backup processes, implemented rollback software and application whitelisting (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Rob Collins. Read the original post at: https://threatvector.cylance.com/en_us/home/ten-signs-its-time-to-review-your-endpoint-protection.html