Endpoint Security: How to respond to increasingly complex threats

Faced with complex systems in companies,?endpoint security ?has become a subject of major importance.

Most endpoint security software, like?Symantec endpoint protection, can deal with known and unknown threats using different technologies. Blocking known threats is the traditional mission of security software, via antivirus software for example.

Unknown threats, on the other hand, are most often detected using machine learning technology, which allows them to be recognized based on massive sample volumes and important characteristics, such as file size, compression, etc., and thus determines the probability for a file to be benign or malignant.

We can also use behavioral detections to detect threats based on a program’s behavior rather than its appearance. All of this is necessary to block advanced threats.

An effective tool but far from sufficient

However, although endpoint security systems appear to be optimized, they are still vulnerable. To hijack these technologies, cybercriminals go through what is called obfuscation or the use of erroneous paths, a practice aimed at hiding the nature of the file from the detection engine.

This process is made possible by encrypting or encoding the program, thus giving the possibility to certain malware to use multiple layers of obfuscation to prevent analysis. Bad instructions are used to trick the system into thinking it is dealing with a benign program, which it is causing, instead of something overtly malicious.

This technique, already advanced, is not the only one. Criminals will, for example, go through a phishing attack to obtain identifiers and quite simply deactivate a security system. Certain solutions exist of course to deal with these models, but this nevertheless shows a fragility in Endpoint systems.?

Undetectable cyber-attackers?

In the context of cyberattacks, very often the cyber-attacker was present for a long time in a network before being unmasked due to the lack of visibility. Too often, the system itself is left unprotected. Without the presence of detection software installed beforehand, the intruder remains invisible even though he is present in the network.

But the opposite concept is just as risky. Intense activity in the network can lead to a lack of detection and perception between what seems benign and what is not and causes difficulty in filtering. This phenomenon is even more present in large open networks where everything can communicate with everything and on any protocol.

The most experienced attackers take advantage of knowing your surroundings to move around undetected. They will use your credentials, existing applications, and trusted systems to infiltrate your network and retrieve your data.

Cybersecurity is one of the biggest challenges that modern businesses face. Confronted with the development of new technologies, in a highly connected and interconnected world with high data mobility, the security of networks and information systems must adapt.

Businesses face many types of threats. From simple espionage to the misappropriation and destruction of information of commercial value, the consequences of a cyber-attack can be disastrous for the image and reputation of a targeted company, and even more so for its economy. Financial losses can be due to severe drops in business productivity, or even disruptions caused by the unavailability of IT services.

And therefore, companies are led to rethink their approach to cybersecurity and anticipate possible threats. One good option to protect your business network from threats and attacks is to turn to specialists and entrust this complex task to someone who has complete knowledge about how to handle these issues.

This content is meant for information only and should not be considered as an advice or legal opinion, or otherwise.?AKGVG & Associates ?does not intend to advertise its services through this.