Avast Business Team, 5 October 2019
For small businesses, this adaptive solution is crucial to the defense against modern cybersecurity threats
You run a business, so the term “next-gen” may not be one you’re familiar with. But as cyberattacks become more sophisticated and more businesses fall victim to cybercriminals, it is important to know. Large companies have IT departments to deploy next-generation endpoint protection, but as the owner of a small business, it may fall to you to ensure your business is protected from cybercrime.
This article will explain precisely what next-generation endpoint security is, what it offers, why it’s important, and how it differs from traditional tools.
Why do we need next-gen endpoint protection?
The simple reason we need next-gen endpoint protection is because there is a “next generation” of cyberattacks. Reacting to increased knowledge and antivirus protection, cyberattacks have become more sophisticated. Attacks can now utilize various methods from malware to social engineering and include various channels (vectors) including endpoints like phones and desktop computers.
Around 2003, cybercriminals became more advanced and attacks moved beyond simple viruses and drive-by downloads to complex, layered attacks that often involved interpersonal manipulation. To protect users from these more sophisticated attacks, cybersecurity needs to evolve. Endpoints (your devices) remain the targets and many are not always within the business network (mobile phones, tablets, laptops). As such, they don’t have optimum security behind a firewall or gateway. Hackers exploit this by using a larger number of stages in their attacks, which in turn increases the need for endpoint security.
A key part of next-gen endpoint protection is to ensure that your solution continuously learns and adapts as threats evolve – always staying ahead of cybercriminals and recognizing the individuals stages of sophisticated, multi-layered attacks.
The second key need for next-gen endpoint security is to ensure it can protect all endpoints on your network – not just the ones behind your company firewall. There are increasing numbers of devices connecting to a business’s network. Each of these is a potential entry point for an attacker who could exploit out-of-date software on an employee’s phone to access data within your company network and servers. A company is as valuable as its most valuable data and as weak as its weakest point. As such, it is essential to have security in place that can protect all connected endpoints as well as your network and servers.
What is next-generation endpoint security?
In the past, signature-based antivirus – including traditional endpoint protection – was enough to stop most attacks. Today, cybercriminals are moving away from simple signature-based methods of attack. As such, next-generation endpoint security is not based solely on signatures, but uses one or more methods and/or technologies to detect and prevent an attack. For example:
Attackers use all kinds of tools to create and execute attacks. For example, “exploits” take advantage of vulnerabilities present in the system to bypass protections and allow them to remotely compromise devices and gain privileges.
In most cases, these exploits are known vulnerabilities, which means that avoiding them involves keeping your software up to date. In a business environment, however, this is easier said than done. That’s why it is critical that your security provider is able to provide a patch management solution that will take care of that on your network.
At the same time your solutions must have exploit detection and blocking capabilities to protect you even when there are vulnerabilities that have not been patched yet.
Cyberattacks are more than just malware, so cybersecurity needs to do more than detect malware. Using behavioral analysis, next-gen cybersecurity looks at how applications and processes interact with each other to find anomalies that suggest attacks. For example, users tend to make logical decisions and use predictable pathways – opening software, opening relevant files, etc. So if an application tries to open/read an “inappropriate” file and/or send information to unverified/suspicious websites or applications, the next-gen software will prevent – or at least question it.
An emerging trend is for cybercriminals to use non-malicious files to avoid detection and carry out attacks. For example, PowerShell, a popular tool from Microsoft that is included in all Windows 10 installations, is used extensively by cybercriminals in many attacks.
The Avast Business threat detection network gathers information from hundreds of millions of malware samples which are analyzed by advanced machine-learning engines that learn how to spot the patterns of cyberattackers. Using this proactive pre-execution analysis, next-gen protection can stop attacks before they happen.
To evaluate new and unknown threats, we’ve built a unique and sophisticated machine learning pipeline that allows us to rapidly train and deploy malware-detection models within 12 hours. We also employ advanced techniques like deep convolutional neural networks to enhance our malware detection models.
Some people think that the term ‘machine learning’ refers to what, in cybersecurity, is termed ‘deep learning’, but deep learning is actually a subset of machine learning, which is a subset of artificial intelligence. Until recently, software could only identify objects based on a set of limited rules, which meant ambiguous objects or similarities resulted in mistakes.
But deep learning technology allows a computer to use a more complex set of rules – and often massive amounts of data about a subject – to learn what is or is not a bus (in the captcha image shown here) or other object. It does this by gathering, comparing, and processing various points of observed data based on rules that will allow it to see subtle differences between types of things. For example, the relationship between wheel size and vehicle size, the ratio of length to height, and/or how large the vehicle is compared to most other vehicles on the road. This technology is increasingly being used in cybersecurity to identify the next generation of more sophisticated cyberthreats by learning what the characteristics of an attack are, not just the signatures of existing attacks.
This technology scans the network traffic to detect malicious activities. For example it is able to block malware traffic, stopping it from communicating with the hacker. Because the hacker doesn’t know the file has been deployed onto someone’s machine they do not advance the attack on that potential victim.
Other processes used in next-gen endpoint security:
- Centralized event collection and analysis
- Ransomware behavior detection and blocking
- Sandbox analysis
- Rollback of changes after event detection
- Retrospective detection
Read our guide to three antivirus tests and tools that help to protect your small business.
In summary, next-gen endpoint protection does not rely only on a store of antivirus signatures or signature-based technology to combat malware. It involves a number of systems and processes that can identify small or separate parts of more sophisticated attacks, including software that is continually learning about threats. So next-gen endpoint protection can proactively protect users in real time.
How does NGEP compare to NGAV?
What is the difference between next-generation endpoint protection (NGEP) and next-generational antivirus (NGAV), and how do they compare? By 2016 NGAV was accepted to be the next stage in cybersecurity after what became known as ‘traditional antivirus’ or ‘traditional AV’.
NGAV included new approaches to the changing cyberthreat landscape as many traditional AV solutions were proving ineffective. Several important differences are:
- Improved prevention of commodity malware and unknown malware
- Inclusion of contextual analysis to inform actions and performance
- Improved administration
- Remediation of attacks (rather than just stopping them)
Recently endpoint protection platforms have emerged that include more than just NGAV. These platforms typically combine endpoint detection and response (EDR) capabilities with NGAV in a single platform. However, while effective, these solutions are mostly in the realm of large enterprises that have a security operations center (SOC) and dedicated incident response team that is watching and analyzing the data flowing in from various systems.
Small and medium businesses don’t have the resources to sift through this attack data. They need unified endpoint protection solutions that include NGAV for protection against advanced threats as well as patch management for comprehensive protection.
The future of endpoint security
From mobile phones to the IoT, more endpoints mean more points of entry to a business’s network for cybercriminals. And with more endpoints, attackers have more options and angles to exploit when using social engineering, which is when attackers research individuals to make them more likely to click a link or divulge passwords. Cybercriminals have found the weakest link: humans. Too many people think, “I’m not important, why would anyone attack me?” but the access that an attacker can gain through an employee is proving very effective.
As cyberattacks continue to evolve, so too does endpoint security. Avast Business remains at the forefront of endpoint security innovation, ensuring our customers are always one step ahead of cybercriminals. Our endpoint protection is one of the most advanced solutions on the market, using a variety of advanced methods including complex shields and host intrusion prevention systems to secure all access to users’ networks.
Traditional antivirus was doomed to be reactive – following in cybercriminals’ footsteps. But with advances in artificial intelligence, deep learning, and behavioral analysis, cybersecurity can now stay one step ahead as systems better understand what constitutes a threat – even if it’s never seen one like it before.
For complete protection it is important that, as well as high-quality endpoint protection, employees are trained to spot suspicious links/behaviors and keep all software up-to-date.
The future of endpoint security is in deeper inspection of files and tools to identify suspicious behavior, provide faster detection and prevention, and better reporting for easier analysis.
Avast Evangelist Luis Corrons contributed to this article.