Security Market Segment LS
Friday, 24 July 2020 13:38

In cyber security, detection is no longer enough

By Greg Wyman, Bufferzone Security

GUEST OPINION by Greg Wyman, Bufferzone Security:  The world of cyber security has become increasingly complex in past years. Endpoints continue to be the vector that most attackers and hackers use to breach an organisation.

In fact, 94 percent of data breaches start with an email, according to Verizon in 2019.

Historically detecting malware has been the mainstay in the cyber security industry. The challenge is that malware can now morph as frequently as every 15 seconds, and it estimated that over 230,000 new malware samples arrive every day.

As malware evolved and became more intelligent, we saw the next generation anti-virus (NGAV) products hit the market, which changed the dynamics.

Most worked on mathematical formulas to predict virus-like activity in a file. These were very effective against most malware where typically 20 percent of the code changed. This was broadly called polymorphic malware. Detection technology had started to evolve, to predicting virus-like behaviours.

A major challenge has been the release of new metamorphic malware, where over 80 percent of the code is changing and adapting in real-time, making it almost impossible to detect or predict malware in a file.

Today, we are seeing a rapid growth in EDR (endpoint detection and response) and MDR (managed detection and response) products in the industry.

A common trait with most EDR and MDR products is that the vendors recognise that they can’t and won’t detect all malware, especially the newest AI and machine learning driven malware.  So they deploy continuous monitoring to look for activities that could be, or are, malware or hackers attempting to breach an organisation via the endpoints.

These are powerful solutions –but they rely on the fact that malware or hackers will breach an organisation, hoping they will be able to detect the activity and then kill parts of the chain to stop the malware from impacting or infecting the organisation.

Detection has been, and will continue to be, a critical component in cyber defences for companies of all sizes. The question is simply, is detection enough? The answer is equally simple – No.

Detection should form the outer layer of a defensive posture, but the volume of malware and ever-increasing complexity of attacks requires a new methodology to eliminate threats from unknown, never-been-seen-before and zero-day attacks. Malware and hackers must be stopped at the endpoint, to protect endpoints and prevent hackers from breaching an organisation’s network.

Containment, Isolation, Sanitation

Containment, isolation and sanitisation technologies deliver this capability. They are located at the endpoint in the form of low impact, high performance secure virtual containers that capture, contain and isolate all malware threats whenever a user browses the web and all inbound email attachments are contained.

All files are contained and sanitised before being allowed into the corporate network to dramatically reduce almost eliminate the endpoint as an attack vector.

The key is the sanitisation process where all inbound Word, Excel, Powerpoint, PDF’s, PNG’s and so forth are deconstructed or broken down into their absolute basic known component parts. They are then reassembled using only the known good components to create a visually identical replica of the file.

All malware, VB scripts, macros and hacker code is left behind in the container. The file is clean and can pass through to the corporate network. The container is emptied at intervals during the day and all malware removed. No breach has occurred.

In an ideal world, every time a user browses the Internet, clicks a web link, downloads a file and opens an email attachment, or clicks a link in an email – they can all be automatically executed in a near invisible (to the user) secure virtual container from which malware simply cannot escape.

Users do not see or need to worry about malware or do anything special – they simply work as normal, with all their web and email sessions protected, preventing malware from gaining access to the organisation.

If endpoints are the largest attack vector and 94 percent of data breaches start at the endpoint and users stop these attacks by containing, isolating and sanitising every time a user browses the internet, clicks a web link or downloads a file – this puts you an organisation in a very strong defensive position.

Ultimately, the objective of containment, isolation and sanitisation solutions is for the attackers and hackers to move to an easier target.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News