In fact, 94 percent of data breaches start with an email, according to Verizon in 2019.
Historically detecting malware has been the mainstay in the cyber security industry. The challenge is that malware can now morph as frequently as every 15 seconds, and it estimated that over 230,000 new malware samples arrive every day.
As malware evolved and became more intelligent, we saw the next generation anti-virus (NGAV) products hit the market, which changed the dynamics.
Most worked on mathematical formulas to predict virus-like activity in a file. These were very effective against most malware where typically 20 percent of the code changed. This was broadly called polymorphic malware. Detection technology had started to evolve, to predicting virus-like behaviours.
A major challenge has been the release of new metamorphic malware, where over 80 percent of the code is changing and adapting in real-time, making it almost impossible to detect or predict malware in a file.
Today, we are seeing a rapid growth in EDR (endpoint detection and response) and MDR (managed detection and response) products in the industry.
A common trait with most EDR and MDR products is that the vendors recognise that they can’t and won’t detect all malware, especially the newest AI and machine learning driven malware. So they deploy continuous monitoring to look for activities that could be, or are, malware or hackers attempting to breach an organisation via the endpoints.
These are powerful solutions –but they rely on the fact that malware or hackers will breach an organisation, hoping they will be able to detect the activity and then kill parts of the chain to stop the malware from impacting or infecting the organisation.
Detection has been, and will continue to be, a critical component in cyber defences for companies of all sizes. The question is simply, is detection enough? The answer is equally simple – No.
Detection should form the outer layer of a defensive posture, but the volume of malware and ever-increasing complexity of attacks requires a new methodology to eliminate threats from unknown, never-been-seen-before and zero-day attacks. Malware and hackers must be stopped at the endpoint, to protect endpoints and prevent hackers from breaching an organisation’s network.
Containment, Isolation, Sanitation
Containment, isolation and sanitisation technologies deliver this capability. They are located at the endpoint in the form of low impact, high performance secure virtual containers that capture, contain and isolate all malware threats whenever a user browses the web and all inbound email attachments are contained.
All files are contained and sanitised before being allowed into the corporate network to dramatically reduce almost eliminate the endpoint as an attack vector.
The key is the sanitisation process where all inbound Word, Excel, Powerpoint, PDF’s, PNG’s and so forth are deconstructed or broken down into their absolute basic known component parts. They are then reassembled using only the known good components to create a visually identical replica of the file.
All malware, VB scripts, macros and hacker code is left behind in the container. The file is clean and can pass through to the corporate network. The container is emptied at intervals during the day and all malware removed. No breach has occurred.
In an ideal world, every time a user browses the Internet, clicks a web link, downloads a file and opens an email attachment, or clicks a link in an email – they can all be automatically executed in a near invisible (to the user) secure virtual container from which malware simply cannot escape.
Users do not see or need to worry about malware or do anything special – they simply work as normal, with all their web and email sessions protected, preventing malware from gaining access to the organisation.
If endpoints are the largest attack vector and 94 percent of data breaches start at the endpoint and users stop these attacks by containing, isolating and sanitising every time a user browses the internet, clicks a web link or downloads a file – this puts you an organisation in a very strong defensive position.
Ultimately, the objective of containment, isolation and sanitisation solutions is for the attackers and hackers to move to an easier target.