Traditional endpoint protection takes a responsive approach to security against known attack vectors. It uses firewalls and antivirus software that is designed to detect and defend against known attacks. The problem with this approach is obvious — cybercriminals are constantly evolving, and defending against known attacks leaves endpoints vulnerable. Advanced endpoint protection (AEP) takes a different approach, in this article we explain this difference of approach, its benefits, and how it works.
AEP takes a proactive approach to cybersecurity. Rather than scanning and protecting against what we know, AEP uses advanced forms of AI, such as machine learning and deep learning to identify, detect and block never-seen-before threats.
Organizations today are dealing with a more varied number of endpoints, that include not just desktops and servers, but laptops, mobiles, and tablets which are all being used outside of the organization with increasing frequency. This leaves more points of vulnerability for hackers. AEP uses integrated capabilities like static analysis, port and device controls, script controls, and real-time threat intelligence, along with more traditional solutions like firewalls, behavioral analysis, and blacklisting to defend against evolving threats.
Cybersecurity Ventures predicts cybercrime will cost the world more than $10.5 trillion annually by 2025. These rising costs come from numerous outcomes:
Unfortunately, cybercrime continues to be a lucrative business, even with security controls plugged in that hackers need to circumvent. In a cat-and-mouse-race where security controls become more sophisticated, so do cybercriminals as they continue to find new ways to infiltrate systems. For example, zero-day exploits, which are newly found vulnerabilities, like the SolarWinds attack, are difficult to detect with traditional anti-malware. The best AEP uses deep learning to detect zero-day exploits by detecting the scripts that are anomalous to benign files.
AEP protects the location where all possible events could gain an initial foothold into the organization – and that is the endpoint. No matter where your employees are located, what they’re using, or what they’re doing, it’s critical that an AEP is installed to protect your organization’s vital resources and its reputation.
AEP uses multiple layers of protection to detect threats. It might include a sandbox application to auto-run unrecognized applications, AI-based static analysis programs, antivirus programs, script control for fileless attacks, and a behavioral engine for real-time threat detection.
Ryuk is a ransomware family. Ransomware locks up data and only releases it once a ransom is paid. Ryuk has been involved in many high-profile attacks. It is often distributed using Emotet or Trickbot, which are spread through spam emails.
A hospital in Southeast Asia was concerned about these threats, given the critical importance of being able to access patient information and the sensitive information it’s charged with protecting. The hospital used Deep Instinct’s AEP solution to protect Windows OS, Mac OS, and Android devices used in the hospital.
Ryuk was detected. It was delivered through a malicious spam.docx attachment and hidden in the document. The Deep Instinct endpoint protection agent prevented it from downloading, which protected the hospital from what could have been a devastating attack.
By using Deep Instinct’s AEP solution, the hospital was able to avoid an expensive clean-up operation that would have involved reimaging and restoring a lot of their machines. Furthermore, the hospital avoided both financial losses by keeping operations going and no damage to its reputation was caused. The Deep Instinct endpoint security agent was also able to analyze Ryuk and provide useful information to the IT security team, about the attack chain.
A different hospital without advanced endpoint protection in place was infected by Ryuk. The hospital was forced to pay the ransom and even then still had to go through the expensive effort of restoring its systems. Ryuk creators deliberately target hospitals, knowing they’re more likely to pay because of the critical services they provide.
Deep Instinct uses deep learning to detect and prevent evolving cybersecurity threats, including new, first-seen malware, zero-days, and ransomware. Deep learning is modeled after the human brain, using deep neural networks to make connections and draw conclusions. It’s a step beyond machine learning, as it doesn’t require a human expert to effectively “guide” the learning process. Instead, deep learning trains autonomously by analyzing 100 percent of the raw data in a file.
Deep Instinct’s deep learning capabilities offer zero-time cybersecurity protection on any OS at any time. Learn more about how your organization can deploy AEP to protect itself against more advanced threats.