As so many of us have moved to a digital world and remote work styles, the number of endpoints in today’s networks has grown exponentially. That growth has created a golden opportunity for cybercriminals to exploit a new generation of users and devices that may be connected to a corporate network but that may not have the defense mechanisms to make them safe. Couple that situation with users who may not have a high level of cybersecurity consciousness, and a company’s potential vulnerabilities become innumerable.
Of course, endpoints always have been a concern. In fact, they generated a whole branch of the cybersecurity tree, namely, antivirus and antispam solutions. The McAfees and Symantecs of the world were built to secure us from the evils lurking on the internet, and they did a good job at it. The difference today is the level of complexity and sophistication found in today’s malware and the sheer volume of malware variants. Malware variants occur when cybercriminals take an existing piece of malware and tweak it so that it appears totally new and is able to evade the signatures that antivirus vendors provide as part of their services.
Those variants are generated so quickly that 95 percent of new malware types show up in less than thirty days and four out of five variants last less than a week. By the time legacy antivirus vendors realize there is a threat, analyze it, create a new signature for it, and distribute it, the damage has been done.
Many antivirus providers tout their use of artificial intelligence to help them gain an upper hand by scanning file systems and crunching metadata to expose threats. The problem with that approach is that it’s typically limited to file-based malware, and the algorithms require constant adjustments by experts as the threats evolve.
Managed EDR is the Solution
To change the game in favor of the defense, companies need an endpoint detection and response (EDR) solution, one that is highly scalable, fully automated, and effective against any vector of attack including the following:
- Process migration
- Privilege escalation
- Lateral movement
- Live off the land exploits
- Key logging
Inspecting and detecting across all of those vectors creates a tsunami of data, so it’s critical to have a solution that provides complete visibility into all endpoint activity without any performance drag on the endpoint.
Over the past couple of years, malware has become significantly more advanced with capabilities like fileless attacks, memory-only malware, and script-based attacks. Although such capabilities were previously seen only in some of the most sophisticated advanced persistent threats sponsored by criminal groups and nation-states, there is evidence that such capabilities are being packaged and sold as malware-as-a-service on the dark web, where people with even limited technical skills can access them. That is why we are seeing a dramatic increase in attacks, particularly ransomware attacks, around the world.
In a strategic partnership with SentinelOne, SilverSky now provides Managed EDR, a solution with a multilayered approach to endpoint protection along with detection and response.
At pre-execution, SilverSky uses cloud intelligence combined with whitelisting, blacklisting, and advanced static prevention to identify threats. Upon execution, SilverSky uses dynamic malware and exploit detection to stop threats in their tracks. Post-execution, SilverSky mitigates and restores functionality with one-click or automated remediation.
Along the way, SilverSky captures the full storyline of every process step the malware takes for forensic support. Therefore, rather than staring at a computer screen with a ransomware demand on it, they can simply rollback to the pre-attack state and resume work.
If you need help increasing the security of your endpoints, while being well positioned to immediately manage attacks that are successful, contact us. Our new Managed EDR solution might be just what you need.