Faced with increasing complexities in the threat landscape, traditional anti-virus (AV) models are no longer effective.
So said Jeremy Matthews, Africa country manager at Panda Security, speaking yesterday at ITWeb Security Summit 2016.
"Malware is increasingly becoming sophisticated and difficult to detect," Matthews said, adding the increasingly complex forms of malware are now capable of advanced stealth capabilities.
According to Matthews, in 1998 there were about 100 malware pieces detected in a day. However, the figure stands at about 200 000 samples today.
The threat landscape has also been increased by more remote and mobile workers joining organisations, thereby putting more strain on IT departments.
"Companies are operating in an increasingly dangerous threat landscape. Today's threats are multi-staged and coordinated; they also make use of multiple attack vectors simultaneously. Traditional anti-virus can identify malware but does nothing else."
Matthews pointed out there has also been a shift in malware authors' primary motivation from notoriety to being driven by financial gain.
In this new reality, traditional AV solutions leave a "detection gap", he noted, adding 18% of new malware goes undetected during the first 24 hours and 2% is still not detected three months later.
He said a recent survey conducted by Panda Security shows it takes an alarmingly long time to detect an attack when using traditional AV solutions. According to the study, 48% of the respondents report an average detection time of hours or days.
"Once an attack has been identified, it takes even longer, with 54% reporting average resolution time of days, weeks or months."
Matthews then urged organisations to make use of the endpoint detection and response (EDR) model to deal with today's challenges.
"Gartner describes EDR solutions as capable of detecting security incidents via the monitoring of endpoint activities and policy violations by validating externally-fed indicators of compromise."
He pointed out EDR solutions contain the incident at the endpoint, such as network traffic or process execution.
EDR solutions also investigate the security incident, including a historical timeline of all primary endpoint events to determine both the technological changes that occur as well as the business effects, he explained.
Share