It's time to move beyond traditional anti-virus and security measures to new, proactive endpoint detection and response (EDR) tools.
So says Jeremy Matthews, regional manager of Panda Security Africa, speaking at the ITWeb Security Summit in Midrand on Tuesday.
Matthews warned that the endpoint had become a critical target for cyber criminals.
"Over half of successful cyber attacks are on endpoints now, and the stakes are continually increasing. We need to look at the technologies and processes in place to more effectively protect the endpoint."
Instead of using malware, criminals were now leaning toward hacking, and deploying legitimate tools and applications into company networks, he said. This demanded intelligent EDR solutions that detect security incidents, rather than just particular files, respond, investigate security incidents and then remediate endpoints to a pre-infection state.
Complicated defence
Matthews said that cyber defence was being complicated by the fact that some attacks use no recognisable malware. He cited the Phantom Menace attacks, which targeted oil sector firms with malware-free tools such as Unzip, and scripts such as VBS and batch files.
He explained: "The transport business user gets an email apparently containing a PDF that passed all the mail filters. But the PDF is a self-extracting file, which uses legitimate processes and changes applications to executables, with its own resilience or persistence built in. This type of attack would remain undetected by traditional anti-virus (software)."
The attack was detected due to advanced and proactive EDR, which found the attack was part of a purchase scam that had been underway for some time, targeting third party victims.
Companies today need more than robust anti-virus measures: they need to deploy advanced EDR and move from a reactive to a proactive defence posture, Matthews said.
Share