- For the last +20 years there has been a cyber arms race.
- Cybercriminals spend every waking moment figuring out how to bypass security controls and take advantage of software vulnerabilities to ultimately gain access to networks and steal data for profit, economic acceleration, or to promote a political agenda.
- On the cyber security side of the house, we have cyber security professionals trying to keep up and anticipate the advisories next move.
We’ve recently released a whitepaper “Closing the 1% Gap” that explores the security benefits and cost savings the average large enterprise organization can gain from adopting a combination of a Bromium and Microsoft solution as a security strategy.
Is antivirus dead?
To answer this we first need to evaluate the efficacy of AV and NGAV. The well-known AV-test.org has been conducting AV efficacy testing for vendors that choose to participate. The goal for every security vendor that does participate is to be the best at detecting and remediating threats. Despite advancements in cybersecurity, when comparing AV test results over the last few years, not much has changed.
Get the whitepaper: Closing the 1% Gap
AV does play an important role; it’s not quite dead yet. But it’s the 1% gap that we cannot seem to close that cost organizations $81.6 billion in 2016 on security spending. Even with all the improvements in cybersecurity, companies still paid cybercriminals over $1 billion in ransom due to a breach.
I hate to break it to you, despite tremendous advances in security, nothing much has changed. Most security technology today is still reliant on the principal of creating some sort of “antidote” for the malicious behavior once it is detected. Take, for example, machine learning that NGAV vendors use: it’s meant to be the hope for cybersecurity in the continuous arms race between cybercriminals and cybersecurity vendors. Both sides have it and both sides are using it.
In fact, Intel Security has been tracking what is known as FBI-labeled Business Email Compromise (BEC) scams since 2015. It was found that machine learning is being used quite successfully by cybercriminals. The FBI reported more than $3 billion stolen from victims in over 100 countries.
AV is still required
You still need AV. If not for the detection of new threats, you need it for compliance adherence. PCI DSS 5.1 and 5.2 specifically reference the requirement for AV.
So this raises the question: if AV or NGAV can’t close the 1% gap, what can you do?
If we take a step back, there are three known principals to cybersecurity:
- There will always be software vulnerabilities that cybercriminals can exploit.
- Organization will always be subject to malicious code and threats.
- It is not possible to anticipate an attacker’s next move.
New techniques that are developed to stop cybercriminals are only effective for a short period of time. Cybercriminals normally respond to new detection techniques with evasive techniques and countermeasures as the new techniques become more popular.
Last year, cybercriminals created 230,000 new malware samples per day. Trying to keep up with detection-based solutions that attempt to prevent a breach will continue to fail. A paradigm shift is needed if we are to succeed at stopping new threats.
A new day!
Instead of trying to identify whether or not code is malicious before it runs, why not let it actually run to confirm its real intention? Unlike other security technologies that try stop malicious code from running pre-execution, Bromium allows malicious code to run while fully tracing the kill chain to generate a complete malware manifest and prevents the malware from infecting the operating system.
Malicious activity is confined to a hardware-enforced disposable micro-VM. Once the browser tab, task, or file is closed the malware is destroyed along with the micro-VM. Watch the following video to see Bromium isolation in action stopping ransomware.
But what about insider detection?
Bromium Secure Monitoring quickly identifies malicious insider activity as well as file-less threats like PowerShell attacks by monitoring all user tasks and processes. In a recent study of 111 malware families, it was found that 95% of the PowerShell scripts evaluated were malicious. Each endpoint protected by Bromium is part of a Sensor Network that performs threat analysis and instantly shares IOCs with the rest of the network for faster time to resolution.
The race to close the 1% gap continues to drive innovative new ideas to stop cyberattacks. Most still rely on detection techniques in an attempt to prevent malware from pre-execution. Bromium takes a completely revolutionary approach by letting untrusted files and applications run in hardware-enforced micro-VMs where the malware has no way to escape combined with full host introspection for insider detection and remediation.
Microsoft and Bromium
In the “closing the 1% gap” whitepaper we provide details about how the average large enterprise can triage security alerts faster, defend the enterprise better, and achieve cost savings in excess of $1 million dollars by implementing Bromium and Microsoft for endpoint protection.