“Insanity: doing the same thing over and over again and expecting different results.”
Antivirus Technology Reactive, Not Proactive
When Bernd Fix created the technology in 1987 (https://en.wikipedia.org/wiki/Antivirus_software#History), the purpose of an antivirus program was to scan and clean up existing infections. That was 30 years ago, however, and the technological landscape has changed dramatically, as have the capabilities of those who spread malware. What Fix created was a panacea, yet what is needed now is preventative medicine.
What Has Changed?
The antivirus technology that was originally invented was used for removal and cleaning, a reactionary approach to remove an existing known infection. This strategy is still being marketed as a solution to prohibit infection by unknown malware, including zero-day attacks. Science proves this is an ineffective approach to the problem. No antivirus methodology that allows unknown files to run unprotected on the endpoint will ever be 100% effective in preventing infections. This is the main reason systems are compromised, and cybercriminals continue to win. Enterprises invest a lot of money on endpoint security, yet are still infected by malware. It is extremely likely, given the current proliferation of threats, that malware is lurking on your network right now. Without a robust prevention and defense strategy, it is only a matter of time until you are infected. Unfortunately, relying only on antivirus methods leaves you open to a data breach.
Insanity Is Expecting Antivirus to Stop Malware…
The industry has been doing the same thing for the last 30 years and expecting a different result. Not surprisingly, data breaches escalating exponentially. Detection is not protection. This antivirus inadequacy is demonstrated by the unsolvable Halting Problem discovered by Alan Turing—science that proves antivirus can never provide a 100% detection rate. Enterprises are continually getting infected because they allow unknown files to run on their endpoints. Hackers recognize this and can easily defeat default allow postures by constantly innovating and bypassing detection. Default allow is a dangerous security posture to rely on, because every piece of malware starts life as an “unknown” file. And your traditional endpoint security solution allows them all to run.
Why New Approaches Still Fail
To address the inadequacy of traditional signature-based solutions, new “Next Gen” endpoint security approaches have been developed that seek to expedite the identification of unknown malware and zero-day exploits. Automated behavioral analysis tools such as “sandboxes” run unknown files in virtualized environments to understand if applications exhibit malicious behavior or not. While this approach has improved detection rates, it decreases usability, as the end user must wait for the analysis to complete before using the file. A larger concern is that, in some models, the analysis is done while the user is allowed to use the file, and the time necessary to “study” these unknown files opens a window for a malicious file to infect the endpoint. Unfortunately, that single “patient zero” infection is all an attacker needs to pivot and gain access to sensitive assets in your network. These new approaches result in a default allow security posture, a posture that by default allows everything onto the endpoint unless it’s known to be bad. It’s not the bad files we know about that are the issue, it is the unknown files which end up being malicious that ultimately cause the damage.
Default Deny Offers Real Preventative Protection
According to the Gartner Research, “TRUE Default Deny and the End of Patient Zero,” Gartner estimates that default allow technologies, legacy or Next-Gen Endpoint Protection Platforms including AI based approaches, are only 30-percent accurate at detecting new threats. “They can’t keep up with the proliferation of malware—over a million pieces every day.” These legacy and Next-Gen EPP solutions rely on a default allow posture to only block known bad files, while allowing every other file to run without limitation. This means that organizations employing default allow postures are allowing unknown files unfettered access to their endpoints and some of these unknown files will end up being new malware.
Improving Your Posture Default Deny Security with Default Allow Usability
Since the default allow posture is the underlying problem, we need to flip an organization’s overall security posture to Default Deny to eliminate malware threats. Xcitium’s breakthrough security allows the known good, blocks the known bad and contains the unknown until a verdict can be determined. Productivity is assured, and no malware runs on your endpoints. Your endpoints are 100% malware-free with a viable Default Deny Security Posture. You can manage and protect any device, whether it’s on or off your company network with Xcitium™ Advanced Endpoint Protection.
Endpoint Detection and Response