Gartner recently published its paper; “The Real Value of a Non-Signature-Based Anti-Malware Solution to Your Organization”, providing insight into how non-signature approaches to malware prevention can not only prevent attacks but offer reduced footprints on the endpoint. As you would expect Avecto is mentioned as one of the vendors in this space.
One of the things we often talk about in InfoSec is the over reliance on signature based detection and how the industry is dominated by this approach. It is refreshing to see Gartner recognising the benefits of proactive hardening and isolation rather than reliance on reactive detection of known bad signatures.
Gartner explain that endpoint hardening is the most effective malware defence and that organisations should focus on endpoint security first and then layer on network security to protect non-standard endpoints. This makes perfect sense as the endpoint is where the malware is trying to run so if you can reduce the attack surface on the endpoint then no matter how many times that malware morphs to evade detection the endpoint remains secure.
We have discussed in the past how to prioritise security investments to not only improve security but ensure you can fully utilise your investment. As Gartner rightly point out when it comes to non-signature based approaches to preventing malware it needs to be lightweight and work with your existing security stack. If you aren’t building layers of security that underpin each other and work together then you risk being undermined in an attack.
Gartner clearly shows that there are huge security benefits when it comes to hardening the endpoint and isolating potentially malicious content. The challenges to this approach have often been administration and user experience as it is perceived that when we remove attack surfaces like admin rights to harden the endpoint we reduce the user’s ability to perform their job and create a bad experience.
The Avecto approach has always been to make security a great experience from removing admin rights to controlling applications we can provide flexible, granular controls that provide privilege and execution when you need it from a hardened least privilege environment. This allows organisation to benefit from the best security offered by non-signature solutions such as hardening and isolation without the trade-off of excessive administration and configuration.
As Benjamin Franklin said “An ounce of prevention is worth a pound of cure” and hopefully in the future we will see a Gartner Magic Quadrant that recognises the benefits that non-signature based solutions rather than focusing on the detection solutions that organisations are overly reliant on and often fail to fend off new threats. With this latest report I'm greatly encouraged to see that non-signature based solutions are being recognised for the many benefits they can offer to organisations.
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.