NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

How Effective are Your Defenses?

October 20, 2017

  • Blog
  • Archive

Keeping malware off your network is like a never-ending game of space invaders, except that you need more than one weapon to ward off criminals from cyberspace. But deploying the right security solutions in the right places is crucial if your lines of resistance are to be effective.

A report published in November 2012 by NSS Labs, Cybercrime Kill Chain vs. Defense Effectiveness – subversion of layered security, analyses the effectiveness of security systems, concluding that many attacks successfully penetrate layered security defenses. Network edge firewalls, intrusion protection systems (IPS), endpoint protection suites/antivirus and browser protection, as commonly deployed by large organizations, all fail to live up to expectations.

A best-of-breed network edge firewall protecting your corporate intranet is all very well, but it is designed to prevent certain types of external attack and can’t block malware that has already found its way onto your endpoints. Furthermore, the value of endpoint security suites varies significantly between products - as this and many other reports confirm, antivirus on its own can’t be relied on for comprehensive protection.

Endpoint protection suites sometimes include application allow listing to block programs not approved by IT, but it is less certain how many organizations actually use this technology, considering it takes some administrative effort to deploy and maintain. A case-in-point is Windows AppLocker, while packaged free with the operating system, is rarely deployed in practice. There is also a fear of the unknown in application allow listing, preventing it from being widely used; in contrast to antivirus, which is a pervasive and well understood defense.

Most of the malware samples used by NSS Labs in the study would have been blocked had application allow listing and least privilege security been used on endpoints, alongside antivirus and other network-layer defenses. With the help of Avecto, deploying least privilege security and blocking unsanctioned applications on servers and desktops becomes as easy as rolling out traditional signature-based AV protection.

Click here to download the NSS Labs report: https://www.nsslabs.com/reports/cybercrime-kill-chain-vs-defense-effectiveness

NSS Labs report key findings:

  • Antivirus does not prevent a dedicated attacker from compromising a target.
  • Antivirus products differ up to 58% in effectiveness at stopping exploits, with protection levels varying between 34% and 92%. Several products failed detection of exploits when switching from HTTP to HTTPS.
  • Low risk targets should assume they will be subject to opportunistic attacks at some point.
  • The availability of sophisticated malware tools results in a high degree of attack automation. This ranges from systematic identification of vulnerable targets to successive fully automated exploitation.
  • By the time of attack, the malware used by a dedicated attacker is known to be undetectable by common antivirus programs. Services exist that allow cybercriminals to have all their samples continuously tested and be alerted by mail or text if a sample is subsequently detected by a new signature.
  • Despite being reachable only through indirect attacks, client desktops are increasingly the main focus of attack for threat actors.
  • Prior to tuning, IPS blocked considerably fewer attacks – some less than 50%.
Photograph of Russell Smith

Russell Smith, IT Consultant & Security MVP

Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.

Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.