Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

How Effective are Your Defenses?

October 20, 2017

  • Blog
  • Archive

Keeping malware off your network is like a never-ending game of space invaders, except that you need more than one weapon to ward off criminals from cyberspace. But deploying the right security solutions in the right places is crucial if your lines of resistance are to be effective.

A report published in November 2012 by NSS Labs, Cybercrime Kill Chain vs. Defense Effectiveness – subversion of layered security, analyses the effectiveness of security systems, concluding that many attacks successfully penetrate layered security defenses. Network edge firewalls, intrusion protection systems (IPS), endpoint protection suites/antivirus and browser protection, as commonly deployed by large organizations, all fail to live up to expectations.

A best-of-breed network edge firewall protecting your corporate intranet is all very well, but it is designed to prevent certain types of external attack and can’t block malware that has already found its way onto your endpoints. Furthermore, the value of endpoint security suites varies significantly between products - as this and many other reports confirm, antivirus on its own can’t be relied on for comprehensive protection.

Endpoint protection suites sometimes include application allow listing to block programs not approved by IT, but it is less certain how many organizations actually use this technology, considering it takes some administrative effort to deploy and maintain. A case-in-point is Windows AppLocker, while packaged free with the operating system, is rarely deployed in practice. There is also a fear of the unknown in application allow listing, preventing it from being widely used; in contrast to antivirus, which is a pervasive and well understood defense.

Most of the malware samples used by NSS Labs in the study would have been blocked had application allow listing and least privilege security been used on endpoints, alongside antivirus and other network-layer defenses. With the help of Avecto, deploying least privilege security and blocking unsanctioned applications on servers and desktops becomes as easy as rolling out traditional signature-based AV protection.

Click here to download the NSS Labs report: https://www.nsslabs.com/reports/cybercrime-kill-chain-vs-defense-effectiveness

NSS Labs report key findings:

  • Antivirus does not prevent a dedicated attacker from compromising a target.
  • Antivirus products differ up to 58% in effectiveness at stopping exploits, with protection levels varying between 34% and 92%. Several products failed detection of exploits when switching from HTTP to HTTPS.
  • Low risk targets should assume they will be subject to opportunistic attacks at some point.
  • The availability of sophisticated malware tools results in a high degree of attack automation. This ranges from systematic identification of vulnerable targets to successive fully automated exploitation.
  • By the time of attack, the malware used by a dedicated attacker is known to be undetectable by common antivirus programs. Services exist that allow cybercriminals to have all their samples continuously tested and be alerted by mail or text if a sample is subsequently detected by a new signature.
  • Despite being reachable only through indirect attacks, client desktops are increasingly the main focus of attack for threat actors.
  • Prior to tuning, IPS blocked considerably fewer attacks – some less than 50%.
Photograph of Russell Smith

Russell Smith, IT Consultant & Security MVP

Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.

Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.