By Gedeon Hombrebueno What technology do you remember the most from the ‘80s – ‘90s? Portable CD players? Floppy disks? 2G flip phones? None of these, of course, survived the digital evolution. Do you know which technology developed in that era that did survive? Legacy antivirus (AV).
That’s right. While many other technologies have evolved in the last few decades to keep up with today’s digital environment, legacy AV is still around. Despite the fact that, according to a 2018 Ponemon survey, security practitioners believe AV catches only about 43% of attacks.
As we learned from our CISO Benchmark Survey, 90% of incidents are related to malware, and malware is the most common attack that results in loss of data. From the Ponemon survey, we also know that 76% of endpoint attacks come from zero-day or unknown threats. If your security defense relies on traditional endpoint security using legacy AV technology — how well does it protect your organization given today’s sophisticated and fast-evolving threat environment?
Why It’s Time to Give Up ‘Traditional‘
According to a SANS report, endpoints are the second top type of system (behind cloud apps) that is most commonly involved in data breaches. Given how critical it is to protect endpoints, and how vulnerable they are without the right defense, your organization can’t afford to stick with traditional endpoint security.
Here is where legacy endpoint security falls short — and how next-generation endpoint security technology is different:
Detection:Legacy AV solutions are no match for evolved threats like fileless and polymorphic malware. Since attackers are skilled at remaining stealthy until they’re ready to make their move, traditional AV is unlikely to detect those stealthy threats when they first enter your environment, masquerading as benign files.
To detect advanced threats, next-generation endpoint solutions use a combination of techniques while constantly monitoring file activity. They excel at fast and accurate threat detection because they can detect malicious behavior and stop the threat in its tracks.
Response: Hours, even minutes, count when containing and remediating an attack. One of the many challenges of incident responders is the ability to gather data in an investigation for incident scoping. Traditional AV gives you limited visibility into the trajectory of files, whereas next generation AV enables a granular view of threat activity.
You can’t afford not to have more robust capabilities — the ability to shrink hours and even days off your remediation cycle greatly decreases the likelihood of data exposure and could potentially save your organization millions of dollars. In fact, according to a Ponemon study about the Cost of a Data Breach, containing a breach in fewer than 30 days could save you more than $1 million. No small change, even for a large enterprise.
Efficiency: Many traditional AV providers try keep pace with the evolving threats by adding new components via various discrete agents, resulting in a bloated infrastructure that is labor-intensive for the security practitioner to operate. The more time you spend in and out of multiple consoles, trying to connect the dots, the more time you give the attackers to meet their objectives — especially if many of your tasks are manual.
Think of the bucket brigades of yesteryear, before fire engines were invented. By the time the human chain of the brigade delivered enough water by hand, the blaze had ample time to devour the building. If you’re fighting a proverbial fire inside your environment, would you want to rely on a series of manual tasks, or would you feel much more confident using the latest technology that delivers advanced capabilities, leveraging more automation and integration?
What Cisco Offers for Your Next-Generation Endpoint Security
Next generation AV from Cisco helps you uncover the riskiest 1% of threats that legacy AV solutions miss. Capabilities that Cisco offers you include:
Prevention and detection: Backed by the best global threat intelligence from Cisco Talos, detect and block both signature-based and advanced threats, including fileless malware and ransomware. Use dynamic file analysis to instantly gain visibility into the behavior of an unknown or suspect file, and get a fast verdict.
Response: Continuously monitor all file activity with retrospective capabilities, so you can quickly block stealthy malware at the first sign of malicious behavior, and isolate compromised hosts to stop the spread of an infection. With device and file trajectory, you can also scope an incident more efficiently, speeding up remediation time.
Efficiency: An integrated security architecture simplifies your workflow and doesn’t require you to add multiple agents to your endpoints. Additionally, you only have to see a threat once, then automatically block it across your entire environment.
Traditional AV is just that. Traditional. Click here to learn more on how you can prevent, detect and respond to today’s modern threats better, faster with next generation AV.
Source:: Cisco Security Notice