How passive endpoint protection can secure your digital assets
Every time you browse the web, read your email or access mobile apps, you might be making yourself vulnerable to attacks, even if it’s not quite obvious. This means you need to be critical of each app or website you use, all in the name of safety and security.
Several months ago, a wave of malware attacks was distributed through major digital news outlets like The New York Times, BBC, MSN and AOL – without direct participation from these publishers. The attackers used supposedly legitimate ad campaigns to direct users to malicious landing pages, which carried malware.
The attack, dubbed ‘malvertising’, directed unsuspecting readers to a page that distributed the Angler exploit kit, which compromises systems in two ways. First, the kit detects whether the target system is using security products that might detect, block, and alert the user to the exploit. Second, if no such software is running, Angler will infect the host system with the Bedep backdoor Trojan and the now-defunct TeslaCrypt ransomware.
This underscores how dangerous even the seemingly benign act of browsing a news website can be. Even without user intervention, computers can be easily infected with Trojans, ransomware or other malicious code. If you store any sensitive or important information on your computer (which most of us do), ransomware might be a particularly difficult and costly problem to deal with.
Why active threat response might be lacking
The usual methodology for enterprise security is detection and response. IT departments would usually protect their organizations’ digital assets through active detection, sandboxing, alerts and other such threat responses.
However, actively seeking out malware has its limitations. First, these can eat up resources – anti-virus software can slow down your computer, especially when actively scanning files and network traffic for malware. Second, such apps hunt for malicious code through signature and heuristics. Third, once you detect an intrusion, it means your system has already been breached.
Like active intrusion detection systems, malicious code can also run its own heuristics and analytics in order to determine if it is being watched. Malware can evade detection through several means, such as by simply staying dormant once a security solution is detected. The trouble is that the same dormant malware can resurface and rear its ugly head once the environment is considered favorable.
How passive threat response can be more proactive
It might sound paradoxical that a passive response will be more proactive than an active one. However, this may be the case with enterprise security. An innovative way to handle threat detection and response will be to immerse malware in an environment it considers unsafe to deploy in.
One methodology here involves sandboxing, which encapsulates code within a safe and secure environment. However, this will not always be effective, since sandboxes can be breached or evaded altogether.
A potentially more effective methodology would be to simulate the presence of security and forensics apps on each and every endpoint, which tricks malware into believing it’s in a non-ideal environment, forcing it to remain dormant. This way, the malware cannot deliver its potentially damaging payload.
Coupled with heuristics, this better enables security apps to address the risks more effectively than when malicious code has already deployed its payload.
A clear advantage here is that passive solutions will consume significantly less resources than active heuristics and analysis. This means reduced overhead on memory, network traffic and CPU cycles.
For business organizations, it pays to use a combination of security solutions in order to improve the efficiency and effectiveness of endpoint and network protection. This should include both active techniques such as heuristics, deployment of security appliances and protocols, as well as passive methodologies. The key is to find a balance between efficacy and efficient use of computing resources.