There is No Silver Bullet in Endpoint Security
We would all love to believe there was a technology sophisticated enough to stop every cyber threat in its tracks, but the ‘silver bullet’ is a myth, plain and simple. However, the lack of a perfect weapon doesn’t negate the possibility of an exemplary system of defense. Here at Trend Micro, we’ve spent the past 27 years forging a seamless “coat of arms”—XGen endpoint security.
The threats facing enterprises today aren’t just multiplying, they’re getting faster, smarter and more sophisticated every year. Many vendors have responded by trumpeting exciting new features including sandboxing, behavior monitoring and, most recently, machine learning. But as IT security buyers will understand, you can’t build a complete defence for your endpoints with only one technique —no matter how strong the bricks are.
Closing the Gap, One Layer at a Time
Trend Micro solutions have long protected users from known threats, such as bad signatures, recognized malicious characteristics, blacklisted files and more. Simultaneously, we have constantly refined our solutions with cutting-edge tools to ensure they stand up against new dangers as they pop up on threat landscape. XGen combines all of these techniques with machine learning to effectively identify and vanquish threats, while allowing safe files to pass without disrupting system operations. The result is multi-layered, cross-generational security, capable of protecting enterprises from all threat types—known or unknown.
Each protective layer has its advantages and disadvantages, so if a malicious file evades one layer, there are still plenty of opportunities to block it.
Let’s peel back those layers:
- Signature-based detection: Combines file and web reputation and C&C blocking to stop most known threats. But that won't help with zero-days and more advanced malware
- Exploit prevention: Focuses on preventing exploitation of app/OS flaws by blocking the malicious files themselves. This includes techniques such as host-based firewalls, exploit protection, intrusion prevention and lateral movement detection
- Behavioral analysis: Examines every item as it is executed, looking for suspicious or unusual behavior in how it interacts with operating systems, applications and scripts — even if the item isn’t on a blacklist. Helps block crypto-ransomware in this way. Also includes techniques such as script protection; injection protection; memory inspection; suspicious action monitoring; browser exploit protection
- Machine Learning: Deployed throughout the layered system, uses mathematical algorithms to look at detailed file and behavioral features to predict if a file is malicious
- Investigation and forensics/Endpoint detection and response (EDR): Records and reports on system-level activities in great detail in order to appraise nature and scale of an attack reacting only when malicious files are detected
Don’t Buy the Hype
Despite being touted as a novel tool by many ‘next-gen’ vendors of late, machine learning isn’t a new concept. Trend Micro has been using various machine learning techniques in our Smart Protection Network (SPN) for more than a decade to train spam detection engines, identify malicious social media accounts and more. Machine learning algorithms are trained with millions and millions of known good and known bad files and look at file and behavioral features to predict if a file is malicious. Our SPN now identifies and blocks half a million new threats every single day – for the highest quality, highest volume training data around.
What also sets XGen apart from the competitors is a dual approach to machine learning, as well as noise cancellation techniques that lower the false positive rates that can be associated with machine learning. In addition to detecting static files with machine learning before execution, our solution also analyzes detailed behavioral features during runtime. Cybercriminals are constantly improving their weapons, and as a result, some threats today are designed in a way that only allows identification during execution. Noise cancellation techniques greatly lower the impact that false positives can have on your IT team. These include:
- Census checking - Stops files according to prevalence and maturity – useful against malware hash factories
- Whitelist checking - Used to reduce false positives by checking against known and verified good files and applications
Using this dual approach to machine learning, in addition to noise cancellation, effectively differentiates files—protecting the safe ones and blocking the troublemakers.
Guarding the Endpoint
Many of the half a million new threats Trend Micro blocks every day are destined for the endpoint, the virtual front door into the organization for attackers. Changing user behavior, increasingly sophisticated and diverse threats, and new technologies like cloud, mobile and IoT are introducing more opportunities than ever for the bad guys to wreak havoc. Many so-called ‘next-generation’ endpoint security vendors promote their capabilities as a silver bullet to vanquish such threats. That would be great, if it were true.
In reality, the only way organizations can protect themselves from the multitude of endpoint threats out there is via a multi-layered approach to security, ranging from signature-based detection to advanced high fidelity machine learning.
XGen is all about combining multiple layers for maximum effect. It’s a suit of armor rather than a silver bullet to help IT teams battling through today’s complex and multi-faceted endpoint threat landscape.
Source - Trend Micro Blog