We’re at the point in the evolution of the security industry where traditional endpoint protection products and services simply no longer work to provide more than a base level of security against known threats.
The massive companies who continue to fall victim to breaches have doubtless spent millions on security, but the one thing they haven't been able to adequately address yet is how to identify and block unknown threats like new malware variants, new packing and obfuscation techniques, zero-days and more.
The multi-billion-dollar question all these organizations are now asking is this: how can we successfully prevent an attack from being successful before we even know the threat exists?
From a CISO’s point of view, it's up to the leaders of each company, large or small, to figure out the best way to protect their customers, employees, and their shareholders. The size of the organization doesn’t really matter - what matters is the technologies and processes they deploy to best protect critical systems and data.
One reason why we can't get ahead as an industry is because the vast majority of companies still employ traditional, signature-based antivirus (AV) software. The industry as it is right now is overwhelmingly reactively oriented - the security vendor has to see a piece of malware first, categorize it, classify it, then manually create protective signatures and push updates in order to protect against it in the hopes that customers will get those updates before an adversary targets them.
The downside to that traditional way of working is that it is highly likely that some customers who have bought into that reactive approach will get infected each time a new malware variant is born - and there are thousands of new pieces of malware created each and every day, 365 days a year. So, these organizations that have paid for what they thought was full protection may still fall victim to ransomware or other malicious code.
So, what’s the next step up from signature-based antivirus? A good first step is to start looking at other technologies that already exist out there which take a more proactive approach to security. In particular, artificial intelligence (AI) and machine learning (ML) can give you and your company an edge over the attackers, and help you take a more defensive posture overall.
The biggest benefit you’ll get is that these technologies are proactive rather than reactive. What does that mean? The most important differentiator between traditional AV solutions and AI/ML is that these new technologies can actually prevent attacks that have never been seen in the past. They don’t use signatures in order to function - these are learning technologies, so the antivirus agent you have on your endpoint functions as a tiny ‘brain’ that already learned from everything it’s ever seen collectively in the past.
Think of DNA – though tiny, it is unbelievably powerful and contains all the code that is needed to build and run a massively complex organism - with AI/ML, the longer you run it, the more it will continue to learn.
Prevention is possible. The technologies that will allow us to achieve prevention today were not available 10 years ago. Let’s make the most of them.