Just as our devices—computers, phones, tablets—are basically outdated by the time we exit the store, the same is happening for cyberattack protection. Our technology is continually becoming more sophisticated, and cybercriminals are keeping up.
As we mentioned in a previous post, because of the evolution of cyber threats, AV no longer offers the same protection it once did. It detects suspicious activity and protects against malware, but unfortunately, cybercriminals are now using advanced threats. According to Verizon’s 2017 Data Breach Investigations Report, more than half (51%) of breaches included malware, but just one year later, their 2018 Data Breach Investigations Report states that only 30% included malware.
Because of these advanced threats, actively monitoring behavioral events at the endpoint level and monitoring lateral network activity is the new standard in cybersecurity. Endpoint detection and response (EDR) should be used in addition to AV because it allows you to detect anomalous behavior and advanced indicators of compromise that are not typically detected through AV solutions.
3 Types of Attacks That AV Will Miss
1. Zero-day attacks
A zero-day attack is exactly what it sounds like—a cyberattack that happens the same day a weakness in AV protection is revealed; therefore, it’s exploited before a fix becomes available from its creator.
AV detects a malware signature—a continuous sequence of bytes contained within malware—but zero-day attacks manipulate the signature and, thus, makes it easy to sneak past traditional AV.
2. Ransomware attacks
Ransomware attacks involve software that is downloaded by an unsuspecting victim usually via an infected email attachment like a Microsoft Word document or an Adobe PDF file. AV doesn’t always protect against ransomware because, sometimes, the signature of the malware is new or not recognizable.
3. Fileless malware attacks
Unlike a ransomware threat, a fileless malware attack is an attack on existing Windows tools rather than malicious software being installed on the victim’s computer; therefore, there is no signature for the AV to pick up on.
Why EDR Will Detect These Attacks
Simply put, EDR doesn’t care what kind of virus or malware is used—it looks at the behavior that’s taking place. If the behavior is malicious or indicative of suspicious activity, EDR technology will identify that and send an alert. It will then continue to monitor indicators of compromise and malicious activity on the system to protect against threats like fileless malware.
Most cybersecurity experts will agree that AV protection is still important, but that even more important is combining it with further security measures. Avalon’s solution includes traditional AV blocking/tackling technology together with EDR technology that provides a defense and depth approach to your overall security program.