As cyber criminals shift gears from single, high-profile attacks to finely-targeted assaults using little-known malware mutations, the complexities of the modern-day threat landscape is calling for a layered approach to security—one that goes far beyond basic antivirus protection signatures.
Symantec's Internet Security Threat Report (ISTR) 2013 highlights a variety of trends that underscore the need for change. Driven by attack toolkits, the number of Web-based attacks increased by one-third in 2012, with 43,000 unique malicious web domains and 247,350 web attacks blocked daily. Targeted attacks became the new order of the day this past year, rising 42% over 2011, with many incidents originating from the compromised websites of small businesses—the largest growth in attacks seen among those businesses with under 250 employees. At the same time, the number of vulnerabilities is on the rise, hitting 5,291 in 2012, with 14 new zero-day vulnerabilities, which is four more than reported last year.
As malicious code grows in sophistication, so do the ways in which the malware is propagated. In 2012, multiple mechanisms were employed—one of the more prevalent being malware propagated as an executable, occurring 71% of the time, according to the Symantec ISTR 2013. This type of propagation, used by variants of Ramnit and Sality, typically employ viruses and some worms to infect files on removable media.
The diversity of today's cyber threats means basic measures like antivirus technology, which scans files for fingerprints and cross-references them against a database of known virus strains, can no longer stand on its own as adequate protection. That's not to say antivirus software is no longer effective. On the contrary, a recent Microsoft Security Intelligence Report (SIRv14), based on data from more than a billion systems worldwide in the second half of 2012, found that unprotected computers (those without up-to-date antivirus software installed) were 5.5 times more likely on average to have an infection than protected computers.
However, to combat the rise of mutating malware at this next level, IT professionals need to reevaluate their strategies and make signature-based antivirus software one of many components in a much broader security stack. Instead of relying on a single line of protection, organizations need to take a holistic view of security, from the endpoints, including desktops and laptops, all the way through the data center, leveraging intelligence-based protection technologies and policy-based protection as part of a layered defense plan.
Key to a layered defense strategy is fending off threats before they infiltrate the network or burrow into an individual system. As a result, an optimal endpoint security product needs to address protection at multiple levels via a mix of intelligence-based technologies that can put a stop to new and unknown malware. Additionally, endpoint security solutions fit for the modern-day threat landscape should also deliver policy-based protection capabilities that enable security professionals to get far more granular in their security practices and controls.
Symantec Endpoint Protection 12.1 is architected on a layered security foundation. Proprietary capabilities like SONAR (Symantec Online Network for Advanced Response), provide behavior-based protection technology that helps guard against zero-day and previously unknown malware by monitoring nearly 1,400 file behaviors as they execute in real-time. Symantec Insight, uses the collective wisdom of over 350 billion URLs to create risk-and-reputation ratings of nearly every file or application on the internet. Full protection can be found through SEP 12.1’s five layers of protection:
- Network-based protection, for blocking malicious attacks well before they come in contact with the endpoint. By analyzing incoming data streams, this capability will protect against new social engineering attacks like ransomware while also safeguarding against unpatched vulnerabilities. While many shops forgo network-based protection functionality for fear that it will degrade system performance, SEP 12.1 incorporates a variety of technologies to boost performance, including deduplication, resource leveling to reduce disk I/O, as well as eliminating unnecessary scanning by up to 70%.
- File-based protection provides traditional signature based antivirus that goes beyond identifying and blocking known malware to include removal agents and are an important part of the remediation process.
- Reputation-based protection, which considers the meta-information of a file, including its origin, its age, and what files and websites it’s associated with, as context to determine whether that file or Web site is safe or a threat.
- Behavior-based protection considers the behavior of an application or file and applies artificial intelligence and analysis to determine whether is it good or bad. Creating profiles of good and bad behaviors for applications is far more effective in identifying previously unknown malware and can also provide protection regardless of what an end user does or when and how malware ends up on a machine.
- Symantec Power Eraser, designed with powerful repair and remediation capabilities to complement the most sophisticated anti-malware tools in, detecting and remediating threats, including new variants such as rootkits, fake antivirus applications and other rogueware.
Along with these core layers of protection, SEP 12.1 goes a step further to combat mutating malware via its policy-based protection capabilities. Specifically, the platform supports application control settings used to prevent applications and browser plug-ins from downloading unauthorized malicious content. There are also capabilities for controlling device settings, which prevents and limits the types of USB and external devices that can be used, for example, helping to curtail the rise of malware propagated via executable files.
In an age where mutating malware and targeted Web attacks are on the rise, IT professionals are facing an increasingly complex threat landscape. While basic antivirus technology remains a staple, organizations need to step up their strategies with a layered defense plan that not only protects against what is known, but also safeguards systems from the unknown. For a deep dive look at how Symantec Endpoint Protection 12.1 can strengthen your security posture, visit go.symantec.com/sep