The indicators of a “virus infection” used to be pop-ups, browser toolbars and weird system behavior. While those symptoms still exist within “nuisanceware”, they’re far from the most dangerous threats that we face today. Today’s most dangerous threats are the silent infiltrators targeting your most critical data (whether that be your intellectual property or perhaps the personal information of your customers). These threats fly under the radar to evade detection and silently pull data out of your environment.
Anti-virus software can help protect us, but anti-virus has not evolved to keep up with today’s threats. Anti-virus software will protect against known threats, but today’s malware authors write code that evade anti-virus. It’s critical that we begin building out additional layers of defense to detect these “silent” threats and catch our sensitive data before it walks out the door.
In addition to new tools, we must change the way we think about endpoint security. The proactive approach is to understand what “normal” behavior is on each endpoint. If we understand what an endpoint should be doing, we can then plan our strategy for the endpoint that deviates from that norm. We can also utilize tools to block the endpoint from running applications or talking with unauthorized networks.
We must also plan for the worst. Our tools and processes need to encompass the actions we take in the event of a breach. It’s one thing to have infected machines in the environment. Things go from bad to worse when those infected machines begin sending our critical data outside our networks. Our tools should not only detect when information leaves, but they should also assist us in determining what information was taken.
If you’re still looking for pop-ups and weird behavior on your systems, it’s time to change your endpoint security strategy.