The technology research group TechTarget recently published their findings from a survey on endpoint security at medium to large enterprises. The results corroborate trends all too evident in the news: Despite the features and functionality added to endpoint protection software over the last few years, “organizations are still in search of effective protection techniques against unknown threats and malware.”
Warning - Dead End Ahead
The survey, which polled 700 IT and cyber security professionals, found that nearly half were looking for solutions “to protect against threats not detected by traditional endpoint security products.” Only 24% felt confident that their current security solution could “detect and mitigate most or all endpoint attacks.”
This is hardly surprising. These solutions, when regularly updated, protect against known threats but don’t stand up to unknown variants. Until a security update is issued that is effective against the new threat, or a patch is developed (and implemented) for the vulnerability the attack exploits, organizations have to rely on good “cyber hygiene” and luck. That’s a lot of risk to be carrying. In fact, 22% of the respondents already had first-hand experience of a significant breach.
Most of the survey participants were aware of the inadequacy of this approach and “indicated that their organization is shifting away from static scanning as the primary protection for endpoints.” An increasingly popular alternative is behavioral based detection tools, which operate under the premise that even if a specific malware variant is unknown, it behaves similarly to known threats and this behavior can be detected.
Although behavioral detection tools are more effective against unknown threats, they still can be evaded and come with their own set of problems, including false positives and resource intensive updating and monitoring. In fact, respondents indicated that other endpoint security issues that they are seeking to overcome include too many false positives (24%) and finding their current endpoint solution too complex (14%).
Embarking on a New Direction
Not coincidentally, all of the issues cited by the survey participants are the very concerns we at Morphisec hear from our customers and partners – the ones we have designed our solution to address. Morphisec takes a completely different approach, preventing would-be attackers from ever finding the application they are trying to exploit. It uses moving target defense technology to “morph” the application’s structure while keeping the original as a decoy. There are no false positives, since any code that tries to access the original structure (kept as decoy) is by definition malicious and is blocked and trapped. And the solution requires no complicated maintenance since it doesn’t rely on databases, signatures or rules.
The TechTarget survey also asked respondents to rank which criteria of an antimalware product are most important. “Price” received the highest rating with 53% and “efficiency with minimal performance degradation” came a close second (51%). Specific features fell lower on the list. These are legitimate priorities – cyber security must be balanced against monetary, operational and other costs – a fact that security vendors sometimes lose sight of. Morphisec not only offers competitive pricing, it has a very low total cost of ownership. It doesn’t require maintenance or training and doesn’t waste resources with false positives and endless logs. Moreover, it does not impact endpoint performance or cause operational delays.
The TechTarget report concludes on a wry note, stating: “Despite their calls for change, when we asked readers which enterprise endpoint protection software they were considering for their current project or purchase, traditional market leaders (with the highest usage among those surveyed) topped their short lists.”
So the security solution game of musical chairs continues until more realize that the beat has changed completely.