In the ongoing war over cybersecurity, endpoints seemed like settled territory. After years of surrounding these vulnerable vectors with defensive technologies and company-wide IT hygiene best practices, it became easy to assume the endpoints were ironclad. Unfortunately, the latest generation of emerging threats handily circumvents and, in many cases, obliterates existing endpoint security defenses.
In a recent survey of 671 IT security professionals, 68 percent told Ponemon Institute that their company suffered through a successful endpoint attack within the last 12 months. That’s up significantly since 2015 when only around half of respondents experienced a successful attack. Also rising, the cost of such attacks has grown from $7.1 million on average to nearly $9 million. Despite widespread attempts to secure endpoints, these numbers suggest that security has been rapidly eroding.
For better or for worse, the culprit is clear: zero day attacks. Analysts expect the frequency of new and previously unknown attacks to double in the coming year, constituting 42 percent of all offensives. The rest of them (58 percent) will utilize existing attack strategies, which is down from 77 percent in 2019. In a shift of incredible speed and scale, hackers have replaced older, less effective attacks with a new generation of malicious methods. According to the IT professionals asked above, that shift worked exactly as planned.
Where Endpoint Security Went Wrong
Traditional endpoint security solutions rely on a database of virus signatures to identify potential threats, which means that anything outside that data – such as a zero day attack – bypasses security undetected. Antivirus protections miss up to 60 percent of attacks, in large part because they can’t stop what they can’t see. Therefore, smashing through endpoint security is often as easy as coming up with a novel form of attack. Considering that the average patch takes 97 days to apply, test, and fully deploy, hackers have plenty of time to exploit any zero-day vulnerabilities they find. All this adds up to a perfect storm of opportunity where bad actors have an easy way to compromise endpoints and little standing in their way.
Even the so-called next-gen antivirus solutions, which rely on machine learning analysis, don’t offer a better path forward. Machine learning algorithms are only as good as the data used to train their models, which inevitably end up being a mix of known malware samples and evasive techniques based on previously experienced behaviors that may or may not be malicious. As a result, NGAV platforms often provide false positives when seeking to detect cyberattacks. The argument from many vendors is that, because their goal is to detect never-before-seen threats, of course their solutions will deliver false positives. The problem with that approach is that every alert must be investigated to determine if it was an accurate detection or not, which makes it difficult for many organizations to use NGAV tools effectively.
That begs the question: how do companies prepare for attacks they’ve never seen before? Hackers have proven to be creative and crafty when devising new types of attacks, and it seems hopeless to anticipate what they will do next, to say nothing of stopping it. Meeting this challenge takes more than just improvements to endpoint security—even though that’s needed too—it takes an entirely new outlook.
A New Generation of Endpoint Security
If the endpoint security of the past raised red flags at only the most obvious threats and only after they are known, the way forward isn’t with better detection. Given that most of the attacks directed at endpoints will be unfamiliar, and thus bypass many of the most sophisticated detection systems, what organizations need now is a platform focused instead on preventing these advanced attacks.
That’s exactly what moving target defense technology aims to do, using memory protection to prevent exploits along with fileless and evasive malware at the same time. With moving target defense technology in place, companies can deterministically prevent advanced threats from compromising the application memory rather than merely mitigating the damage. As the name would imply, it’s a defensive strategy that moves as fast as the threats themselves.
Moreover, moving target defense functions as a virtual patch on vulnerabilities. In most cases, a moving target defense solution protects endpoints against cyberattack even before a CVE is discovered. That way, even if threat actors identify a zero day exploit, it will not necessarily even impact a protected organization.
As time goes on, one thing becomes clear: the threat landscape has already evolved, and anyone who refuses to keep pace simply pins a target to their back. That’s why governments, enterprises, and other organizations would do well to re-evaluate their endpoint security strategy. Including moving target defense technology within the endpoint protection stack is a strong step in the direction of securing the organization against cyberattack.