Moving Target Defense Blog

For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that blocked the most malware came at an appropriate premium. After all, the endpoint was—and still is—of the primary attack vectors for cyber threats, so it stands to reason that antivirus could charge a premium to secure your endpoint. 

It’s not hard to understand the concept of proactive cyber defense: acting in anticipation of an attack against a computer or network. The goal is getting in front of attacks by evading, outwitting, or neutralizing them early instead of waiting for the damage to start like reactive cyber defenses.

It’s also not hard to understand the benefits of being proactive: preventing the negative effects of cyber attacks instead of trying to minimize the damage. The only thing hard to understand is why every company doesn’t practice proactive cyber defense already?

Defending your critical infrastructure against cyber threats has never been harder. Adversaries constantly innovate new techniques to exfiltrate or encrypt data, forcing defenders to play a cybersecurity version of “whack-a-mole” in their attempts to ameliorate any possible damage.

The economic impact of a successful breach is one of the easiest to quantify. It’s also increasing constantly, with analysts predicting the cost of cybercrime globally will exceed $6 trillion annually by 2021, a 100% increase from 2015. Much of this cybercrime is perpetrated on or through the endpoint, with an end goal typically of either data exfiltration or encrypting the data and charging a ransom (often it’s both).

The term “new normal” means different things to different people. For some, the term is synonymous with a return to the office (just with a few tweaks), while others think that co-located teams are gone for good. The reality is probably somewhere in between. Household names like Google and Facebook are planning for a future where most of their employees work remotely most of the time. And where big tech goes, other organizations tend to follow.

In the ongoing war over cybersecurity, endpoints seemed like settled territory. After years of surrounding these vulnerable vectors with defensive technologies and company-wide IT hygiene best practices, it became easy to assume the endpoints were ironclad. Unfortunately, the latest generation of emerging threats handily circumvents and, in many cases, obliterates existing endpoint security defenses.

Remote work is no longer limited to outside sales reps traveling across the country. Today, the remote employee movement has reached into practically every industry. So much so, in fact, that according to Owl Labs, 54 percent of people work remotely at least once per month, 48 percent work remotely at least once per week, and 30 percent work remotely full-time. This marks a substantial change from only a decade ago, when the only people working remotely were often contractors or sales reps.

Organizations in every industry and at every level of government face more cyberattacks each day. According to Ponemon Institute’s recent research, 68 percent of organizations note an increased frequency of attacks against their endpoints. Often, these threats are zero days, fileless attacks, in-memory exploits, and evasive malware designed to circumvent antivirus and endpoint detection and response solutions.

Protecting your organization from advanced threats has always been difficult. Adversaries innovate constantly, changing their attack vectors and finding new ways to infiltrate their target environment. The Trickbot trojan is one of the best examples; its authors have used news coverage from President Trump’s impeachment trial and the WSReset UAC Bypass among other changes to push the trojan past antivirus and malware scanners.

Antivirus protection is a baseline cost of doing business for the modern organization. At first, companies and governments only needed signature-based antivirus that tracked known malware. As fileless malware and exploits accelerated, next-gen antivirus that leveraged AI and behavioral analysis came on the scene to respond.