While network-based security solutions provide protection for an enterprise’s network, it is only on the endpoint that full visibility and immediate prevention are possible. For example, consider employees who work remotely or travel frequently and are thus not subjected to network controls, or those who use untrusted removable media that could get infected and introduce malware into the corporate network. In favor of business continuity, some network-based security controls allow suspicious files to download while they are analyzed and only sound the alarm after it’s too late.

Additionally, advanced malware is constantly evolving to bypass security controls, learning how to travel through encrypted channels, stay concealed in password-protected files or remain idle while waiting to be triggered by user action.

Having a presence on the endpoint is imperative for real-time protection against advanced malware.

Advanced Malware Is Getting Smarter

In recent years, advanced malware has become more sophisticated in multiple ways. First, it is evasive. Advanced malware aims to infect systems without being noticed. Many traditional security controls rely on blacklisting known malicious files, behaviors or command-and-control (C&C) destinations. To bypass such controls, malware has taken to polymorphism — slightly changing the malicious code so it won’t match the known signatures or patterns — and using dynamically assigned servers. In the underground market, cybercriminals can find off-the-shelf tools to help facilitate this. In response to sandboxing solutions that tried to cope with evasive malware, new, more sophisticated threats can identify whether they’re being run in a user environment or a sandbox or simply await a specific user interaction to activate.

Second, it is persistent. The threat of advanced malware doesn’t end with the download of malicious code. In order to achieve its goals, malware needs to run and stay unnoticed for a long time — even after the infected host has been rebooted. To achieve this goal, malware will install and disguise itself as a benign, legitimate application to prevent identification by traditional controls.

Finally, malware communicates outside the network. The goal of attackers is to gain access to and/or steal sensitive information with which they can achieve a competitive advantage, compromise a company’s reputation or gain leverage. For that, advanced malware needs to communicate with some C&C servers to announce it has completed the first phase of entering the target organization, receive updates and, of course, send the stolen sensitive information to the attacker.

Take a proactive response to today’s advanced peristent threats! Read the white paper to learn how

Zero-Day Threats

When a threat is carried out by exploiting a vulnerability that has never been previously published, it is called a zero-day threat. Since the vulnerability is not publicly known, there is no available patch that addresses it and fixes the bug that caused the vulnerability. Malicious code that makes use of this vulnerability cannot be identified as a known exploit by security controls that rely on prior knowledge.

Corporate Credentials Theft

People prefer to use as few passwords as possible. It is not uncommon for someone to use the same password to access a corporate intranet site, their personal Web mail, a public social network and an e-commerce site. In October 2014, millions of Dropbox passwords were compromised. In May 2014, 145 million eBay passwords were stolen. Mail providers, social networks, retailers and mobile providers have all been breached, resulting in compromised user credentials. If an employee’s credentials to a public site are stolen, it is not that difficult to deduce that employee’s corporate username. From there, the door is open for an attacker to get a foothold into the organizational network.

IBM Security Trusteer’s Apex Advanced Malware Protection™ protects employee endpoints from advanced threats by leveraging a unique, positive behavior model. It does not rely on prior knowledge of specific types of malware, exploits or vulnerabilities, but rather identifies and blocks threats in real time by tracking processes’ behavior and identifying illegitimate flows. This enables Trusteer Apex to address previously unreported malware and zero-day threats. Additionally, Trusteer Apex protects employees from corporate credentials theft through phishing sites and prevents corporate credentials theft from being reused on third-party websites.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today