While network-based security solutions provide protection for an enterprise’s network, it is only on the endpoint that full visibility and immediate prevention are possible. For example, consider employees who work remotely or travel frequently and are thus not subjected to network controls, or those who use untrusted removable media that could get infected and introduce malware into the corporate network. In favor of business continuity, some network-based security controls allow suspicious files to download while they are analyzed and only sound the alarm after it’s too late.

Additionally, advanced malware is constantly evolving to bypass security controls, learning how to travel through encrypted channels, stay concealed in password-protected files or remain idle while waiting to be triggered by user action.

Having a presence on the endpoint is imperative for real-time protection against advanced malware.

Advanced Malware Is Getting Smarter

In recent years, advanced malware has become more sophisticated in multiple ways. First, it is evasive. Advanced malware aims to infect systems without being noticed. Many traditional security controls rely on blacklisting known malicious files, behaviors or command-and-control (C&C) destinations. To bypass such controls, malware has taken to polymorphism — slightly changing the malicious code so it won’t match the known signatures or patterns — and using dynamically assigned servers. In the underground market, cybercriminals can find off-the-shelf tools to help facilitate this. In response to sandboxing solutions that tried to cope with evasive malware, new, more sophisticated threats can identify whether they’re being run in a user environment or a sandbox or simply await a specific user interaction to activate.

Second, it is persistent. The threat of advanced malware doesn’t end with the download of malicious code. In order to achieve its goals, malware needs to run and stay unnoticed for a long time — even after the infected host has been rebooted. To achieve this goal, malware will install and disguise itself as a benign, legitimate application to prevent identification by traditional controls.

Finally, malware communicates outside the network. The goal of attackers is to gain access to and/or steal sensitive information with which they can achieve a competitive advantage, compromise a company’s reputation or gain leverage. For that, advanced malware needs to communicate with some C&C servers to announce it has completed the first phase of entering the target organization, receive updates and, of course, send the stolen sensitive information to the attacker.

Take a proactive response to today’s advanced peristent threats! Read the white paper to learn how

Zero-Day Threats

When a threat is carried out by exploiting a vulnerability that has never been previously published, it is called a zero-day threat. Since the vulnerability is not publicly known, there is no available patch that addresses it and fixes the bug that caused the vulnerability. Malicious code that makes use of this vulnerability cannot be identified as a known exploit by security controls that rely on prior knowledge.

Corporate Credentials Theft

People prefer to use as few passwords as possible. It is not uncommon for someone to use the same password to access a corporate intranet site, their personal Web mail, a public social network and an e-commerce site. In October 2014, millions of Dropbox passwords were compromised. In May 2014, 145 million eBay passwords were stolen. Mail providers, social networks, retailers and mobile providers have all been breached, resulting in compromised user credentials. If an employee’s credentials to a public site are stolen, it is not that difficult to deduce that employee’s corporate username. From there, the door is open for an attacker to get a foothold into the organizational network.

IBM Security Trusteer’s Apex Advanced Malware Protection™ protects employee endpoints from advanced threats by leveraging a unique, positive behavior model. It does not rely on prior knowledge of specific types of malware, exploits or vulnerabilities, but rather identifies and blocks threats in real time by tracking processes’ behavior and identifying illegitimate flows. This enables Trusteer Apex to address previously unreported malware and zero-day threats. Additionally, Trusteer Apex protects employees from corporate credentials theft through phishing sites and prevents corporate credentials theft from being reused on third-party websites.

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…