While network-based security solutions provide protection for an enterprise’s network, it is only on the endpoint that full visibility and immediate prevention are possible. For example, consider employees who work remotely or travel frequently and are thus not subjected to network controls, or those who use untrusted removable media that could get infected and introduce malware into the corporate network. In favor of business continuity, some network-based security controls allow suspicious files to download while they are analyzed and only sound the alarm after it’s too late.

Additionally, advanced malware is constantly evolving to bypass security controls, learning how to travel through encrypted channels, stay concealed in password-protected files or remain idle while waiting to be triggered by user action.

Having a presence on the endpoint is imperative for real-time protection against advanced malware.

Advanced Malware Is Getting Smarter

In recent years, advanced malware has become more sophisticated in multiple ways. First, it is evasive. Advanced malware aims to infect systems without being noticed. Many traditional security controls rely on blacklisting known malicious files, behaviors or command-and-control (C&C) destinations. To bypass such controls, malware has taken to polymorphism — slightly changing the malicious code so it won’t match the known signatures or patterns — and using dynamically assigned servers. In the underground market, cybercriminals can find off-the-shelf tools to help facilitate this. In response to sandboxing solutions that tried to cope with evasive malware, new, more sophisticated threats can identify whether they’re being run in a user environment or a sandbox or simply await a specific user interaction to activate.

Second, it is persistent. The threat of advanced malware doesn’t end with the download of malicious code. In order to achieve its goals, malware needs to run and stay unnoticed for a long time — even after the infected host has been rebooted. To achieve this goal, malware will install and disguise itself as a benign, legitimate application to prevent identification by traditional controls.

Finally, malware communicates outside the network. The goal of attackers is to gain access to and/or steal sensitive information with which they can achieve a competitive advantage, compromise a company’s reputation or gain leverage. For that, advanced malware needs to communicate with some C&C servers to announce it has completed the first phase of entering the target organization, receive updates and, of course, send the stolen sensitive information to the attacker.

Take a proactive response to today’s advanced peristent threats! Read the white paper to learn how

Zero-Day Threats

When a threat is carried out by exploiting a vulnerability that has never been previously published, it is called a zero-day threat. Since the vulnerability is not publicly known, there is no available patch that addresses it and fixes the bug that caused the vulnerability. Malicious code that makes use of this vulnerability cannot be identified as a known exploit by security controls that rely on prior knowledge.

Corporate Credentials Theft

People prefer to use as few passwords as possible. It is not uncommon for someone to use the same password to access a corporate intranet site, their personal Web mail, a public social network and an e-commerce site. In October 2014, millions of Dropbox passwords were compromised. In May 2014, 145 million eBay passwords were stolen. Mail providers, social networks, retailers and mobile providers have all been breached, resulting in compromised user credentials. If an employee’s credentials to a public site are stolen, it is not that difficult to deduce that employee’s corporate username. From there, the door is open for an attacker to get a foothold into the organizational network.

IBM Security Trusteer’s Apex Advanced Malware Protection™ protects employee endpoints from advanced threats by leveraging a unique, positive behavior model. It does not rely on prior knowledge of specific types of malware, exploits or vulnerabilities, but rather identifies and blocks threats in real time by tracking processes’ behavior and identifying illegitimate flows. This enables Trusteer Apex to address previously unreported malware and zero-day threats. Additionally, Trusteer Apex protects employees from corporate credentials theft through phishing sites and prevents corporate credentials theft from being reused on third-party websites.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…