NORDIC ENG Better Security Fewer Resources

This leads to constant complaints among end-users at many organizations, who want to know why their systems are so slow or why it takes 15 minutes to boot up every workday morning. Furthermore, this also increases costs and reduces productivity, because users are making more calls to the helpdesk when problems arise. The negative impact on performance goes directly against what so many enterprises strive to achieve today: enhanced systems and application performance that enables workers to complete tasks more quickly and efficiently. If systems are slow, so is the response to customer needs, or the development of a new product or service, or the launch of a marketing campaign. The impact on the bottom line and on business operations can be dramatic. Clearly, security solutions need to be effective at stopping attacks, but not at the cost of diminishing performance to the point where employees and customers become disenchanted. Recent industry research shows just how much of an impact security technology can have on user experience. For example, an online survey of 460 IT professionals and 301 business users in the U.S., U.K., and Germany, conducted in 2015 by Dimensional Research and commissioned by Dell, showed that 91% of business respondents said conventional security measures put in place by their employer negatively impact their productivity. A huge majority of the business respondents (92%) said they are negatively impacted when required to use additional security for remote work. When examining changes made to corporate security policies in the previous 18 months, more than half of the business respondents said security’s negative impact on day-to-day work had increased. The negative impact on performance and user experience can have other severe consequences for organizations. For instance, nearly 70% of IT professionals surveyed by Dimension Research said employee workarounds to avoid IT-imposed security measures pose the greatest risk to the organization. What makes the performance issue especially daunting for many organizations is that decision makers often do not consider the impact on systems and resources when they are evaluating security products. malware, and they require highly-skilled and highly-paid staffers to operate. In many cases, this is done after malware has already propagated from system to system within the organization — at potentially great cost. In addition, solutions that collect and store most of the system events for detection and response might end up collecting more information than is necessary, leading to added resource costs. From a time and cost standpoint, deep scans conducted on endpoints by signature-based anti-malware software mean work delays for users and a corresponding drop in productivity. When you consider 10-minute scans twice a day times the number of users on a network, that can quickly add up to big numbers that have a financial impact on the business. Additional costs result from allowing more malware into the organization. These include malware issue resolution, machine re-imaging, declines in end-user productivity, extra IT security skills needed, and legal costs (if damage occurrs from an attack). Signature-based products also require maintenance, primarily the distribution of the signatures. These generally take place daily but can be as frequent as hourly. Systems that are airgapped require increased maintenance because they can’t retrieve updates from the product vendor’s Internet presence. Administrators may need to manually retrieve each update, place it onto removable media, check the media itself for malware, and physically transfer that media to a system on the air-gapped network for further distribution. Traditional endpoint security vendors are forcing customers to deploy more and more layers of technology on the endpoint to try to improve protection efficacy. This additional technology, such as host intrusion prevention systems and reputationbased file lookups, requires additional installs, hardware, and management overhead. In many cases, users might see four to six different endpoint security processes being used within the organization. In addition to the performance issues, another problem with signature-based security products is the added cost involved — both in terms of the greater expenditures in time and money when using these products, as well as the costs of security breaches that can result from inadequate security. For example, because signature-based products are ineffective against malware, organizations often opt to deploy additional costly security technology, including endpoint detection and response solutions. Instead of focusing on stopping malware before it can execute on systems, these solutions hunt for indicators of compromise left behind by a piece of executed Provide Better Endpoint Security 3 Failure to Protect Not only do signature-based security products impact performance and drive up costs, they also fail at their most important mission: to protect organizations against malicious content. None of the traditional endpoint security vendors can prevent malware from executing. By definition, signaturebased antivirus always has a patient zero, as the malware must be discovered before the signature can be written. Many new evolved threats are zero-day attacks that use various techniques that must also be prevented from executing. This is one of the disadvantages of post-execution monitoring. More often than not, a series of behaviors constitutes a malicious behavior. However, it might be too late to block the malware if that determination is not made in time and, more importantly, every time. Some solutions take minutes or even days and weeks to make such determinations. A major drawback of using signature-based security methods is that organizations can wait up to 72 hours for a signature file to be created, depending on the level of risk. There are a number of steps that have to occur to develop a signature file. The more time that passes before protection, the more endpoints that get infected, which costs more money. Ponemon Institute in its 2016 Cost of Data Breach Study noted that the average total cost of a data breach for the 383 companies participating in its research was $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information was $158. Finally, there are indirect costs that result from attacks that get past signature-based tools. This includes the damage to brand reputation, the unknown cost of corporate information or state secrets lost or stolen, etc. Security threats have evolved to become much more sophisticated over the years, and they can easily be mutated to take on new and unrecognizable forms. Today, nearly all malware is polymorphic, meaning it’s highly customized and targeted. Traditional malware analysis techniques, such as file signatures, heuristics, or reputation cross-checking, are easily defeated by mutated malware. Also, because malware checks its environment for the use of dynamic analysis techniques such as sandboxing, these techniques are easily defeated. Even though the cybersecurity landscape is characterized by constant change, the basic components of malware detection have stayed the same for more than three decades. Decades-old signature-based antivirus technology is not effective against today’s tidal waves of sophisticated attacks with countless variants of malware. For example, attackers can easily and effectively disguise (mutate) malware using ubiquitous packer software. This software modifies the malware attributes and changes the cryptographic hashes, allowing easy penetration past signature-based antivirus, just as easy as changing the license plate of a stolen car. In fact, analyses show that 99% of malware hashes are seen for only 58 seconds or less, and most malware was seen only once, reflecting how quickl

Please complete the form to gain access to this content