Busting the Myth of the Malware "Silver Bullet"

White Paper When it comes to fighting modern malware, there is no “silver bullet” that can guard against every threat every time. That’s why Intel Security takes a different approach. We combine multiple layers of advanced malware protection, detection, and correction technologies into a single endpoint defense fabric. To keep up with cyberthreat innovation, effective detection and analysis requires new state-of-the-art anti-malware technologies: Real Protect and Dynamic Application Containment, complemented by the McAfee® Advanced Threat Defense sandbox. Find out how these tools work together to systematically protect against the most dangerous malware threats. The Security Snowball Effect As malware grows more sophisticated and harder to combat, it’s tempting to believe that there is a breakthrough technology that will solve the problem. But the reality is, modern adversaries are far too clever for that. There are great solutions out there for combating a particular kind of malware that infects your endpoints in a particular way. But the minute you rely on a single technology to protect your business, adversaries find a way to fool it. All of a sudden, you need another solution. And then another. Soon, you’re dealing with the security snowball effect: you’re juggling a dozen different security tools, each with its own separate console, each requiring specialized processes and expertise. Who stitches all of those tools together so that your security team isn’t buried in complexity and delays? In most cases, you do—if they can be brought together at all. All of that effort adds critical seconds (and hours, and days) at a time when you can least afford it—when you’re responding to a potential threat. At the same time, it takes up valuable time and strains your scarcest resource: your people. Malware represents a special challenge: you need tools for opportunistic, evasive, zero-day, targeted, and weaponized malware, as well as defenses against the inevitable “patient zero,” when malware gets past defenses and works to compromise a system. If you omit or unplug any of these capabilities, you can be sure that route will be the avenue your attacker uses. And, realistically, the malware itself is just part of the attack chain. The content and actions associated with malware bring value to security analysts in the security operations center, as well as guide improvements to all of the enterprise’s preventative controls, including web gateways and network intrusion prevention systems. For these reasons, businesses don’t need one amazing technology to fight the modern malware threat. They need multiple technologies, not just co-located, but working together in an integrated, automated way to ensure that even if a threat makes it past one layer of your defenses, it won’t make it past all of them. Intel Security is the only anti-malware vendor that uses a truly integrated and coordinated endpoint defense fabric—with connected components working with each other. With this design, your defenses can combine the capabilities they need moment by moment to protect better than any technology working in isolation. The End of Uncoordinated Security The new generation of Intel® Security anti-malware and endpoint security technologies coordinates multiple layers of state-of-the-art defenses to combat the most sophisticated, well-hidden threats. Unlike security strategies based on isolated products, these complementary defenses operate as a system to identify malware. Then, they go beyond that to integrate detections with blocking, containment, and investigation to make threat management simpler, faster, and more effective. They make the most effective use of the latest dynamic, static, machine learning, reputation, and sandbox technologies and enable enterprises to tailor actions to their own situation. Busting the Myth of the Malware “Silver Bullet” 3 White Paper ¦¦ ¦¦ ¦¦ Pre- and post-execution machine learning analysis: Real Protect, available in the new generation of McAfee Endpoint Security, peels away the latest obfuscation techniques to unmask hidden threats, so zero-day malware has no place to hide. It ushers in a new age in endpoint security by introducing machine learning techniques that perform both pre-execution static analysis (What are the features of the file?) and post-execution behavioral analysis (What does it actually do?)—all without signatures. It stops more malware than any signature-based or static-only solution—blocking most malware at the endpoint before it ever has a chance to execute. Suspicious process containment: Dynamic Application Containment, another available component of McAfee Endpoint Security, protects patient zero endpoints from previously unknown “zero-day” malware infections by immediately blocking process actions that malware often uses. Designed to halt malicious changes to endpoints and available only from Intel Security, Dynamic Application Containment doesn’t hold up the endpoint (and the user) for minutes at a time while an unknown file is analyzed. Dynamic Application Containment lets the suspicious file load into memory without allowing it to make changes to the endpoint (such as changing the registry or deleting files) or to infect other systems while under suspicion. The endpoint and user can remain fully productive while providing an opportunity for more in-depth analysis. Threat sandboxing: The McAfee Advanced Threat Defense sandbox solution provides powerful capabilities to detect the most advanced targeted malware and convert newly discovered threat information into immediate action. It detonates suspicious files in a safe environment and performs in-depth static code analysis on the entire code base to gain the granular insight needed to conclusively convict or exonerate a threat. When a new malware threat is uncovered, McAfee Advanced Threat Defense links with McAfee Threat Intelligence Exchange to inform other security systems—from endpoints to the network edge—about the new threat and inoculate the broader environment, thus shortening the gap between threat detection, correction, and proactive protection. Individually, each of these technologies provides important anti-malware capabilities. Together, they are part of a multilayered defense environment that stops most threats before they infect patient zero and then coordinates threat response in near real time, without manual intervention. Organizations can coordinate Real Protect, Dynamic Application Containment, and McAfee Advanced Threat Defense capabilities, turning different layers up and down for different organizational needs, or even different areas of the business. Flexibility for Different Organizational Needs All three Intel Security solutions provide important malware defense capabilities, but different organizations will use them in different ways. Here’s what that might look like in practic
Please complete the form to gain access to this content