Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 4 Leveraging Unmatched Threat Protection 49 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. is a signature-based security tool that focuses on detecting and responding to known threats after they have already entered a network. At the same time, adversary strategies have evolved from simple malware distribution. Today, attackers can bypass antivirus with inexpensive, automated tools that produce countless unique, tar- geted, and sophisticated attacks. Ultimately, traditional antivirus is proving inadequate to protect systems against breaches. Although attacks have become more sophisticated and complex, they still use basic building blocks to compromise endpoints. The primary attack methods continue to exploit known and unknown application vulnerabilities as well as deploy malicious files, including ransomware. These can be used individually or in vari- ous combinations, but they are fundamentally different in nature: » Exploits are the results of techniques used against a system that are designed to gain access through vulnerabilities in the code of an operating system or application. » Malware is a file or code that infects, explores, steals, or conducts virtually any behavior an attacker wants. » Ransomware is a form of malware that holds valuable files, data, or information for ransom, often by encrypting data, with the attacker holding the decryption key. To effectively combat security breaches, organizations must pro- tect themselves from known and unknown cyberthreats as well as the failures of traditional antivirus. This means they must focus on prevention — the only effective, scalable, and sustainable way to reduce the frequency and impact of cyber breaches. To deliver effective and comprehensive security to systems, endpoints, and users, endpoint protection must do the following: » Preemptively block known and unknown threats. To prevent security breaches, a shift must occur — from detecting and responding to incidents after they have occurred to preventing breaches from occurring in the first place. Endpoints must be protected from known and unknown malware and exploits, including zero-day threats, whether a machine is online or offline, on-premises or off, connected to the organization's network or not. A key step in accomplishing this is incorporating