When we look at the world around us, everything can seem pretty much complete. And Security technology is no different. You’ve got your firewalls, email filters, proxies, desktop AV and a myriad of other controls you know you’ve just “got” to have. You’ve even got the perimeter malware sandbox solution from Palo Alto, FireEye and the like. It feels complete. So why are we all so blind to the obvious omission?

Let’s look at a common scenario. Actually, let’s look at the most common scenario of IT usage. Firstly, it’s using a mobile device such as a laptop, tablet, phablet or phone. It’s “off-network”, using a public wifi or cellular network connection and it’s accessing Internet based resources using a web browser or app. And it’s all performed by a trusted user with trusted privileges on their device. This scenario is one we find ourselves in every day, probably right now, yet we leave ourselves completely exposed to modern malware every time.

Today’s enterprise security controls are still focused almost entirely on the office network, leaving the mobile endpoint woefully insecure. With antivirus missing at least 50% of modern malware, and deployment of mobile web security as rare as hens’ teeth, there really isn’t anything to protect the user from the latest threats. And before we go blaming the user, we need to remember that a core function of every employee’s job is accessing the Internet, often from supposedly trusted sites and receiving data from trusted people. And at the other extreme we have a travelling HR consultant, working in hostile environments reviewing CV’s, resumes and documents from unknown senders. These people need to be enabled to do their job whilst being protected. This isn’t a People or a Process problem. This isn’t a training issue. People are doing the right things, they’re just faced with a technological threat, and therefore need a technological answer.

The missing piece is the protection within the endpoint. AV was meant to do the job, but it can’t. It’s inability to protect against modern threats, genuine zero days and anything made to look new renders it completely impotent. In May 2014, Symantec themselves stated that Antivirus “is dead” (Brian Dye, Symantec’s senior vice president for information security). What’s needed for antivirus isn’t an evolution, it’s a revolution. It needs complete rethinking, rearchitecture and most importantly reinvesting. Over time, as antivirus dropped in value, so did its price and this has become the norm and organisations set their annual budgets accordingly. Little is spent on the endpoint and in return little protection is delivered.

Thankfully, 2014 marked the arrival of that revolution, with the release of enterprise ready solutions that became truly fit-for-purpose. The two leading examples are Palo Alto Networks TRAPS and Bromium vSentry, both endpoint software solutions delivering robust protection against zero day threats and designed to sit alongside traditional antivirus. These two products work very differently, with TRAPS focusing on exploit detection and vSentry providing kernel based process isolation, but the end result is very similar, rock solid blocking of everything your antivirus can’t catch. This means that wherever you are, however hostile the environment and whatever document you open, you’re guaranteed to not be exploited by malware. Pretty significant stuff and absolutely necessary.

By way of a reminder, this isn’t antivirus. It doesn’t work the same, protect the same and crucially doesn’t cost the same. It’s not here to replace antivirus…. yet. It may do in 12-24 months, but currently antivirus products provide lots of other functions, such as desktop firewall, IDS and a modest level of basic virus protection “noise”. But due to their vastly greater level of protection, TRAPS, vSentry and their competitors are notably more expensive per seat than traditional antivirus. In our view, they’re value is unquestionable, with no alternative technologies coming close to the same balance of protection and price. Their biggest drawback? These products are incredibly unsexy when it comes to providing a demonstration. Fire an exploit or zero day against them and nothing happens. It’s not meant to. Malware is just blocked. It’s boring, but boring is good. Boring is what you want. Boring is letting users get on with their job without noticing the malware war being waged within their device.

Cognition’s advice to all organisations, large and small, is to first recognise the problem that exists for your mobile users. They’re woefully vulnerable and need to be protected. Second, understand that the missing piece should reside on the endpoint. And third, plan your budget now so that in the coming year these solutions can be available to complete your malware defences.

Fancy a chat about endpoint malware defences, or anything else for that matter? Give us a call or we’ll happily come and visit your offices.

The post The Missing Piece appeared first on Cognition.

About Cognition

Cognition is a Specialist Cyber Security Integrator, focused on delivering the very best security guidance and providing an unprecedented level of service. The team is comprised solely of industry experts with each providing the best intelligence with a real world approach. It is this philosophy that enables Cognition to cut through the complexity of today’s threat landscape and provide the latest innovative security solutions that deliver true business value. Learn more about Cognition at https://cognitionsecure.com.