In the ever-changing world of cyber security, technologies never stand still. So, as a customer, it can be difficult to know at what point it’s worth upgrading – is this “new” solution going to be significantly better? Or is it worth waiting?
It’s a particularly troubling question about the antiviral aspect of your primary defences; you don’t want to leave your users at risk.
Traditional antivirus solutions are typically always working, running in the background on your machine. Whenever you open or download a file or a program, the AV scans it for malware—malicious software intended to damage or compromise your system. Malware includes Trojans, worms, viruses, etc.
You may also use your antivirus to run full-system scans. Again, the antivirus will check every file on your system (including cookies you aren’t aware of) for signs of malware.
Every AV program carries a list of virus definitions, or signatures, discovered by cyber security researchers. The program cross-checks the files against this list of definitions. If anything matches—snap! It’s considered a threat and dealt with accordingly.
To be effective, this list must be continually updated with the latest virus definitions. Your AV program should do this automatically, provided you have the correct settings.
So, to sum up, traditional AV looks for known malware code in all your files. But what about unknown code? And what if it’s not attached to a file?
Like traditional AV, Endpoint Protection works continuously in the background. However, rather than searching for specific known signatures, EPP monitors behaviours.
This is the main and significant difference.
Nearly 1 million different types of malware are released every day! It is not possible for any AV solution to know them all. And since most attacks today come from unknown sources—and increasingly they’re “fileless”—traditional AV has quickly become ineffective.
Gartner dropped the AV Magic Quadrant in 2006.
Suppose there’s a security alert at the airport. Would you be happy for the security professionals to focus all their efforts on facial recognition software, seeking out the faces of known criminals? Or do you want them to also look for suspicious behaviour, keep people out of secure areas, monitor what individuals are doing, and take the necessary security measures to keep everyone safe?
This is how EPP operates:– by seeking out indicators of compromise, or IoCs, that suggest malware is present, and detecting signs of malicious behaviour.
Endpoint Protection Platforms are not reliant on updated virus definitions or security researchers defining every possible threat. Instead, EPP monitors your system and effectively says, “OK, this might not be malware, but we’re not going to let it access a program’s configuration or corrupt the memory space of another program.” If it acts like malware, EPP assumes it is malware and reacts accordingly.
It is important to acknowledge that no program can stop every attack. No one can promise you 100% protection. However, some EPP solutions include detection and response capabilities to recognise IoCs, detect that an attack has taken place, and act to contain and remediate the damage.
Again, this multi-layered approach to security is an essential feature in a first-line defence. If an attacker permeates a system protected with traditional AV, there’s no remediation available. Once they’re in, they’re in.
Next-Gen Endpoint Protection automatically detects threats, stops them in their tracks and cleans up after them, giving you the bird’s-eye view of your system you need to identify the behaviour putting your organisation at risk.
SentinelOne’s Endpoint Protection Platform (EPP) provides organisations with real-time, unified endpoint protection, unifying prevention, detection, and response on one platform.
SentinelOne EPP leverages advanced machine learning and intelligent automation to prevent and detect attacks across all major vectors, with rapid elimination of threats, fully automated policy-driven response, and complete visibility into the endpoint with real-time forensics.
The independent antivirus institute (AV-TEST) has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats - the only next-generation endpoint protection vendor to obtain this certification on both platforms.