How would you protect your own home? Would you invest in only one of the following: a strong fence, a set of security cameras, a very loud alarm, or motion detectors to monitor dark corners? Or would you rather use all of these to improve protection? Keeping your business network safe requires similar questioning. Using a security system based on a single type of technology is a good start, but what will stop cybercriminals from stealing valuable information if they find a way to bypass that?<\/p>\n
\u201cA company aiming to build reliable and strong cybersecurity defenses should opt for a solution offering multiple complementary technologies.\u201d<\/span><\/p>\n A company aiming to build reliable and strong cybersecurity defenses should opt for a solution offering multiple complementary technologies with high detection rates and a low number of false positives. In other words, one that catches thieves but doesn\u2019t react when a neighbor\u2019s cat walks across the lawn.<\/p>\n Both malicious code and malicious activity can take several forms, but often what they both have in common is their effort to stay under the radar of implemented security solutions. Malware creators go to great lengths to pursue this aim, and their methods evolve in step with advances in cybersecurity.<\/p>\n Nevertheless, some post-truth vendors<\/a> argue that to counter all cyberthreats, companies only need a single layer of protection that uses the \u201clatest\u201d machine learning algorithm. No updates, no cloud and no pointless extra layers. Naturally, this single-layer solution is the product they offer.<\/p>\n Despite the latest advances in AI, which have been achieved primarily by large players such as Google, Facebook and Microsoft, even the most recent cybersecurity algorithms do not amount to a silver bullet against all threats. In fact they offer only a single further step that can improve endpoint security, but can also be easily overpowered by adversaries when complementary security systems are absent.<\/p>\n While overcoming a single layer can lead to an infection, multiple barriers that are able to detect malicious items, even when modified, make attacks more difficult and more costly, forcing adversaries to laboriously change the behavior of their code.<\/p>\n Company networks are similar to complicated organisms. They consist of various nodes \u2013 organs \u2013 each assigned a different role, importance and rights. Identifying malicious activity in such a complex system can prove messy and difficult, especially if the protection solution is trying to track everything through a single point.<\/p>\n It is true that a strong perimeter can improve a business\u2019s cybersecurity, thus freeing endpoints from constant scanning of every item for malicious activity. However, if it\u2019s the only protective barrier for attackers to overcome, once they succeed there is nothing further to stop them.<\/p>\n \u201cWith multi-layered solutions, even if one technology is bypassed, an array of other technologies remains to take action at a later point, or in a specific situation.\u201d<\/span><\/p>\n Remember, avoiding protection solutions is a cybercriminal\u2019s daily bread and, as has been proved again and again in the past, any feature or system can be circumvented given enough effort. With multi-layered solutions, even if one technology is bypassed, an array of other technologies remains to take action at a later point, or in a specific situation.<\/p>\n So even if malware is stealthy enough to avoid detection in an email, it doesn\u2019t mean that it will not get blocked and deleted later, when it tries to wreak havoc in the system\u2019s memory. The same goes for a malicious code betting on a delay in its fraudulent activities to elude detection, or sitting in a system for several months while waiting for a specific file-type to trigger the next malicious processes.<\/p>\n Many of the post-truth vendors argue that their solutions work on a different basis. They say that their machine learning solutions are able to learn locally and uncover many of the techniques used by attackers. But the truth is that most cybercriminal methods evolve \u2013 and can be sophisticated enough to fool even the newest so-called smart machines.<\/p>\n \u201cThe truth is that most cybercriminal methods evolve \u2013 and can be sophisticated enough to fool even the newest so-called smart machines.\u201d<\/span><\/p>\n To name just a few examples, let\u2019s look at steganography. Attackers just need to take malicious code and smuggle it into harmless files such as pictures. By burying it deep into a pixel setting<\/a>, the machine can be fooled by the (infected) file, which is now almost indistinguishable from its clean counterpart.<\/p>\n Similarly, fragmentation can also lead to a detection algorithm returning an incorrect evaluation. Attackers split the malware into parts and hide it in several separate files. Each of them is clean on its own; only at the moment when they all converge on one endpoint or network do they begin to demonstrate malicious behavior.<\/p>\n With only one layer of monitoring, such activity can go unnoticed, as the \u201csmart\u201d algorithm would require more complex optics to see the whole problem. Using multiple technologies, combined with global context and updates, can offer the necessary big picture view and successfully block even new and sophisticated attempted attacks.<\/p>\n While the approach described above can be used for malicious aims, they are perfectly legitimate in other contexts. Every business client is different and endpoints can have very diverse settings. Some companies, for example, use software or files that look very suspicious but are entirely legitimate for their purposes.<\/p>\n Sure, if you are a small cybersecurity vendor with a user base of tens of thousands or maybe hundreds of thousands of endpoints, you can contact those few who might encounter some issues. But what if the number grows to tens, or hundreds of millions?<\/p>\n Only years of experience and testing can prove how best to fine-tune solutions to suit such a significant group of business clients. Similarly, it takes an investment of years to devise the protective layers that proactively help outsmart cybercriminals and protect today\u2019s masses of internet users.<\/p>\n Analysts in the field of cybersecurity have also come to see the problems associated with using only a single protection technology and advise caution when choosing between so-called \u201cnext-gen\u201d and established vendors, citing the first as complementary \u2013 but not an alternative \u2013 to the latter.<\/p>\n The whole series:<\/p>\nWhy more is better<\/strong><\/h2>\n
Even a smart machine can be fooled<\/strong><\/h2>\n
Why not block these techniques?<\/strong><\/h2>\n
\n