In my previous post, I wrote that Anti-malware signatures are dead. Just days after, Check Point published on their blog that it’s estimated that nowadays traditional antivirus software detect between 20%-40% of malware, a decline from 2014, when a Symantec’s VP estimated the number at 45%, calling Antivirus software “dead”.
Your Firewall and other similar solutions (like IPS, UTM and NGFW, mostly found in enterprise networks) might not be doing any better, this can be easily tested by HTTP-Evader, revealing many techniques malware can use to bypass your protection in order to infect your machine and download malicious files from websites undetected (Note: it downloads a known benign test file called EICAR, which might trigger your Firewall or Antivirus multiple times)
However, this doesn’t mean that it’s OK now to uninstall your security products, it will leave your computer or device more vulnerable (the reason Microsoft included an antivirus and a firewall in Windows over the years). Security products for endpoints and devices are still the final frontier when it comes to staying safe on connected devices. If the network’s security did not manage to stop the threat, the threat’s last chance at infection is its actual target, be it a computer, a smartphone or other devices.
New security startups emerged trying to overcome such issues and offer new ways to handle these threats, in the network and on endpoints:
- illusive networks, Cymmetria, TrapX, TopSpin and others use deceptive measures within the network, leaving breadcrumbs for malicious actors to follow, leading them to fraudulent assets and protecting the network’s important assets and resources.
- SentinelOne, Cybereason, DeepInstinct and others use machine learning, deep learning and AI to prevent and detect threats. Traditional security companies like Symantec are starting to follow suit…
- Zimperium, Skycure and others protect mobile devices from malicious apps and other mobile threats.
- enSilo assumes you’re (or will be) infected and prevents data from leaking out, by checking network traffic on the endpoint itself.
- Fenror7 detects lateral movement of hackers, malware and APTs.
- fireglass virtualizes web browsers to prevent attacks by executing a site’s code remotely.
- Morphisec uses polymorphic code (used by malware) to prevent attacks.
- Minerva Labs uses an emulated environment to prevent malware.
(Fun fact: all the mentioned companies have Israeli roots, either founded in Israel or by Israelis, you can find more on IVC’s Israeli cyber security map)
Many other companies worldwide continue to find new and unique ways to protect networks, computers and mobile phones, but what about other devices around us and the Internet of Things? more on that in my next post…