Many years ago when setting up a new workstation the most important task in the entire process even before checking for updates, applying patches and updating device drivers was installing a reputable antivirus program to protect the device from malicious attacks. Forgetting to install critical AV software was sure to get you a “What the heck are you thinking…” look from your colleagues and was an embarrassment that took some time to shake. Everybody knows a PC connected to the internet without AV could be infected in just a few short minutes so failure to install the basics doesn’t look good for you.
I’m Sorry But You Just Don’t Do It For Me Anymore.
Today we still question the technician who forgets to install AV prior to deploying a new machine but a bigger question that we should be asking is….”Why isn’t my AV providing the service I expect and stopping malicious software from infecting my machine?” It used to do a fairly good job of blocking threats but then it got comfortable and slowly things started to slip. Now there are so many threats out there that AV is only about 47% effective and I’m feeling more than a little letdown.
It’s Not Me…It’s You!
After I discovered my AV was blocking less than 50% of malware attempting to infect the machine I decided it was time to rethink why I feel in love with AV to being with. Traditional AV software relies on static signatures to identify known threats. When an AV vendor identifies a new virus they assign a signature that is generated using an algorithm or a hash. The new signature is then distributed to clients who are running the AV software through an update. There are a large number of threats that are found each day so it’s important to allow AV to automatically update its signatures so you have the ability to detect new threats as they are discovered. The glaring hole in this signature based AV setup is that we have very little protection against new threats that the AV vendor is not aware of.
What I’m looking For In A Partner.
Prevention – My new mate must be able to prevent existing, known threats before they can run on my workstations. I’m looking for something that uses crowd-sourced cloud intelligence to provide information in real-time to help proactively block threats. It should utilize dynamic whitelisting and blacklisting to reduce my workstations attack surface.
Detection – Since attackers use a wide range of exploit techniques to breach systems and spread malware I need something that uses more than signatures to detect zero-day exploits. The software should detect memory exploits by discovering the techniques used in the attack. This will require serious real-time monitoring and analysis of applications and process running in several different places including memory, disc, the registry, and the network.
Response – It would be great if my software came with a forensic expert that could respond 24/7 to any potential threat. That forensic expert would be great at identifying what is an actual attack by analyzing the system files created modified and deleted along with inspecting the registry modifications and network connections made by suspected malicious software.
I’ve Found My Perfect Match in Bit9 + Carbon Black
WatchPoint Data is the perfect partner who can bring all of the elements of your layered security solution together. We offer state of the art antivirus protection, Bit9 + Carbon Black to detect malicious behaviors and a team of forensic experts who will respond 24/7 to inspect any potential threat to your system. If a threat is detected, WatchPoint Data's forensic experts will isolate the machine, communicate to the end user what has happened and inform the end user of the steps we will take to remediate the issue.
With WatchPoint's Security Solution For The First Time You'll:
Know someone is securing your business.
Have true visibility into your digital assets.