Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

A yellow warning symbol (triangle with exclamation mark) and the words © istockphoto.com/solarseven
  • Industry News
  • Network and Application Security

The office computer as a weak point

On the PC, the race between attackers and defenders is at its fiercest. Manufacturers of endpoint protection software are countering new attack vectors with new technologies like the cloud and artificial intelligence.

Cyber criminals are constantly changing their tactics to trick existing protections on PCs. Old techniques no longer work, and developers regularly devise new methods. It's a merciless contest.

Protection of office and employee PCs and laptops remains the main focus of corporate security efforts. Detection and defense against viruses, malware, and other malicious software is at the heart of security precautions. This is true not just in the office but also in the home office. The range of endpoint protection software is correspondingly extensive.

The programs formerly known as antivirus software have evolved. For a long time, the approach was to create a kind of checksum for every malware found, a so-called signature. Collections of these signatures were distributed to customers in regular updates. However, this procedure took too long, and it was later replaced by a continuous update from the cloud. Now there was a large database on the providers‘ central cloud servers with all the signatures discovered, which could be queried by clients at any time. However, according to the Federal Office for Information Security (BSI), more than 300,000 new malware variants are now discovered every day, which means that signature models are reaching their limits. In addition, attackers generate their own variant for each targeted computer on demand, and signature methods are then powerless.

 

New attack methods: Memory-based malware

There are also advanced techniques like fileless malware, also known as memory-based malware. Instead of downloading a file for execution, the malware is simply loaded into memory and executed immediately. This means that it can evade any file scan and remain undetected by that traditional approach. However, this software must be reloaded from the network or executed by the user every time the computer is restarted. This method therefore only works as long as the exploited vulnerability remains. In the meantime, however, attackers have developed sophisticated methods to counteract it.

Another danger that endpoint protection systems are often helpless against: Zero-day attacks. The vulnerabilities exploited in these attacks are typically not yet known, or no patches exist for them. As long as this state persists, attackers have an easy game, because software that relies on threat signatures doesn’t catch them. These threats, which usually arrive without warning, are ever-growing and account for a significant part of all attacks on endpoints.

 

Smart algorithms

Manufacturers of protection software see the solution to this dilemma in artificial intelligence. Smart algorithms are able to recognise unusual events on their own, including unusual user actions and suspicious file access. A classic example is ransomware, which encrypts files. The corresponding operations on the file system are conspicuous and so they‘re easy to identify.

However, the AI algorithms used are mostly limited to simple procedures like pattern recognition, because a PC isn’t designed for complex AI calculations. For one thing, these operations take too long, so malware could no longer be detected in real time. In that case, considerable damage may already have been done before the malware could be eliminated. On the other hand, security software can also place such a strain on workstations that system performance is impaired. That’s why tasks are often split up, and complex analyses are moved back to the cloud.

More information on the subject of endpoint protection can be found in this article.

Author: Uwe Sievers

 
close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.