Can existing endpoint security controls prevent a significant attack?
Endpoint security solutions are failing to provide adequate protections to address today’s security threats, specifically malware, according to Minerva Labs. A majority of the respondents surveyed indicated a heightened concern of a major malware breach in the coming year and acknowledged that they require more than an AV solution on the endpoint to combat the rising threat.
After a year of massive ransomware outbreaks, NSA state-grade exploit leaks, and an extraordinary number of cybersecurity meltdowns, defenders are not getting ahead despite the continued innovation in endpoint security technologies.
The uptick in attacks demonstrates that attackers are not standing still, and evasion methods are becoming increasingly accessible. In fact, nearly half of the respondents surveyed (48%) said that they have seen about the same number of malware infections than previous years while almost one-third (32%) claim to have seen an increase in malware infections.
This further corresponds with the extent to which respondents feel their current endpoint defenses are protecting them against modern malware threats: three-quarters of respondents deemed their existing anti-malware solutions to be able to prevent no more than 70% of infections.
These findings demonstrate that today’s endpoint solutions cannot address sophisticated malware, specifically those threats that use evasion techniques.
According to the survey, the malware evasion techniques that posed the biggest concern are avoidance of malware analysis and forensic tools (32%) followed by fileless or memory injection attacks (24%). Attacks that use malicious documents also raised concerns (24%). Two-thirds of respondents (67%) were concerned that existing controls won’t prevent a significant malware attack on the endpoints. Furthermore, the survey found that over half of the respondents (53%) preferred adding a meaningful layer to their endpoint security stack instead of completely replacing their existing AV.
Nearly 39% of IT leaders said that besides security benefits, the other operational aspects they find most important when adding a security layer on the endpoint is the ability for it to work even on low-resource systems. 28% expressed easy deployment and upgrades across multiple endpoints were important while 18% valued the ability to not interfere with current business applications.
With the increase in ransomware and other malware threats, the time it takes to remediate these attacks is crucial to enterprises today. The good news is that 41% of respondents said that when faced with a compromised endpoint, within hours the endpoint is restored to a normal state. However, there is still some room for major improvements, as more than 40% said it takes days or weeks to return to a normal state.
“The results from our survey indicate that while malware threats are still growing, endpoints remain highly vulnerable to a cyber-attack,” said Eddy Bobritsky, CEO of Minerva Labs. “We continue to see more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as antivirus, are no longer enough to keep endpoints safe. Beyond merely relying on baseline anti-malware solutions to protect endpoints, companies should strengthen their endpoint security architecture to get ahead of adversaries, such as blocking off attempts to get around existing security tools.”