Legacy security endpoint vendors have a tough life. Even though they can identify countless varieties of malware and work very hard on things like antivirus, they’re always getting surprised and criticized for missing zero-day exploits and not having the right version of their software on the enterprise client to stop even old malware.
It’s kind of unfair, because the attacker has such an advantage, being able to dream up an exploit at leisure, deploy it whenever they like, and the attacked entity is forced to figure out how to address the exploit ASAP. The attacker ends up looking clever, and the defender, however quick and good they are, can only be slow and ineffective.
It isn’t much of an argument – attempts at sensitizing users to security concerns and training them to avoid clever attackers have failed. I would love to hear from someone in a medium to large size enterprise that has figured how to train users to be attack-resistant.
What remains is attack-resilience. However, it’s a game where “you can’t win and you can’t break even.”
What would it take to make the playing field fairer? I believe it will take several next generation security technologies that don’t rely on looking for signatures of exploits to determine when something is wrong. One great indicator something is wrong is that resources are used in anomalous ways at the enterprise client.
Check out Ziften’s new and non-traditional approach to help with enterprise client security HERE