https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Sponsor Content

Passive vs active threat detection

The Evolution of Endpoint Security: Moving from Passive to Active Threat Management

  • January 24, 2018
In today’s threat environment, security teams and managed security service providers, both large and small, need to incorporate active threat management into their security strategies and portfolios.

As an MSSP, protecting endpoints is a critical service offering. In that context, it is important to understand how endpoint protection solutions have evolved and what is necessary to protect against advanced threats.

As threats evolve, it is no longer enough to provide only passive solutions. The current threat environment demands active threat management. Solutions like antivirus and next-gen AV are important components of any security strategy. However, they are passive threat management solutions. They scan files on disk against signatures and machine learning models to detect and prevent malware attacks. Their vendors are engaged in a never-ending game of cat and mouse with cybercriminals who continuously devise new malware variants to penetrate these solutions. AV and next-gen AV do not capture fileless attacks.

In today’s threat environment, security teams and managed security service providers, both large and small, need to incorporate active threat management into their security strategies and portfolios.  They need to look to new detection and response solutions based on dynamic behavior monitoring and predictive analytics. 

In order to understand emerging active threat management solutions, it is useful to look at the evolution of endpoint protection technologies.

 

 The Evolution of Threat Detection Technologies

  • Antivirus. Antivirus is the first step in endpoint protection. Antivirus scans for malicious files using signatures. However, hackers understand antivirus techniques and continuously create new variants to bypass them. Antivirus vendors struggle to keep up. Antivirus is still relevant because it catches about 60% of today’s malware. However, it is ineffective because it is backward looking and not effective at catching 49% of today’s threats–fileless attacks.
  • Next-gen antivirus. Next-gen antivirus extends threat coverage with machine learning. Vendors continuously analyze malware samples and build models that scan and parse files, and then match features to detect new malware. Next-gen AV needs to keep machine learning models up-to-date. It doesn’t catch fileless attacks.
  • Application containerization.  Application containerization is a limited solution for browsers or applications like MS Office. It monitors applications in a sandbox. If it detects a malicious event it will remediate it. It works off signatures and white listing. Application containerization effectiveness is limited to what’s going on in the sandbox.
  • Threat intelligence. Threat intelligence provides the next step and is the staple of legacy EDR solutions that rely primarily on incidents of compromise (IoCs). IoCs are signature-like. They look at OS events, filenames, command-and-control hosts and more, extrapolating a pattern that indicates malicious activity. IoCs need to be continuously updated to be effective. Threat intelligence is also backward looking.
  • Signatures. Machine Learning and IoCs are static technologies. The endpoint solutions that rely on them are engaged in a never-ending cat-and-mouse game to keep pace with today’s threats. They are ineffective at detecting new malware and fileless threats. They are post-breach solutions. They can’t discover threats until they carry out their behaviors.
  • Behavior-based. The first technology that is effective against fileless malware is behavior-based solutions that understand the threats themselves to provide protection without prior knowledge of the attack. Many EDR, or endpoint detection and response, solutions claim to behavior-based. True behavior-based solutions look for techniques that hackers use to carry out attacks. They look at processes, network connections, file and registry changes, and the pattern of those activities. Behavior-based solutions are effective because they don’t look at files or rely on threat intelligence.
  • In-memory threat detection. Advanced EDR solutions are evolving to predictive. Malware must run in memory to carry out and attack. In-memory threat detection looks at processes running in-memory and reverse engineers them to identify malicious behaviors and what the attack is trying to do. It is the most reliable technology for detecting new malware, fileless, and insider attacks.

Today’s Solution: Predictive EDR

An emerging class of predictive EDR solutions expand on traditional signature-based solutions by adding behavior-based and in-memory threat detection capabilities. This is the most reliable technology for detecting new malware and fileless attacks.  It enables organizations to detect the most threats, without relying on signatures or IoCs, and provides the insight behind accurate and actionable predictive analytics. It detects suspicious behavior that other threat detection technologies can’t. It is the only solution that predicts what these behaviors can do. It empowers security teams to adopt more agile and proactive threat management strategies to prevent attacks, and should be the cornerstone of any managed detection and response (MDR) service offering.

Thom VanHorn is Senior Director Marketing, CounterTack.

This guest blog is part of a Channel Futures sponsorship.

 

Tags: Agents Cloud Service Providers MSPs VARs/SIs From the Industry Sponsor Content

Most Recent


  • identity is increasingly valuable - and targeted
    Identity Is Increasingly Valuable - and Targeted
    The growing role of identity in cyberattacks is a key driver in the shift away from malware.
  • Gaining a Competitive Advantage through AV Managed Services
    Gaining a Competitive Advantage through AV Managed Services
    The need for smart, versatile audiovisual services that operate across multiple meeting room configurations is driving new investment.
  • How to Build an Organization That Attracts and Retains Talent
    Even if you can’t compete on salary or benefits, you can still connect with the talent community in an impactful way.
  • Connectivity, Peripheral Solutions Can Make 2023 Brighter for Partners
    Connectivity, Peripheral Solutions Can Make 2023 Brighter for Partners
    Connectivity and peripherals solutions can be attached to more resilient, enterprise-class systems expected to enjoy attractive growth rates in 2023 and beyond.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • M&A
    Why All MSPs Need to Understand the M&A Landscape
  • hurricane season
    4 Things MSPs Should Consider When Prepping for Hurricane Season
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs
  • edge computing
    How to Keep Edge Computing Sites Truly Autonomous

Upcoming Events

View all

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Galleries

View all

Sorry Americas, EMEA Channel Partners Still Lead in Sustainability

June 8, 2023

Generative AI and Cloud: Google, Salesforce, Bessemer, BCG Chime In

June 7, 2023

IT Nation Secure Images: Solutions Pavilion with ThreatLocker, SentinelOne, Cisco, Trend Micro, More

June 7, 2023

Industry Perspectives

View all

Identity Is Increasingly Valuable – and Targeted

May 18, 2023

Gaining a Competitive Advantage through AV Managed Services

May 10, 2023

How to Build an Organization That Attracts and Retains Talent

May 1, 2023

Webinars

View all

From Problem to Profit: Mastering the Science of Selling Using Business Outcomes

May 9, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode No. 123: MartinWolf M&A Advisors, CP Expo Preview

UScellular Takes On Rivals with Partner Program Simplicity

April 21, 2023

OpenText Simplifying Deal Registration, Doubling Down on MDF

April 21, 2023

Everything-as-a-Service: CloudBlue Touts Critical Customer Transition

April 18, 2023

Twitter

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X