The State of Malware in 2021
You may have been hearing of a new term when discussing malware and ransomware known as Zero-Days.
Zero-day (or 0Day) vulnerabilities and exploits are the hardest kind of attack to detect, because it means the vulnerability, attack, or exploit has never been seen by any security company before they are seen in the wild. These kinds of attacks often have no patches, no workarounds or remediations, and very few rule-based security toolsets can detect them. Rule-based security toolsets are things like traditional antivirus you would run on individual devices, and a new study by WatchGuard Technologies shows these tools are no longer winning the fight against malware.
A few years back Zero-day malware represented only 30% of total detected malware. More recently that number has risen to the 50-60% mark and reviewing the most recent data on Q1 of 2021 shows an explosion of up to 74%!
That means if you are relying on rule-based antivirus to stop attacks, they are missing nearly 3 out of 4 attacks. Pattern-based malware detection is no longer sufficient in today’s world. New exploits, including file-less malware and living-off-the-land techniques, can bypass these toolsets.
With traditional antivirus is no longer sufficient, many companies are turning to the next generation of protection including endpoint detection and response (EDR), network detection and response (NDR), managed detection and response (MDR), and finally extended detection and response (XDR).
Here is a brief rundown of how each can be used to help protect your business:
- EDR: Endpoint detection is different than traditional endpoint protection (EPP) because EPP solutions focus on preventing malware before it can execute. While this is a noble goal, with a miss rate of up to 74%, it is no longer sufficient. EDR assumes that some malware will get by despite our best intentions and so instead it focuses on detecting and responding to malware that can make it onto your systems, despite your best efforts.
- NDR: Network detection and response looks at the whole picture of how the individual endpoints on your network communicate with each other as well as with network servers to focus on unusual activity or signs of lateral movement. Often combined with machine learning, this kind of protection provides full network insight and analysis to identify threats.
- MDR: Managed detection and response is ideal for companies that want to outsource the management of their security toolsets to experts on an as-needed basis. The focus with these tools is the additional benefits of a strong security team without the full-time security team price.
- XDR: Combining the above toolsets with not just machine learning but artificial intelligence gets us to eXtended detection and response tools. Especially when combined with a Security Information Events Management (SIEM) tool, XDR provides the most comprehensive security available. Visibility includes endpoints, servers, network traffic, and then XDR adds machine learning and artificial intelligence to respond quickly and effectively to any threat seen, both on endpoints and the network itself.