Tag Archives: Machine Learning

Why You Need Multi-layered Security for Maximum Endpoint Protection

by Bharat Mistry

Recent headlines have highlighted once again that many organisations are just a click away from a potentially catastrophic malware infection or data breach. The world-leading heart and lung Papworth Hospital in Cambridgeshire was lucky enough to have daily back-ups in place when it was recently hit by a ransomware attack. North Lincolnshire and Goole NHS Foundation Trust was less so, and ended up cancelling operations and moving patients elsewhere after IT systems were taken offline for several days.

Many endpoint security vendors trumpet their capabilities as a silver bullet to tackle these and other modern day threats. It’s a tempting prospect, but sadly with little substance to back up the claims. The truth is that the only way to effectively protect your organisation from the multiplicity of threats out there is with a multi-layered approach, which runs from traditional signature-based detection to advanced machine learning. Continue reading

Black Hat Europe: How Machine Learning Offers a New Approach to Uncover IOCs

Indicators of compromise (IOCs) are an incredibly important forensic artifacts which, as the name suggests, are used in incident response and threat research to discover if a system has been compromised. They come in various forms, for example, unusual outbound network traffic, an MD5 file in a temporary directory, or even log-in irregularities. One class of IOCs so far resistant to detection by traditional methods relates to the use of external content in web-based attacks.

At Black Hat Europe earlier today, Trend Micro senior security researcher Marco Balduzzi, explained how a new machine learning approach can reap fantastic results for early detection of such threats. Continue reading

The Truth Behind the Hype: Why Endpoint Security Needs to be Multi-Layered

by Ross Baker,

Today’s CISOs are assailed on all sides by a growing array of threats. From ransomware to targeted attacks, data-stealing malware to browser-based exploits – there’s no such thing as a ‘typical’ cyber attack any more. That’s why endpoint security tools need to cover a broad range of capabilities, to offer the maximum threat protection possible. But with so many vendors vying for competition, it’s no easy job picking through the distorted claims and marketing hype out there to find the right solutions.

Don’t believe the hype
If you were in any doubt about the scale of the threats facing UK organisations in 2016, just look at the latest results from interviews we conducted with over 300 UK IT decision makers. Seven in 10 (69%) said they thought their organisation will be targeted by ransomware in the next 12 months – a figure rising to three-quarters for those who’ve already experienced an attack.

And it’s not just ransomware that is keeping IT leaders awake at night. They’re also faced with the possibility of carefully targeted attacks designed to steal sensitive customer data or IP, zero day threats, exploit kits and other commodity malware. And then there’s the ever present risk of accidental data loss via insider negligence. It all adds up to a complex patchwork of threats which need an effective co-ordinated response based around multi-layered endpoint protection.

But there aren’t many vendors out there that can offer a truly comprehensive set of capabilities. Many trumpet ‘advanced’ or ‘next generation’ products, but dig a little deeper and you’ll find they’re little more than one-trick ponies. Machine learning is one such feature getting a lot of press at the moment. But while it’s good at threats hidden in executables, it doesn’t work so well on malware in non-executable files, like PDFs.

Some endpoint security vendors also fail to offer holistic security platforms. While the endpoint is undoubtedly under threat, so too is the web/email gateway, the network and servers. That’s why it’s important to find tools which integrate easily and if possible share threat intelligence to improve the organisation’s overall security posture. It’s also important to remember that blocking online attacks is not the be-all-and-end-all. Your endpoint security should also be equipped to respond and remediate, and learn from incidents so that the organisation is protected next time it encounters the same type of attack.

What you need
For the most effective endpoint security, look for vendors that offer multiple layers of protection to combat the broad range of threats out there. Trend Micro’s endpoint security suites feature anti-malware, ransomware protection, memory inspection, encryption, device control, data loss prevention (DLP), vulnerability shielding, command and control blocking, browser exploit prevention, app whitelisting, behaviour monitoring, web threat protection, and more.

The technology works across all stages of the threat lifecycle to offer connected defence: Prevent, Detect, Analyse, Respond. That means that intelligence generated from network or server security tools, for example, can be used to lock down the endpoint. It’s also manageable from a centralised console and has been built for speed, featuring a lightweight client which won’t impact performance.

Organisations today are faced with a sophisticated enemy used to using multiple varied tools and techniques to achieve its goal. The only way to combat this effectively is through layered endpoint protection.