Though it may seem strange for cybersecurity experts to be saying this, we have to ask – “Here, in the 2020s, do we really need traditional antimalware protection as we’ve known it in the past?”
No, we’re not saying you should jump into the digital realm with no protection. But, as we’ve discussed before, relying on old-school antivirus (often shortened to “AV”) tools that compare against catalogues of established threats may present diminishing returns.
There are 55 new vulnerabilities discovered every day on average – we dread to think how many undiscovered ones there are! With so many new, unknown threats flying around online, every day, any catalogue of known threats is always going to be out of date.
In our previous exploration of the topic, we concluded that managed detection and response (MDR) solutions are the way to go. But what exactly does MDR do that traditional antiviruses don’t? Well, it all boils down to a relatively new approach to defending your network’s devices…
Bye Bye Traditional Antivirus, Hello Endpoint Protection
Old-school antiviruses used signature-based detection, comparing incoming, untrusted files against known malware file signatures and payloads. As a new vulnerability pinged onto the security community’s radar, they would catalogue it and issue an update to antivirus tools so they’re ready to detect the threat.
And back in the day, when the internet wasn’t as pervasive as it is today, that was enough. Malware was an occasional, isolated nuisance that could be kept at bay with the occasional manual AV scan.
Fast forward to today, when malware threats are more complex, more sly, and more prevalent than ever. Criminals deliberately engineer malware that evades even the most sophisticated detection, so simply relying on “what old threats look like” is just not going to cut it.
This leads us to the next generation of antimalware technology: endpoint protection (EPP). It does much more than the antivirus programs of yore, often including functionality that straddles multiple cyber and network security concepts like sandboxing; data loss prevention ; and a coordinated, whole network approach.
You see, with the speed at which vulnerabilities can fly around a network nowadays, no endpoint (that’s a workstation, PC, or server) is an island anymore. Ideally, organisations need a network-focused approach in order to put on a combined front against the bad guys. And with sneaky persistence-based threats doing the rounds, simply being able to catch a piece of malware “in the act” gets harder and harder – and that’s by design.
Why Managed Detection & Response (MDR) is The Future of Endpoint Protection
Nowadays, it’s more proactive to identify when any piece of malware (known or not) is secretly causing chaos within a device, rather than playing a reactive game of “Snap” with known threat catalogues. This is where Managed Detection & Response (MDR) comes in.
The jewel in MDR’s crown is that MDR tools are managed by actual security experts. So once a device that’s protected by MDR starts acting up, an actual security analyst will get involved to examine the threat and offer their support in remediation. Compared to old-school AV solutions, this human element provides a far more active, direct approach that seeks to get you back up and running asap.
What Can MDR Do That Traditional Antimalware Can’t?
We love Huntress – we believe it is the epitome of everything that managed detection and response solutions should do. So let’s explore what Huntress does and how its “preventive security” approach goes above and beyond the capabilities of any outmoded antivirus.
Human Threat Hunters Have Your Back – 24/7
Organisations of all types and sizes can fall afoul of cybercrime but many of them, especially on the smaller end of the spectrum, can’t afford in-house IT security staff. With the average UK salary of an IT security analyst weighing in at £45,282, it’s simply out of reach for a lot of businesses.
But if you want to harness the power of actual, human security experts, Huntress is here! The “managed” part of “managed detection and response” isn’t just marketing fluff. They employ actual security experts in their “ThreatOps” team, who deal directly with monitoring, alerting, and fixing active vulnerabilities for Huntress users around the clock.
This human involvement can be as simple as sending over some easy-to-follow remediation steps to remove the vulnerability; or it can be as in-depth as isolating, analysing, reporting, and handholding through a complex remediation process. And it’s all remote – you won’t just get some stranger turning up at your door!
It’s like having your own security operations centre but at nowhere near the cost.
Infected Host Isolation
Modern threats are usually designed to spread around networks at lightning speeds once they get a foothold on a device. And with that in mind, Huntress’s Host Isolation function is impressive.
In short, it allows the Huntress ThreatOps team to cut off an infected endpoint from the rest of the network when fast-spreading malware is present. Effectively quarantining a device like this means that your network stays defended around the clock without having to physically remove that device from the network.
This kind of control allows you to defend against a potentially expensive, business-damaging attack before it even gets off the ground.
Even with the best will in the world, it’s easy for small configuration errors and snags to show up as networks grow and change. Yet hackers are always looking out for even the smallest hole in your defences, and a great place for them to start is low hanging fruit like open ports.
Huntress’s External Recon scans each endpoint’s potential attack surfaces across remote desktop services, file-sharing settings, shadow IT, and more, so you can better defend and monitor the places your network touches the internet.
Sometimes you need ports to be open in order for things like remote access to work. External Recon provides essential visibility over these points of ingress and egress (with help from Shodan.io) so you can continue to use these services, safe in the knowledge they are being monitored.
Hey, there’s that A-word again! But not as we’ve known it before. Huntress’s Managed Antivirus leverages Microsoft Defender – a built-in, Windows native, malware-busting tool – to centrally manage Defender detections, events, and remediations across your entire Huntress-monitored infrastructure.
It provides a top-down view of all of your protected endpoints, and loops Huntress’s human threat hunters in when Defender can’t fix something on its own. It’s a great failsafe too – if Defender can’t find it, Huntress will!
We think ransomware canaries are an ingenious tool in any cyber-crime fighter’s toolbelt, and Huntress uses them to great effect. You see, the sooner you can pick up that a piece of ransomware is encrypting, altering, or deleting files on your drives, the sooner you are able to act, and the more of the data you potentially save.
Ransomware canaries are effectively small, unobtrusive files that Huntress places on all protected endpoints. If any of these files get altered or interfered with in any way, Huntress’s ThreatOps team are immediately tasked with investigating whether a cybercrime is afoot.
Scalable Affordability AND Modern Endpoint Defence
We’re mindful that there’s no such thing as “one-size-fits-all” advice when it comes to cybersecurity, tech, or indeed business in general. But if you are a growing organisation with a tight budget who has suddenly been tasked with sourcing antivirus/endpoint protection for a handful (or more!) of new machines, we have an idea for you to mull over.
Before we get to the idea, we need to lay some ground-work. All businesses need some kind of gateway protection. This can be as simple as DNS filtration (for smaller or remote-working organisations), or as much of an investment as firewall hardware with sandboxing capabilities (for larger organisations).
So, with that cornerstone of your organisation’s network security laid, let’s get to the advice, courtesy of our Director, Andy. If you’re tasked with protecting multiple Windows machines and you’re worried about cost, then simply harness the power of Microsoft Defender and pair it with Huntress (whether you use their new Managed Antivirus functionality or not).
Microsoft Defender comes built into Windows and, despite its previous reputation, is now outperforming some of the mainstays of the AV market. So therefore, investing in third-party antimalware protection tools is now a little pointless for some organisations – depending on their individual data and security responsibilities, of course.
Adding Huntress to the mix provides that extra level of human oversight – someone to raise the alarm when things are going pear-shaped under the surface, as well as someone to help put things right. This is especially useful if you don’t have an internal IT team or you aren’t using the services of an MSP.
And the best part about Huntress is that it is available at less than 10p per day, per device. For most of our readers, that’ll work out much cheaper than getting a £45k-a-year specialist on the books!