Who works 24/7? Not you, I hope – but hackers around the globe are busy trying to compromise systems 24 hours a day, seven days a week. “Next-gen” is not just a convenient marketing term, it is very accurate label for new types of threats and new types of solutions designed to counter those threats.
The basic nature of PC and server (aka “endpoint”) security and threats to same had not changed in many years. For years, the enemy would be the rogue program (.EXE) or Word macro that would find its way on to our system and either destroy our data or perhaps surreptitiously take control of our system either to steal our data or add our system to its army of drones – or both.
The traditional endpoint security solution would rely on its researchers to learn the digital fingerprints – usually referred to as the signature – of the virus. Upon detection, the entire offending program or macro would be isolated (quarantined) and, ultimately, deleted.
When endpoint security was a new area, there was little in the way of end-user-generated applications on the Internet. Before blogs, before WordPress and Joomla, we interacted mainly with commercial websites usually coded using commercial-grade products like Microsoft’s ASP.
In recent years, though, informal blogging environments, such as WordPress, have blossomed into full-blown web application platforms. Commercial and community developers contribute blocks of codes, known as “plugins” to enable just about any type of functionality that you can imagine. (A Google search on “WordPress Plugins” shows over 11 million hits.)
Unfortunately, this code, these plugins, have become targets of hackers. While some plugins, no doubt, are expertly written, many are coded in such a way that hackers can insert rogue code that is intertwined with valid code instantly turning useful modules into dangerous security threats. These threats can impact the host web environment as well as users whose information transits the rogue modules.
And, because rogue code is intertwined with valid code, the challenge for the endpoint security solution is no longer a black or white, bad or good determination. Bad code needs to be targeted and remediated rather than just deleting the entire module touched by the hacker. Removing the entire module, which likely contains code needed to run the site might solve the security problem while at the same time causing severe operational problems for the site’s owner.
When faced with generational changes in technology, we generally assume that the new will replace the old. In some cases, as with SiteLock, the focus is on securing against new threats that are not within the scope of traditional solutions. The traditional solutions are simply not enough to thwart new threats. Traditional solutions still have value and, indeed, are still needed to cope with the traditional threats but a cohesive web application security strategy will need protection such as that provided by SiteLock.
The best way, of course, to support a point is with proof – in this case a Tolly test. I’ll give you a brief overview, but I encourage you to read the entire test report. It is Tolly report #216143 and it is available, free-of-charge at both Tolly.com and through SiteLock.
The basis of the test was the assertion that traditional endpoint security solutions are not designed to detect web application threats and, therefore, would have a low detection rate when scanning for such threats.
A corpus of nearly 3,000 web-based malware samples, defined by SiteLock, was run through a prominent “traditional” endpoint security solution to illustrate SiteLock’s point. In our test, McAfee Complete Endpoint Protection was used as the traditional solution.
Where SiteLock SMART was able to detect 100% of the samples, McAfee detected only 5.85%. Where SiteLock was also able to clean 100% of the samples, McAfee’s could only clean/delete 1.95% of the samples.
With a different set of samples, of course, the results could always differ. The point, really, is not the absolute percentage of malware detected. The point is to illustrate that there is an entirely new set of threats “out there” that traditional endpoint solutions have not been designed to detect. And, those new threats clearly require an additional, “next-gen” endpoint security solution in place to provide protection.
By Kevin Tolly
Founder, The Tolly Group
Copyright © Tolly Enterprises, LLC