Next-Generation Security
Next-generation endpoint security refers to solutions which utilize behavioural analysis, AI and machine learning in providing protection from new threats.
What is Next-generation security?
Next-generation endpoint protection and next-generation endpoint security refer to the use of modern technologies such as AI, machine learning, and behavioural analysis in detecting new threats. Next-gen endpoint protection also loosely refers to the use of non-signature based technologies and creates a clear distinction between signature-based technologies which detect attacks based on known attack behaviour.
Signature vs. non-signature solutions
Signature-based solutions: A detection (also known as a signature) is an identifier used by security programs to identify a specific file or program. Early protection solutions employed anti-virus scanners designed to detect malware in files by checking for simple signatures stored in a local database. The traditional file scanning approach is still in use in most endpoint protection solutions to this day as part of a wider toolset of protection technologies.
Non-signature-based solutions: by definition, non-signature based solutions do not rely on known attack behaviour but rather look for anomalies and patterns in behaviour to detect previously unknown (or signature-less) attacks. Non-signature detection solutions typically analyse anomalies in network traffic and endpoints by collecting data on behavioural events such as file access, launched processes, network connections being created, or something being written into the registry or system logs.
New threat landscape for businesses
In today’s world, almost all businesses and consumers have become highly dependent on speedy, reliable access to Internet-based services for their operational, recreational or personal needs. With the rapidly changing digitized world, the threat landscape is constantly evolving and requires multi-layered security protection.
DID YOU KNOW
Zero-day threats: If a vulnerability is found and exploited before the program's vendor has released a patch for it, it is known as a 'zero-day vulnerability', and attacks against it are known as 'zero-day attacks'.
‘File-less’ attacks: these attacks do not install their own executable files; Instead, they exploit or abuse installed programs or components of the operating system and force them to perform harmful actions.
Case Equifax data breach: Equifax sent out a notice to patch an n-day flaw; however, it went to a member of staff who had recently left the business. As a result, the Equifax data breach became the most expensive cyberattack in history, to date.
F-Secure has been next-gen for more than a decade already
Our behaviour-based protection engine, DeepGuard, is one of the key security elements in our business security software. Combined with the power of F-Secure Security Cloud, which tracks malware behavior globally, it gives our customers consistent security against new and emerging threats.
- Deepguard: DeepGuard offers dynamic proactive behavioral analysis technology that efficiently identifies and intercepts harmful behaviour. When used in tandem with other components of a multi-layered security approach, DeepGuard provides a lightweight and comprehensive endpoint protection with minimal impact on the user experience.
- F-Secure Security Cloud: F-Secure Labs analysts actively monitor the threat landscape for new threats and research the most effective ways to detect malware, which go into updates to the rules used by the databases and analysis systems. The updates then take 60 seconds to replicate across all products connected to the Security Cloud, ensuring that they always have the latest threat intelligence.
- Broad Context Detection™: flags indications of possible breaches by alerting admins of Tactics, Techniques and Procedures (TTPs) used in targeted attacks from abnormal activity of standard programs to running of unexpected scripts. Some detection may require deeper analysis and guidance by specialized cyber security exports. To address this, the “Elevate to F-Secure” service alerts F-Secure analysts immediately and analysts will have access to the incident data to help you to solve the case.
