Signature-based solutions: A detection (also known as a signature) is an identifier used by security programs to identify a specific file or program. Early protection solutions employed anti-virus scanners designed to detect malware in files by checking for simple signatures stored in a local database. The traditional file scanning approach is still in use in most endpoint protection solutions to this day as part of a wider toolset of protection technologies.
Non-signature-based solutions: by definition, non-signature based solutions do not rely on known attack behaviour but rather look for anomalies and patterns in behaviour to detect previously unknown (or signature-less) attacks. Non-signature detection solutions typically analyse anomalies in network traffic and endpoints by collecting data on behavioural events such as file access, launched processes, network connections being created, or something being written into the registry or system logs.
In today’s world, almost all businesses and consumers have become highly dependent on speedy, reliable access to Internet-based services for their operational, recreational or personal needs. With the rapidly changing digitized world, the threat landscape is constantly evolving and requires multi-layered security protection.
DID YOU KNOW
Zero-day threats: If a vulnerability is found and exploited before the programme's vendor has released a patch for it, it is known as a 'zero-day vulnerability', and attacks against it are known as 'zero-day attacks'.
‘File-less’ attacks: these attacks do not install their own executable files; Instead, they exploit or abuse installed programmes or components of the operating system and force them to perform harmful actions.
Case Equifax data breach: Equifax sent out a notice to patch an n-day flaw; however, it went to a member of staff who had recently left the business. As a result, the Equifax data breach became the most expensive cyber attack in history, to date.