It’s common knowledge that signatures are outdated. We’re well aware that lots of other types of technology have made their way into workstation security in recent years and we have known it. We come across performance problems, we’re not able to work without the internet and in practice it turns out that protection isn’t good enough after all. We increasingly want to provide devices other than workstations or servers with some form of security too, but connection to the internet is sometimes out of the question.
Today, terms such as artificial intelligence, machine learning or deep learning are bandied around. It’s so bad, that apparently everyone uses it, but nobody knows what it really means. Nevertheless, there are some effective applications based on this technology, and therefore able to make predictions about what something will look like in the future. This sounds a bit sensational, but in terms of endpoint security it means that with a current software version will allow you to recognise a type of ransomware that will only appear in a few months’ time, for example.
Let’s face it, no one will claim that they can detect 100% of malware, which is why it’s important that we go a step further. On the one hand we can inhibit the behaviour of a process in our network, even if apparently innocent, because it’s not used anyway, and on the other hand we can trace what has happened. Look at, for example, DNS searches or network connections. By mapping these things, we can trace the consequences of an attack (ransomware or hacking) and measure the damage. Even if no damage has been done, we can map this. The keyphrase here is endpoint detection and response (EDR).
If someone else works on our device, it can be recognised and we can “lock” the computer. On a smartphone, this is slightly more specific; we only close the business part and encrypt the data until the correct user has logged in again. This allows you to let other people use the smartphone, such as children or partners who use the same device, without putting your company data at risk. A person is recognised by learning how someone swipes, moves the mouse, uses the keyboard, etc.