Review: Minerva protects endpoints with trickery and deception

AVGNews CERT-LatestNews Malware McAfeeNews Security News SymantecNews ThreatsCybercrime Uncategorized

The war for network security is increasingly coming down to skirmishes fought over endpoints. Most malware authors don’t care about an individual user’s laptop or desktop. It’s just a stepping stone to capture, mine for credentials, and leapfrog deeper into the heart of the network. But if threats can be stopped there, they won’t ever endanger core assets.

The traditional defense placed on almost every endpoint is antivirus. Even freshly-deployed machines running Windows 10 come equipped with Windows Defender as a free form of protection. And the good thing about antivirus is that, so long as the definitions are kept up to date, it can stop 90 percent or more of the most common threats, which are cataloged as signatures as soon as they are discovered anywhere in the world.

Running without antivirus on any endpoint today is practically cyber-suicide. But it’s not perfect. Most advanced and targeted threats are written to allow them to fly under the radar of antivirus, sometimes using previously unknown tactics that may not have been cataloged by antivirus programs.

In this cat and mouse game, which is so heated because endpoints are so important to both attackers and defenders, cybersecurity companies came up with ways to catch malware that tries to avoid traditional antivirus, or other signature-based protection. One of the most popular technologies is sandboxing, which forces suspected programs to run inside a virtualized environment so that their desired behaviors and patterns can be discovered. If malicious intent is found in a program, it can be analyzed, captured and ultimately killed.