Polymorphic malware exploits the reactive nature of signature-based protection. Signatures are built based on known behavior for malware. However, cybercriminals know that if they simply program malware to change its characteristics periodically until it finds a gap in signature coverage, the AV solution can’t keep up. This means the files could keep doing damage and remain undetected for a long time. Traditional AV simply won’t protect you in this case.
Perhaps more troubling has been the increasing rise of fileless attacks. Fileless cyberattacks evade AV protection because there’s no file to detect.
These attacks often start with documents or malicious scripts on websites that launch processes on the endpoint to do the damage. These are typically executed in an endpoint’s memory and use PowerShell, rundll32.exe, or other built-in processes to infect the machines. Because these tools are built into the system, the endpoint won’t think twice about the action being taken—and generally speaking, AV won’t either.
To make matters worse, these attacks have been on the rise. SentinelOne found a 91% increase in fileless attacks in the first half of 2018. If you want to deal with these increasing threats, then you’ll need something that takes a broader approach to endpoint protection.
Advanced endpoint protection
Keeping your customers safe from modern cyberthreats requires more than traditional AV. You’ll need to take a much broader approach to protecting your customers’ endpoints.
SolarWinds® Endpoint Detection and Response (EDR), powered by Sentinel One, uses artificial intelligence and machine learning to look for anomalous behavior on an endpoint that could be malicious. That means you don’t have to wait for signature updates to keep your customers protected. Additionally, if it does detect an attack, SolarWinds EDR can take steps to help contain the threat, reverse its effects, and roll the endpoint or affected files to a healthy state.
SolarWinds EDR is available in both SolarWinds RMM and SolarWinds N-central®, so you can deploy it alongside other security features like automated patch management, integrated backup and recovery, web protection, and email security. You can learn more here.
Chanel Chambers is Senior Director of Product Marketing at SolarWinds MSP.