Antimalware tools and techniques security pros need right now
A comprehensive collection of articles, videos and more, hand-picked by our editors
Threats to data privacy and security and the risk of unauthorized access to proprietary or confidential information are accelerating. Malware writers are becoming more sophisticated and better organized, and they are often better funded today than they ever have been before.
Malware's reach is also increasing. It can affect desktop computers, servers, printers, network devices and a plethora of mobile devices, resulting in everything from minor operating annoyances to locked systems, stolen data and the erasure of files.
What's more distressing is that some forms of malware can sit silently within a system for weeks or months and, upon execution, self-replicate to many more connected computers and devices.
Other types of malware are written to change much more frequently -- sometimes as often as every few minutes -- as a means to avoid detection. And a computer or device can be infected with malware just because its user visited a website, without ever clicking a single link.
The ever-growing danger and sophistication of the threat of malware makes the deployment of endpoint antimalware protection more important than ever.
Endpoint antimalware protection: Malware threat and infection statistics
Zero-day exploits, phishing emails and vulnerable applications, like web browsers, Adobe Flash Player and Oracle Java, which can be exploited for remote code execution, are recurring news items, as are serious breaches resulting in the theft of confidential data.
According to Symantec Corp.'s "2016 Internet Security Threat Report," the total number of breaches in 2015 increased by only 2% over the 2014 numbers, but the total number of identities exposed in 2015 was about 429 million, a whopping 23% more than 2014.
Plus, as the volume of users, smartphone connections, IP-connected devices, network traffic and data grows, the cyberattack surface grows apace.
According to the McAfee Labs "2017 Threats Predictions" report, the number of connected devices is expected to reach 200 billion by 2020. Not only do criminals value the information that can be accessed on mobile devices, but information leaks also occur fairly often because of a lack of device security.
Also, although the term data privacy in the cloud typically refers to the general state of cloud security, a relatively new trend called bring your own cloud (BYOC) poses serious threats to organizations, as well. With BYOC, employees use free accounts on nonsanctioned cloud services, also known as shadow clouds, such as Box, OneDrive or Dropbox, to save work files. What begins as a convenient way to store and access files turns into a serious data leakage risk. Once data is outside of the control of the IT department, it can more easily fall into the hands of unauthorized users.
Endpoint antimalware protection: The danger of mobile malware
Symantec's threat report also digs into mobile malware. In 2015, more than three times as many Android apps were classified as containing malware than in 2014. Even historically safe Apple iPhone and iPad apps were hit by several new iOS threats, with about 4,000 apps becoming infected by XcodeGhost and 256 apps falling prey to Youmi, to name a few.
Much like malware on an ordinary PC, mobile malware watches the device user's activities, such as web browsing and email, but can also monitor calls and text messages. A Trojan app, for example, can report phone activity and confidential data, such as account information, credit card numbers, etc., to a third party, even using the phone's text messaging service to relay information.
Malware affects a range of systems and devices, and it is a danger to organizations of any size, from small businesses to large enterprises.
Endpoint antimalware protection scenario No. 1: Small organizations
According to Gartner, a small business is one that has fewer than 100 employees, and which makes less than $50 million annually.
Owing to budget limitations, these organizations often do not have adequate IT staff, and rely more heavily on other employees to help maintain security. Budget constraints might also prevent much-needed operating system upgrades.
Shops that are still running old versions of Microsoft Windows, for example, are especially vulnerable to malware attacks because Microsoft stops providing support and security updates at a certain point. Windows XP and Windows Vista fall into this category, with extended support ending in April 2014 and April 2017, respectively.
The smallest of organizations may also have a more challenging time picking the best endpoint antimalware product, mainly because typical endpoint antimalware suites require a good deal of administrative maintenance and come with ongoing licensing costs. Even so, suites and licensing options are available that are designed for very small organizations.
Endpoint antimalware protection scenario No. 2: Medium-sized organizations
A medium-sized organization -- one with 100 to 999 employees and revenue of $50 million to $1 billion per year -- most likely has a security staff that can minimize a host of vulnerabilities that small organizations can't. BYOD is still a considerable risk, however.
To stretch budgets further, more and more medium-sized organizations are encouraging employees to bring their own devices to work, resulting in the need for more rigorous network and antimalware protection. However, more resources doesn't always mean better security.
Malware is spread by means other than internet-connected devices, such as by USB flash drives and infected software on other types of media. Unfortunately, it's common for employees to experience security apathy, where they assume someone else is responsible for security and is taking care of it.
Endpoint antimalware protection scenario No. 3: Large organizations
Large organizations and enterprises have the biggest budgets and largest IT security teams. But they also have thousands of computers and devices, any of which may present an enormous attack surface.
Even the supply chain can present considerable risk to an organization. Today's large enterprises may have tens or hundreds of business partners that are connected to its networks, making the organization's data the partner's data as well. This is especially important for businesses that must be compliant with regulations and standards.
Ensuring the safety of very large IT environments, which are often spread over various geographic locations, can be incredibly challenging.
Endpoint antimalware protection: Part of a global security strategy
It's important to remember that no organization is immune to malware. Even those with strong perimeter defenses, such as well-tuned network firewalls and intrusion detection and prevention systems, are still vulnerable to infection.
For example, an employee might click a link in an email that looks like it's from a trusted source, or he might open an email attachment and inadvertently install a keylogger program, Trojan or rootkit on his workstation, enabling an attacker to access that system and, potentially, the internal network.
Given the ease with which malware can infect computers and devices, endpoint antimalware protection is a must-have for small, medium-sized and large enterprises. But protecting against malware via antivirus and antispyware software should only be one part of a carefully formulated strategy.
Firewalls work to block malware from making its way onto a system in the first place, and data loss prevention components prevent certain types of information from being shared outside protected systems or networks. Meanwhile, reputation scanning is a key security feature that should be a part of any endpoint antimalware suite.
When you're evaluating endpoint antimalware products, part of the planning process involves right-sizing the product to fit your environment. That means comparing features of leading endpoint antimalware suites against your organization's needs and creating a short list of products, and then determining the best product or product suite based on cost, resource requirements, support options and other important factors.
Learn more about alternatives to antivirus and endpoint antimalware
Explore some of the emerging endpoint security technologies