Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/27/2018
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Endpoints Still Vulnerable to Breaches Despite Antivirus Tech Advancements: Survey

Petach Tikva, Israel – April 25, 2018 – Minerva Labs, a leading provider of anti-evasion technology for enterprise endpoints, today announced the results of a survey of 600 IT security professionals which found endpoint security solutions are failing to provide adequate protections to address today’s security threats, specifically malware. A majority of the respondents surveyed indicated a heightened concern of a major malware breach in the coming year and acknowledged that they require more than an antivirus (AV) solution on the endpoint to combat the rising threat.

After a year of massive ransomware outbreaks, NSA state-grade exploit leaks, and an extraordinary number of cybersecurity meltdowns, defenders are not getting ahead despite the continued innovation in endpoint security technologies. The uptick in attacks demonstrates that attackers are not standing still, and evasion methods are becoming increasingly accessible. In fact, nearly half of the respondents surveyed (48%) said that they have seen about the same number of malware infections than previous years while almost one-third (32%) claim to have seen an increase in malware infections. This further corresponds with the extent to which respondents feel their current endpoint defenses are protecting them against modern malware threats: three-quarters of respondents deemed their existing anti-malware solutions to be able to prevent no more than 70% of infections.

These findings demonstrate that today’s endpoint solutions cannot address sophisticated malware, specifically those threats that use evasion techniques.

According to the Minerva Labs survey, the malware evasion techniques that posed the biggest concern are avoidance of malware analysis and forensic tools (32%) followed by fileless or memory injection attacks (24%).

Attacks that use malicious documents also raised concerns (24%). Two-thirds of respondents (67%) were concerned that existing controls won't prevent a significant malware attack on the endpoints. Furthermore, the survey found that over half of the respondents (53%) preferred adding a meaningful layer to their endpoint security stack instead of completely replacing their existing AV.

Nearly 39% of IT leaders said that besides security benefits, the other operational aspects they find most important when adding a security layer on the endpoint is the ability for it to work even on low-resource systems. 28% expressed easy deployment and upgrades across multiple endpoints were important while 18% valued the ability to not interfere with current business applications.

With the increase in ransomware and other malware threats, the time it takes to remediate these attacks is crucial to enterprises today. The good news is that 41% of respondents said that when faced with a compromised endpoint, within hours the endpoint is restored to a normal state. However, there is still some room for major improvements, as more than 40% said it takes days or weeks to return to a normal state.

“The results from our survey indicate that while malware threats are still growing, endpoints remain highly vulnerable to a cyber-attack,” said Eddy Bobritsky, Co-Founder & CEO of Minerva Labs. “We continue to see more complex and sophisticated threats, where traditional blocking and prevention mechanisms, such as antivirus, are no longer enough to keep endpoints safe. Beyond merely relying on baseline anti-malware solutions to protect endpoints, companies should strengthen their endpoint security architecture to get ahead of adversaries, such as blocking off attempts to get around existing security tools.”

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12928
PUBLISHED: 2019-06-24
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
CVE-2019-12929
PUBLISHED: 2019-06-24
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
CVE-2019-12936
PUBLISHED: 2019-06-23
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
CVE-2019-12937
PUBLISHED: 2019-06-23
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.
CVE-2019-12935
PUBLISHED: 2019-06-23
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.