What does it mean and how does it work?
At NFC/IT, we are committed to bringing you the best service and protection, so we are constantly learning new technologies and keeping up to date on the latest trends. We are proud to add a new type of virus protection from SentinelOne to our package that offers the best protection in the market.
In the Beginning
Traditional antivirus and antimalware hasn’t changed much since it was first introduced in the mid-1980s. Simply put, it works similarly to vaccines in
humans. The antivirus software is fed a “deactivated” chunk of the code that it uses to identify malware. This is a massive oversimplification of both, but it works for this example.
The best names in antivirus like Viper and Bitdefender work great using this method. They protect well and provide protection against most attacks. However, this heuristic approach to protecting computers and the networks on which they reside from malware attacks has its limitations.
Where Antivirus Falls Short
Realtime monitoring of running processes has a serious performance impact on computers and can drastically impact user productivity. For this reason, they only actively monitor for a small subset of common and severe threats. For the rest, they must perform dep scans. When most machines perform deep scans, they are basically not usable.
This is because the machine actively scans the commands in each file on the machine in a “sandbox” like environment that prevents the code from being run directly on the live system (to avoid potentially triggering unintended payload events and installations). This is very resource-intensive and must generally be run during non-business hours.
The biggest flaw in using the heuristics method is that when new malware is introduced into the wild, it takes time for it to be discovered and the virus definitions to be updated. Most malware spreads very slowly. But some are purposely directed at organizations by threat actors to extort money (like ransomware) or extract data (Equifax, Facebook data breaches).
These viruses can be “mutated” enough by clever programmers to make it undetectable by antivirus software before a definition update is pushed out to the clients. This means that when new malware is released in the wild, there is a period where your antivirus won’t know how to catch it… leaving you vulnerable.
A New Approach
Endpoint Detection and Response (EDR) is different. Instead of using sample-based heuristics, it uses artificial intelligence to watch for events as opposed to specific code. This frees up system resources immensely. This simple monitoring of behavior is optimized to allow the system to run more efficiently, but more importantly, it provides the first truly revolutionary protection available since the dawn of the computer era.
Instead of watching for specific snippets of code to be run,
it looks for behavior such as disabling protective services on the machine or
copying files to hidden directories. It then flags those activities for active
scanning. In many scenarios, it prevents the payload from being completely
delivered & can reverse the damage faster than you notice that it happened.
In our tests, the real-time response of SentinelOne was uncanny. Before a machine could even be infected, the agent stopped the delivery of the payload and reversed what damage it had already done.
We then attempted to cripple the agent by putting it in “monitor only” mode and infecting a test machine with ransomware and allowing the machine’s files to become encrypted. We immediately got a notice in our
central control panel that the machine was infected, and we were able to COMPLETELY REVERSE not only the infection but were able to recover the encrypted files as well.
The best part of this was that we were able to have the test system 100% back to normal in under 5 minutes from the time of infection.
The Future of Protection
We will be pushing SentinelOne out to all our clients in the coming weeks. This will replace our current Bitdefender deployment. SentinelOne’s protection does come at a higher cost, but we have tested it rigorously and feel that this is the kind of protection that our clients deserve.
Have a Question?
Want to get started? We love answering questions and helping organizations utilize their IT. The fully trained team at NFC can take care of all of your IT needs, allowing you to concentrate on your business goals. Get peace of mind now.