Is Endpoint and Antivirus dead?

Written By Amir Ashgar

According to new research, ransomware groups & cyber criminals have now started sharing tools that can remove, kill or disable your security systems (EDRs - Endpoint Detection and Response).

These EDRs are essentially your sniffer/guard dogs of your network, they’re constantly on alert searching (and sniffing) out unusual and suspect behaviour, but this new tool being shared can stop them entirely.



Some of your biggest named vendors (not going to be named) have been targeted and some have fallen to it too! To make matters worse, attackers are disguising their malware inside legitimate software!



To you, and the untrained eye, it looks normal. Behind the scenes, it’s anything but. When your systems are unprotected like this, it means it’s open season on your data.



It also means cybercriminals are getting better at what they do, they’re learning and preying on organisations’ weaknesses and laziness. They’re collaborating, innovating, sharing tools and stolen data with each other.



There’s good news, it’s not the end, you’re not helpless, you just need to ensure the following:



Make sure your endpoint security has “tamper protection” or “anti-tamper” turned on.

Limit and restrict admin rights wherever reasonably possible. Attackers often need higher-level access before they can disable your security products. If multiple people have administrator privileges, check if they actually need them - perhaps they don’t actually need it anymore!

If everyone has administrator privileges, you have a HUGE problem and you’re making the attackers jobs a lot easier!

Keep everything up to date in accordance with manufacturers’/vendors’ guidelines. Microsoft regularly provides updates to it’s operating systems that are still supported. These help keep your systems secure.

Some operating systems are no longer supported, which means they require upgrading when possible.

When was the last time you checked your businesses’ security settings?

This isn’t to scare you, it’s to keep you one step ahead. It’s so you can make Smart moves, every time.

Cybercriminals switching off our security
Amir Ashgar
Previous

Benefits of having an IT Strategy