The flexible use of security vendors ‘by click’ allows a new handling of virus protection for Windows. The IT security association, Tabidus Technology, provides insights into the world of agile malware protection and explains four basic strategies that companies can use to design their endpoint protection.
Agile malware protection is based on the approach of activating anti-malware technologies by click instead of installing individual security products. This is made possible by the integration of various security vendors into a neutral base system, such as the United Endpoint Protector from Tabidus Technology. The base system is installed instead of a traditional security product under Windows. With the help of technology licenses, the desired vendors can then be unlocked at any time and activated and combined in various security features. With this flexibility, new design options for the use of security vendors in the field of endpoint protection are available.
Permanent multi-vendor use
One possible strategy is the permanent activation of two or more security vendors to implement a multi-vendor approach. This may be necessary to comply with various compliance requirements, but its primary goal is to maximize the threat detection. True to the motto “security through diversity”, the combination of independent security potentials can close the gaps in the detection of threats (false-negatives). At the same time, the use of multiple vendors provides a way to prevent the negative effects of false alarms (false-positives) by making automatic cleanups of potentially malicious files dependent on vendor compliance. For example, a file should only be deleted if at least two vendors agree on their viciousness. The maximum diversity is achieved by different vendor combinations per security feature.
The use of a neutral base system to implement a multi-vendor strategy can prevent the negative aspects of traditional multi-vendor operation. The collaborative system and unified user interface eliminate the need for separate maintenance and training per vendor, and the operational effort is the same as a single solution.
Establishment of monitoring instances
As an alternative to a permanent multi-vendor use, the establishment of control instances is an option. In this strategy, the use of vendors is divided into several security features. For example, one vendor can be used for permanent protection and other providers for scheduled checks. These can either take place regularly, for example daily or weekly, or in the form of spontaneous random samples. The aim of this approach is to discover previously undetected threats on a computer or the dataset in an environment, without burdening the computer systems with a continuous operation of multiple vendors. The choice of providers for the checks can be made very flexible and rotated again and again to obtain the greatest possible variety of security approaches and opinions.
Optimization of application areas
The flexible vendor use does not have to be limited to a single computer system, but can also be applied to an entire network environment. Possible aspects of these strategic decisions may be the different security and performance needs of each device class. For example, a file server that is constantly busy with many file accesses has other needs in terms of the characteristics of anti-malware technology (e.g. data throughput) than an agent’s workstation. Also, mobile devices that can leave the protection of the corporate network are exposed to a greater security risk than desktop computers. With the help of flexible vendor use, it is possible to address the various application areas and to activate the right provider combinations for the respective needs.
A wider variety of vendor combinations in an environment can also be a potential security aspect. These confront potential attackers with different approaches to threat detection and constantly changing conditions. This makes it difficult for an attacker to adjust to an attack target and to move unnoticed in the network.
The activation of a vendor can be done not only based on defined strategies, but also spontaneously, within a few minutes. This can be helpful, for example, in the case of a virus outbreak. When using traditional security products, a threat can be missed, additional computers in the network can get infected, and a lot of damage can be done. In such a case, repair tools from other vendors must often be used and a manual cleanup of each affected computer be performed. This results in a large amount of work and takes a lot of time. The use of a neutral base system, even if only a single vendor is used, makes it possible to call other providers for help by click if needed. With this, suitable detection rates could be available, network-wide if required, within a few minutes, to eliminate the threat quickly.
For more information about Agile Malware Protection, see the Whitepaper “Protecing Your Data: Threat Detection Optimization for Enterprises”.