There Are Two Security Approaches – Which Fits You Best?
When considering a security solution, individuals consider various aspects including price, usability, compatibility, and customer reviews. However, how often do customers dig deeper? Do they look at malware detection rates? Do they look at the security approach taken by the antivirus vendor? The answer to all three questions is, rarely.
Many users simply renew with the security program their computer came with. Some don’t use a security solution at all. In a corporate world, budgets are often considered, as well as convenience.
As a result, many users have been left with a reactive security approach. Meaning, they are using a traditional security solution that implements a basic blacklist which blocks all known threats. This may sound great, but what are these solutions doing to prevent new, unknown threats from happening. They’re not. Case in point, WannaCry. That was an unknown, malicious ransomware variant that was allowed to run on endpoints that were running a blacklist security solution. They knew what files were bad but would allow anything else to run.
It’s impossible to keep up with the known bad files, which is exactly what hackers rely on. A reactive approach includes endpoint detection and response (EDR), a method to detect, respond and mitigate suspicious activity on an endpoint. In addition, reactive approaches also include creating a disaster recovery plan and data backups.
To be clear, being prepared is not a bad thing. Having a disaster recovery plan is simply best practice, as well as backing up your data. However, with today’s emerging threats, being reactive is not enough; although, that is what companies are dumping their security budgets into. Why? We’re not sure. Logically, it makes far more sense to increase your prevention security budget, compared to boosting the budget in reacting to them.
Taking a proactive approach means the company places a higher emphasis on avoiding malware infections, instead of preparing for the aftermath of one. A proactive approach should include the following:
- Software patch management services
- Driver updates
- Application whitelisting
- Cyber security training
None of these concepts are new; although when facing today’s cyber threats, they should have a major influence on security measures. Traditionally, whitelisting has a bad reputation because it may create a higher workload for the IT staff. This includes implementing, creating, and managing the whitelist. Instead of leaving this up to the IT staff, PC Matic has chosen to use a whitelist approach in their security solution, as well as offer the service of managing it as well. PC Matic users get access to its globally, automated whitelist technology. Meaning the list has already been created. If an unknown file attempts to execute, that files gets sent to the PC Matic malware research team to be tested and categorized as either safe or malicious. This means, none of the management is left to the IT staff.
New malicious files are created every minute of every day. It is impossible for a blacklist to keep up. Although, being prepared for a disaster, whether it is a malware attack, or natural disaster is not a bad thing. However, with the increased cyber threats users face on a daily basis, being reactive is simply not enough. It is time for a proactive approach.