> ENDPOINT SECURITY
We know that there are MANY terms thrown about when it comes to cyber security: Virus, Worm, Trojan, Ransomware, the list seems endless.
So in order to try to alleviate the confusion, we’ve provided an explanation of the most common cyber security principle below! In reality, all the below are examples of MALWARE (MALicious softWARE.) Malware is any software that is created to perform a malicious function, whether that be to gain access to your device, stop your device from working as required, or to collect information from your device. Click on the below terms to get more information:
Malicious code attached to an executable file. Must be triggered by the end user by opening/running the file. Can spread if the file is passed to another system, and it can modify or delete data.
Able to replicate by themselves, by attaching themselves to different files or finding paths to other devices via a network. A common symptom of a worm is a noticeable decrease in network speed.
Carries out malicious operations masquerading as something else eg: online. Once activated, it binds to non-exectable files, such as PDFs, image files etc
Hides on your machine, and serves up advertisements, generally trying to persuade you to purchase some form of computer security program. Some more modern and advanced adware programs also monitor your web searches to provide you with specific advertisements based on your activity.
Sits on your computer undetected and collects information from your machine to sends to the hacker.
Ransomware once activated, encrypts files of specific formats and demands payment (usually in the form of Bitcoin) to provide you with the key to recover your files. In reality, a lot of the time, even if paid, the files wont be recoverable unless backups were made.
A program that bypasses usual methods of authentication in order to provide the hacker with persistent access in the future if they wish to return to the specific machine.
A rootkit modifies the operating system in certain ways in order to provide persistent access (via backdoors.) There are different forms of rootkit that affect the machine at different levels. Some even infect the hardware itself, so even by re-installing the OS, the rootkit is still present.
A program that logs the keystrokes of the user, in order to find passwords and other sensitive information. The program can be a piece of software on the machine, or it can be on a piece of hardware between the keyboard and the port on the computer itself.
Partnering with industry security experts such as Cisco and Sophos, we’re able to supplement our knowledge with a variety of endpoint protection technologies most fitting to your requirements and budget. There are various different technologies, applied at different layers, that perform different functions. You’ll also find that some technologies provide most of (if not all) of the functions described here in one package. We’ve provided a handy little jargon buster below, to help you better understand what options are out there, and their functions:
Software that detects malware and prevents it from exectuting. It can then remove the software or put it into ‘quarantine’ in case the detected software is a false positive (software mistakenly detected as malicious.) Most anti-virus programs update themselves automatically in order to get the most recent and up to date malware signatures. There are different ways in which anti-virus can detect malware, with more up to date and effective methods using forms of machine learning and artificial intelligence.
A basic packet filter (much like a network perimeter firewall) that will block and allow traffic based on source/destination IP address and port. Not that effective on its own in todays infosec industry. Better implemented as factor in a ‘layered defence approach.’
Able to filter traffic based on website and application. An example of which would be opening macros within a malicious spreadsheet or word document, blocking access to a specific website or preventing downloading a file. Much more granular filtering options than a standard packet filter firewall.
Unlike anti-virus that scans files, IPS scans network packets. Host based IPS, or HIPS, scan incoming network packets and works well when supplemented by an anti-virus/anti-malware program. Unlike anti-malware products, as it scans network packets, it doesn’t need the constant stream of updates that the anti-virus does.
Much like the HIPS, however the IDS doesnt pro-actively block anything. IDS simply detects and alerts the administrator about what it has detected, and leaves it to the administrator to take appropriate action.
An isolated virtual machine within which suspected malicious payloads can be opened in order to determine their effects before being opened on a live machine on an active network. If the payload is determined to be malicious, the user will be informed as such and the malware blocked.