The traditional IT model of waiting for early adopters to work through any bugs before you install new software makes sense in many cases. In cybersecurity, however, each day’s delay extends the window of opportunity for zero-day malware to wreak havoc on your endpoints.
During the recent Wannacry ransomware attack, customers running the latest McAfee Endpoint Security with Advanced Threat Protection never had a hiccup. Their endpoints immediately classified the file as greyware, subject to deeper analysis and containment. Like border collies so smart they don’t need a command, McAfee Dynamic Application Containment herded unknown files away from crucial areas, allowing them to run but not take actions that malware typically attempts— like encrypting files or overwriting directories.
All of this happened in seconds, without human intervention, and without waiting for a signature. While some organizations scrambled to contain a massive outbreak, McAfee Endpoint Security customers continued working as usual. Even if the attack made it onto an endpoint, it was severely limited in any damage it could cause to that endpoint or user. And with McAfee Threat Intelligence Exchange, the first endpoint to get hit communicated with every other system in the environment.
Stay Current, Stay Protected
Cases like this prove you can’t afford to wait. While signature-based security still plays an important role in endpoint security, it now functions best when used as part of a multi-layer defense, filtering out less sophisticated, “commodity” malware. Signature-based defenses depend on the endpoint security vendor identifying a new attack and creating a DAT file so endpoints can block it. Even when vendors discover a new threat immediately, it still takes hours or days to create and distribute that signature. And during that gap, thousands—even millions—of endpoints can get hit.
The more advanced modern malware threats, however, are designed to disguise their nature and exploit the windows of vulnerability that signature-only defenses leave open. That’s why the industry is moving to next-generation, signature-less approaches.
Move to the Latest McAfee Endpoint Security
With the latest McAfee Endpoint Security, you don’t have to wait for a signature. If an executable has never been seen before, your endpoints automatically classify it as “greyware” and treat it with appropriate suspicion. Your endpoints first conduct pre-execution scanning of its code base—essentially a static look at the code (before it runs). Then, they perform dynamic analysis of the behavior during execution. All of these capabilities, and others, are part of protection at each endpoint that limits the damage and spread of greyware to other endpoints. And they’re designed and integrated to close that window of vulnerability—to stop malware even before security systems know exactly what it is.
No matter who your endpoint security vendor is, check to see if you’re running their latest software version—and if not, update it. Hint: If you’re running VirusScan Enterprise (VSE), McAfee Host IPS Firewall, or McAfee SiteAdvisor web filtering, you’re not using the latest McAfee Endpoint Security.
McAfee Endpoint Security is an integrated solution that replaces several individual legacy endpoint products, including McAfee VirusScan Enterprise, McAfee Host IPS Firewall, and McAfee SiteAdvisor web filtering. If you’re an existing customer with one of our Endpoint Security suites, McAfee Endpoint Security is a free security upgrade.