DETECTION OR PREVENTION BASED SOLUTIONS FOR CYBER THREATS? A SEARCH FOR THE WINNING STRATEGY.
March 27, 2019
With the average data breach costing $3.86 million, no organization wants to take security risks. As hackers continuously develop new types of malware, organizations must be on top of their game – ensuring that their cybersecurity strategy provides full coverage against all types of threats, including zero-day or unknown threats. There are two main approaches to malware protection – detection and prevention. Let’s have a look at each of them, and find out which one is the most effective for comprehensive malware protection.
Detection: Catching the criminal red-handed
Detection is a common part of every cybersecurity strategy – revolving around these three steps:
- Identifying a current attack
- Containing the breached area
- Analyzing the impact of the breach
A strategy like this uses traditional, signature-based tools, such as antivirus. These tools use a database of malware signatures to detect known malware. They also provide useful data for analyzing past attacks – where the attack happened, how it was handled by the cybersecurity system, and so on.
A glaring problem with detection-based solutions is that they only detect malware when the attack has already begun – like catching a thief in the middle of a robbery. By this time, some of the damage has already been done – and the organization will have to dedicate its time and money to repair it.
Detection-based tools are also ineffective against zero-day threats. These unknown threats have no signature in any database, so they can evade detection completely. Statistics show that 30% of malware attacks are zero-day exploits – this means that detection by itself leaves an organization unprotected from almost one-third of attacks!
Imagine if there was a way to stop both known and unknown threats from reaching the organization in the first place before any harm is done? That’s where prevention comes in.
Prevention: Guarding against the crime
Prevention-based solutions take proactive steps to prevent malware from entering the organization’s system – like a guarded perimeter fence stopping a thief from gaining entry to a building, preventing a robbery in the first place. These solutions are effective against zero-day threats, as they don’t rely on past knowledge or malware signatures. One such prevention-based solution is CDR (content disarm and reconstruction) – which sanitizes every incoming file by disassembling it, neutralizing all threats, and rebuilding it. When the file enters the organization for the first time, it is guaranteed clean and safe to use.
To read more about prevention-based solutions and CDR, click here.