#HowTo: Introduce Advanced Technologies into Your Security Strategy

Nowadays, everyone, whether connected to the IT and security industries or not, is aware of cyber-threats and, more broadly, cybersecurity. Unfortunately, they have become a part of our everyday life, being a side effect of developments in digitalization, computing and other innovations of the past 10 years. Cybersecurity and cyber protection products are continually evolving to combat threats and malware since the first viruses and trojans. Security industry players have developed signature detection, firewall, IPS/IDS, heuristic detection, sandboxing, emulation, behavior analytics – you name it. As the threats evolve, companies and individuals should regularly adopt new security solutions and features to avoid being vulnerable to attacks and eventually risk losing their data.

Understanding the Need for New Advanced Technologies

It is reasonable to ask: do I really need so many new advanced technologies to protect my data? Do they bring value? The answer is not simple. The devil is in details.

Of course, you may already recognize that you need to improve your security posture; for example, some threats are being missed by your cyber defense solution. Perhaps you rely on old-school signature-based or basic heuristics anti-malware, which will almost certainly miss some of the newer cyber-threats. In this case, it is definitely a good idea to strengthen it with behavioral detection or machine learning-based detection (often also known as AI-based detection). That said, you may be unaware that you have been compromised if your current security solution cannot deal with fileless threats, which, being memory-based and not file-based, evade detection by many security solutions. Capabilities such as ‘exploit prevention’ and ‘in-memory detection’ can overcome the threat of fileless malware.

In order to identify which technologies are best suited for your needs and will bring you the most value, the first step is to look into the details of these features and the technologies behind them to truly understand how they work. Research independent reviews and tests, or even carry out tests yourself.

Doing your own research about ransomware protection and backup/data protection products is crucial. Here’s a simple example to explain why: while many products claim to protect against ransomware, in some cases, that simply means you can restore data from your backup in the case of a ransomware attack. Other solutions feature simple signatures or rules, which provide limited protection but would not detect any new cyber-threat. At the same time, products featuring a behavioral engine based on data-oriented heuristics can detect any new incoming threat. So, while on paper, each product claims to have anti-ransomware technology in place, the difference of protection in a real-life situation will be huge – from detecting nothing to detecting practically everything.

A Simple Way to Implement New Solutions

So what is the most foolproof method to introduce new technologies into your security stack? This depends on the security solution you currently have. Integrated solutions or all-in-one security providers are increasingly popular among end-users and MSPs for the obvious reasons of convenience, performance and so on. If your current security provider regularly invests in the development of new technologies and functionality, you are in luck. This is not common though, and it can sometimes take a year or two before a new technology or feature that you need is included in a product release. While there is always the option of buying a separate solution and integrating it into your current security posture, this will cost you time and money. You also need to ensure the solutions are compatible and that the system performance will not degrade. Opting for an integrated solution helps avoid this challenge.

Three Steps for Introducing New Technologies into Your Security Strategy

To summarize, when introducing new advanced security technologies into your security posture, make sure you follow these three simple steps:

  1. Understand your needs. Check if your current cyber protection includes technologies such as behavioral or ML-based detection and exploit prevention. For example, can your system detect stealth attacks such as fileless threats or malicious injections into legitimate processes?
  2. Look for vendors who provide a wide range of your required technologies and have a short and effective development cycle; for example, offering monthly product releases. Cyber-threats are rapidly evolving; you cannot afford to wait to get new technology in place.
  3. Research independent tests or conduct your own tests to ensure the technology works as expected. For anti-malware/threats detection, large independent security labs such as AV-Test, AV-Comparatives, Virus Bulletin or MRG Effitas will be a good starting point.

What’s Hot on Infosecurity Magazine?