Content

Multi-Vector Attacks Demand Multi-Vector Protection

Share

It’s easy to be dismissive about hackneyed axioms like “a chain is only as strong as its weakest link,” but today’s threat landscape is placing a fresh—and highly destructive—emphasis on the principle underpinning that time-worn motto. It’s a safe bet that any MSP or in-house IT professional who underestimates the need to eliminate every vulnerability in their endpoint security chain—to all potential attack vectors—will eventually pay the price for that inaction.

That’s particularly true when the bad guys employ multiple attack vectors. In a multi-vector attack, cybercriminals combine a range of threats deployed at numerous stages, across multiple points of entry (attack vectors) to infect computers and networks. This blended approach greatly increases the likelihood of their success and the speed of contagion and severity of damage.

To effectively combat these multi-vector attacks, endpoint protection solutions need to incorporate a multi-vector strategy that may be broken down into three fundamental steps:

  1. Predict and prevent the attack and from being infected in the first place
  2. If you cannot predict or prevent, then detect and identify it accurately
  3. Then, ensure you are able to contain it and remediate it

This approach is ideal because it provides multiple chances at multiple attack stages to block or stop a threat before an infection can succeed. As can be seen below, Webroot offers this multi-vector protection across every threat stage:


Attack Vector Stage: How Threat Enters Your Environment

Superior endpoint security solutions incorporate an extensive range of tools to combat threats from a variety of sources:

  • Email, web browsers, display ads, hyperlinks, files, social media apps, external devices (e.g., USB drives or web cams)

Webroot Multi-Vector Prevention Shields: 

  • Web Threat Shield, Identity Shield, USB Shield, Infrared Shield, Smart Firewall

Payload Delivery Stage: What Form Threat Takes

Cyberattacks can come in many different forms, and an effective endpoint protection solution must have the resources to address them all:

  • Adware, spyware, ransomware, phishing attacks, keyloggers, viruses, Trojans, worms, rootkits

Webroot Multi-Vector Detection Shields: 

  • Self-Protection Shield, Real-Time Anti-Phishing, Real-Time System Shield, Offline Shield, Rootkit Shield

Infection Remediation Stage: How Threat Can Be Neutralized

No AV vendor can prevent all infections instantly, so it’s critical that remediation is easy, fast and complete:

Webroot Multi-Vector Remediation Shields:

  • Zero-Day Shield, Behavior Shield, Core System Shield, Monitoring & Journaling, Quarantine, Auto-Remediation

Benefits of Multi-Vector Protection Against Phishing Attack

According to the Verizon 2017 Data Breach Investigations Report, phishing was behind 90 percent of successful security incidents and breaches in 2016. Hence it’s useful to examine how an AV solution using a single-vector approach to security handles a hypothetical phishing attack:

  1. Recipient of phishing email clicks on a USPS “Track Your Package” link
  2. This takes user to a phishing site while at the same time a malicious payload is downloading to user’s machine
  3. At this point the single-vector protection solution has just one chance to block the threat—either with a signature or sophisticated mathematical algorithm; if the solution misses it, it forfeits only opportunity to keep the machine infection-free

In this same hypothetical, consider how Webroot’s multi-vector approach enables far more comprehensive protection:

  1. Recipient of phishing email clicks on USPS “Track Your Package” link
  2. Web Threat Shield protects user from visiting known malicious sites by looking up URL and IP reputations in real-time on Webroot’s threat intelligence platform
  3. No access means no infection, and threat is blocked; if URL analysis is inconclusive, Webroot automatically proceeds to next step
  4. Real-Time Anti-Phishing uses more than 200 checks to determine if it’s a phishing site; if so, site is blocked. Between its Web Threat and Real-Time Anti-Phishing protection alone, Webroot expects to prevent over 99% of phishing-based attacks
  5. If site falls within the circa 1% not identified as phishing site, malicious payload is downloaded and Webroot agent immediately creates “fingerprint” of file, uses Real-Time System Shield to categorize with near-100% accuracy if file is known-good or known-bad; if a known-bad file, it is blocked
  6. If file unknown, Webroot compares characteristics file will demonstrate upon execution to over 13 billion file behavior records in the Webroot intelligence platform; if the characteristics are consistent with known malware, execution is blocked
  7. If unable to make a pre-execution determination, file is allowed to execute while Webroot agent begins journaling all changes to the system that are attributable to the file’ execution; agent also continues to monitor file’s behaviors and checks them against file behavior records database in Webroot intelligence platform
  8. Agent gains enough insight to detect if file is malicious, if so it is blocked; agent then automatically remediates machine to pre-infection state

Watch Multi-Vector Protection Video

To learn more about the benefits of Webroot’s multi-vector protection, we invite you to view this brief video:

Guest blog courtesy of Webroot. Read more Webroot guest blogs here.