CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Limitations of Current Endpoint Security Approaches<br />
Endpoint security has traditionally been about comparing an endpoint with a signature in a<br />
database. The signature database was initially downloaded from a central server to a local server<br />
in the organization. Every endpoint would then check with this database to compare file-hashes<br />
on their system with signatures to determine if a file was malicious or not. As the signatures went<br />
into billions of hashes, databases started growing bigger and bigger and started moving to the<br />
cloud where a central database served as a repository to all known good and bad file hashes.<br />
This did not solve the problem of zero-day malware which by-definition was a malicious file that<br />
has not been seen before, and hence does not have a hash in the cloud. To solve this problem,<br />
organizations started deploying machine learning and sandboxing solutions. Sandboxing