Many technologists and futurists claim the rate at which humankind evolves flatlines when compared to the evolution of technology. Ray Kurzweil, a renowned scientific thinker, inventor, and futurist, stated that although “Our intuition about the future is linear, the reality of information technology is exponential and that makes a profound difference.” Kurzweil goes on to explain that human intuition follows a linear slope. In contrast, his next statement about information technology he declares that its growth is exponential. “If I take 30 steps linearly,” he says about human intuition, “I get to 30. If I take 30 steps exponentially,” he continues, regarding informational technology, “I get to a billion.” This perfectly details one of the key challenges of providing IT services – information security. As the internet grows, so do the threats- exponentially. And as technology experts, we rely heavily on technology to keep our business and our clients ahead of that exponential curve.

Much like human intuition, the original software safeguarding computers from malware —antivirus— has become less and less effective as threats grow exponentially. Traditional definition based antivirus has been around for 25 years, yet has not innovated to protect against attacks that use unknown threat techniques. As the bad guys use technology to exponentially increase threats, the good guys have got to keep up. The answer, Endpoint Protection – a tool which integrates network-based information security in order to provide an artificially intelligent army standing against malware.

So what’s that mean? The crucial distinction between antivirus and endpoint protection programs is the IDS, or Intrusion Detection Software’s they employ. Legacy Antivirus depends upon what’s known as a signature-based threat detection method. This method utilizes databases which generally store over 50 million defined viruses. It uses that database to analyze traffic of a network and if a signature, which is nothing more than a known pattern of threat, is detected, the packet is marked as malignant and sent down the hierarchy of cyber defense. Although this database spans immense amount of signatures, a severe caveat exists – unknown threats – deeming the network vulnerable to any new threats.

The IDS, which Endpoint Protection Programs use, are anomaly-based, meaning they are able to identify any anomalies within the incoming data. In order to do this, EPPs, or Endpoint Protection Programs, use a virus database, as well, but in addition to that database, EPPs implement artificially intelligent software which inspects any unknown data. Unknown files are immediately isolated in secure containers which resemble the actual OS. If the file is malicious, the harm it intends to cause stays enclosed within these containers, which are then able to detect the motives of the file. Through endpoint protection, any files with the potential for harm are identified and killed within those containers.

Antivirus also overlooks the fact that attacks can be file-less, infecting the memory and writing directly to RAM rather than file systems. In addition, antivirus is known to not be user-friendly, hogging bandwidth with updates, and spiking CPU with resource-intensive scans. This not only leads to down time, but often causes users to get frustrated and take strides to disable the software or ignore security warnings.

Moreover, unlike antivirus which protects a particular device, EPPs follow a strict hierarchical system – securing the network first, and then moving down towards individual end-user devices. Endpoint protection software observes how a user operates the computer, learns the user’s habits and acts when unknown behaviors happen, which could be too many quick clicks on a file located in a protected system folder or opening a browser or command prompt that user has never used in the past. This methodology has been already proven to provide much higher protection from cybersecurity threats than traditional antivirus software.

At Domain, we want to help you be in-the-know about the latest and greatest in IT and security.