There is a curious parallel between the future of cybersecurity and our ability as human beings to adapt to pandemic driven changes. In the past months, most of us have started wearing masks and paying more attention to social distancing and personal hygiene. In the wake of Covid-19, we've become aware of our vulnerabilities and those of others and are adapting as best as we can to the new reality of what is likely to be an ever-present threat.
Covid-19 may wax and wane and a vaccine may send it into retreat but there is an underlying awareness that similar viruses are also likely to surface in the future. In fact, Covid-19 was already signalled by the earlier SARS and MERS viruses and the outbreak of Covid-19 was no surprise to epidemiologists the world over, they were expecting it, it was just a question of when. It’s our ability to detect, adapt and forestall that will ultimately determine whether we are successful or not in defending against these acute threats.
The dynamics at play in the world of viral threats mirror the multi-layered approach to cybersecurity. Multi-layered cybersecurity is not a marketing gimmick but a complex response to the evolution of malware. As early as 2015, reports and technical analysis warned against the worrying trend: of emerging polymorphic and metamorphic malware.
These new types of malicious code constantly morph, changing signatures, encryption, and other identifiable features, thus evading detection and rendering simple, single-layer protection useless. In a sense, it's like the Covid-19 virus in that we know what some of the major symptoms are but they're estimated to be at least strains that are morphing and adapting all the time. In short, there are knowns and unknowns.
For instance, we know that zero-day threats do not have a known signature and as a result, a single-layer signature-based security solution would be unable to protect you from them. But how exactly do these solutions work, and what does single-layer versus multilayer mean?
Let’s take a closer look
A typical single-layer solution relies solely on a database of signatures.
Summer retreat, cyber defeat
- These signatures are known as static hash files and each one signals a known malware file with a specific set of features.
- If the features change, the signatures need to be updated as well which could take days or even weeks, while the antivirus specialists analyse, decrypt, and manually rewrite the signatures.
- During this time, you are unprotected because a polymorphic or metamorphic malware will change and become an unrecognized entity, something that does not match any of the signatures from the database.
- By the time the update is available, downloaded, and installed, the virus can change a few more times, rendering the last updates also powerless.
- Another issue for these single-layer signature-based solutions is that antivirus vendors need to initiate the scan and you constantly need to make sure your product version has an up-to-date signature database.
In these cases, you need to connect to the internet to download the latest security patch, even if it is downloaded automatically. But what happens if you are offline when you discover that you are infected? You might not know anything about it.
Perhaps, but you missed the latest update because you weren't connected or you didn’t notice anything suspicious enough to initiate a scan beforehand. It’s something we’ve all done at least once in our lives. We have all snoozed that pesky update reminder and put off installing the latest security update.
Multi-layer equal’s multi-protection
So what exactly does multi-layered protection mean?
Let’s look at BullGuard’s 2021 edition
of antimalware products which provides five layers of antimalware protection. First, they all work in real-time, which means you don’t need to actively do anything to benefit from them.
- An OnAccess engine proactively checks and protects the files and processes that you are using. This first layer protects you regardless of whether you are connected to the internet or whether you initiate a scan.Once the OnAccess engine selects a file or a process that needs to be scanned, the next four layers of protection are used in cascade, one after each other.
- The classic check against the signature database is the second layer. The most popular threats will be detected here. But BullGuard 2021 also investigates further.
- If you are connected to the internet, Cloud Detection, the third layer of security sends the hash of the file to the cloud database. A vast collection of data, updated and checked in real-time, is used to further filter out possible threats. Polymorphic and metamorphic malware is intercepted and analysed here.
- This cloud detection database has all the benefits of a modern Antivirus Lab, including heuristic detection, machine learning and sandboxing for improving cloud detection, which ensures great detection for emerging threats and a low rate of false positive results.
Most multi-layered cybersecurity solutions stop here, but BullGuard has taken it not one, but two steps further. We have added two more layers of security: Dynamic Machine Learning and Behavioural Detection.
- Recently sophisticated and complex malware has emerged that attempts to counter cloud detection defences by attempting to interfere with the Internet connection while spreading on the machine.
BullGuard anticipated this move.
Both our Dynamic Machine Learning and Behavioural Detection layers protect you while offline.
Always forward, never backward
- When online, these last two layers are used to intercept anything that might attempt to bypass the first defence and interfere with the internet connection.
- These additional layers also ensure outstanding performance on the computer by balancing the detection activity if the cloud response takes too long to be received.
Online or offline, our health and our security remain of utmost importance. We are in this process at the moment in terms of the pandemic, learning about virus mutation, and how to identify and beat back viruses that attack the respiratory system. It's a dynamic process similar to the cybersecurity world. Rigid, non-reactive “as-it-happened” antivirus solutions have a very limited action range and constantly depend on a user being proactive such as regular scanning and updates. In contrast, the future of cybersecurity is represented by dynamic solutions, able to learn and adapt on the go, that can respond in the moment and identify and defeat malware even if does mutate and advance at an unprecedented pace.