Why Your Traditional AV Isn’t Working
According to a recent study completed by KnowBe4, your traditional anti-virus alone is not effective in stopping today’s biggest cyber security threat, ransomware. Ransomware is a form of malware that locks your files or entire PCs and demands a payment to unlock them. In the study, KnowBe4 asked 500 organizations the impact, if any, they’ve experienced due to ransomware. The results showed 33% of those surveyed experienced a ransomware attack in the last 12 months. They also found that 53% of those impacted by ransomware had multiple defenses in place to prevent the attacks.
These statistics are evidence that traditional security solutions do not work. Traditional programs use a blacklist approach. This means that they stop only known bad files. If files are unknown — neither a known good or known bad file, it is allowed to execute under this methodology. That is the problem. All malware is not going to be known as bad, until it infects someone and is added to the blacklist. Keeping up with malicious files is impossible, because they change constantly.
Application Whitelisting
This is why implementing application whitelisting is critical. Application whitelisting uses an alternative detection method. Instead of tracking only known bad files, whitelisting will only allow for known safe programs to run. This approach has been proven far more effective in blocking today’s cyber security threats than traditional blacklisting methods.
By only allowing safe programs to run, the ever-changing malware codes will be blocked, because no matter what, they will never be deemed safe. But what about malware that is inserted in a known safe program? Once a malware executable is placed into a safe program, that changes the code. Therefore, it is not a known safe program anymore. It must be retested to be allowed to run. Therefore, it will be blocked, if indeed malware has been added to the program.
What if this method blocks my software from running because it isn’t on the whitelist? By using PC Matic‘s whitelisting technology, within 24 hours of attempted execution, the file or program is sent to our malware research team where they test it and either categorize it as safe or malicious. Therefore, within 24 hours, you will have access to said program if it is deemed safe. If it is a program you have worked with before and believe it to be safe and do not want to wait up to 24 hours, the user has the ability to manually add the program to their whitelist and gain access to the program or file immediately.
Enhance your security now with PC Matic‘s application whitelisting technology.