Prevention and Detection - Two Sides of the Same Coin

October 10, 2017

 |  

Sharron Malaver

In our recent paper, “Making sense of the endpoint security” we compared and contrasted different types of endpoint security tools, from endpoint control, to anti-malware, to endpoint detection and response. One question security architects constantly struggle with is whether to concentrate on prevention or detection. In reality, these are two sides of the same coin, since at the end of the day, we’re trying to stop attacks from impacting the business in the most cost-effective way. As a careful balancing act - it’s useful to accept you’re never going to prevent everything, but at the same time realize how valuable your people’s time is.

One thing every prevention tool has in common is that they are less than 100% effective. That doesn’t mean we shouldn’t try get as close as possible, though. Every issue that doesn’t get automatically prevented means hours of effort from a finite pool of expensive and hard-to-hire SOC experts. Every wasted minute spent on an issue that could’ve been automatically blocked, is a minute taken away from an issue that could truly threaten the business.

To maximize the number of threats automatically prevented, Minerva looks to adopt a completely new and different approach that provides prevention through deception. While other anti-malware approaches focus on identifying malware, Minerva blocks malware by using its own evasive techniques against malicious software, turning attackers’ strength into a weakness. This adds a fundamentally new dimension to preventing threats on the endpoint. Minerva Labs is different for a few reasons:

Minerva does not rely on patterns or signatures

Solutions based on known signatures, behavior patterns or machine learning models are limited by nature, since they depend on certain thresholds or algorithms. Either the indicators they rely on are overly broad, leading to false alarms, or overly specific, meaning that they miss real threats. Minerva takes a radically different approach to the endpoint solutions on the market today, which makes it so effective in the threat prevention it delivers. By using deception on the endpoint, Minerva causes the malware to self-convict and prevents it from gaining any foothold on the endpoint. This approach avoids the ever-increasing need for deeper, more resource intensive and more intrusive analysis on the endpoint and prevents attacks without the need for any human intervention.

Minerva provides enhanced endpoint security without operational burden

With so many security solutions already in place, the operational burden of an additional one can end up being the major factor in the decision to implement a solution. Minerva is designed to ensure an extremely low operational burden with easy deployment, no tuning and minimal maintenance.

Minerva has zero impact on end users

Minerva is a passive solution that acts only when there is a true event, and deploys with a single installation package across the entire enterprise. Also, Minerva leaves no noticeable footprint and requires no signature updates. This means that it has zero impact on the business user and is agnostic to the endpoint infrastructure, protecting the system regardless of its operating system, memory level or hardware specifications.  

Organizations should first look to get the most out of automated prevention before moving to detection and response, where skilled resources are needed for long investigative processes. Let software fight software and humans fight the human adversary where intuition and advanced analysis needs to be applied. By prioritizing prevention and leaving detection to the few sophisticated incidents where human intervention is needed, you could truly impact your security operations.

To see us in action, request a demo today.