By Mike Herrington
There are a lot of things to think about when you’re a business owner or executive — and behavioral heuristics probably isn’t on the top of that list. Here’s a quick break-down of what it is and why you should care if you want to keep your business network safe.
We live in a world of evolving security threats where new viruses and attacks are being created at an ever-increasing rate. These cyber-terrorists pose real threats to businesses and consumers, as evidenced recently by Equifax’s enormous breech that will almost certainly put them out of business. There is a lot to talk about with network security, but we’ll start as simple as it gets with antivirus.
Windows Defender, a security app that comes with Windows, identifies a suspicious program by checking the program against a database that Microsoft maintains. Security programs that rely on databases for malware information check them frequently because people create new viruses continuously. Many antivirus programs identify threats by examining their “signatures.” A signature is like a fingerprint; it represents a specific set of a file’s characteristics that help others identify the file.
A behavioral antivirus product examines the behavior of an unknown application, looking for suspicious activity instead of trying to classify it against a list of known threats. It examines any changes it makes to your operating system, searching for suspicious behavior. These types of antivirus may take action or warn you of the threat if they detect malicious behavior by an unknown application.
Heuristic detection methods seek to identify malware by examining the code in a virus program and analyzing the program’s structure. They may run a process that simulates the code that is being examined in the unknown application. When it does that, the antivirus seeks to identify code logic to determine if the virus is a threat.
The very newest antivirus technology is using a smart combination of these methods to get the best results. That’s where we get to behavioral heuristics. They use a combination of examining the behavior of the potential virus along with the structure of the code. It gives you the best of both worlds when it comes to protecting against unknown threats.
Some next-generation antivirus products will even log the changes made by a suspicious application with a feature called journaling. Then, if it determines that the unknown application is a virus, it will automatically roll back all the changes made by the malicious code.
These types of features are important because many viruses can modify their code to evade detection by heuristic detection methods. Having a next-generation antivirus that looks for behavior in addition to heuristics allows you to catch evolving threats more consistently. That keeps your business protected and your employees productive.
Network security can have a significant impact on the bottom line. Business owners should take the time to educate themselves about the latest in network security and how to keep their businesses safe. If you have questions that your IT provider can’t answer, you should consult a network security specialist that can help. Don’t let your business be the next Equifax.
“An ounce of prevention is worth a pound of cure” - Benjamin Franklin
Mike Herrington is vice president of sales for i.t.NOW where he consults with business owners on IT solutions and strategy.