We've been in the security business for a long time and have seen several changes in threats to the endpoint over the years but things have changed now that we've deployed a prevention-first focused solution (Cylance PROTECT). We used to stand ready to pounce on the slightest indication of malware introduction with preparations for the eventuality that malware would get by our signature based endpoint defenses; ready to re-image a device or restore data that had been ransomly encrypted.
It's now been years since we have had to exercise our endpoint infection responses and we find ourselves in a curious place. Our Customers, our Support Teams, our Management have forgotten the difficulties we used to endure, with an unpredictable but all too frequent cadence of infections by the latest malware campaigns, perpetrated by threat-actors who were mainly seeking to monetize on infected endpoints. No one seems to remember that we had to submit malware samples to our anti-virus provider, asking them to quickly create a signature to help us stop the threat of the infection du jour, all draining on resources and our Customers' confidence in our ability to protect them.
Now we honestly face a struggle where the threat of compromise has moved back into the realm of a theoretical possibility rather than a common occurrence, which creates more of a struggle (on our part) to advance the continuous improvement of security agenda. Who would have thought?
- Security Architect for Houston based Oil and Gas company