Let's talk more in depth about
Default Allow.
As the name plainly states, the default here is to ALLOW all unknown files to be downloaded.
This works fine in a world filled with unicorns and rainbows. {image of unicorns and rainbows} Unfortunately, in our very imperfect world, the reality is malicious files are everywhere and attackers have gotten better and better at disguising them as good files, making it ever more difficult to distinguish the good from the bad.
To make matters worse, it's now extremely simple for an attacker to take an existing piece of known malware, and, with some simple tools, transform it into a new version that no one has seen before, and that no system will automatically recognize as malware.
Inexpensive hacking toolkits have contributed to a huge rise in the number of malicious files being generated for identity theft, phishing scams, ransomware and other forms of malware. In 2015, an estimated 85 Million new malware variants were created.
That's hundreds of thousands of new malicious files a day. And with the an industry-wide detection rate hovering around ge of approx. 25%, people individuals and businesses of all sizes are definitely going to get infected.
Let's take a look at the Default Allow players
Cylance | Default Allow | ||||
FireEye (HX) | Default Allow | ||||
CyberReason | Default Allow | ||||
Trend Micro | Default Allow | ||||
Sophos | Default Allow | ||||
Symantec | Default Allow | ||||
McAfee/Intel | Default Allow | ||||
Malware Bytes | Default Allow | ||||
Kaspersky | Default Allow | ||||
Menlo Security | Default Allow | ||||
SentinelOne | Default Allow | ||||
Cisco(FireAmp) | Default Allow |
You'll notice that some of the biggest names in Cyber Security are Default Allow. But if they all miss most unknown malware and allow infections to happen so easily, how can this be?
The answer is simple
Most of these players have been around for years and in the early days of the Internet, again, when the number of malicious files was quite low, Default Allow and blacklisting were good enough.
Not today. Over time, hackers continued to hone their craft, became sneakier, and even more insidious as the industry more or less sat back and grew complacent.
Whether the industry knows it or not, the days of Default
Allow are over. In today's environment, you need multiple
layers of defense;
you need a True Default Deny