Fileless cyber attacks
Fileless cyber attacks are a relatively new method of compromising a system where a malicious process refrains from utilizing file storage in the process of attacking an endpoint. This circumvents most anti-virus software available on the market.
Fast Assist Client Security guards against fileless attacks because our client security establishes extensive control over all processes running on a device and categorizes them into known good, known malicious and unknown processes. That last category is automatically contained virtually and restricted from being able to make changes to the system. A contained process can be identified as it’s window will have a green border around it.
All unknown process are virtually contained until automatically analyzed and a verdict issued by our software vendor or by having us manually flagging the process as safe if it is part of a known, but proprietary application. Manual flagging of a process as safe generally only takes a few moments to replicate down to the endpoint the process is being contained on. Anything that has been automatically contained on a system that we manage, we can see in our security dashboard in real time as it is being contained.
Another method of attack that doesn’t involve malicious processes is the compromised identity of your end users. Stolen authentication has been on the rise. The best defense against such is end user cyber security awareness education, multi-factor authentication, establishing effectively strong passwords at the legacy authentication level and constant monitoring/auditing of account activities.