Armstrong logo

Here is Why You Need to Add Another Layer of Security to Your Antivirus

By Neil Burton

Anyone could be a victim of ransomware attacks, whether individuals or companies.  It is one of the most successful methods cybercriminals use to encrypt users’ files and ask for a ransom in return.

Online criminals always look for new ways to infect systems or networks and targeting admin passwords through brute force attacks is an attractive method.  There have been many cases where attackers have hacked into unprotected remote desktop protocols and manually executed the ransomware.

Ransomware infections continue to cause serious problems for both individuals and companies that lose access to their valuable data.  The impact is devastating and such attacks usually happen due to bad IT hygiene and minimal security.

Ransomware infection typically happens when a malicious link is received and clicked in an email, which then transports the user to an infected web page:

Standalone antivirus is simply not enough to fully protect your data

If you currently use an antivirus solution, know that it cannot provide 100% protection.  Online threats have evolved greatly.

Antivirus is a single layer of security that you need, however it cannot keep up with increasing numbers of malware attacks.  It does a better job at protecting against worms, viruses, trojans, while advanced malware strains (ransomware, phishing or social engineering threats) evade traditional antivirus detection.

Massive spam campaigns like WannaCry and NonPetya flew under the radar of AV software and went undetected during the first hours or days.  This timing was critical and much damage was caused.

Here’s an example of a spam campaign Heimdal monitored and analysed to see how long it took for AV engines to detect it.  During this malicious campaign, cybercriminals tried to bait victims into clicking on a malicious link to deliver the NanoCore malware onto their devices.

The results from VirusTotal showed that in the first day only 5 AV engines out of 64 could detect this malicious campaign.  A few days later, 37 out of 64 engines could find it.  This indicates a low detection rate for traditional antivirus during the first stages of an attack.

Nowadays, cyber attacks are brand new and unlisted in antivirus databases, which are designed to sneak past antivirus and compromise your computer.  People rely on antivirus as their only protective layer, but it’s simply not enough.  Antivirus is often ineffective in blocking ransomware attacks.

Why extra layers of security are needed

A multi-layer approach is better to fight ransomware infections that can spread quickly and harvest massive amounts of user data.  This happens because AV malware scanning is reactive than proactive.  The newer a malware strain is, the harder will be for AV to detect it.

The purpose of multi-layered security is to stop cyber attacks on different levels, so they never reach the core of the system and essential data.

Cyber criminals can find ways to manipulate the data that flows through your Internet connection to serve their malicious purposes.

We spend a large amount of time browsing the Internet, but have you thought about the danger you are exposed to? We believe that everyone should enjoy the web safely when navigating online.

To do that, you will need a tool that can help you filter the Internet traffic and eliminate all the threats out there that antivirus can’t block.  A tool focused on proactive cybersecurity.

We believe that you shouldn’t wait for something bad to happen to improve your online safety and protect your digital assets.

What Thor Foresight Enterprise can do for you

If you didn’t know about this product, Thor Foresight Enterprise is built to protect its customers from attacks like ransomware traditional antivirus can’t detect.

Thor Foresight Enterprise can block different ransomware infection sources such as malicious email attachments, infected links you may receive in your email, infected web pages or malicious web apps that appear legitimate at first, but aimed at spreading ransomware.

Here’s how Thor Foresight Enterprise works and how it can stop a ransomware infection in 4 different stages:

Thor Foresight is an antimalware solution that includes three layers of protection against ransomware.

Traffic scanning and filtering

With its DarkLayer Guard feature, Thor Foresight Enterprise proactively scans for all your incoming and outcoming Internet traffic to identify all types of malicious connections.   It does that by changing the DNS (Domain Name System) for IPv4 and IPv6 to a different address and block a malicious web address.

When the engine is enabled, Thor Foresight Enterprise will apply a filter on the network adapter that will scan for infected sites and other web locations (servers, online ads, etc) with the potential to install ransomware on your devices.

You should know that all the filtering process takes place quickly and will not affect your Internet connection speed.

Detection and blocking of advanced malware (VectorN Detection)

The Malware engine analyses potentially malicious code to detect and block ransomware attacks.  It compares the signatures of the files on your PC with our constantly updated database to find any matches.

With the malware scanning feature, Thor Foresight Enterprise works proactively to detect and block second generation malware like ransomware that tries to compromise users’ endpoints and encrypt their files.  All websites you are accessing are scanned and verified in our internal database.

You can choose to turn it off, but we don’t recommend doing it, because it will decrease your protection level.

VectorN Detection feature works hand in hand with the DarkLayer Guard feature and tries to search and detect for patterns in the number of blocks that DuarLayer Guard records.  It uses Machine Learning Detection (MLD) to perform an in-depth analysis of all incoming and outgoing HTTPS, HTTPS, and DNS traffic.

You can see in the image below how many malware scans Thor Foresight Home has completed on a system in the last 7 days, as well as how many malware strains Heimdal has cleaned from your PC in the same frame time.

Automatic and silent patching feature was created to silently keep your software programs and applications, including operating system, up to date and patched, without annoying you with notifications.

In Thor Foresight Enterprise, the patching system includes two sections:

  • Software patching (designed to monitor and update the programs installed on your computer and details about them) 
  • Recommended software (here you’ll find programs Heimdal recommends to install that will automatically be inserted into the software patching list).

What you should know is that Thor Foresight Enterprise is compatible with any antivirus product available on the market that will block threats at their root.  An anti-malware solution isn’t meant to replace your AV product, but complement it, so users can benefit from multiple layers of protection to better fight against ransomware.

With both software products installed on a PC, more security gaps are closed and you can enhance online safety.

Enquiry Form

Useful links