Once touted as a silver bullet, antivirus is now considered an ineffective security solution on its own. While AV is effective when detecting or blocking known pieces of malicious code, it is thought to fall short when it comes to defending against zero day attacks or advanced threats.
“Endpoint security software use is viewed largely as being driven by the need to remain compliant, rather than the need for an effective security solution,” says Jayson O’Reilly, director of sales and innovation at DRS. “There is also the view that one AV product is much the same as another, which really is not the case.”
He says there is no doubt that new threats are changing the security landscape, and driving the need for different solutions. “In the past, AV was viewed as a total solution. The IT department would install a product on the company’s machines, set up to scan for vulnerabilities, update signatures and patch when required.
Once this was done, users were safe, and well protected from the usual suspects such as viruses, worms, spyware and suchlike. However, it was left to run itself, without being tweaked and customised to meet the business’ specific endpoint needs.”
However, a few years ago, the threat landscape changed. “Organised crime became involved, setting up ‘businesses’ to steal money and sensitive data. Threats such as Stuxnet reared their head, and for the first time SCADA systems were at risk. Alongside this, threat authors were writing cleverer and more stealthy malware, and coming up with new evasion techniques, zero-day attacks and rootkits.”
The security industry responded by introducing new security measures, such as cloud intelligence, sandboxing technologies, and file reputations services. “Security became a catch up game, with security professionals desperately scrambling to come up with new ways to combat these sophisticated threats.”
Unfortunately, too many IT departments did not understand advanced threats, and continued to deploy and run and patch AV solutions, which were getting less and less effective as time went by.
“This is still happening today,” he says. “AV solutions are deployed, configured and set as default, and organisations are falling victim to attacks as a result. This is as unnecessary as it is foolish. Organisations need to have security professionals in place who can manage both protection and mitigation, and who can create a solution that uses AV correctly, tailoring these solutions to meet the businesses’ needs, and as a valuable part of the security chain.”
