Skip to main content

Antivirus – Stick a Fork In It?

November 10, 2015

I am sure by now you have heard the rhetoric statement that Antivirus is DEAD. There has been quote after quote by many technology and security leaders over the last year making the claim. Many facts and figures have been published and according to industry statistics, if your Antivirus software captures 30% of the malware that it encounters, it is doing well. But how can this be, it is still the mandatory requirement for any security audit, regulation and IT department. If it truly is dead, what does that mean for endpoint protection?

What all of this really means is that the way we have been doing it for the last 20 years no longer works and it needs to be fixed. Traditional endpoint security software is a reactive solution designed to stop threats that it is aware of. This is better known as blacklisting. On a regular basis (usually daily) it downloads new virus definitions from various sources to keep its catalogue of known threats up to date. Through continuous scanning and monitoring it stops malicious code when it is discovered. This method has been the accepted method for endpoint and server malware protection since its advent and over time has become almost completely ineffective.

The catalyst for this is two fold. The first is the sophistication of malicious code. While endpoint protection has remained static for the most part, the code it is designed to protect our computers from has become intelligent. New characteristics such as the ability to morph and change signature on the fly have made new threats virtually undetectable. By the time a definition for new code is released, the damage has been done and the signature has changed. Malware has also become intelligent by using common communication ports on the network to move invisibly, receiving commands from a command and control server over the internet. This allows pivoting on the network and data exfiltration to be controlled by a human on the outside.

The second reason that traditional endpoint security has been exposed is due to the mobile worker. In the past, most workers were tied to a desk and when they were mobile, connectivity was not nearly as ubiquitous as it is today. Now users are always connected, and in many cases without the protection of enterprise network security. Attackers have seen this as an opportunity, understanding that the perimeter in most cases is not the best entry point, as it is tightly secure. The endpoint can easily be compromised with a combination of phishing to trick the user and modern malware to gain access. Once the malware has infected the workstation, all an attacker has to do is wait for the user to walk them in the door. Once in, they take advantage of operating system vulnerabilities and pivot their way through the network until they find what they want. The modern attack is from the inside out, and traditional approaches will not cut it.

Like the revolution that has occurred in network security related to advanced persistent threats (ATPs) by ushering in technologies such as next generation firewalls and sandboxing, a revolution is underway at the endpoint. Whitelisting is a necessary approach, the concept of allowing what you know and stopping what you don’t is critical to ensuring that endpoints are not vulnerable to zero day attacks. Big data techniques, behavioral analyses and event correlation are all critical components for detecting malicious activity that, on the surface, appears to be harmless. The next generation of endpoint security will include all of the above techniques and organizations seeking to replace or update their existing endpoint strategy should ensure that the solution they choose includes these capabilities at the endpoint (the entry point) and the server (the target).

Antivirus as we know it may be dead, but endpoint protection is far from it. It has just begun to catch up with the threats that we face today.

Related Blogs

August 21, 2014

USB Gone Bad

There has been a lot of talk in the press and across the industry about a new vulnerability called bad USB. It was unveiled a short time ago at the Bl...

See Details

October 30, 2013

Winning the Application Deployment Battle with AppDNA

As desktop and application virtualization become central to the modern day workplace, the challenges that come with providing these resources greatly ...

See Details

February 03, 2014

Is There A Beacon on My Network?

While many IT security professionals focus on protecting the perimeter with advanced IDS/IPS systems, next generation firewalls and DLP, there are eve...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insughts

September 09, 2014

Endpoint Security Options | Optiv

In today’s security world, organizations have countless options when it comes to choosing vendors and securing their data and network. Now break that ...

See Details

September 06, 2012

Bypassing Antivirus with PowerShell

On a recent penetration test, I ran into a number of challenges overcoming antivirus on compromised machines. Although I had already obtained domain a...

See Details

May 07, 2014

Host Based Antivirus Near Its End

I read an article the other day where Symantec's information security chief declares the traditional antivirus is "dead" and "doomed to failure." With...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.