Is antivirus still relevant for your organization?
As technology evolves, it leaves behind a junkyard of products that are longer needed. Electric typewriters, dial-up modems, and floppy disks -- all once intrinsic parts of workaday life -- are now long-obsolete relics.
Although we’re not quite there yet, it seems increasingly plausible that traditional antivirus software is likewise reaching its twilight years.
Not convinced? Consider these statistics. As far back as 2014, Symantec’s Senior Vice President -- certainly not a person you’d expect to talk down antivirus software -- declared that antivirus was "dead" and effective against less than 50 percent of cyberattacks.
More recently, detection rates of antivirus products have been shown to actually fall, year on year. IT professionals are also increasingly recognizing the inherent shortcomings of traditional antivirus protection. 69 percent of companies surveyed by Ponemon said that they don’t believe that antivirus provides adequate protection for their systems.
While antivirus software may not be quite ready for a spot in the junkyard next to those dial-up modems, it’s clearly no longer an adequate solution to protect businesses from malware.
What Went Wrong?
In truth, the antivirus software concept has always been somewhat flawed. Solutions primarily use a definition-based system which the software regularly updates to cover new threats.
The two most common -- and accurate -- analogies for this process are the games of "cat and mouse" and "whack-a-mole." Antivirus vendors are constantly engaged in a real-life, high-stakes version of these games, rushing out updates to protect against new zero-day threats.
Two additional factors complete the picture:
- The threat landscape has shifted dramatically in recent years. Cybercriminals are now as likely to use social engineering to compromise a system as they are to try sneaking a trojan onto a network. Enticing a user to unleash a web-based threat is something antivirus software was never really intended to protect against.
- Even "old school" threats are now far more sophisticated. Hackers create viruses that morph and mutate -- and are specifically designed to evade antivirus protection.
It’s been many years since antivirus software alone was considered enough to provide safety and reassurance to IT teams. But it’s increasingly clear that whatever supplements antivirus must be up to the task of dealing with "zero-day" threats and modern social engineering techniques.
A Layered Approach to Endpoint Protection
Over the years IT departments have taken a continuously evolving layered approach to protecting endpoints against malware. As threats have increased in sophistication, this has meant adding new layers in response to new hacking methods, such as zero-day threats that traditional antivirus cannot detect.
Some of the essential layers of protection used by companies today include:
Firewalls control data moving in and out of the network and are available in both hardware and software form, with many firms using both. In the inbound direction, for example, a firewall can block ports from hackers trying to penetrate company systems. In the other direction, a firewall can detect unusual outbound connections. These could indicate malware that has already penetrated organizational systems which is trying to connect to a server controlled by a hacker.
Endpoint Detection and Response (EDR)
EDR systems look out for unusual activity on endpoints -- activity that could indicate the presence of malware. While EDR sounds more sophisticated than an antivirus solution, it works in a similar way, by detecting threats based on known malware behaviors stored in a database. As such, these solutions, while offering an additional layer of protection, are still highly vulnerable to "zero-day" attacks, or clever evolutions of already-known malware.
Hackers have long seen the web browser as a point of entry into a target network, but this threat is growing. Long-standing threats such as Flash and Java exploits are constantly being joined by newer malware innovations such as malvertising attacks.
Blocking off certain websites is, therefore, seen as a way to reduce the threat of infection. By making the accessible web "smaller," the risks are minimized.
However, URL filtering has its flaws: Such systems tend to frustrate workers and reduce productivity by blocking legitimate websites along with those that are risky. And given the virtually infinite scope of the web, while such systems certainly block many compromised websites, the "cat and mouse" game continues with the innumerable other dangerous sites that are out there.
Remote Browser Isolation (RBI)
An innovative solution designed to addresses to the new reality of zero-day threats, mutating malware, and cybercriminals’ preference for targeting the web browser as an easy entry point, Remote Browser Isolation avoids the shortcomings that reduce the performance of traditional solutions.
Instead of leveraging malware signatures to "decide" whether files constitute threats, RBI takes a decisionless approach that simply keeps all web-borne code off of endpoints and out of organizational systems.
RBI moves actual web browsing to virtual browser in an isolated container, remote from endpoints and networks. The website is rendered as a clean data stream, with which users interact completely naturally, in real time, via their device browsers.
Any malware on browsed sites remains isolated in the remote container, safely away from endpoints and production networks. At the end of a browsing session or when a tab is closed, the RBI environment is destroyed, along with any malware picked up along the way.
Instead of releasing more cats into the cat and mouse game, RBI takes a smarter approach -- one that doesn’t rely on the questionable strategy of staying one step behind every aspiring cybercriminal.
InfoSec and IT departments need a range of tools to create the layered defense required for strong network security. For now, antivirus remains on the list. But as effective new solutions like RBI hit the market, the days of antivirus are most likely numbered.
Ilan Paretsky is Chief Marketing Officer at Ericom Software and is responsible for the global marketing activities of the company. Prior to joining Ericom in 2005, Mr. Paretsky held various leadership positions in marketing, business development, project management, and software development in the global software and telecom industries.