AV Can’t Stop Zero-Day Attacks and They’re Hurting Productivity
Published 09/22/2015
By Susan Richardson, Manager/Content Strategy, Code42
It’s been almost 18 months since Symantec officially declared antivirus software “dead” in an interview with the Wall Street Journal. So why did a recent study by ESG find that 73 percent of enterprises have at least two AV products deployed and nearly one-third use three or more?
With antivirus, more is less
In the face of industry reports that AV software is only 50 percent effective in identifying malware, it seems that many enterprises are adopting a “more is better” mindset: More AV products mean a bigger database of known malware “signatures,” which increases the chances of catching malware before it breaches the enterprise environment—right?
Wrong. Deploying multiple AV products might expand the total number of known malware signatures in your AV armor, but this approach doesn’t combat the biggest flaw: new, zero-day malware that no AV product has ever encountered (and therefore can’t possibly recognize). Even with frequent updates to the signature database, AV software just can’t keep up. The September 2015 release of Symantec’s AV product includes a total of 37 million malware signatures. But the AV-TEST Institute registers over 390,000 new pieces of malware every single day—and sophisticated cybercriminals are doing their own QA, running new malware against common AV products to make sure they will go undetected.
As AV piles up, productivity goes down
It’s a game of cat and mouse that you’re destined to lose, and it’s eating up your IT budget—and hampering productivity. IT staff have to learn and configure multiple platforms, and all your staff are impacted by the frequent required updates. And if you’ve ever run a manual AV scan, you know that your computing capacity is reduced to a crawl.
Focus on detection and response
AV software remains a valuable first line of malware defense—and often a requirement for regulatory compliance. But instead of investing time and money in layering AV products on top of each other, enterprises need to shift to a “detect and respond” mindset. This means leveraging a centralized, real-time repository of all the data in your enterprise environment—including laptops and other mobile endpoints—to enable ongoing forensic analysis that will catch aberrations and anomalies across your entire system.
With this progressive security approach, you have the power to quickly isolate malicious code, identify where it entered and what data was affected in the environment, and mitigate the impacts of the breach. You might not be able to stop a new piece of malware from breaching your environment, but you’re in a strong position to corner the “mouse” before it does serious damage.