Chuck Leaver – What Is The Value Of Enterprise Antivirus Today?

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO


Decreasing Effectiveness of Enterprise Anti-virus?

Google Security Expert Labels Anti-virus Apps As Ineffective ‘Magic’.

At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Entrusted with investigation of highly sophisticated attacks, including the 2009 Operation Aurora project, Bilby lumped organization antivirus into a collection of inadequate tools set up to tick a compliance check box, however at the expenditure of real security:

We have to stop purchasing those things we have actually revealed do not work… Anti-virus does some useful things, but in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary stating ‘Thank god it inhaled all the toxic gas.

Google security masters aren’t the first to weigh in against enterprise anti-virus, or to draw unflattering analogies, in this case to a dead canary.

Another highly competent security team, FireEye Mandiant, likened static defenses such as enterprise anti-virus to that notoriously failed World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are quick becoming a relic in today’s risk landscape. Organizations invest billions of dollars each year on IT security. However hackers are quickly outflanking these defenses with creative, fast moving attacks.

An example of this was provided by a Cisco managed security services executive presented at a conference in Poland. Their team had found anomalous activity on one of their business client’s networks, and reported the thought server compromise to the client. To the Cisco group’s awe, the customer merely ran an antivirus scan on the server, discovered no detections, and positioned it back into service. Horrified, the Cisco group conferenced in the client to their monitoring console and was able to show the opponent performing a live remote session at that very minute, total with typing errors and reissue of commands to the jeopardized server. Finally convinced, the client took the server down and totally re-imaged it – the business antivirus had been an useless diversion – it had actually not served the client and it had not discouraged the assailant.

So Is It Time to Dispose Of Business Anti-virus Now?

I am not yet ready to declare an end to the age of business antivirus. However I understand that businesses need to purchase detection and response abilities to match traditional antivirus. But progressively I question who is complementing whom.

Skilled targeted attackers will constantly effectively avert anti-virus defenses, so against your greatest cyber hazards, business anti-virus is essentially useless. As Darren Bilby specified, it does do some helpful things, but it does not provide the endpoint defense you require. So, do not let it sidetrack you from the greatest priority cyber-security investments, and don’t let it sidetrack you from security steps that do essentially help.

Shown cyber defense steps include:

Setup hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Continuous network and endpoint tracking, consistent watchfulness.

Strong encryption and data security.

Staff education and training.

Continuous danger re-assessment, penetration testing, red/blue teaming.

In contrast to Bilby’s criticism of organization anti-virus, none of the above bullets are ‘magic’. They are merely the ongoing effort of appropriate enterprise cyber-security.