AV Can’t Protect Your Endpoints Against All Threats… But Don’t Uninstall!


You might find yourself doing a double-take the first time you read the headline of CSO contributing writer Maria Korolov’s recent article, “Why the Best Antivirus Software Isn’t Enough (and Why You Still Need It)”. It’s not exactly breaking news that even next-generation AV solutions are not anywhere close to 100% effective at preventing new and unknown attacks. As a Microsoft executive told Maria, “I would avoid using the phrase ‘antivirus is dead,’ but thinking about straight-up antivirus as a solution — those days are gone.”

So, why does the article’s headline also state you still need AV?

You’re in a significant majority of your colleagues if you’ve come to the realization that modern day AV solutions have grown less effective at protecting your endpoints. Maria cites a recent Ponemon Institute survey which found 70 percent of the IT security professionals are very concerned about new and unknown threats, but only 29 percent believe their AV products provide all the protection they needed.

Yet, as the article points out, you too likely still rely on a more or less traditional antivirus because it is fast, inexpensive, lightweight and can block the bulk of threats constantly hitting your organization’s endpoints. When the threat or its behavior is known, AV can thwart it. Trouble is, that “enumeration of badness” approach doesn’t work well against new and unknown threats.

Think of a soccer (sorry, football) team with one of the world’s top goalkeepers, like Manchester United’s David de Gea. He’s one of the best there is at seeing what’s happening on the field in front of him, and stopping the opposing team’s shots from getting past him.

But what happens if you change the rules on him in the middle of the game? Suddenly there are five balls in play simultaneously, and he has to wear a blindfold for five minute stretches and can’t see all those balls coming at him? He be overwhelmed and won’t be able to stop all the shots, because just like your AV solution, he can’t block what he can’t see.

As long as de Gea’s teammates score more goals than he allows, the Red Devils win. But your organization doesn’t have any room for error. One successful attack that compromises an endpoint or a server can lead to a devastating data breach. Ponemon reports the average cost of a successful attack has increased from $5 million to $7.1 million, with an average cost per compromised endpoint of $440. For small- and medium-sized companies the average cost was even higher, at $763 per endpoint.

Korolov’s article makes the critical point that AV has its place as part of a multi-layer endpoint security protection strategy. It’s the first layer of defense, but not the only layer.

That’s good news, because the last thing you want to have to do is an expensive rip-and-replace project to replace your AV with something only slightly better. We developed our PARANOID endpoint security solution to provide the last layer of defense you need seamlessly complementing your existing investment.

PARANOID does the exact opposite of what AV does (using OS-Centric Positive Security model vs. Negative Security model) to protect you from new, never-seen-before and fileless malware threats that AV solutions tend to miss. Since PARANOID only allows legitimate operating system behavior, it stops actions that may cause damage, including data exfiltration, encryption and more. Plus, it’s so lightweight that you can run it alongside your AV without placing additional strain on your endpoint resources.

To learn more about how PARANOID can supercharge your current AV and other endpoint security defenses, read our solution brief “Your Antivirus Isn’t Dead“. You can also follow us on Twitter and LinkedIn.

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.

No posts to display