Charles Leaver – Your Enterprise Antivirus Is Not Enough

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO


Dwindling Effectiveness of Enterprise Anti-virus?

Google Security Master Labels Antivirus Apps As Ineffective ‘Magic’.

At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Entrusted with investigation of extremely advanced attacks, consisting of the 2009 Operation Aurora project, Bilby lumped business antivirus into a collection of inefficient tools set up to tick a compliance check box, however at the expenditure of real security:

We need to stop buying those things we have actually revealed do not work… Antivirus does some beneficial things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary saying ‘Thank god it inhaled all the harmful gas.

Google security gurus aren’t the first to weigh in against organization antivirus, or to draw uncomplimentary examples, in this case to a dead canary.

Another highly experienced security team, FireEye Mandiant, likened fixed defenses such as business anti-virus to that notoriously stopped working World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are fast ending up being a relic in today’s threat landscape. Organizations invest billions of dollars each year on IT security. But opponents are quickly outflanking these defenses with smart, fast-moving attacks.

An example of this was offered by a Cisco managed security services executive presented at a conference in Poland. Their group had actually identified anomalous activity on one of their organization customer’s networks, and reported the presumed server compromise to the client. To the Cisco team’s awe, the customer simply ran an anti-virus scan on the server, discovered no detections, and positioned it back into service. Horrified, the Cisco team conferenced in the customer to their monitoring console and was able to show the hacker performing a live remote session at that very moment, total with typing mistakes and reissue of commands to the compromised server. Finally convinced, the customer took the server down and totally re-imaged it – the organization anti-virus had actually been an useless interruption – it had actually not served the client and it had actually not hindered the attacker.

So Is It Time to Get Rid Of Enterprise Anti-virus Already?

I am not yet all set to state an end to the age of business anti-virus. But I understand that companies have to buy detection and response capabilities to complement conventional antivirus. However progressively I wonder who is matching whom.

Experienced targeted opponents will always effectively evade antivirus defenses, so against your greatest cyber hazards, enterprise anti-virus is essentially useless. As Darren Bilby mentioned, it does do some useful things, however it does not provide the endpoint defense you require. So, don’t let it distract you from the highest top priority cyber-security financial investments, and don’t let it distract you from security measures that do basically assist.

Shown cyber defense procedures include:

Configuration hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint tracking, consistent vigilance.

Strong file encryption and data security.

Staff education and training.

Consistent risk re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of organization antivirus, none of the above bullets are ‘magic’. They are just the continuous hard work of appropriate organization cyber-security.