Earlier this year in an interview with the Wall Street Journal, Symantec, one of the world’s largest vendors of anti-virus software, said that “anti-virus is dead”. It’s no surprise that this statement has sparked much debate in the security community. The security industry has been reeling from large, high profile breaches. Most of these were caused by stealthy attack techniques using malicious code and combined a certain degree of social engineering to implant the threat. In group tests no anti-virus product catches 100 per cent of malware and some have detection rates as low as 60 per cent. It’s clear that anti-virus is not a silver bullet solution to combat malware but is it dead?
Before we answer that question let’s go back to security fundamentals. It’s always a cardinal rule in security that nothing is ever truly secure. It’s a game of risk vs. reward. To stand a chance of winning, the levels of defence must be greater than the resources an attacker would invest to compromise it.
The once fortress-like perimeter has become porous with partner connectivity, cloud, virtualisation and BYOD, and data theft is now a big business. Hacking tools, methods and skills are constantly evolving, and a major focus of espionage is now online. New vulnerabilities are discovered every day and every change to an organisation, be it human, software, hardware or business, also affects risk. In this information arms race, security defences must constantly meet the new demands placed on networks.
We may win battles against malware but the war still rages on. As a weapon, malware has evolved both in terms of it being harder to detect and also in its increased effectiveness in stealing larger prizes from heavily defended systems without immediate detection. Defence in depth, the principle of having multiple layers of protection, is the only way this cyber challenge can be addressed.
To protect against the heightened malware threat, organisations need to ramp up their defences including consideration of two factor authentication to protect against stolen credentials, implementation of stronger monitoring programmes to detect anomalous behaviour, strengthen their patch management programmes and perform more security awareness training for employees.
So in response to the original question of “Is anti-virus dead?” the answer is clearly ‘no’. One of the requirements to achieve defence in depth is to understand adversaries, their motives and their tactics. As long as adversaries continue to release and spread viruses on a wide scale anti-virus will not be dead. There are over 10,000 known viruses and an average of 200 new viruses discovered every month. Having a protective layer that checks for viruses, spyware and other malicious code is still important. Does it stop everything we’d like it to? Unfortunately the answer to that question as well is ‘no’.
Anti-virus doesn’t provide as much protection as it used to because a new type of adversary is creating malware that can’t be caught by traditional anti-virus. The methods anti-virus uses to detect viruses is well known and attacks have evolved to circumvent the defences in place. We need to do more – not less and anti-virus does its job, there are just other jobs to be done too.