Anti-virus Evolving, But Here To Stay

Perhaps more than any other security solution, anti-virus has been considered one of the true security basics that organizations can’t do without. However, in recent years, anti-virus’ role as a security cornerstone has been challenged by an eruption of increasingly advanced threats renowned for their ability to deftly evade detection mechanisms.

But will a rapidly evolving threat landscape be enough to boot anti-virus solutions into extinction? Probably not. And while its function in an organization’s security posture may be changing, it’s likely that the channel will continue to offer some kind of anti-virus tucked into their security portfolios for the foreseeable future.

Over the extended holiday weekend, The New York Times featured an article revealing that anti-virus products are falling farther and farther behind in adequately detecting and blocking myriads of new, sophisticated threats. True enough.

The article was based around a study conducted by Redwood, City, Calif.-based security firm Imperva, Inc., which found that initial detection rates in basic anti-virus products manufactured by industry leaders such as Symantec Corp., McAfee, Inc., Microsoft Corp. and Kaspersky Lab ZAO hovered somewhere near 5 percent.

On top of that, it took anti-virus vendors almost a month to update detection mechanisms in their products in order to spot new threats, the Imperva study revealed.

And nowhere was that more apparent than with new and increasingly evasive advanced persistent threats that have recently emerged on the security horizon.

In particular, the Flame virus, a cyberespionage tool discovered by Kaspersky Lab researchers in May, became a tangible symbol that underscored the anti-virus industry’s failure to stay on top of the latest threats and keep users safe.

Upon closer inspection, researchers discovered that the APT known as Flame had been skulking around the threat landscape for around five years, siphoning off sensitive data from critical systems with features that included the ability to stealthily record audio and capture screenshots. And all the while it had also been evading detection by the vast majority of anti-virus products.

Meanwhile, consumers and businesses spent a combined $7.4 billion on antivirus software last year, representing nearly a half of the $17.7 billion of the total spend on security software in 2011, according to Gartner Inc.

Inevitably, the fallout from the anti-virus industry’s shortcomings in general – and the New York Times article in particular — will rest on the shoulders of the channel. And among other things, solution providers will be called upon to talk their customers down off the ledge when it comes to their current and future anti-virus investments.

However, the net-net is that the forecast for anti-virus is not as bleak as it may seem. Here’s why: Anti-virus was never intended to be a cure-all or security threat panacea. In fact, since its inception, it was meant to be a critical piece of a more comprehensive security strategy. Will it ever be able to single-handedly catch high-profile threats such as Flame, Stuxnet and others? No, but it was never supposed to.

Like your basic food groups, anti-virus alone can’t be the only source of nourishment for an organization’s security strategy. That said, anti-virus serves as a critical foundation. Without it, organizations will have gaping holes in the fabric of their security posture that could leave them even more susceptible to looming malicious attacks. In short, they’d be in deep trouble.

Decades ago, when computer viruses were in their infancy and infinitely simpler, anti-virus was intended to be applied in tandem with network firewalls and intrusion prevention solutions.

As threats have become increasingly more sophisticatde and complex, industry experts have extolled the virtues of a layered approach to their security strategy. And those layers have become deeper and more numerous over time.

In 2003, SANS Institute researchers reinforced that at the bare minimum, organizations required e-mail security, gateway and network firewall, and Web filters, as well as numerous endpoint and desktop solutions. That also included relying upon multiple antivirus products to cover all of your bases.

Flash forward to 2011, and that layered approach includes robust patch management, application whitelisting, intrusion detection and data protection technologies such as encryption and even data loss prevention (DLP).

And looking ahead to 2013 and beyond, that layered concept will likely incorporate various forms of security intelligence,  threat analytics, and advanced detection solutions.

Anti-virus, however, is always a crucial ingredient baked into a larger security pie.

Meanwhile, anti-virus products are being updated to proactively detect threats, now incorporating a variety of behavioral and reputation based technologies, while leveraging the cloud and other new platforms as a delivery mechanism.

For solution providers, anti-virus by itself has long since become commoditized — its time as as profitable standalone come and gone. However, almost every solution provider will continue to carry some form of anti-virus in their portfolio, used in tandem with their own unique blend of security solutions and services.

Ultimately the resulting combination will be the determining factor in their ability to nab APTs and other emerging threats. But anti-virus will continue to be the common denominator for quite some time to come.

Related Articles:

7 Responses to “Anti-virus Evolving, But Here To Stay”

  • It sounds similar to the armor on military vehicles. The most modern military armor isn’t a single layer of one material only, it is made of several layers of a variety of materials. The layered effect results in far greater protection for far less weight, as different attempts to penetrate it will be stopped when attempting to shift from one layer to the next.

    Anti-virus software is a single layer in the protective armor of a computer, right alongside of other things such as firewalls, spam filters, server pro software, and even just awareness on the part of the user. You need the whole package for it to work.

  • The Antivirus has been a good solution. Consumes a lot of memory and processing and does not protect. Is always adding a new “technology” and still misses more than 50% of the threats “in the wild”. A new approach is needed.

  • Comodo antivirus coupled with firewall works awesomely to overcome these kind of problems.

    • craig kensek:

      The thing with Comodo is that you don’t seem them being tested by AV-comparatives or AV-test. When you go to Virus Bulletin, they’ve failed to receive a VB100 award in 7 out of the last 8 tests they’ve been in.

  • SK:

    Thanks! Nice Post. In today’s era where computers cannot go without an antivirus as it safeguards from a wide range of threats. I make use of Immunet antivirus software to protect my PC against threats and spyware.

  • craig kensek:

    Without going into detail, “viruses” are only a small portion of the bad things that can attack an individual’s pc or a company’s network. Hence the large variety of products that sit on the corporate network, whether it’s a firewall, a next generation firewall, protection for an email server, protection for a web gateway, etc. Now there are products designed to help prevent in real time, threats that these other products might miss. Smartphones and tablets have to be protected as well. The whole BYOD (Bring Your Own Device) to work issue is taking up a lot of conversation. Advanced Persistent Threats are worth a whole separate conversation, since they’re meant to be stealthy and gather information over a long period of time.

    On the consumer side, malware vendors know that viruses represent a small portion of the threats. When home users download a free version of AV, for example, they’re immediately offered some kind of upsell to an advanced AV package or an internet security packag. They’re told that the the free SW doesn’t protect against, infected files being downloaded, infected instant messages, infected email, protect personal data, or help shield you while browsing the internet.

  • Andrew:

    This is why they always say to use common sense when surfin the internet. Even though I have an antivirus (Unthreat Antivirus) I never download things from I source I don’t recognize or with a weird file name.

Leave a Reply