Chuck Leaver – Is It Time To Ditch Enterprise Antivirus?

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO

Decreasing Efficiency of Enterprise Antivirus?

Google Security Master Labels Anti-virus Apps As Inadequate ‘Magic’.

At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Tasked with investigation of extremely sophisticated attacks, consisting of the 2009 Operation Aurora campaign, Bilby lumped organization antivirus into a collection of inadequate tools set up to tick a compliance check box, but at the cost of genuine security:

We need to stop purchasing those things we have actually shown are not effective… Antivirus does some useful things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary stating ‘Thank god it breathed in all the poisonous gas.

Google security masters aren’t the very first to weigh in against organization anti-virus, or to draw unflattering analogies, in this case to a dead canary.

Another highly knowledgeable security team, FireEye Mandiant, likened static defenses such as enterprise antivirus to that infamously failed The second world war defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are quick becoming an antique in today’s hazard landscape. Organizations invest billions of dollars every year on IT security. However attackers are easily outflanking these defenses with creative, fast-moving attacks.

An example of this was given by a Cisco managed security services executive presented at a conference in Poland. Their team had found anomalous activity on one of their enterprise client’s networks, and reported the thought server compromise to the client. To the Cisco group’s amazement, the customer just ran an antivirus scan on the server, discovered no detections, and positioned it back into service. Horrified, the Cisco team conferenced in the customer to their tracking console and was able to reveal the enemy performing a live remote session at that very minute, total with typing errors and reissue of commands to the compromised server. Finally persuaded, the client took the server down and fully re-imaged it – the organization antivirus had actually been an useless interruption – it had actually not served the client and it had actually not discouraged the hacker.

So Is It Time to Get Rid Of Enterprise Anti-virus Already?

I am not yet ready to declare an end to the age of business anti-virus. But I understand that companies have to purchase detection and response capabilities to match conventional antivirus. But significantly I question who is complementing whom.

Proficient targeted attackers will constantly effectively avert anti-virus defenses, so versus your biggest cyber threats, enterprise antivirus is essentially useless. As Darren Bilby specified, it does do some useful things, but it does not supply the endpoint defense you require. So, do not let it distract you from the highest concern cyber-security financial investments, and don’t let it distract you from security steps that do basically help.

Proven cyber defense steps consist of:

Configuration hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint tracking, consistent watchfulness.

Strong encryption and data security.

Personnel education and training.

Continuous threat re-assessment, penetration testing, red/blue teaming.

In contrast to Bilby’s criticism of organization antivirus, none of the above bullets are ‘magic’. They are just the ongoing effort of sufficient enterprise cyber-security.

 

 

~leaverchuck1


No Responses Yet to “Chuck Leaver – Is It Time To Ditch Enterprise Antivirus?”

Leave a Reply