AV protection yesterday, today and tomorrow

Every enterprise has to be compliant to some standard or to some internal/external regulation. One of the most important tools needed to support such activity is Antivirus software. Almost everyone sees Antivirus software as a necessary evil.

In the past, malware was written to delete data from disks, overheat parts of the computer or spam/infect all colleagues around. Speed of spreading was not very efficient and the primary medium for infection transfer were 5,25″/3,5″ disks, CD/DVD, USB and email.

The detection of malware was simple and due to the number of malware attacks, types of attacks and small Antivirus definition was enough to resolve the problem.

As Bob Dylan said „The times they are a changin“. We can still see the growth of malware samples year by year but the method of infection is different.

Past methods of infection are still occuring but now, in addition, these methods include network attacks, social engineering pointing to users and exploits in most popular programs like Java or Adobe Flash player, browsers, etc …

The game changer today is that malware is not designed just to destroy your data but to steal it and use it for blackmail, ransom or any other type of illegal gain.

As the attacks become more sophisticated, the protection needed to counter such attackes has to move forward.

Antivirus is now just a part of the protection suites that are offered by vendors and most of them are targeted to provide a suite of products designed to get as much informations as possible and detect potential threats on each layer of infrastructure.

As we have more and more technologies implemented and connected to close security gaps, the whole enviroment is getting more complex and expensive.

But take a look at the problem from the other side. Let´s do it by whitelisting. These products are the most effective in the static environment where you don´t need or you can´t provide any changes and updates.

These products have been on the market for a long time but implmentation costs were higher in the short term and it was mainly used for the legacy or embedded systems.

Dynamic whitelisting is now much easier to deploy to many more devices, such as laptops and desktops. Nowadays, implementing a Dynamic Model and keeping whitelists up-to-date doesn’t have to be a time consuming and expensive process.

As most companies are using enterprise level deployment tools, they can easily implement this solution into the enviroment and also highly reduce possible risk by internal administration staff.

If you would like to ask for more details and possible ways of implementation, feel free to ask our security experts.

Sources Pictures: McAfee and Sophos

written by Jiri Endrst

Senior McAfee Consultant / Solution Architect

Find out more about this person