In 2014, an executive from Symantec was interviewed by the New York Times and said that antivirus is 51 per cent effective. To cybersecurity professionals, this was not a big surprise: those in charge of keeping our networks safe were already acting under the assumption that anti virus would not help them out on a rainy day. For the rest, it was an amazing statement coming from the antivirus company who had over 25 per cent of the market share. It begs the question, if legacy AV is so ineffective, why stick with it and what’s the alternative?
In this post, we outline 7 reasons why CISOs and business leaders are moving away from the obsolete model of legacy AV and choosing more effective solutions.
A better alternative to legacy AV
Unlike traditional AV, next-generation AV (NGAV) identifies malicious activity using a system-centred, technical approach that examines every process on an endpoint. This allows next-gen AV to proactively detect and block the tools and tactics hackers use to gain entry. While traditional AV is focused on detecting malware at the endpoint alone, NGAV addresses a larger range of modern threat scenarios including fileless and ransomware attacks. By looking at the whole context rather than just isolated incidents, next-gen AV offers a more effective means of recognising and deterring unknown malware and sophisticated attacks. This rich contextual information allows NGAV to understand the cause of the attack and thus prevent future ones. Rapid deployment and cloud access are also key features of next-gen AV. It offers increased endpoint detection, better response capabilities, and a greater number of preventative measures. In many cases, it can entirely replace traditional endpoint protection products.
Focus on behaviour, not identity
The key is to prevent anything that can be prevented pre-execution and to deal with what cannot by looking at the behaviour of processes executing on the endpoint. This is effective because, despite the large and increasing number of malware variants, they operate in very similar ways. The number of malware behaviours is considerably smaller than the number of ways a malicious file might look, making this approach suitable for prevention and detection.
With more effective technologies now available, enterprise customers need to consider the following benefits of moving away from legacy AV:
1. Reduce Operational Costs
It is hard to measure the overall cost of running outdated technology that may make you vulnerable to cyber threats. NSS Labs is recognised globally as the most trusted source for independent, fact-based cybersecurity guidance. Every year, they conduct a comparative test with all endpoint security players. NSS Labs identified SentinelOne as having the best overall TCO over a three-year period.
2. Boost Protection
As mentioned before, as early as 2014 legacy AV leaders already openly admitted the limitations of their capabilities. Since then, adversaries have improved their malicious techniques, easily bypassing traditional security products with techniques like fileless malware and PowerShell exploits. Get ahead of the attackers and prevent advanced attacks with next-generation technology.
3. Save Time
Time is a major factor when it comes to your security. The entire concept of dwell time – the time from adversary penetration to detection or mitigation is on average at least 90 days. Meanwhile, your security experts are wasting valuable time collecting evidence of a breach. You want your security team to focus on what matters, not looking for a needle in a haystack.
4. Improve ROI
In the beginning there was just AV. Then, another agent to cover advanced threats. Then an additional agent that can provide visibility. On top of that, another one to report applications from a vulnerability scan. And so it goes on. More agents running in parallel on your endpoint means more performance impact. With a next-gen AV solution, you can block malware, respond to threats, and maintain compliance with just one solution.
5. Make the Software Work For You
A characteristic of legacy AV is that it requires highly-trained staff to operate and interpret. Where are all those alerts coming from and are they connected? Which ones are false positives, and why are people in Marketing complaining they can’t access their computers? Next-gen AV takes the pain out of incident management. Attacks are automatically grouped together and a single alert identifies the threat and reveals the entire attack storyline, right back to the source.
6. Integrate Your Security Solutions
With the security industry as a whole experiencing a sharp cyberskills shortage, an endpoint security solution should integrate with your existing software stack and not create more work for your SOC team or IT administrators. In other words, you want an automated system with a set of rich, native APIs. Providers should offer a full Rest API to support integration with your existing solutions.
7. Reduce Post-Breach Costs
There’s no such thing as the perfect security solution, but post-breach you want to be able to make sense of the attack quickly and easily. An easy-to-use management console that presents the entire attack storyline can help you to quickly close out vulnerabilities and even track down the individuals responsible. The faster you can put things to rights, the lower the financial impact on the enterprise.
Patrice Puichaud, Senior Director, SE, EMEA & APAC, SentinelOne