Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Dwindling Effectiveness of Enterprise Anti-virus?
Google Security Master Labels Antivirus Apps As Inadequate ‘Magic’.
At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Entrusted with investigation of extremely advanced attacks, including the 2009 Operation Aurora project, Bilby lumped business antivirus into a collection of inefficient tools set up to tick a compliance check box, however at the cost of real security:
We have to stop investing in those things we have revealed are not effective… Anti-virus does some helpful things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary stating ‘Thank god it inhaled all the dangerous gas.
Google security experts aren’t the first to weigh in against organization antivirus, or to draw uncomplimentary examples, in this case to a dead canary.
Another highly proficient security group, FireEye Mandiant, compared static defenses such as business anti-virus to that infamously stopped working World War II defense, the Maginot Line:
Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s danger landscape. Organizations invest billions of dollars each year on IT security. But hackers are quickly outflanking these defenses with creative, fast moving attacks.
An example of this was offered by a Cisco managed security services executive speaking at a conference in Poland. Their team had actually identified anomalous activity on one of their business client’s networks, and reported the thought server compromise to the client. To the Cisco group’s awe, the customer just ran an antivirus scan on the server, discovered no detections, and placed it back into service. Horrified, the Cisco group conferenced in the customer to their monitoring console and had the ability to reveal the opponent conducting a live remote session at that very moment, complete with typing mistakes and reissue of commands to the compromised server. Lastly convinced, the client took the server down and completely re-imaged it – the enterprise anti-virus had been an useless interruption – it had actually not served the customer and it had actually not discouraged the opponent.
So Is It Time to Get Rid Of Organization Antivirus Already?
I am not yet ready to declare an end to the age of organization anti-virus. However I understand that organizations need to buy detection and response capabilities to match traditional anti-virus. But progressively I question who is matching whom.
Knowledgeable targeted enemies will always successfully evade anti-virus defenses, so against your biggest cyber threats, enterprise antivirus is basically useless. As Darren Bilby mentioned, it does do some beneficial things, but it does not supply the endpoint defense you require. So, don’t let it distract you from the highest concern cyber-security financial investments, and don’t let it distract you from security measures that do fundamentally assist.
Shown cyber defense procedures include:
Configuration hardening of networks and endpoints.
Identity management with strong authentication.
Constant network and endpoint monitoring, consistent caution.
Strong encryption and data security.
Staff training and education.
Continual risk re-assessment, penetration screening, red/blue teaming.
In contrast to Bilby’s criticism of organization anti-virus, none of the above bullets are ‘magic’. They are merely the continuous hard work of sufficient business cyber-security.