Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
Diminishing Efficiency of Business Anti-virus?
Google Security Master Labels Anti-virus Apps As Inefficient ‘Magic’.
At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Charged with examination of highly advanced attacks, including the 2009 Operation Aurora campaign, Bilby lumped enterprise anti-virus into a collection of inadequate tools set up to tick a compliance check box, but at the expense of genuine security:
We have to stop buying those things we have actually revealed do not work… Anti-virus does some beneficial things, but in reality, it is more like a canary in a coal mine. It is even worse than that. It’s like we are standing around the dead canary saying ‘Thank god it inhaled all the toxic gas.
Google security masters aren’t the first to weigh in against business antivirus, or to draw uncomplimentary analogies, in this case to a dead canary.
Another highly knowledgeable security group, FireEye Mandiant, likened static defenses such as enterprise antivirus to that infamously stopped working World War II defense, the Maginot Line:
Like the Maginot Line, today’s cyber defenses are fast ending up being a relic in today’s danger landscape. Organizations invest billions of dollars each year on IT security. But assailants are quickly outflanking these defenses with smart, fast moving attacks.
An example of this was offered by a Cisco managed security services executive presented at a conference in Poland. Their group had found anomalous activity on among their enterprise customer’s networks, and reported the presumed server compromise to the client. To the Cisco group’s wonder, the client merely ran an antivirus scan on the server, found no detections, and positioned it back into service. Horrified, the Cisco team conferenced in the client to their monitoring console and had the ability to reveal the assailant conducting a live remote session at that very moment, complete with typing mistakes and reissue of commands to the compromised server. Finally convinced, the customer took the server down and totally re-imaged it – the enterprise antivirus had been a futile distraction – it had actually not served the customer and it had not discouraged the attacker.
So Is It Time to Get Rid Of Enterprise Anti-virus Now?
I am not yet ready to declare an end to the age of organization anti-virus. But I understand that companies have to buy detection and response capabilities to complement conventional anti-virus. But significantly I wonder who is complementing whom.
Knowledgeable targeted cyber attackers will always successfully avert anti-virus defenses, so versus your greatest cyber risks, organization anti-virus is basically worthless. As Darren Bilby stated, it does do some useful things, however it does not provide the endpoint defense you require. So, don’t let it sidetrack you from the greatest top priority cyber-security financial investments, and don’t let it sidetrack you from security measures that do essentially help.
Shown cyber defense measures include:
Setup hardening of networks and endpoints.
Identity management with strong authentication.
Constant network and endpoint tracking, constant watchfulness.
Strong file encryption and data security.
Personnel training and education.
Continual hazard re-assessment, penetration testing, red/blue teaming.
In contrast to Bilby’s criticism of organization antivirus, none of the above bullets are ‘magic’. They are just the continuous effort of sufficient business cyber-security.