The tide is shifting when it comes to replacing legacy antivirus. Five years ago, maybe 10 percent of organisations said they were ready to replace it. Today, that number is about 80 or 90 percent. A big part of the desire to shift has to do with the evolving attack landscape – specifically the increase seen in non-malware attacks.
Recent research from Carbon Black’s found confidence levels in legacy AV’s ability to prevent non-malware attacks to be low.
The research was based on interviews with 410 security researchers carried out between late December 2016 and early January 2017. Amongst these professionals, a full two-thirds said they were not confident legacy AV could protect an organisation from non-malware attacks such as those seen in the recent WikiLeaks CIA data dump.
And while non-malware attacks continue to take centre stage, commodity malware is still a major problem for many organisations. According to the Verizon DBIR almost half (47%) of breaches are caused by malware.
One of the central issues of legacy AV is the lack of visibility it provides. When researchers were asked “Did your legacy AV miss any malware in 2016?” nearly half (47%) said their AV solution missed malware or they weren’t sure if it had missed any malware during the year.
If you then contrast this with next-generation antivirus (NGAV) the difference becomes stark. A defence system that can provide an effective barrier against both malware and non-malware attacks is of much greater value to organisations who are facing a barrage of evolving threats from attackers determined to cause damage either for prestige and respect or for financial gain.
When we asked the security professionals “What is your organisation doing to bolster security measures against non-malware attacks?” the top answers that came back included turning to next-generation antivirus (NGAV), employee awareness training, increased focused on patching, and limiting / locking down personal device usage as needed.
This shows there is a realisation that NGAV provides a viable and effective alternative to legacy AV. The adoption of new technologies now needs to be taken on by more organisations. As the penalties for breaches increase the pressure is on CISOs and their teams to make sure that security remains watertight. Nobody would suggest that is an easy task by any means. Having the right technology in place though goes a long way towards making the job at least that bit easier.
As I said back in February in my blog post on the Carbon Black website, “by collecting, correlating and analysing endpoint events in real time, streaming prevention [a type of NGAV] can identify and stop an attack while it builds.” This is the key differentiator when compared to legacy AV.
As I also said in that blog, “Streaming prevention offers a fundamentally new approach to identifying and preventing cyberattacks. Current approaches used by legacy AV and machine-learning AV focus exclusively on files and do nothing to target an attacker’s behaviours.”
In contrast to legacy AV and machine-learning AV, streaming prevention monitors the activity of applications and services, including communications between processes, inbound and outbound network traffic, unauthorised requests to run applications, and changes to credentials or permission levels.
It’s clear that legacy AV is not up to the job of providing full, comprehensive protection. As non-malware threats grow, the ability of legacy AV to provide effective defence will diminish ever more. The age of NGAV is here, and it’s here to stay.
By Mike Viscuso, CTO, Carbon Black
