Malware and cyber attacks are a fact of life. Every organization and individual needs to have solutions in place to guard against exploits and compromise. Tools like firewalls and antivirus protection are the default basics, but it’s important to recognize they are just that—basic. Traditional cybersecurity tools still provide a foundation, but technology and the threat landscape have evolved, which is why effective cybersecurity today requires you to go beyond the protection these tools can provide.
Traditional Antivirus Protection Is Not Enough
My career in cybersecurity began with antivirus protection. I was working with Windows Server systems and had just achieved my MCSE (Microsoft Certified Systems Engineer) certification, and I was recruited to join a new team that was being formed to provide managed antivirus protection for enterprise customers. I did not have a security background at the time, but the manager wanted someone with deep Windows expertise on the team.
We operated on the premise that the antivirus protection was only as good as its most recent signature update. One of the primary functions of our team was to ensure that signature files were tested and deployed as efficiently as possible.
That was many years ago. Since then, the number of vulnerable devices connected to the internet has increased by an order of magnitude or three, network connections have gotten faster, and malware has grown exponentially. According to AV-Test, there were about 47 million new malware or potentially unwanted applications (PUA) discovered in 2010. That number is projected to be 982 million in 2019—more than 20 times the volume of threats in less than 10 years.
It’s just not feasible to expect antivirus to keep up. Even if it could, I’ve been saying for years that the signature model is impractical and unsustainable. With roughly 350,000 new malicious programs discovered every day, and hundreds of millions of new threats every year, your antivirus signatures are outdated before you even apply them. It’s also not practical to compare every piece of unknown code against a database of billions of signatures that have been developed over time.
Even if it could, signatures only protect you from known threats. A malware sample has to first be discovered and reverse-engineered to develop the associated signature file. Imagine having a system that uses facial recognition to allow or deny access to a building, but it only rejects individuals that match faces in a database of known criminals. That is better than nothing, but it won’t protect you from the woman who hasn’t yet committed a crime, or the guy who is a career criminal, but he’s been good enough to not get caught.
PIE: Platform, Intelligence, Experts
Firewalls and basic antivirus protection are still necessary to some extent. They’re still table stakes required as a foundation for cybersecurity. Many of the threats today, however, are capable of bypassing or circumventing those defenses. Organizations that have invested significant sums in firewalls, antivirus protection, and other traditional cybersecurity tools still find themselves victims or phishing, ransomware, cryptojacking, and other cyber attacks.
The answer is not to throw more money at the problem, or buy the cybersecurity “silver bullet” du jour. The answer is to ensure you have comprehensive cybersecurity that the right suite of tools, combined with intelligence on emerging threats and techniques, and the knowledge and expertise to recognize false positives and prioritize security events to protect the most important assets and minimize the impact of cyber attacks.
That can be easier said than done, and it can be costly to try and do it all alone. Most organizations will get better cybersecurity peace of mind with less cost by working with Alert Logic. We provide comprehensive protection and 24/7 monitoring by professional analysts so you can sleep soundly, confident that the security of your networks and data are not dependent solely on whether or not your antivirus protection has the right signatures in place to detect the next threat.