Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
Dwindling Efficiency of Enterprise Anti-virus?
Google Security Master Labels Anti-virus Apps As Ineffective ‘Magic’.
At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Charged with examination of extremely sophisticated attacks, including the 2009 Operation Aurora project, Bilby lumped organization antivirus into a collection of inadequate tools installed to tick a compliance check box, however at the cost of real security:
We need to stop purchasing those things we have shown are not effective… Anti-virus does some useful things, but in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are standing around the dead canary stating ‘Thank god it inhaled all the dangerous gas.
Google security experts aren’t the very first to weigh in against organization anti-virus, or to draw unflattering analogies, in this case to a dead canary.
Another highly skilled security team, FireEye Mandiant, compared static defenses such as enterprise anti-virus to that infamously failed World War II defense, the Maginot Line:
Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s threat landscape. Organizations invest billions of dollars every year on IT security. However hackers are quickly outflanking these defenses with clever, fast moving attacks.
An example of this was given by a Cisco managed security services executive presented at a conference in Poland. Their group had spotted anomalous activity on among their organization customer’s networks, and reported the suspected server compromise to the client. To the Cisco group’s amazement, the customer just ran an antivirus scan on the server, discovered no detections, and placed it back into service. Horrified, the Cisco team conferenced in the client to their tracking console and was able to show the cyber attacker conducting a live remote session at that very minute, complete with typing errors and reissue of commands to the compromised server. Lastly convinced, the customer took the server down and completely re-imaged it – the organization anti-virus had actually been an useless distraction – it had not served the customer and it had not discouraged the attacker.
So Is It Time to Ditch Organization Antivirus Now?
I am not yet all set to state an end to the age of organization anti-virus. But I know that businesses have to invest in detection and response capabilities to complement standard anti-virus. However significantly I wonder who is complementing whom.
Knowledgeable targeted cyber attackers will constantly effectively avert antivirus defenses, so versus your greatest cyber dangers, organization antivirus is essentially useless. As Darren Bilby stated, it does do some useful things, however it does not supply the endpoint defense you need. So, don’t let it distract you from the highest top priority cyber-security financial investments, and do not let it distract you from security steps that do fundamentally help.
Proven cyber defense measures include:
Configuration hardening of networks and endpoints.
Identity management with strong authentication.
Constant network and endpoint monitoring, constant alertness.
Strong encryption and data security.
Personnel education and training.
Consistent danger re-assessment, penetration screening, red/blue teaming.
In contrast to Bilby’s criticism of enterprise anti-virus, none of the above bullets are ‘magic’. They are merely the ongoing effort of appropriate business cyber-security.