AV Isn’t Dead. It’s Evolving.

by


Since the WSJ report was released, endpoint security solutions have received a lot of media attention. As many have started to ask “Is AV really dead?”, I felt it was a good idea to talk about it from my perspective.

Let’s get this out of the way right off the bat: no, AV is not dead. However, what is dead, and has been for many years now, is the traditional, reactive AV protection approach that uses signature-based detection. Within the security industry, it is common knowledge that this approach to threat prevention doesn’t scale to address the tactics used by today’s cybercriminals.

In the realm of providing defenses from an increasingly sophisticated adversary, endpoint protection has never been more important. The endpoint is the primary point of entry in most corporate compromises. To keep up with modern malware, the methods for discovering and addressing new endpoint threats needs to change. AV isn’t dead; it’s evolving.

From our perspective at Webroot, we recognized the inadequacies of traditional AV many years ago, which is why our current endpoint security products are vastly different from traditional technology. When we released our SecureAnywhere™ product family in 2011, we also discontinued our legacy technology offerings as they represented the traditional signature-based security model, which we could see was nearing obsolescence.

Providing defense against today’s cybercriminal tactics required a complete rethink of how to approach the problem. When it comes to defending against an attack, it is crucial to be able to realize when an attack has occurred. The traditional model was not well equipped to handle massive scale distribution of new malware variants at very low volume. The result is very low detection rates due to a lack of awareness. To successfully defend against this tactic, you need visibility into every application on every endpoint. This is a core component to the success of SecureAnywhere solutions: granularity and actionable insight into applications encountered by every Webroot user worldwide.

Beyond rapidly identifying new incidents, our threat intelligence engine resides in the cloud so there is no need for definition updates. All endpoints are always up to date, and as new threats are identified, all users are protected in real time.

There are many other topics I could discuss – remediation, compromise prevention in the face of an active infection, and the impact on system performance – which have undergone complete rethinks for Webroot SecureAnywhere® solutions. The end result speaks for itself. In the third fiscal quarter in 2014 Webroot added 1.4 million new endpoint customers, increasing the contextual awareness of our intelligence network even further and, thereby, improving our capacity to identify never-before-seen attacks as they emerge. Our bookings from new business grew by nearly 200%, and 5,000 businesses trust Webroot technology to secure their networks and endpoints.

Clearly, AV is not dead. In fact, endpoint security has never been more important! The issue at hand is that we can’t let our technology get stagnant. Organizations need a layered protection approach, as well as cloud-based security technology that is designed to grow, learn and continue to evolve to combat the tactics used by today’s cybercriminals. After all, the malware writers don’t rest. Neither should we.


Tags:



About the Author

Name: Grayson Milbourne


Grayson Milbourne is the Security Intelligence Director for Internet security company Webroot. Over the past nine years Milbourne has worked in various areas of the company, spending the past seven years focused on threat analysis. His areas of security intelligence expertise range from mobile to reversing to automation to cloud security. Grayson is also an avid participant in the security community and drives awareness of current threats by speaking at major events such as RSA and Virus Bulletin. Most recently, Grayson has been focusing on the growth of mobile malware and the risks associated with BYOD. Additionally, he writes and provides technical review for the Webroot blog.


2 comments
Imoyse
Imoyse

We moved from Symantec to Webroot and found a far faster AV platform that hinders users far less and gives a faster boot and scan time,


SocialAntivirus
SocialAntivirus

When I wrote my Webroot Antivirus review, I especially took note that Webroot was tremendously faster Symantec and other antivirus programs. Ridiculously faster. The little foot print that it leaves as well compared to the Norton is drastically smaller as well. Webroot's approach to antivirus is what's making it evolve. I wouldn't recommend anyother - here's my review if anyones interested

Webroot 2014 review: http://antivirussoftwareratings.com/reviews/webroot-secureanywhere-antivirus-2014-software-review/