Since the WSJ report was released, endpoint security solutions have received a lot of media attention. As many have started to ask “Is AV really dead?”, I felt it was a good idea to talk about it from my perspective.

Let’s get this out of the way right off the bat: no, AV is not dead. However, what is dead, and has been for many years now, is the traditional, reactive AV protection approach that uses signature-based detection. Within the security industry, it is common knowledge that this approach to threat prevention doesn’t scale to address the tactics used by today’s cybercriminals.

In the realm of providing defenses from an increasingly sophisticated adversary, endpoint protection has never been more important. The endpoint is the primary point of entry in most corporate compromises. To keep up with modern malware, the methods for discovering and addressing new endpoint threats needs to change. AV isn’t dead; it’s evolving.

From our perspective at Webroot, we recognized the inadequacies of traditional AV many years ago, which is why our current endpoint security products are vastly different from traditional technology. When we released our SecureAnywhere™ product family in 2011, we also discontinued our legacy technology offerings as they represented the traditional signature-based security model, which we could see was nearing obsolescence.

Providing defense against today’s cybercriminal tactics required a complete rethink of how to approach the problem. When it comes to defending against an attack, it is crucial to be able to realize when an attack has occurred. The traditional model was not well equipped to handle massive scale distribution of new malware variants at very low volume. The result is very low detection rates due to a lack of awareness. To successfully defend against this tactic, you need visibility into every application on every endpoint. This is a core component to the success of SecureAnywhere solutions: granularity and actionable insight into applications encountered by every Webroot user worldwide.

Beyond rapidly identifying new incidents, our threat intelligence engine resides in the cloud so there is no need for definition updates. All endpoints are always up to date, and as new threats are identified, all users are protected in real time.

There are many other topics I could discuss – remediation, compromise prevention in the face of an active infection, and the impact on system performance – which have undergone complete rethinks for Webroot SecureAnywhere® solutions. The end result speaks for itself. In the third fiscal quarter in 2014 Webroot added 1.4 million new endpoint customers, increasing the contextual awareness of our intelligence network even further and, thereby, improving our capacity to identify never-before-seen attacks as they emerge. Our bookings from new business grew by nearly 200%, and 5,000 businesses trust Webroot technology to secure their networks and endpoints.

Clearly, AV is not dead. In fact, endpoint security has never been more important! The issue at hand is that we can’t let our technology get stagnant. Organizations need a layered protection approach, as well as cloud-based security technology that is designed to grow, learn and continue to evolve to combat the tactics used by today’s cybercriminals. After all, the malware writers don’t rest. Neither should we.

Grayson Milbourne

About the Author

Grayson Milbourne

Sr. Intelligence Director

Grayson Milbourne is the Security Intelligence Director at Webroot, Inc., part of OpenText Security Solutions, where he has worked for the past 17 years. In his current role, Grayson works to support the Product Management team to ensure Webroot products are effective against today’s most advanced threats.

Share This