July 20, 2016
When an intruder is walking through the front door, it’s no longer wise to spend energy securing the window next to it.
Likewise, if bad agents have switched their tactics from computer viruses to phishing e-mails, Antivirus software is no longer as important. Furthermore, if the viruses are being generated with polymorphism at such a fantastic rate that antivirus companies can never keep up, then suddenly, and without much warning, antivirus software becomes a liability, not an asset.
There are plenty of IT departments that will tell you that antivirus software on all computers is valuable. However, they are wrong. Researchers are finding software problems in the antivirus software itself, leading to what is known as a larger surface area of attack. Instead of protecting computers, these antivirus software solutions aren’t keeping up with modern virus software. More importantly, with the antivirus software operating at a high level of authorization to perform its duties, the antivirus software itself has become a prime target for malware writers.
As if to add insult to injury, software engineers and testers are finding that antivirus software is not written to be as secure as one would hope, leaving vulnerabilities that should have been worked out of the software from the beginning. So it just becomes a big negative.
When you have experienced a software failure due to the interference of antivirus software, the image becomes clear: antivirus software on all computers have become a waste of resources. By all means, maintain antivirus solutions at the corporate network level, but it is wasted on individual machines that are not servers.
If it sounds like this is throwing the baby out with the bathwater, then consider all the walls that antivirus software places in the way of corporate workers doing their work. How much more money needs to be spent on incidental delays to the day-to-day operations, before someone takes notice and realizes that the age of antivirus is at an end.
In the place of antivirus? DevOps, automatically monitoring data flow at all levels of the enterprise, combined with self-repairing system monitors, in-depth data analysis, breach notification, malware activity analysis and notification, and automated monitoring updates to take everything into account and roll it up into a new security solution in real time. That’s the key. Real time. Antivirus can no longer react to malware at the speed at which it is produced, so this is why this new process is necessary.
Backups. Proper backups are what will allow you to resume business after malware has infected your system. Quarantining individual files and “cleaning” a virus is no longer sufficient. Malware has become so insidious, that nothing short of a complete refresh, where the entire system is reloaded and then data is restored from backup, will adequately ensure the security of the system. Backups are what you need when Randomware has encrypted all your data, and you have the choice between paying a ransom and just starting over with fresh installs.
Before one dismisses this entire idea as something that is “someone else’s problem”, consider the problem of lateral infections. If any of your vendors fails to properly implement a new security solution, you leave yourself open to a security process that is not only out-of-date, but one that actually opens the system to more attacks and reduces the ability to work efficiently.