Is AntiVirus Software Enough Protection?

About this video

Released in December 2020, this video explains how traditional AntiVirus (AV) software works, and examines the difference between AV and modern Endpoint Detection and Recovery (EDR) software.

Introduced in the 1980s, traditional antivirus software worked by scanning files and comparing the contents against a library (virus definitions database) of previously identified viruses. These virus definitions databases needed regularly updating, but were always playing catch-up. When a virus pattern was identified, it was blocked/quarantined, preventing it from being run on a particular computer.

As viruses became more sophisticated they became harder to spot, and heuristic detection was introduced to start to match patterns in activity rather than just focus on the contents of files themselves.

At the same time viruses started evolving + mutating, giving rise to the term ‘Zero-Day’, a threat that is so new it hasn’t been seen before and therefore can’t be identified by traditional examination methods alone.

Endpoint Detection & Response (EDR) provides a modern solution to this situation. EDR still examines the content of a given file, but is more interested in seeing how a file behaves.

Does your word document just open in word and show some text, or does it attempt to modify the registry, copy itself to other computers on the network, or connect to the internet to download some files or talk to a command & control server for ransomware purposes?

By closely monitoring what actions a file or process initiates, EDR software offers the ability to block based on suspicious activity, and even to roll-back and un-do any changes that have been applied to a device or filesystem.

Verdict

Traditional AntiVirus does NOT provide enough protection to your business in the current cyber security climate.

Take away actions on this topic are

1. Speak to your IT Support Team (internal or external) to see when they last reviewed / upgraded your antivirus software. Does it protect from Ransomware? Can it monitor and roll-back changes made to the system, or just block suspicious/malicious files
2. Check you’re not just renewing legacy software subscriptions because they keep sending invoices. Is your solution modern, up to date, and fit for purpose?
3. Consider reviewing options from other vendors, whether EDR specific software solutions if your IT is managed in-house, or discussing what protection another IT provider would recommend if you outsource that role within your business.

For more videos in this series, please subscribe to our youtube channel linked below, or visit https://www.netprimates.com/tips

Contact Us if you have any questions on this topic, feedback on how we can improve these videos, or suggestions for future topics you’d like us to cover!