This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Debate: Anti-virus is dead

Share this article:
Amichai Shulman and Sarb Sembhi

Pro: Amichai Shulman, CTO of Imperva

I think that the main reason that AV is dead is that it does not fit in the threat landscape of today.
On the one hand, there is the technological issue of attackers being able to generate new malware samples with incredible speed. In that kind of environment, looking for signatures is useless.

The other side of it is the change in IT landscape. When you rely on AV you assume that you have control over the machines that access the network.  But with the modern environment, and the BYOD trend, you don't have that control over the devices accessing your systems and data sources.

When viruses and malware started you had a small group of people able to generate malware and action malware, and propagation from one computer to another was done by replicating internally.

But hackers have introduced polymorphism, which takes a single sample and repackages it. Initially, it was client side polymorphism so the virus came with code that was able to generate new variations of the same virus. What AV would do would be to find that replication code.

Today, polymorphism happens on the server side and attackers almost never rely on internal replication, they just rely on infecting as many people in the same organisation using a large campaign, like water holing, phishing, or drive-by downloads

You need to think where to use AV and where not to use AV. You also need to rethink the value of AV as a security tool, and as a consequence, rethink your budget.

Anti: Sarb Sembhi, Director of Consulting Services at Incoming Thought

Is it dead? Surely if that were true Symantec would stop selling the product altogether.

For organisations that have plenty of controls in place AV will be one or two additional controls - if they host and network / border AV. However in environments where AV is the only control, it's not dead as there is no other security. It's the only control they've got so it's a vital element of their security armour.

It's the same if you look at personal users – for some AV is one of many controls, for others it is the only control, and yet there will be that last group who don't even use AV and will end up with their devices forming the basis of botnets around the world.

It's a given to say that AV products that rely only on signature-based detection are dying, but most AV companies have been using other technologies, like behavioural analytics to monitor what's going on. I believe that all large anti-virus companies will rise to the challenge or go out of business.

I can't see any big companies giving up AV just because a few people have said it's dead. There is endpoint and network antivirus and each one offers something different. It's only dead if no-one is using it.

I would challenge any large corporation to stop using AV completely as it does protect end users and provide some level of protection. The value may have diminished but it hasn't diminished completely.

As long as AV is considered as one of many tools to check off the risks, then that's OK, as it's just one of the many types of controls available.


Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...