FEATURE
battle in the ever-escalating cyberwar.
Instead, focus your security investment
on understanding the normal user
behaviours within your organisation, so
that you can more easily and rapidly spot
the abnormal behaviours of threat actors.
Without comprehensive log data and
UEBA, manual cybersecurity tactics
are unable to correlate the critical
information needed to identify a
credential-based attack that can cripple
your organisation.
HOW RELIABLE ARE ANTI-
VIRUS PROGRAMS?
MOREY HABER, CHIEF TECHNOLOGY
OFFICER AND CHIEF INFORMATION
SECURITY OFFICER AT BEYONDTRUST
Cybersecurity has always been akin to a
game of ‘king of the mountain’.
control and have even seen Artificial
Intelligence be blended into antivirus
products (malware protection solutions)
to combat modern threats.
Hackers and malware try to find a way to
execute malicious intent and the ‘good
guys’ try to find a way to protect against
their evil antics. Sometimes the malware
wins and sometimes the protection
strategy wins.
It is a give and take battle that is always
looking for a winner but in the end
appears to be a great big stalemate.
Recently, however, many of the tools we
use for protection have been the victims
themselves of an attack.
The truth of the matter is that even the
best protection solutions are designed,
coded and implemented by humans.
Human beings make mistakes. That’s
one of the traits of being human, right?
Nobody is perfect.
Unfortunately, the ‘bad guys’ discover
these mistakes and leverage them
against our own assets and make things
work in their favour. The question then
becomes, ‘is this technology relevant
and still helpful?’.
The answer is absolutely and
unequivocally ‘yes’. Just because a virus
is old, or an attack has not been seen in
50
Morey Haber, Chief Technology Officer
and Chief Information Security Officer
at BeyondTrust
a while, does not make them unimportant
or ineffective.
There are hundreds of thousands of
legacy malware signatures roaming the
Internet, file systems and stored in attack
toolkits that can be effective against
an older system or one not properly
protected against basic threats.
Antivirus programs are very relevant to
protect against the threats of the past
but candidly the traditional models for
vulnerability signatures have already lost
the ‘king of the mountain’ game.
Antivirus security companies recognise
this problem and evolved their products
to do more than just signatures. We
have seen advancements in sandboxing,
heuristics, Machine Learning, application
They are not branded antivirus anymore
either. They have adopted more strategic
names like Endpoint Protection Platform
and Advanced Threat Protection to
distinguish themselves from old school
antivirus technology.
In reality, they are still written by people
and people make mistakes. It is just a
matter of time before a flaw is found in
one of these new systems that will draw
us back to the same conversation we are
having now.
So, how do you get the best protection
available despite these flaws and
advancements? It is not just about
one antimalware program but rather a
few basic steps in addition to a good
endpoint product that will keep you safe.
Antivirus programs are not dead.
They are evolving to address modern
threats even though the technologies
themselves may have inherent flaws.
Vendors can and will fix them, it is in
their best interest to do so. After all,
they are just companies run by homo
sapiens, too. u
Issue 14
|
www.intelligentciso.com