With all the focus on cybersecurity awareness and education, a question that often surfaces is, “Why isn’t my anti-virus protecting me from these threats?”
The answer is that anti-virus is still one element of network security for business, but it is no longer enough on its own. It does help block certain types of threats, but not all of them.
To understand why, let’s first review how anti-virus works.
How Anti-Virus Works
Anti-virus is still effective at protecting against common, commoditized malware. To do its job, anti-virus software looks for either a signature or heuristic that is known to be malicious. During that process, the software is analyzing various characteristics of a file to determine if it’s a match. It then flags that signature and programs the “anti-virus” that will block it.
You can think of it as using the FBI’s Most Wanted list (or any list of known criminals) to spot the bad guys. For example, if someone matching the description of a known bank robber walks into a bank, the branch personnel can look at the list, see the photo, and confirm that this is a threat. And then they can act accordingly.
But what happens when a criminal who isn’t on that list walks in?
The answer, of course, is that most likely nothing happens to prevent a robbery – at least based on facial recognition alone - because the tellers or security personnel had no description to match him to (i.e. he's not in the database), and therefore, no time to take action and potentially prevent a crime.
Anti-virus is the same thing. The software gets (and constantly updates) the cyber version of the “most wanted” list and matches that to what’s trying to get into your network. That’s why it can still block mass-produced, commoditized malware – because as an existing threat, the signature is known.
At this point, you’re probably putting it together that the threats that sneak past your anti-virus software are somehow stealthier, because they haven’t yet been flagged as malicious. And you would be exactly right about that.
It's the inherent flaw that leaves us perpetually one step behind the hackers. Signature-based anti-virus can’t block what it doesn’t recognize as a threat, even when it is one. (Even the threats that AV software does block were at one point undetected and caused some infections, because unfortunately that is the only way they get flagged.)
Naturally, this loophole is not lost on the bad guys of cyberspace either. And so, the fundamental shift in the threat landscape is the move towards unique or undetectable signatures that cannot be catalogued quickly and therefore blacklisted and then blocked by ant-virus software based on signature alone.
Today's Cyber Threats
Cyber criminals are smart, and once anti-virus proved effective and coming up with defenses against static signatures, they looked for ways around the anti-virus fences blocking out their phishing attempts and other types of attacks. Unfortunately for your business network, they’ve figured out how to do just that.
New Viruses Every Day
One way they’re accomplishing this is by simply releasing new viruses every day. Anti-virus software can’t block what it doesn’t know about, and if it’s new and hasn’t yet been flagged, then that means anti-virus isn’t going to be fully effective against it.
And when we say new, we mean an estimated 390,000 new malicious programs every single day.
Anti-virus vendors are doing their best to keep up, but that's a lot of new and without time to understand a virus and program an antidote to it, it cannot block it. This flood of new viruses has very effectively overwhelmed the anti-virus vendors, allowing for successful attacks against at least a few organizations before the signature is matched and the software is updated.
The Creation of Polymorphic Malware
The next evolution of malware is that it’s now polymorphic. That means that the signature constantly changes or morphs, making it that much more difficult for anti-virus and anti-malware programs to detect. These mutations can occur in a number of ways, including file name changes, compression or encryption with variable keys.
According to the cybersecurity experts at Webroot, about 97% of today’s threats are now polymorphic. There are other viruses deployed through phishing that are known to include a single, unique URL for each individual attack.
And this ability to dynamically change the signature, deploying unique signatures for every attack, is the biggest reason that anti-virus alone is no longer enough. These unique threats continue to evade detection by traditional anti-virus alone.
A Layered Approach to Network Security is Your Best Defense
The bottom line is that in today’s threat landscape, anti-virus alone is no longer enough. You need it, but you also need other layers of protection as well in order to fully protect your business network, including making awareness of these increasing risks and how to prevent an attack part of your business culture.
No one single approach or program can adequately protect your network anymore – the threats are too numerous, and the variants too great for any one method to fully protect your business.
This means that a modern network security approach will include firewalls, anti-virus, anti-malware, patch management, systems monitoring and just as important, end-user education programs. By training your staff on how to spot certain behaviors and characteristics of attacks, you boost your defenses significantly.
And your last resort against today’s cyber threats? Plan for WHEN (not if) you get attacked and design a modern data backups solution (and don’t forget to test it on a regular basis), along with a plan to quickly recover and restore your business data, should you fall victim to a cyberattack.
Want more great technology and network security information and alerts delivered right to your inbox each week? Sign up for our blog and never miss a thing!
Corsica Tech is a world-class managed IT provider specializing in providing modern network security solutions for business. Request a call from our Account Management team today and learn more about how our managed IT and network security solutions can help protect the heart of your business.