Experiencing a Breach?

What’s Wrong with the Enterprise Antivirus Industry?

Imagine buying a product that didn’t live up to its claims, or worse, one that caused serious damage. No one would make such a purchase intentionally. Yet, companies around the world buy a software product that not only doesn’t do what it says it will do, it could actually make them more vulnerable.

The software in question is enterprise antivirus solutions. Antivirus software claims to protect users against thousands of threats, although that isn’t the case. Recently, Google security researcher Tavis Ormandy announced he’d found numerous vulnerabilities in Symantec’s suite of antivirus products, which affects the company’s 17 enterprise products. These vulnerabilities put companies at risk of a variety of cyber-attacks.

How Did Things Get to Be So Bad?

To understand how we got here, you need to understand some important things about the antivirus software industry.

First, it’s been around for almost 30 years, and though it’s debatable who really developed the first true antivirus, they all had something in common – they were looking for a known virus or type of malware, and they used “heuristics” (aka signatures) to detect them. Decades later, very little has changed, but new malware samples are totaling 390,000 a day (AV-Test.org), and antivirus vendors are collecting data from millions of sources to discover new variants.

In order to make themselves stand out from the competition, antivirus software developers hire independent testing labs to provide impartial analysis on the quality of their products. The problem is that these tests have become the gold standard in the enterprise antivirus solution industry. So, companies create software that will pass tests.

That approach is flawed, though. These tests are based on how many viruses a software program can detect. That sounds like a good thing, right? Wrong – not all threats are prevalent and not all viruses will actually harm users. Moreover, antivirus software frequently can’t catch zero day attacks (vulnerabilities that no one else has detected yet, and for which there aren’t any patches). The majority of the enterprise antivirus software on the market relies on signature-based techniques, meaning that the program must have some prior knowledge of the threat in order to detect it. Hackers understand how weak antivirus software is, and have come up with ways to cheat the system.

The biggest loser in this situation is the enterprise. Flaws in antivirus software enable hackers to perpetrate attacks on organizations. These kinds of attacks are less likely to affect consumers for two reasons. Firstly, companies make excellent targets: they’re repositories of a great deal of valuable data, and in many cases, their security is so weak that it could take them days, if not longer, to discover an attack has even taken place. Secondly, attacks on consumers are usually via programs such as Flash Player or Java, which have lots of vulnerabilities that the average person is slow to patch.

What’s the Solution?

The antivirus industry needs to evolve beyond ineffective threat detection that relies on signatures. What it needs is a solution that dynamically analyzes and predicts any threat’s behavior, then responds immediately.

That’s where SentinelOne comes in. It enables users to anticipate malicious behavior across major threat vectors in real-time, eliminate threats with fully automated, integrated response capabilities, and adapt your defenses against the most sophisticated and advanced cyber-attacks.

To learn which forms of endpoint protection will best defend your organization against threats, check out our white paper, “Next Generation Endpoint Protection Buyer’s Guide.” You’ll learn about what next generation endpoint protection is, how it keeps you safe against threats, and how to evaluate next generation endpoint protection solutions.