Home / Blog / General / How antivirus works: the problem with traditional AV

May 21, 2019

Sponsored content

You have no doubt received marketing emails and seen advertisements advising you that it’s time to ditch your legacy antivirus (AV) for Endpoint Protection (EPP).

» But what’s the difference between the two?

While we all have experienced antivirus – particularly blocking malware in emails. Endpoint Protection refers to the cyber security measures implemented to mitigate the holistic risks to those endpoint devices.

» So, what’s wrong with legacy AV?

How antivirus works: the problem with traditional AV
Traditional AV isn’t built to cope with modern cyber threats

Antivirus software is designed to protect networks from cyber security threats. It does this by recognising ‘known’ malware signatures, identifying threats and flagging them accordingly.

Thus your antivirus will warn against accessing insecure websites, reject emails it believes to be dangerous, or block you from opening documents that appear to be infected.

The AV is programmed with a database of malware signatures known to be malicious and will generally be updated with new threat listings as they become known.

But herein lies the major problem with traditional AV – Antivirus relies entirely on what is known. The reality is, once a malware signature becomes known, attackers will stop using it – and then that listing is effectively useless.

Legacy AV only works with file-based malware

These programs are designed to inspect every file on your system – a time-consuming job, which is why full system virus scans can be such a tedious task.

Unfortunately, this type of scan is no longer relevant.
More than three quarters of all modern cyber attacks are file-less.

Finally, another unpopular aspect of traditional AV software is its tendency to generate report after report after report – each of which requires the eye of a cyber security professional who could probably be putting their time to better use.

In summary, your old school AV software is looking in the wrong place for malware that is no longer in use. How exactly is it supposed to protect your system?

Behaviour-based monitoring – more flexible, more effective

The sad truth is, cyber criminals have been up-skilling faster than traditional AV can handle.

The cyber attacks you read about in the news are not likely to be the result of some CEO opening a dodgy attachment in a spam email from some widowed billionaire. Security threats have become smarter, stealthier and deadlier than ever – which is why Endpoint Protection is so desperately needed.

Traditional Antivirus vs. Endpoint Protection

The next generation of antivirus software – sometimes called NGAV or NGEP (next generation endpoint protection) – has done away with the database of signatures. It doesn’t work on the assumption that every virus coming your way has been seen somewhere before, or that every attack will be file-based, in fact…

Rather than relying on a database of signatures, Endpoint Protection identifies malicious behaviour, and looks at every cyber event in context to determine whether a behaviour should be flagged as suspicious.

In practice, this means that Endpoint Protection delivers a proactive security control. It deals with threats almost autonomously and pushes out updates automatically, saving your entire business time – time that could be better spent on more lucrative activities.

Further reading: The difference between Endpoint Protection and Traditional Antivirus

In the past – and in many cases still today – AV gave users a feeling of total security, without actually delivering on that feeling.

More than half of enterprises that suffered a ransomware attack in 2017 blamed their legacy antivirus solution for failing to protect them.

Endpoint Protection is a more effective approach

Security professionals acknowledge that no program or strategy is bulletproof – hackers are highly motivated, don’t work the 9 to 5 and seem to have unlimited resources to find the tiniest fissures they can turn into cracks.

With nearly 1 million new types of malware released – a day – it is especially important to select the smartest solution to protect your endpoints. And all the time saved on running scans and updates and reading reports can be put to better use developing a strong cyber security strategy.

SentinelOne logo

About SentinelOne

› Autonomous Endpoint Protection

SentinelOne’s Endpoint Protection Platform (EPP) provides organisations real-time, unified endpoint protection, unifying prevention, detection and response – in one platform.

SentinelOne EPP leverages advanced machine learning and intelligent automation to prevent and detect attacks across all major vectors, with rapid elimination of threats, fully automated policy-driven response, and complete visibility into the endpoint with real-time forensics.

› Certified AV replacement

The independent anti-virus research institute (AV-TEST) has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats – the only next generation endpoint protection vendor to obtain this certification on both platforms.

Related articles:

About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.