February 18, 2019
It’s Friday afternoon. Deadline day. Everyone is dreaming of home, or post-work drinks at the bar. Just a few more hours to go and that last project to complete. But what’s this now? It’s time for the weekly virus scan? There goes your early finish.
In most offices, you know it’s time for the weekly virus scan when:
- There’s a long line at the coffee machine.
- People are spinning their chairs and/or banging their heads on the desk.
- The air is filled with the sounds of furious clicking and keyboard bashing.
- Everyone is scowling at the IT team.
But it’s not just the disappointment of missing Happy Hour. The culprit is your good old traditional AV software.
› Why does antivirus slow down your PC?
In addition to the usual partial scans, traditional AV solutions perform an Endpoint Protection: Why does antivirus slow down your PC?extra complete scan of your hard disk, usually on a Friday afternoon.
This additional scan checks whether any unsafe files have slipped through the surveillance performed by regular monitoring. Every single file on your hard drive is assessed for known threats. You can imagine this might take a while.
This extra scan takes up so many resources that your whole system slows to a snail’s pace.
For a very Zen person, it’s frustrating. If you have a normal level of patience, you’d better remove yourself from the offending device for the sake of your blood pressure.
› Traditional antivirus only recognises known threats
Antivirus software focuses on recognising files that have previously been known to cause damage or files that are poorly listed. But with the threats faced today, this level of protection simply isn’t enough any more. Why?
Attackers are simply smart enough to dress up known threats in new jackets – and of course many of the threats are not known.
› 75% of successful attacks are ‘file-less’
Even more worrying, 75% of all successful cyber attacks last year did not even involve a malicious file. These so-called ‘file-less attacks’ no longer need a file as a delivery mechanism, but can be implanted directly into the device’s memory by something as simple as visiting an infected website.
And worryingly, the majority of antivirus solutions are completely blind to this type of threat, which has naturally become a popular method of attack.
› It’s a poor fit in a VDI environment
You opted for desktop virtualisation because of the greater flexibility and efficiency. Multiple simultaneous sessions are facilitated using as few computing resources as possible.
Unfortunately, this set up does not suit traditional antivirus solutions at all.
Traditional AV solutions depend on a local database of descriptions (file hashes) that tell us which files are good and which are bad. In order to be effective, this database has to be kept up-to-date. Every time you start a new VDI session, this local database is rendered obsolete. It should be updated each time you open a new VDI session, requiring time and resources.
› Next generation endpoint protection
SentinelOne’s ‘next generation’ endpoint security solution recognises suspicious behaviour within applications, rather than solely focusing on detecting infected files, providing protection against both file-based and file-free threats, regardless of whether they have been seen elsewhere before.
True ‘next generation’ endpoint security solutions do not depend on a local databases of good and bad files, so are always up-to-date – even when starting a new VDI session.
› The weekly virus scan is heavily outdated
Why do you even need a weekly scan? Isn’t the antivirus solution checking all the files as they arrive? What more can they detect in this extra scan? And why focus on file-based threats when attackers are moving towards file-less attacks?
It can be tempting to continue with the status quo, but you can be sure that cyber criminals are constantly modifying and improving their tactics, particularly as almost 1 million new malware variants are released every day.
Reclaim your Happy Hour and all the other time lost to traditional antivirus solutions with a next generation endpoint security solution designed for the current cyber security and IT environment.
About SentineOne
› Autonomous Endpoint Protection
SentinelOne’s Endpoint Protection Platform (EPP) provides organisations real-time, unified endpoint protection, unifying prevention, detection and response – in one platform.
SentinelOne EPP leverages advanced machine learning and intelligent automation to prevent and detect attacks across all major vectors, with rapid elimination of threats, fully automated policy-driven response, and complete visibility into the endpoint with real-time forensics.
› Certified AV replacement
The independent anti-virus research institute (AV-TEST) has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats – the only next generation endpoint protection vendor to obtain this certification on both platforms.
Related articles:
- The difference between endpoint protection and traditional antivirus
- What is SIEM? (Part 3): How does SIEM work?
- Infographic: The 8 most common type of cyber attacks
- Type of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house of Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.