It's time to reconsider your antivirus solution

Mikkel Planck

Mikkel Planck

Senior Network Security Specialist & Business Unit Manager

August 3, 2020 at 08:55

Traditional antivirus, which focuses primarily on detecting and preventing known malware, is in many cases not equipped to handle the new generation of rapidly evolving cyberthreats. Every organization today should review and consider whether their current antivirus solution is capable of handling the myriad of emerging challenges.

However, with so many options, finding the perfect solution can be difficult. This blog post will help guide you to ask the right questions, so you are able to make an informed decision.

First of all, you should focus on protection and performance – but also time-to-value. How easy is it to implement this solution? This is a critical consideration, since even a solution offering superior performance and protection will be of limited benefit if it takes months to implement.

Secondly an in-depth evaluation of the solution is critical before making a decision. Here are some key elements to ensure you have a thorough and effective evaluation process:

  1. Define your goals.
  2. Use multiple sources of information and different methodologies to get a complete and true picture of the solutions you are reviewing.
  3. Try the products in your own environment to ensure they are a good fit and can deliver on their promises.

How does it perform?

Measuring the efficiency of traditional antivirus used to be a simple process. All you needed was to run a collection of virus samples against the antivirus software and compare the number of samples each solution caught. Today’s complex cyberthreats have made this methodology insufficient because attackers do not always use malware. Many of the breaches are malware-free. The attackers use exploits, credential thefts or tools that are part of an operating system. Before evaluating an endpoint solution, it is a good idea to invest some time and research into the methodology you want to use.

How does it protect?

Here are some key questions that you should consider before you choose a solution:

  • Ability to prevent malware – an endpoint solution should at least block known malware.
  • Ability to prevent unknown malware – it should also be able to prevent unknown malware.
  • Ability to protect beyond malware – we have seen an increase in attacks leveraging existing OS tools and processes.
  • Ability to protect across the entire attack chain – it’s critical to check what the solution can do in case an attack avoids protection.
  • Ability to protect the endpoints wherever they are – the solution should also protect when you’re offline.

Test is crucial

Finally, it’s important to test the solution internally – do not rely only on tests performed by vendors. This is best using scenarios that are realistic and close to everyday situations in your organization. This will help you to evaluate how the chosen solution responds to all phases of an attack.

Need help?

If you need our help to find the right antivirus solution, do not hesitate to ask. We only work with vendors that are leaders within their field.

Case Study

Andy Powell CISO of Maersk, the shipping giant involved in around 20% of the word trade shares his experiences in how to develop a resilient global cyber security organisation across the globe using effective technologies and how making informed cyber security decisions can help avoid a worst case scenario. Watch the recording here.

First of all, you should focus on protection and performance – but also time-to-value. How easy is it to implement this solution? This is a critical consideration, since even a solution offering superior performance and protection will be of limited benefit if it takes months to implement.