Why anti-virus alone is no silver bullet

February 4, 2014 • Security, Southern Africa

Security service experts have explained why anti-virus alone simply cannot measure up to the complexity of today's cyber threats. (Image source:

Security service experts have explained why anti-virus alone simply cannot measure up to the complexity of today’s cyber threats. (Image source:

The high profile hacks that have flooded the news over the last year have shown that traditional security measures are no longer a match for the complex threats of today. Any business that relies only on anti-virus (AV) to secure its systems and endpoints is a sitting duck.

AV is not a silver bullet. While it is still a must-have, and is great for preventing known threats through its database of digital signatures, the sophisticated threats of today write code that would never have been used before, and therefore no AV product would be effective.

“It’s like bringing a water pistol to a gun fight,” says Jayson O’Reilly, director of sales and innovation at DRS. “A combined approach is needed. Advanced threats will evade signature-based AV like a hot knife through butter. Most anti-malware products today feature not only signature-based components, but heuristic and behavioural components too, aimed at picking up on any anomalous behaviour.”

However, he says even with these elements, AV is insufficient. “It is easy for a hacker to find out whether or not his malware will be detected by these products. It’s as simple as running the threat on his own machine that has the AV installed. If the malware is detected, he can easily amend the code until it is not.”

AV still has a role to play. It can detect known threats, pinpoint suspicious behaviour, and see whether a file has been blacklisted. “On its own, though, it is not enough. A combined or layered approach to security is the most effective way to discourage cyber crooks from seeing your organisation as their next pay day.”

He cites encryption as being a very effective extra measure. “Encryption is the process of encoding data to ensure it can only be read by authorised parties. While it cannot prevent a company from being hacked, it can ensure that the hackers can’t read any of the encrypted data, rendering the data pretty much useless to them. Essentially, the data is encrypted by using an algorithm, and converted to ciphertext. Authorised parties will have the decryption algorithm, and will be able to turn the ciphertext back into readable information.”

According to O’Reilly, data leakage prevention (DLP) is another valuable weapon in the fight against cyber crime. “DLP solutions are designed to detect potential data breach or data ex-filtration transmissions. The solutions also prevent sensitive data from leaving the organisation by monitoring and detecting this information while it is being used, moved around, or stored. Too often sensitive data is leaked to unauthorised users, either by mistake, or through malicious activity, and DLP prevents this from happening.”

He says organisations should also consider using password managers. “Password manager software helps businesses organise their PIN codes and passwords, particularly useful in a world where each individual has to remember too many passwords in order to access their accounts, programmes, profiles and suchlike. Typically, password managers have their own database or file that contains the encrypted password data that allows for secure logon onto PCs, networks, application data files, and Web sites. Often, password managers work as form fillers, filling in user and password data automatically onto forms.”

In addition, O’Reilly says to ensure that all operating systems and application software is kept up-to-date, and regularly patched. “Cyber criminals are notorious for exploiting vulnerabilities in operating systems and application software. Once they have found a vulnerability, they will use it to gain access to the network. The only way to prevent this is to stay one step ahead, and make sure that these are updated at soon as an update or patch is released. Update management software regularly runs an inventory of all a businesses’ software and installs updates and patches as soon as possible.”

Finally, he says education is key. “Educating employees about social engineering and phishing tricks, is possibly the best way to reduce the likelihood of a breach. If cyber criminals are determined enough, it is more than likely that they will eventually succeed. However, like most criminals they go for the low hanging fruit, and will look for an easier target. Adding as many security layers as possible will go a long way towards preventing your company from being seen as one.”

* Image source: Shutterstock

Staff Writer



Comments are closed.

« »