As technology evolves, it leaves behind a scrap yard of products that are most needed. Electric typewriters, dial-up modems and floppy disks, all of them once an intrinsic part of daily life, are now obsolete relics.

Although we have not yet reached that point, it seems increasingly plausible that traditional antivirus software is also reaching its final years.

Not convinced? Consider these statistics. Already in 2014, the senior vice president of Symantec was certainly not a person he would expect to talk about antivirus software, he declared that the antivirus was “dead” and was effective against less than 50 percent of cyber attacks.

More recently, it has been shown that antivirus product detection rates fall, year after year. IT professionals are also increasingly recognizing the shortcomings inherent in traditional antivirus protection. Sixty-nine percent of the companies surveyed by Ponemon said they do not believe the antivirus provides adequate protection for their systems.

While antivirus software may not be ready for a place in the junkyard next to those dial-up modems, it’s clearly no longer an adequate solution to protect companies from malware.

What went wrong?

In truth, the concept of antivirus software has always been a bit defective. The solutions mainly use a system based on definitions that the software periodically updates to cover new threats.

The two most common and accurate analogies for this process are the “cat and mouse” and “whack-a-mole” games. Antivirus providers are constantly involved in an actual version of these games, rushing updates to protect against new zero-day threats.

Two additional factors complete the image:

The threat landscape has changed dramatically in recent years. Cybercriminals are now as likely to use social engineering to compromise a system as to try to introduce a Trojan horse into a network. Attracting a user to unleash a web-based threat is something antivirus software never really intended to protect.
Even the threats of the “old school” are now much more sophisticated. Hackers create viruses that transform and mutate, and are specifically designed to evade antivirus protection.
It has been many years since antivirus software was only considered sufficient to provide security and peace of mind to IT teams. But it is increasingly clear that any antivirus add-on must be up to the task of dealing with “zero-day” threats and modern social engineering techniques.

A layered approach for the protection of endpoints

Over the years, IT departments have adopted a layered approach in constant evolution to protect endpoints against malware. As threats have increased in sophistication, this has meant adding new layers in response to new hacking methods, such as zero-day threats that traditional antivirus can not detect.

Some of the essential layers of protection used by businesses today include:


Firewalls control data entering and leaving the network and are available in the form of hardware and software, and many companies use both. In the entry address, for example, a firewall can block the ports of hackers trying to penetrate the company’s systems. In the other direction, a firewall can detect unusual output connections. These could indicate malware that has already penetrated the systems of the organization that is trying to connect to a server controlled by a hacker.

Endpoint detection and response (EDR)

EDR systems look for unusual activity in the endpoints, activity that could indicate the presence of malware. While EDR sounds more sophisticated than an antivirus solution, it works similarly by detecting threats based on known malware behaviors stored in a database. As such, these solutions, while offering an additional layer of protection, remain highly vulnerable to “zero-day” attacks or intelligent evolutions of already known malware.

URL filtering

Hackers have long seen the web browser as a point of entry into a target network, but this threat is growing. Newer malware innovations, such as malicious advertising attacks, are constantly linked to long-standing threats, such as Flash and Java vulnerabilities.

The blocking of certain websites is, therefore, seen as a way to reduce the threat


Leave a Reply

Your email address will not be published. Required fields are marked *