Best Practices, Managed Detection and Response
Sonu Shankar


Debunking Cybersecurity Myths:
Part I—No, Really, Antivirus Is Dead

Working alongside some of the cybersecurity industry’s leading experts at Arctic Wolf, I consistently encounter certain IT security myths that persist among businesses large and small. These myths have consequences: such pervasive misconceptions can significantly impact strategic IT decisions and thereby endanger business operations.

In our six-part “mythbuster” blog series, we’ll debunk some common cybersecurity myths and provide guidance on what businesses can do to ensure their data and infrastructure remain safe. And that blog series begins…now!

Myth #1 – We Have Antivirus Software. That’s All We Need for Cybersecurity!

Remember the buzz about Third Eye Blind’s self-titled debut? Those were the days, right? Well, it’s not 1997 anymore! And while we can still rock out to “Semi-Charmed Life,” other practices from the 90’s don’t have the same place in today’s hyperconnected world. Like antivirus solutions. Here’s why:

Signatures keep changing. Exploits and malware keep evading

While antivirus (AV) technology has improved over the years, the basic approach has remained the same. AV solutions look at file downloads, email attachments, files from removable media, and other sources for patterns of recognizable characters called “signatures.” Malicious files map to unique signatures that allow antivirus solutions to detect them.

Unfortunately, based on Ponemon Research, in 2017 81% of businesses experienced an increase over the prior year in exploits and malware evading their AV solutions. How? Malware authors make small changes to their code and then recompile, repack, and re-encrypt the files. The malware now maps to a new signature, rendering the antivirus useless.

Cyberattacks are way more sophisticated now

Cybercriminals are now more sophisticated, capable of exploiting weaknesses with previously unseen speed and scale. Advanced exploits now traverse the Internet at a rate nobody ever imagined was possible and antivirus vendors are unable to update their signatures quickly enough.

But there’s more. What about “fileless” attacks? Reverse PowerShell attacks? Keyloggers? Adware? Ransomware? Attacks are just way more sophisticated now and it’s no longer about protecting against a “computer virus” from the 90’s.

Because, lateral movement

That’s just endpoints and malware. What about your on-premises infrastructure? Or your SaaS applications in the cloud?

Attackers often move laterally within enterprise environments, attacking low-priority assets first and establishing a beachhead before compromising adjacent, higher-value systems. Countering such attack techniques by relying on prevention-based technologies, such as AV solutions, only sets yourself up for failure.

The Reality

There is no single panacea that ensures cybersafety. There are no shortcuts. Detecting threats across today’s attack landscape requires a centralized approach to continuously monitor and correlate events across data centers and servers, user and admin login activity, SaaS applications, cloud workloads, endpoints, email systems, and more. But effectively implementing this approach requires building and operating a security operations center (SOC).

The cost of a SOC is well beyond the budget of most businesses. Fortunately, with SOC-as-a-service, the balance of power in the cybersecurity battles is slowly shifting away from cybercriminals and back to small and midsize enterprises.

Sadly, the antivirus myth is not the only one that persists in IT security today. In our next installment, we will get into some of the misconceptions that continue to circulate in businesses that leverage SaaS applications.