Legacy antivirus focused on scanning endpoints for matches against a listing of known virus signatures. This was initially effective but lead to additional concerns. Scans could often take long periods of time and were often taxing on systems resources which leads to performance degradation. Infections could also occur between scans or may go undetected if the signature database was outdated or incomplete.
What is Antivirus Software (AV)?
Defining Antivirus Software
Antivirus software is a set of software tools designed to prevent, identify, and potentially remove malicious programs from running on endpoint systems. Traditional Antivirus Software, also known as Legacy AV, was initially developed as an endpoint security tool to help mitigate the damage that could be accomplished from the outbreak of a computer virus. This occurs by scanning systems to any matches with known virus signatures. Once a virus is detected it can be blocked from execution or even deleted depending upon the Antivirus software used.
Why is Antivirus Software Important?
The proliferation of computer viruses and other malicious software has made the use of antivirus software an essential part of any environment’s defense strategy. Antivirus is often considered the first line of defense, detecting and preventing many commonly seen viruses from infecting your systems. Used in this way, antivirus software then allows your security team to focus on identifying and resolving malicious activity that is generally not caught by such a tool.
How has Antivirus
This led to a redesign in antivirus software, which is incorporated into endpoint protection platforms, aimed at quickly identifying and preventing a larger range of malicious software, or malware. This next generation of antivirus software expanded detection capabilities beyond simple signature scanning and instead made use of new technology such as machine learning, behavioral analytics, and anomaly detection to identify and block malware. Current antivirus software is now able to perform these defensive actions even if a signature of the malware is question is unavailable.
What are the Key Capabilities to look for in an Antivirus Solution?
As the first line of defense for many networks, modern antivirus solutions should include a necessary set of capabilities to ensure endpoint protection.
- First, understand how the solutions detections are achieved. Does the tool rely on traditional signature-based scans that may be incomplete or time consuming, or does it use multiple detection methods for redundancy? Relying on a series of detection methods rather than simple scanning leads to a higher probability that unknown or lesser known malware will be identified.
- Next, identify what options are available when a detection occurs. You should have the ability to customize responses based on the type of detection and the system in which it was found. For instance, can you choose to block potentially malicious executions on some systems, while choosing to only alert on detection for other mission critical systems?
- Finally, does your antivirus solution provide any features associated with searching for, and responding to, threats initially missed by the tool? This could be the ability to customize detection, a set of incident response tools, or advanced forensics data collecting. If these features are lacking, does it allow you to integrate with an Endpoint Detection and Response tool to help respond to threats and further secure your environment?