As cyber-attacks become increasingly ubiquitous, confidence in traditional detection-based protection such as anti-virus is rapidly declining.
Instead, the industry and companies are leaning towards more preventive solutions rather than removing threats detected on the system.
In Bromium's Enterprise Security Confidence report for 2015, a group of 125 security professionals has been surveyed to discover the state of the cybersecurity industry. The results came in, and they are not looking well.
The fast pace of hacker attacks and data breaches has caused antivirus solutions to lose a great deal of trustworthiness.
The Bromium researchers have discovered that a shocking 92 percent of surveyed professionals are losing confidence in traditional antivirus protection. Antivirus solutions are characterized as not as effective as before. Also, 78 percent of respondents stated that anti-virus could not adequately protect them against attacks.
With the expansion of malware and the amount of damage it can cause, nowadays staying safe is crucial. Using only antivirus protection to secure your PC is no longer safe enough.
Here are the three reasons why antivirus is not enough:
1. Too Many Threats to Defend Against
Typical anti-virus (now usually referred to as anti-malware software) is effective against the majority of known threats.
But, it is less trustworthy when it comes to newly released viruses.
Anti-malware engineers first need to figure out how a virus works. Then they can instruct the software to detect and eliminate a recently identified attack.
New viruses usually infect at least a couple of organizations before anti-virus protection is expertly tailored by the security vendors to stop this newly emerged threat.
The time needed for this process to complete varies from case to case and you become vulnerable for a particular duration anywhere from an hour upon release up to a month.
Malware and virus authors are aware of this.
Knowing that every virus has a limited lifespan before getting caught is why they are regularly writing and releasing new threats.
Early on, antivirus vendors have managed to keep up with the development of new cybersecurity threats.
But over the past couple of years, the explosion of malware has made this virtually impossible.
2. Some Attacks Do No Apparent Damage
The number of threats for mobile devices, social media, and cloud services is increasing.
You are vulnerable even if anti-virus protection were able to detect instantly and stop every new malware targeting your computer.
Recent attacks do not stop at installing malware on your computer but also hijacks your social media profiles.
These attacks typically spread spam and malicious websites links to your contacts. These types of attacks will and usually be conducted entirely from the browser.
Truth is: Having a local antivirus has little or no impact on these specific threats unless you invest in one with internet security that can protect your browser’s processes.
Cloud services are also a prime target. As people and businesses start to use cloud computing as an essential business tool, the number of data-stealing attacks are on the rise.
Antivirus solutions cannot protect the cloud data and are forced to rely on their cloud service providers for the protection of their data.
3. Getting Infected Doesn't Require User Action
We've all been there:
In the past, you could stay relatively safe by avoiding suspicious links and malicious websites.
People have also stayed safe by making sure to scan files they got from the web before opening them.
This is ancient history thanks to online advertising.
Yes, malicious online advertising, otherwise known as malvertising attacks, use legitimate websites that unknowingly pull their malicious content, to search for exploits to install malware on your computer.
These "drive-by downloads" are hazardous, as PCs get infected just by visiting a good website at the wrong moment.
Malware authors get away by exploiting online advertising networks and inserting their malicious ads in between legitimate ones.
On the other hand, Ad networks are cracking down on these practices but it’s simply impossible to prevent them without sacrificing their source of revenue.
How to Protect Against Zero-Day & Advanced Attacks
There is no way to detect 100% of zero-day exploits.
There are two precautionary measures you can do to prevent infection:
Firstly, keeping your system up-to-date reduces the spectrum of attacks and minimizes the possible damage.
Furthermore, with proper patch management, you will receive notifications as soon as security providers implement vulnerability checks for a specific attack.
Secondly, using top-notch protection that does not rely solely or heavily on signatures when detecting threats.
Advanced malware is created for specific targets and is harder to identify using signatures alone.
There are advanced techniques such as behavior analysis where a good antivirus detects any suspicious behavior or possibly malicious code in the app, and it will stop it immediately.
This is a reactive measure, but it can help prevent significant damage.
But you may be wondering:
"Are there any more I can to protect myself against those threats since using just antivirus is not enough?"
Yes, you can with multi-layers of protection.
Here are our three suggestions to build up a multi-layers of protection for your computer:
1. Sandboxing or Software Virtualization
Sandboxing is used to separate running programs from the untrusted executable that is running. Typically, it provides a tightly controlled environment for guest programs to contain any malware before it harms the host device.
It essentially isolates potentially dangerous files. The classification of the danger of the file types depends on a vendor to a vendor.
The important part is that if a file happens to be a threat, then the extent of the damage will be limited to within the limited environment, the so-called Sandbox.
Examples of Sandboxing Software:
2. Application Whitelisting & Control
A whitelist is a list of trusted software which is allowed to run on the machine. Every executable that is not on the list is blocked. The user is always in control, and malware cannot installed without the user’s permission.
Examples of Application Whitelisting & Control Software:
3. Internet Security Solutions
Internet security is a broad term that is optional to modern anti-virus, usually at an extra cost. The methods that these work on vary per vendor.
A common trend, however, is that they are designed to monitor browser activity to help prevent it from being exploited by malicious sites and ads. This can either be part of your anti-virus or works as a plugin to your favorite browser.
Examples of Internet Security Solutions Software:
All in all:
Combining common sense along with multiple layers of defense is the ideal approach to PC security.
Relying on any one method alone against the overwhelming number of threats daily is utterly reckless considering that there are plenty of free options out there.
Finding the balance between traditional and advanced security measures can be tricky.
Remember to make sure that your PC security solutions can work with each other much like how SecureAPlus works with any security solution in the market.