The entire world uses antivirus yet the entire world keeps getting infected with viruses and ransomware. Why is that you ask? Simply put, antivirus is obsolete because their detection methods are flawed. Antivirus relies on signatures, and signatures are like a fingerprint, in that it uniquely identifies a piece of malware.The problem is that these fingerprints aren’t like yours and mine, malware isn’t bound to their fingerprint for life. In fact, when malware developers create a new piece of malware they’ll give it thousands of unique signatures.
Chasing their tails
If you've ever seen a dog chasing it’s tail, then you know that it’s quite a funny scene. Part of the comedy is that even after the dog has been victorious in biting their tail, it doesn’t seem to stop them from continuing to spin in circles. Nor does it stop them from playing again shortly after. This, ladies and gentlemen is the game that antivirus is playing. A perpetual game of chase-the-tail. They may get a few victories but they’ll never stop playing.
To Be Fair
Antivirus still has its place. There is a lot of recycled malware out there that is using known signatures that antivirus can protect you from. And for the price, you should definitely have it. Antivirus is useful, but it also isn’t going to protect you from ransomware. Their approach is flawed and therein lies the problem.
Incidents of Compromise
The cyber security industry is shifting to security information and event management (SIEM) and advanced endpoint protection products. These products essentially look at a chain of events (Indications of Compromise - IOCs), and determine if that activity is malicious, suspicious or otherwise needs be investigated.
These systems are better at catching threats but they are slow. By the time they see the threat, hours or days have gone by, and they can’t always stop the threat either. Some of them just alert you to the problem, so we’re still missing something from the solution.
What’s missing from all of these solutions; antivirus, SIEMs, advanced endpoint protection, is an element of surprise. Ransomware is targeting your data, so give them some data to target - in the form of decoy data that has no value other than being a trap. That way, when it hits your network, which it will because that’s what it does, you’re alerted to it instantly, and you’re responding to it by isolating the infected host.
This type of a solution that uses deception technology that identifies ransomware within seconds, isolates the infected host, and alerts you to the infection? That solution does exist and it’s what we’ve created at WatchPoint.