Antivirus is Dead...Long Live Antivirus

Ingalls has worked Incident Response for over 10 years; in that time we have seen some of the nastiest data breaches and a lot of victims who thought they were safe because they were using popular antivirus software. We’ve seen what works and what doesn’t, and we have a clear message about using legacy antivirus or any other “silver bullet” to protect from ransomware and hackers.  So right up front, here it is:

If you are banking on a single security tool to meet all your security needs, you are establishing false expectations for your executives and you may be unwittingly setting your company up for a compromise. It’s time to come to grips with a critical reality: There is no silver bullet for keeping cyber criminals out. For those relying solely on antivirus for protection, it’s only a matter of time before you experience a breach. Antivirus is critical, but it should be seen as only one part of a comprehensive, defense-in-depth strategy for your cybersecurity program. 

It’s time to come to grips with a critical reality: There is no silver bullet for keeping cyber criminals out. For those relying solely on antivirus for protection, it’s only a matter of time before you experience a breach.

You have backups you say? Just as legacy antivirus is not effective against ransomware attacks, neither are most backups. Even if your backups are not encrypted or destroyed by cyber criminals, it takes a lot longer than most expect to restore. The downtime is going to have a costly operational impact.  

It can be a sobering exercise to estimate the costs associated with a cyber breach. Operational downtime, restoration, affected employee time, lost productivity, customer impact, investigation costs, penalties and fines, costs to make affected customers whole, and the potential reputational impact are just a few.  Cybersecurity breach costs are many and varied, they grow quickly and may cause irreparable damage. Implementing layers of security controls, otherwise known as defense-in-depth, can significantly mitigate the risk of having to face that kind of costly scenario. So, what exactly is defense-in-depth?

Think of Swiss cheese slices. Each IT tool, most employees and lots of organizational factors introduce weaknesses into an IT security posture.  The Swiss cheese holes (vulnerabilities) are apparent and can be easy for hackers to navigate.  However, if you stack different slices of Swiss cheese up, although every slice still has holes in it, each layer now provides additional coverage for other layers that precede and come after it, creating a single, impenetrable fortification. This is defense-in-depth.

As we’ve discussed, traditional antivirus is no match for modern attackers who are using more sophisticated techniques. At a minimum, companies need a layered defense strategy implementing security at all levels: Devices, People, Systems, Networks, and the Organization. 

Ingalls’ tailored Managed Detection and Response (MDR) and Cybersecurity Risk Management Services enable a defense-in-depth approach so organizations of all sizes can rest easier knowing their environments are safe from criminal threats.  Defense-in-depth is our blueprint, we use next-generation antivirus (NGAV) that employs artificial intelligence and machine learning to monitor, detect, and respond to criminals’ tactics, techniques and procedures (TTPs). Our experienced analysts use multiple layers of customized and proprietary tools to provide context and actionable information, simplifying enhanced security so you can rest easier.

Download the white paper to learn more about our defense-in-depth approach to information security through our Managed Detection and Response (MDR) services.

About Ingalls

Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.