For decades, traditional antivirus has been the de facto solution to protecting endpoints. While antivirus checks all the boxes for regulatory, governance and compliance audits, it provides organizations with very little real security benefit.Despite the fact that antivirus solutions protect nearly every endpoint and server in the world, security breaches continue to happen at alarming rates. This is largely due to the fact that traditional antivirus is a signature-based security tool that is focused on detecting and responding to known threats after they have already entered the network. Experienced at-tackers are able to bypass antivirus with inexpensive, automated online tools that produce countless unique, unknown attacks. Ultimately, traditional antivirus is proving inadequate for protecting systems against security breaches.
An organization must protect itself from known and unknown cyberthreats, as well as the failures of traditional antivirus solutions, in order to prevent security breaches. To accomplish this, there must be a focus on prevention. Prevention is the only effective, scalable and sustainable way of reducing the frequency and impact of cyber breaches. So what should a comprehensive endpoint security solution do? The sections below discuss the ten requirements for a competent and comprehensive endpoint security solution that protects systems, users and endpoints from known and unknown threats.

 1. Pre-emptively block known and unknown threats

 In order to prevent security breaches, a shift must occur from detecting and respond-ing to incidents after critical assets have already been compromised to preventing security breaches from occurring in the first place. Endpoints must be protected from known, unknown and zero-day threats that are delivered through malware and ex-ploits, whether a machine is online or offline, on-premises or off, or connected to the organization’s network or not.

 2. No impact to user productivity

An advanced endpoint security product must enable end users to conduct daily business and use mobile- and cloud-based technologies without the fear of unknown cyberthreats. Users should be able to focus on their job and responsibilities, rather than worrying about security patches and updates. They must be confident that they are protected from inadvertently running malware or exploits that may compromise their system.

3. Turn threat intelligence into prevention automatically

Threat intelligence gained elsewhere through encounters with new and unique attacks, such as third-party intelligence service providers and public threat intelligence-sharing constructs, must enable endpoint agents to instantly prevent known malware, identify and block unknown malware, and stop both from infecting the endpoint.

4. Protect all applications

Applications are at the core of any organization’s ability to function effectively. Unfortunately, security flaws or bugs in the applications provide threat actors with a large attack surface that traditional antivirus fails to protect. An organization’s security infra-structure should be able to provide full protection for all applications against exploitation, including third-party and proprietary applications.

5. Don’t let security get in the way of user productivity

Make sure that whatever security you are using isn’t burdening such resources as RAM, CPU or disk storage. Preventing security breaches must never jeopardize user productivity. Endpoint protection solutions, and any security solution for that matter, must be lightweight enough that it doesn’t require significant system resources that would invariably degrade the user experience and productivity.

6. Keep legacy systems secure

Organizations may choose not to deploy available system updates and security patches immediately, whether because doing so would interfere with, diminish or eliminate critical operational capabilities or because patches may not be available for legacy systems and software that have reached their end-of-life (EoL). A complete endpoint security solution must provide support for unpatchable systems by preventing the exploitation of software vulnerabilities, whether they are known or unknown, and regardless of availability or the application of security patches.

7. Be enterprise-ready

Any security solution intended to replace antivirus should be scalable, flexible and manageable enough for deployment in an enterprise environment. Endpoint security solutions should support and integrate with the way that an enterprise deploys its computing resources, scale to as many endpoints as needed, and support deploy-ments that cover geographically dispersed environments. They must also be flexible in their ability to provide ample protection while still supporting business needs and not overly restricting the business. This flexibility is critical as the needs of one part of the organization may be entirely different from that of another. Additionally, the solution must be easily managed by the same group that manages security in other parts of the organization. It must be designed with enterprise management of security solutions in mind, without adding operational burden.

8. Provide independent verification for industry compliance requirements

Regulatory compliance often requires organizations that fall within their jurisdiction to implement antivirus to secure their endpoints. In order to proactively protect end-points while meeting compliance requirements, endpoint security vendors that replace an existing antivirus solution should be able to provide third-party validation to help customers achieve or maintain compliance.

9. Provide independent verification as an antivirus replacement

Any security solution intended to replace legacy antivirus should ideally have had its effectiveness claims reviewed and validated by an independent third-party. The avail-ability of independent reviews offers an essential check beyond what an organization looking for an antivirus replacement is capable of conducting.

10. Receive recognition from a top-tier industry analyst and/or research firm

Any organization looking to move away from traditional antivirus should ensure that the replacement is recognized as a key player in the endpoint security space by a respected analyst or research firm. This will ensure that the solution and its vendor meet a standard set of viability requirements as an endpoint security provider.


 With today’s widespread use of unknown malware and vulnerability exploits in targeted attacks, it is more essential now than ever that endpoints are proactively protected. Palo Alto Networks® Traps™ advanced endpoint protection replaces legacy antivirus with multi-method prevention, blocking known and unknown threats before they can compromise an endpoint. As part of the Palo Alto Networks Next-Generation Security Platform, Traps integration with WildFire™ cloud-based threat analysis service converts threat intelligence gained from the global community into malware prevention, automatically blocking threats on the endpoint regardless of where they originated. Here you can learn more about what an effective endpoint security solution must do to prevent security breaches and how Traps can effectively replace antivirus.


Ignite 2017 Vancouver