Today’s traditional antivirus no longer delivers meaningful security value due to its inability to adapt to the changing threat landscape and its reliance on reactive threat detection. In spite of this, organizations continue to rely on antivirus as a means to protect their endpoints, and hidden costs often go unrecognized. Security technologies must balance the benefits they provide to an organization with the cost associated with their operation. What follows are some of the hidden costs of using traditional antivirus systems.
Traditional antivirus relies on signature-based scanning technology that is not particularly flexible in supporting new applications, systems or platforms. Organizations that rely on antivirus will encounter difficulty in deploying and securing new technology that would offer significant business advantages antivirus has failed to deliver on, often requiring additional adaptive or corrective measures for these new technologies to work in conjunction with antivirus. These additional efforts will cost organizations time, effort and, ultimately, agility.
Antivirus often employs machine learning to detect exploits and evasive malware. Often times, the machine learning technology used is immature and can be prone to errors, resulting in high numbers of false positives. It falls on the security teams to validate whether or not these false positives are malicious. Most enterprise security teams may not be equip with the staff necessary to support his manual and time consuming process that could be avoidable with an automated next-generation security platform.
To implement and run an antivirus system within an organization, staff must be allocated to support, operate and maintain it. This staff might otherwise be used to support projects that offer greater returns on investment and more effective prevention tools. Additionally, antivirus systems often require organizations to combine various solutions to cover the gaps in security that AV cannot fill, which may take longer to integrate and offer lower security effectiveness.
Many organizations work to achieve compliance with various regulatory frameworks, like the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA). However, compliance does not guarantee that security risks will be sufficiently mitigated. The effort to meet compliance is and should be treated as a bare minimum for security best practices. While antivirus is almost always a compliance requirement, it offers little to no significant security value in today’s computing environments. As a result, security professionals deploy other technologies and products to mitigate security risks AV cannot address, imposing additional tangible and intangible costs to the organization.
End users rely heavily on the organization’s various IT and security functions to secure its network, systems and computing environment, assuming the tools and technologies implemented enable them to safely conduct their daily business activities. When an organization deploys a traditional antivirus system, users may wrongly assume their systems are protected from attacks. This false sense of security can lead users to be less vigilant about their behavior and to exercise less caution in avoiding potential cyber threats, regardless of security awareness training programs.
Until organizations realize the deficiencies of their antivirus solutions and implement an endpoint security solution that provides meaningful security value, they will continue to incur these costs and leave their endpoints vulnerable.
To read more about the shortcomings of antivirus and what an effective endpoint security solution should be capable of in order to proactively protect your endpoints, read the Protect Yourself From Antivirus white paper.
More Endpoint Protection Articles: