Host Based Antivirus Near Its End
I read an article the other day where Symantec's information security chief declares the traditional antivirus is "dead" and "doomed to failure." With recent stories like this in the news, it is apparent that an organization’s security strategy has to include more than just host based antivirus.
Antivirus has been seen as a checkbox item organizations have fulfilled as a matter of habit (because it has always been done); but over the years, things have vastly changed with security technology, enabling attacks to be detected in real-time “on the wire,” instead of relying on traditional host based antivirus.
Host based antivirus has always been limited to the computing power on the client’s machine – with more restrictive rules slowing computers down as a limited amount of antivirus signatures could be stored and executed. Dedicated security appliances work differently, allowing many more signatures and detecting infection outbreaks across an organization’s global network with methods that do not directly affect a client’s machine.
Antivirus products attempt to prevent malicious viruses and malware at the computer endpoint, while new technologies aim to identify when attacks are happening, reveal the attacker's location and methods, and prevent or block the damage. But as with all security solutions, it is important that these new “on the wire” systems be configured correctly; they should be set to blocking mode, as they will not provide any defense in monitor mode.
With the proper implementation and tuning, these new security tools and products can become an effective part of your organization’s overall security strategy.