August 22, 2017 By Larry Loeb 2 min read

Ransomware is often able to bypass signature-based antivirus protection, leaving many security experts to question protection efficacy. Thycotic conducted a survey of Black Hat 2017 conference attendees to see what they thought about current security products. The results weren’t good.

For example, 73 percent of respondents said that traditional perimeter security firewalls and antivirus protection products were irrelevant to their data breaching efforts or otherwise obsolete. This complements a survey conducted by WatchGuard about traditional (signature-based) antivirus programs, which found that those solutions missed about 30 percent of threats.

Ransomware Risk

Ransomware, as a category, is one of the malware types that makes traditional antivirus protection programs ineffective. One simulated threat exercise in March of this year found that only 52 percent of potential threats were thwarted by a traditional antivirus product approach, according to CSO Online. Additionally, an IBM study found that nearly half of businesspeople reported being hit by ransomware last year, with 70 percent of those organizations ponying up the ransom.

If threat actors find that a class of malware has a high success rate, they will obviously continue their efforts with it. And if an organization is slow to update its antivirus products with the latest information, the success rate of such attacks increases.

Your Father’s Antivirus Protection Product

Traditional antivirus products shouldn’t be written off entirely: They excel at spotting known threats. However, for a threat to be known, a user has to be hit first.

Raja Patel, vice president for corporate product at McAfee, summed up the situation to CSO Online, saying that “signature-based defenses will protect you after you know about the threats, but they won’t protect patient zero and the time period after infection and when you wrote the signatures.”

While these products aren’t perfect, it’s better than no protection at all. Luckily, new developments are in progress that will strengthen antivirus capabilities.

A New Approach

Another method has been added to the antivirus repertoire, and it is where much of current research effort is going: a combination of behavior analytics, sandboxing and machine learning. But it comes with a cost. More computational power is required to perform these tasks. Running extra tests on files may adversely impact productivity as well.

Traditional antivirus does have its place in the security lineup. It’s a simple and fast way to deal with threats that have already been established, which is a good first line of defense. But defense that is in-depth, using nontraditional techniques, may prove to be more valuable to the security team in dealing with unique problems.

More from

New memo reveals Biden’s cybersecurity priorities through fiscal year 2026

2 min read - On July 10, 2024, the White House released a new memo regarding the Biden administration’s cybersecurity investment priorities, initially proposed in July 2022. This new memorandum now marks the third time the Office of the National Cyber Director (ONCD), headed by Harry Coker, has released updated priorities and outlined procedures regarding the five core pillars of the National Cybersecurity Strategy Implementation Plan (NCSIP), now relevant through fiscal year 2026. Key highlights from the FY26 memorandum In the latest annual version…

How prepared are you for your first Gen AI disruption?

5 min read - Generative artificial intelligence (Gen AI) and its use by businesses to enhance operations and profits are the focus of innovation in virtually every sector and industry. Gartner predicts that global spending on AI software will surge from $124 billion in 2022 to $297 billion by 2027. Businesses are upskilling their teams and hiring costly experts to implement new use cases, new ways to leverage data and new ways to use open-source tooling and resources. What they have failed to look…

Cybersecurity crisis communication: What to do

4 min read - Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication. Because a brand’s reputation often takes a significant hit, a cyberattack can significantly affect the company’s future…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today