August 22, 2017 By Larry Loeb 2 min read

Ransomware is often able to bypass signature-based antivirus protection, leaving many security experts to question protection efficacy. Thycotic conducted a survey of Black Hat 2017 conference attendees to see what they thought about current security products. The results weren’t good.

For example, 73 percent of respondents said that traditional perimeter security firewalls and antivirus protection products were irrelevant to their data breaching efforts or otherwise obsolete. This complements a survey conducted by WatchGuard about traditional (signature-based) antivirus programs, which found that those solutions missed about 30 percent of threats.

Ransomware Risk

Ransomware, as a category, is one of the malware types that makes traditional antivirus protection programs ineffective. One simulated threat exercise in March of this year found that only 52 percent of potential threats were thwarted by a traditional antivirus product approach, according to CSO Online. Additionally, an IBM study found that nearly half of businesspeople reported being hit by ransomware last year, with 70 percent of those organizations ponying up the ransom.

If threat actors find that a class of malware has a high success rate, they will obviously continue their efforts with it. And if an organization is slow to update its antivirus products with the latest information, the success rate of such attacks increases.

Your Father’s Antivirus Protection Product

Traditional antivirus products shouldn’t be written off entirely: They excel at spotting known threats. However, for a threat to be known, a user has to be hit first.

Raja Patel, vice president for corporate product at McAfee, summed up the situation to CSO Online, saying that “signature-based defenses will protect you after you know about the threats, but they won’t protect patient zero and the time period after infection and when you wrote the signatures.”

While these products aren’t perfect, it’s better than no protection at all. Luckily, new developments are in progress that will strengthen antivirus capabilities.

A New Approach

Another method has been added to the antivirus repertoire, and it is where much of current research effort is going: a combination of behavior analytics, sandboxing and machine learning. But it comes with a cost. More computational power is required to perform these tasks. Running extra tests on files may adversely impact productivity as well.

Traditional antivirus does have its place in the security lineup. It’s a simple and fast way to deal with threats that have already been established, which is a good first line of defense. But defense that is in-depth, using nontraditional techniques, may prove to be more valuable to the security team in dealing with unique problems.

More from

How to calculate your AI-powered cybersecurity’s ROI

4 min read - Imagine this scenario: A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence (AI) that closely mimic the company's internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes.The organization's AI-powered cybersecurity solution, which continuously monitors network traffic and user behavior, detects several anomalies associated with the attack, blocks access to the suspicious domains…

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

The current state of ransomware: Weaponizing disclosure rules and more

4 min read - As we near the end of 2024, ransomware remains a dominant and evolving threat against any organization. Cyber criminals are more sophisticated and creative than ever. They integrate new technologies, leverage geopolitical tensions and even use legal regulations to their advantage.What once seemed like a disruptive but relatively straightforward crime has evolved into a multi-layered, global challenge that continues to threaten businesses and governments alike.Let’s take a look at the state of ransomware today. We’ll focus on how cyber criminals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today