Ransomware is often able to bypass signature-based antivirus protection, leaving many security experts to question protection efficacy. Thycotic conducted a survey of Black Hat 2017 conference attendees to see what they thought about current security products. The results weren’t good.

For example, 73 percent of respondents said that traditional perimeter security firewalls and antivirus protection products were irrelevant to their data breaching efforts or otherwise obsolete. This complements a survey conducted by WatchGuard about traditional (signature-based) antivirus programs, which found that those solutions missed about 30 percent of threats.

Ransomware Risk

Ransomware, as a category, is one of the malware types that makes traditional antivirus protection programs ineffective. One simulated threat exercise in March of this year found that only 52 percent of potential threats were thwarted by a traditional antivirus product approach, according to CSO Online. Additionally, an IBM study found that nearly half of businesspeople reported being hit by ransomware last year, with 70 percent of those organizations ponying up the ransom.

If threat actors find that a class of malware has a high success rate, they will obviously continue their efforts with it. And if an organization is slow to update its antivirus products with the latest information, the success rate of such attacks increases.

Your Father’s Antivirus Protection Product

Traditional antivirus products shouldn’t be written off entirely: They excel at spotting known threats. However, for a threat to be known, a user has to be hit first.

Raja Patel, vice president for corporate product at McAfee, summed up the situation to CSO Online, saying that “signature-based defenses will protect you after you know about the threats, but they won’t protect patient zero and the time period after infection and when you wrote the signatures.”

While these products aren’t perfect, it’s better than no protection at all. Luckily, new developments are in progress that will strengthen antivirus capabilities.

A New Approach

Another method has been added to the antivirus repertoire, and it is where much of current research effort is going: a combination of behavior analytics, sandboxing and machine learning. But it comes with a cost. More computational power is required to perform these tasks. Running extra tests on files may adversely impact productivity as well.

Traditional antivirus does have its place in the security lineup. It’s a simple and fast way to deal with threats that have already been established, which is a good first line of defense. But defense that is in-depth, using nontraditional techniques, may prove to be more valuable to the security team in dealing with unique problems.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…