Traditional antivirus has long been a staple of securing endpoints. It’s done its job well in the past and is still considered a core piece of system security. Attacks have grown more sophisticated over the years, and this has exposed a weakness in the technology’s design. This in turn has opened the user’s system up to possible infection, even with up to date virus signatures.
Some of you may be asking yourselves, what is an endpoint? The answer is simple. An endpoint refers to any device on the network capable of reaching the Internet. We most often think of desktops and laptops when we think of endpoints. However, the term encompasses more than just those two items. Nowadays, they also include smart phones and tablets, as well as printers and point-of-sale terminals. Though the traditional definition can include them, we often exclude routers, switches, firewalls, and similar networking devices when we discuss endpoints.
Where traditional antivirus has faltered, recent endpoint security tools have risen. While the former focuses more on preventing known threats, next generation endpoint security tools are geared more towards detection and prevention of all threats, even zero-day ones. Different vendors vary their detection method. Still, it typically looks for anomalies by analyzing processes, changes, and connections.
Some product offerings look to identify malicious patterns in the kernel-level processes. Others look to use application control and whitelisting as a way to keep malware from being installed on the endpoints in the first place (be it limiting software installs to certain trusted vendors only or with IT approval only). With this whole picture approach, the next generation of endpoint security can address other, non virus related threats as well, such as botnet infections. As time goes on, we may see the next generation endpoint security solutions replace traditional antivirus entirely. As the technology develops further, more of these offerings are likely to be certified as well.
If anything, antivirus has evolved to meet the security demands of our time. Rather than stick with signatures, it has switched its focus from the known to unknown threats and adapted to better detect both of them. The technology is still relatively young compared to traditional antivirus, but it has shown a lot of growth and promise in the last two years. Will we see it continue to rise and eventually replace traditional antivirus in its entirety? Or will we see organizations utilize both of them in tandem with each other instead? Time, in the end, will be the final judge of this contest.
So is antivirus dead? That’s doubtful. The traditional style of relying on signatures clearly doesn’t work as well for modern threats as it did in the past. The current offering of next generation endpoint security tools seems to accomplish the same thing, albeit in a different way. Still, if the end goal is to stop viruses and other threats to the endpoint, doesn’t that still count as a form of antivirus?