Traditional signature-based anti-virus is notoriously bad at stopping newer threats such as zero-day malware and ransomware, but it still has a place in the enterprise, experts say, as part of a multi-layer endpoint security protection strategy.
According to a survey of this year’s Black Hat attendees, 73 percent think that traditional anti-virus is irrelevant or obsolete. “The perception of the blocking or protection capabilities of anti-virus has certainly declined,” says Mike Spanbauer, vice president of strategy and research at NSS Labs, Inc.
Plenty of recent research supports that point of view. In March, security company WatchGuard Technologies reported the results of a comprehensive test of traditional anti-virus. They calculated how well a leading traditional anti-virus product did at spotting zero-day threats by looking at customers who had both traditional anti-virus and next-generation endpoint protection products installed. Traditional anti-virus caught 8,956,040 malware variants, but it missed 3,863,078 others that were caught by a next-generation platform that used a behavior-based approach. That’s a failure rate of about 30 percent.