To understand if your antivirus and/or antimalware is enough to keep your business safe, you first need to understand a little bit of what they do and how they differ. Once you have a grasp of that it will be easier to understand what possible risks can come with each.
QUICKLY – The difference between viruses and malware is as follows: Viruses are things that can harm your computer or server by encrypting, corrupting, or destroying your system and data. They unleash their fury immediately. Malware, on the other hand, is more encompassing and can be a variety of malicious software that gets on your system and waits to attack. It could be ransomware, spyware, worms, or a virus. Yes, that means all viruses are malware, but not all malware are viruses (And you thought you would never use that highschool logic lesson). For more information check out this article we wrote for Forbes about the differences: How To Protect Your Organization From Viruses & Malware.
Okay now that you have a base understanding of what antiviruse and antimalware are there to protect you from, the quick answer to the question posed is, no. One rule of thumb is antivirus software deals with older threats that have been around for a long time and have not changed all that much. In comparison, antimalware software handles the newest threats that are found in “The Wild” (IT people love to make things sound cooler than they are). Antimalware also makes rule changes more often than antivirus software. When a new script is found in “The Wild” an update will get pushed to your antimalware software.
So do I just need antimalware instead of antivirus since it’s taking care of threats that are more current and evolves to what is found in “The Wild” more often?
Unfortunately, that is another no. Imagine you are surfing the web for the cheapest deal on airfare and you hop on the site that is a little sketchy, but the price is too good not to take a look. If whatever malware that is on that page has been listed in your antimalware’s update you are all good, but if the malicious files/scripts have not been discovered yet your company could be in for a full-on meltdown of your system.
You should look at any piece of cybersecurity software or hardware as exactly that – just a piece. You need to have layers. There are too many ways to access your system and data to just rely on one thing to stop everything. Not to mention that cybercriminals are getting craftier by the hour.
E1. What Protects Your Network’s Edge?
You probably have heard of the term Firewall (and if you haven’t don’t worry, but give us a call we should probably talk…). Your Firewall protects the edge of your IT network. Think of it as the first line of defense when entering a building. Building security can vary drastically. From a locked door with a receptionist, all the way through a metal detector and thumbprint scanner. It depends on the building and what you are trying to keep safe.
When we start discussing edge security in regards to IT we start with a next-generation firewall with a security active security subscription. You need to make sure you are doing the updates to the firmware as well. It is the evolution of your traditional firewall.
It is like the metal detector to full x-ray machine upgrade. The next-gen firewall allows for more thought, making connections to combinations of possible hazardous items entering your system. Think of it like when someone goes through airport security. Say they are bringing 3 bags through. In one of the bags, there are potatoes, in the second bag a 3.4oz can of hairspray, and in the third bag, there is some PVC pipe. Individually, these are not on the no-fly list, but together they could make a potato gun. The traditional firewall would have let this pass into your system, but the next-gen firewall can think a little deeper. The next-gen firewall would have flagged this troublemaker before they were able to pass your edge.
If you are interested in the next step after the next-gen firewall or if you are under compliance you will want to look into implementing a SIEM. That stands for Security Information & Event Management. It allows you to report and correlate events using some artificial intelligence (AI) and human interaction.
E2. What Protects Your Email?
There are plenty of tools that can help reduce the number of malicious emails flowing in and out of inboxes. You should use spam filtering, click protection, and spoofing protection. These tools will not only reduce the number of phishing attacks you receive, but it can help if someone does click on something when they shouldn’t have.
With that said the real solution to the email security problem is you! I don’t want to get too cheeky (I have been watching too many British sitcoms), but it’s true. Users are the best defense against hackers using email as their entry point. Don’t get me wrong, you should have as many tools in place as possible which includes 2-Factor Authentication and Email Backup/Compliance-base Archiving, but training is going to be the best bang for your buck.
E3. What Protects Your Endpoints?
This is where historically your antivirus and antimalware would have come into play. Notice I said historically and would have. In today’s new age of cyber threats IT departments and companies should be using an evolved tool that uses deep learning by now. Deep learning is the most advanced part of AI up to this point. It essentially works like a brain. It is self-learning and the more data that is thrown at it the smarter it gets. This makes your security go from fighting off malicious files that are already known in “The Wild” to stopping unknown malware in realtime. I know this all sounds like a science-fiction novel, but it is the new reality when it comes to cyber security.
Another tool that should be used is threat hunting software. It alerts you when it notices persistent attempts to enter, even if it doesn’t fall into the normal brute force attacks. Think of it like someone tries to pass you, but you deny them. Then that same person tries to pass by you again but wearing a fake mustache. This software would alert you that you have some suspicious activity going on which you should take action. I know this all sounds like a science-fiction novel, but it is the new reality when it comes to cybersecurity.