It has been said before, but if you need another marker to show just how marginalized anti-virus technology is becoming, research carried out by Lastline Labs really brings the message home.

The summary of their findings below probably confirm your worst suspicions about malware and AV

  • On Day 0, only 51% of antivirus scanners detected new malware samples
  • When none of the antivirus scanners detected a malware sample on the first day, it took an average of two days for at least one antivirus scanner to detect it
  • After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for antivirus vendors
  • Over the course of 365 days, no single antivirus scanner had a perfect day - a day in which it caught every new malware sample
  • After a year, there are samples that 10% of the scanners still do not detect

What is even more sobering is this comment “Our hypothesis is that the least detectable malware is designed to both evade detection and fingerprint the analysis environment”

In other words, the malware that AV is detecting is the basic, ‘mass market’ stuff. This leaves the serious, most damaging, targeted malware undetected, precisely the kind of malware we REALLY need to be concerned with.

For example, malware being used purposefully to steal payment card data, intellectual property, R&D work and financial information, or being used to leverage extortion, industrial or political espionage.

The conclusion from Lastline Labs is that AV must be operated in conjunction with other technologies that improve malware identification. A comprehensive security strategy is really the only response that is going to cut it – system hardening, File Integrity Monitoring, log analysis and breach detection as contingency, implemented in conjunction with rigorously-operated security best practices.

 

Read the full Lastline Labs research on Anti-Virus Scanner effectiveness ‘Antivirus Isn't Dead, It Just Can't Keep Up’ 

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.