AI Replaces AV in Today’s Endpoint Protection Battles
Antivirus, commonly known as AV, isn’t the most alluring topic – even among IT security professionals. In fact, it can be a little pedestrian. And, even though it is my job — and my responsibility — to give customers my best effort to cover ALL of their data security concerns, I’ve historically shied away from AV because of the complications. AV used to slow down computers, took a lot of time to manage, and didn’t always protect like it should. I just didn’t want the blame in the event of a security breach.
The problem stemmed from the fact that traditional AV is based on signatures. When files are scanned, they are compared to a list. If the file is found, it’s blocked. If it’s not found, it’s allowed. The signature approach presents a few problems:
- Not all malware is “known”
- Known malware is easily modified to become “unknown”
- Updating signatures is a game of cat and mouse that can be time and resource intensive
- Scanning files can heavily impact system performance
- Remediation can cause large business impacts
When firewalls transitioned from port and protocol to “next generation,” we saw the introduction of sandboxing and other zero-day protections to help block unknown malware on a network level. This approach works as long as your endpoints are inside your perimeter, but those outside of it could carry threats right back in. As any modern network professional knows, today’s mobile workforce is not inside the perimeter.
Eventually, legacy AV manufacturers caught on to the gap and began adding features that went beyond signatures. The downside: more agents, more infrastructure, higher resource consumption, and higher costs.
We needed a better way.
New endpoint protection solutions do not rely on signatures. Instead, these new tools stop malicious activity based on exploit tactics and techniques as well as artificial intelligence and machine learning. For many organizations, the best way to strengthen endpoint protection meant starting over from scratch instead of reworking a legacy AV platform. It meant taking advantage of the flexibility and scalability of the cloud and of AI-driven algorithms.
Even with these advantages, there have been hesitations. Many compliance regulations require a signature-based AV solution, meaning that organizations had to layer new tools on top of their existing signature-based products in order to “check the box” for audits. These new approaches also tended to be prohibitively expensive.
Thankfully, much has changed. Regulations have been updated to compensate for the direction of the market. Costs have come down and today’s endpoint agents are so lightweight that end users do not experience any lagging. There really are some exciting players in the endpoint protection space.
To find the right solutions for my customers, I look for those that are purpose-built to solve a specific problem.
For administrators, deployment, usage and maintenance needs to be simple. Multiple protection methods, visibility into endpoint activity, and a human element on top of the technology adds flexibility. Low resource consumption, lack of scanning and no signature updates means minimal impact for end users. Finally, for those who control the cash, today’s solutions can function as a drop-in legacy AV replacement or an entire endpoint security suite. It all depends on what makes sense for the team, the environment and the budget.
The move to this new generation has made endpoint protection something worth discussing again. Let us help you find the right solution.