Techseen: How has the antivirus evolved? Has it moved beyond signature-based detection methods, heuristic detection methods, rootkit detection, and real-time scanning?
FitzGerald: With the developments in malware over the past two decades, modern antivirus and endpoint security products have definitely evolved beyond “signature-based” or “hash-based” solutions.
The “mainstream antivirus” began its evolution beyond being solely “signature-based” since the early 1990s, when the first truly polymorphic viruses appeared. Most contemporary endpoint security products are the result of twenty or more years of continuous development, as the malware threatscape has itself evolved. These products are now multi-layered, cloud-connected complexities leveraging all manner of older, more traditional antivirus technologies. These may include “signatures” in some form or other, behavior-based decisions, heuristics based on both of these and the result of various on-device emulation engines.
Modern endpoint security products also utilize more recent detection technologies involving local network traffic monitoring, black-box analysis of multiple executions of suspect code in virtual and real computers, machine learning, network address and URL reputation mechanisms and more.
Techseen: We are living in a connected world with wearables, IoT enabled devices, AI powered software; how big is the worry for enterprises when it comes to cyber-threats considering connected devices and systems?
FitzGerald: Increased convenience tends to mean that more complex systems are being employed and thus that a greater attack surface is exposed. To date, IoT devices and most recent products with the word “smart” in their names appear to have been designed and pushed to market with the “we’ll add security later” attitude. The theory of good systems design, and a lot of unfortunate history, suggests that this is a far from optimal situation.
For enterprises, for whom the convenience, cost-savings, and overall benefit of such technologies may be too great to ignore, it is important that employees at all levels are educated about security best practices, and to take steps to inculcate a strong culture of cyber awareness.
Techseen: Reports state that India is among the top 5 countries when it comes to ransomware. Is it true? Is it because of high piracy rates? Can this be applied to enterprises too?
FitzGerald: We are aware of that claim, however our telemetry data does not show our customers in India reporting a notably high rate of ransomware incidents. As to the implicit broader question – are users of pirated software more likely to become victims of cybercrime? – I’m not aware of hard data on that.
There is a long-held, erroneous belief that if you do not visit porn sites you will not get malware. True, some malware is foisted via some porn sites (though some of it is probably unintentional on the part of the site owner due to a legitimate server being compromised). However, much web-delivered malware comes from sites entirely unrelated to porn.
Another equally long-held belief is that there is a strong relationship between software piracy and malware. As mentioned above, I am not aware of solid studies confirming this or overturning it. Enterprises stealing software – let’s be honest, that is what software piracy is – should ask themselves how they would feel if their own customers did not pay for the products or services provided.
Techseen: Is the cost of an end-to-end solution for small enterprises a challenge? What can they do to improve their security solution at minimal cost?
FitzGerald: There are various different endpoint security solutions on the market, and businesses should customize their IT security solutions according to their own capabilities and needs. Companies should consider the volume and sensitivity of the data they handle among other factors. For smaller enterprises with tight security budgets, more affordable security products are available as well.
Besides end-to-end solutions, enterprises can also minimize risk of security breaches by regularly educating their employees on cybersecurity best practices. For example, users in India were found to have scored the lowest among Asian nations surveyed in ESET’s recent Cyber-Savviness Report. Stepping up education efforts to help employees stay safe online is a cost-effective and sustainable method of reducing vulnerabilities.
Techseen: There are anti-virus applications that are free to download and use and there are those that charge a premium. Both claim to give similar solutions. Which one should a small enterprise use?
FitzGerald: Regardless of the size of a business, when making any software choice, product licensing should be carefully considered. While there are free antivirus products, few of those are available for free (beyond a limited trial period) for business or commercial use.
Furthermore, even if a free product is available for your usage situation, you should carefully consider what you are not getting compared to those who do pay for a “fully licensed” version of the product. Although the “free” products may include what appears to be a sufficient range of detection and cleaning capabilities under their free license, most do not include any professional support from product specialists.
A “free” product is really only intended to provide a basic level of protection, and is not likely to perform as well as commercial competitors.
Small enterprises should make an effort to include security considerations in their business budgeting. The potential costs of a breach – both financial and reputation – far outweigh those of the many affordable endpoint security solutions existing on the market.
Techseen: Cloud-based security services are the latest trend. What should an enterprise, big or small, rely on?
FitzGerald: “Cloud” is a buzzword that means different things to different people, and different things in different sectors. In computer security it can be as simple as fingerprinting a file and looking up that file in one or more online reputation repositories, through uploading a file from the client machine to multiple physical and virtual machines “in the cloud” for complex black-box analysis.
For example, ESET LiveGrid is a functionality in ESET products that employs multiple network-hosted data sources and analysis techniques that might be considered “cloud-based”. ESET LiveGrid functionality is essential to providing the highest level of protection with the lowest latency.
Although we provide the option to disable these features, customers wanting the best level of protection should leave them enabled.
Different enterprises will have different security needs, and should evaluate their security solution – cloud-based or not – with a set of criteria that suits their business.
Techseen: How important are Big Data and Analytics in this sector? What role do they play for a company like ESET when it comes to delivering anti-virus solutions?
FitzGerald: Reputation ratings rely heavily on big data and analytics. ESET’s products rely on various reputation rating systems based on file metadata and behavioral characteristics from emulation and black-box execution analysis, URL and IP address histories, various network communications patterns and so on. Collating and analyzing this data in real-time contributes to the speed with which our endpoint security products keep up with the continually changing threat landscape.
Techseen: Do cyber-security services that enterprises purchase or install need regular maintenance? How do cyber-security companies such as ESET monitor threats for enterprises?
FitzGerald: ESET does not provide any managed security services, just endpoint (including mobile) and server security products. However, most cyber-security products do require regular updates due to the ever changing nature of cyber threats. Most of these are provided through regular, in-product detection and functionality updates. Occasionally more significant changes are made in how some of the detection technologies work or in the enterprise-oriented products, how the remote management functions operate and that will necessitate a version update in the product.
Techseen: What is the future of cyber-security and anti-virus software and what are the major challenges that both enterprises and security service providers need to address and overcome?
FitzGerald: Computer security is an ever-changing field of study/work. Oftentimes, one can observe the same behavioral patterns (and mistakes) repeated cyclically. The past can be a surprisingly good indicator of the future. Given this, I would strongly advise choosing a security product with a long, well-established pedigree, developed by people with an expert grip on where we have come from and knowledge of what has worked in the past, and also what has not!
