Antivirus or anti-virus software (AV), sometimes also referred to as anti-malware software, is developed with the purpose to detect, remove and prevent the proliferation of malicious code.
The consequences of malware infection of a corporate environment may be very different. From loss of valuable information, stealing of confidential information, sending of unsolicited emails and spam, to unsolicited remote computer access and unauthorized malicious attacks on the server.
The most commonly used product for endpoint security is antivirus software. Many of today’s integrated endpoint security offerings have evolved over time from the initial development of antivirus software. Anti-virus products are often ridiculed for their continued inability to stop the spread of malicious software.
Unfortunately, there is no perfect remedy or elixir to stop malware, so antivirus products will still be necessary, though insufficient. Antivirus software is a single layer (of many) for defense-in-depth endpoint protection.
HOW DO ANTI-VIRUS SOFTWARE WORK?
Although antivirus vendors often employ heuristic or statistical methods for malware detection, the predominant means of detecting malware is still signature based. Such approaches require that a malware specimen is available to the antivirus vendor for the creation of a signature. This is an example of application blacklisting. For rapidly changing malware or malware that has not been previously encountered, signature-based detection is much less successful.
MALWARE AND ITS MANY FACES
To start with, antivirus software was designed to primarily detect and remove computer viruses, and that’s where it got its name. With the invention and proliferation of many other types of malware, antivirus products have begun providing protection from other computer threats. Modern antivirus software can protect from malicious Browser Helper Objects, browser hijackers, ransomware, keyloggers, backdoors, rootkits, Trojans, worms, dialers, adware and spyware.
IMPLEMENTATION OF ANTIVIRUS
Integrating a comprehensive antivirus protection secures:
- Control of all possible intrusion channels for viruses – email, HTTP, FTP, external storage media (floppy, CD, DVD, flash-cards, etc.), file servers
- Protection against various types of threats – viruses, network and email “worms”, “Trojan horses”, unwanted programs (spyware, adware, etc.)
- Apart from being installed on endpoint devices (servers, workstations), antivirus software can be run on the Internet gateway, so traffic is scanned before reaching the network
- Continuous monitoring and periodic anti-virus scan of all servers and workstations
- Automatic notification when an “infection” or “treatment” of viruses has occurred
- Protection of mobile devices, etc.
- Deploying a corporate antivirus system will enable centralized management and software update distribution
TIPS WHEN LOOKING FOR A VENDOR
Today’s organizations require a comprehensive, multi-layer, defense-in-depth security strategy to successfully address malware-related issues. A successful antivirus installation will help protect assets and endpoint devices against targeted attacks, prevent data loss and theft, address security policies, and protect vital company information.
Deploying the best antivirus is usually not enough. It must go hand in hand with other controls that ensure the organization is comprehensively protected. As part of building a corporate anti-virus protection, look for vendors that offer a range of services, with scope varying in accordance with the needs of the client, and may include:
- Preparation of proposals for the selection decision, so the customer is protected against compatibility risks, system scalability, additional hardware capacities, etc.
- Deployment of solutions on a limited segment, thus reducing potential risks for customer implementation, using the results of a “pilot” operation
- Preparing instructions and guidelines for further development on the basis of the results of the deployment of a limited segment
- Installation and configuration of a complete solution
- Standardization of requirements for anti-virus protection system with respect to installation, configuration and operation of its components
- Development of instructional (operating) system documents for administrators and users
- Development of custom policies
- Conducting of internal workshops in order to educate all participants