As a small- to medium-sized business owner, you probably think you are protected from a cyberattack because each computer on your network has antivirus (AV) software installed on it. While this may have been enough a few years ago, the latest WannaCry cyber-attack made it clear that AV solutions alone may not be enough.
To make matters murkier, antivirus solutions are not even close to being the same. In the case of WannaCry, there were only two, Bitdefender and Cylance, that could possibly stop this worm in its tracks. All the others that were tested by Titan failed.
This blog post will look at common AV terms and the pros and cons of 5 of the most popular AV offerings.
- Anti-malware: This is a type of software program designed to prevent, detect and remediate malicious programming on individual computing devices and IT systems.
- Personal Firewall: a network security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and/or software.
- Endpoint Protection Platform (EPP):is a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware, personal firewall, application control and other styles of host intrusion prevention capabilities into a single and cohesive solution. Per a 2016 Gartner report, only 40% of organizations said they had a single vendor for EPP.
- Endpoint Detection and Response (EDR): a category of tools and solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints.
- Sandbox: A type of virtualization, sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.
- Signature Based Security: Examining network communications, identifying patterns (often known as signatures) of common computer attacks, and taking action to alert operators who then try to identify whether or not a threat is real.
- Simple Certificate Enrollment Protocol (SCEP): is a protocol is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as being referenced in other industry standards.
Most Popular AV Offerings
Bitdefender offers adaptive, layered endpoint security designed for the cloud and virtualization. They specialize in the home and SMB marketplace.
- Very good malware detection, including sandboxing, automatic file analysis and behavior monitoring
- Good support for public, private and hybrid clouds
- Doesn’t offer full-feature parity between Windows, OS X and Linux
- Pricing is on the upper end for this market
This product uses Artificial Intelligence to help prevent attacks. Because it is predictive, this software solution helps prevent cyberattacks from being successful by providing a proactive security posture with higher efficacy than traditional antivirus. It is cloud based and currently only support Windows and iOS operating systems.
- Can detect more threats because it ignores signature-based techniques
- Extremely light on network traffic and has minimal performance impact on the network
- Can provide false-positives, especially with consumer files
Managed from one easy-to-use cloud-based console – no IT skills are needed to use their tools and monitor security from any connected device. Their focus is on online attacks, ransomware, and data loss.
- Rapid and accurate malware detection
- Broad range of functionality across all platforms
- Does not compete effectively at the top end of the medium-sized company
- Does not offer EDR or sandboxing
- Best Buy and US Government officials recently released concerns about non US governmental ties
Monitoring and analysis tools identify attacks both at the network perimeter and in the internal environment. Microsoft proactively hunts for persistent adversaries, identifies suspicious users and device activity, and responds appropriately to detected threats.
- A dedicated team monitors telemetry for specific low-prevalence malware
- Advanced system for file cleaning which replaces infected files with clean ones
- Integrated with SCEP which relies heavily on signature-based detection methods, advanced device control or sandboxing
- Delivers the most important security options within the Microsoft OS
Symantec provides security products and solutions designed to protect small, medium, and enterprise businesses from advanced threats, malware, and cyber threats. It is a proven product, especially in the area of anti-malware endpoint protection.
- Symantec Endpoint Protection 14 leverages the largest endpoint protection software due to its extensive set of layered defense capabilities
- Considered the leader in Gartner’s Magic Quadrant for data loss prevention and end-point protection
- Their products are not fully integrated and require 5 different consoles to provide complete protection
- The company has been in continuous rebuild since 2012 with little to show for it from a product launch prospective
Confused about Which Product You Should Choose?
As you can see, each AV offering has its plusses and minuses. The consultants at Shellproof Security are available to assess your current environment and make a recommendation about the best antivirus protection for your company. Give us a call today at 212-887-1600 to learn more about our cybersecurity consulting services!