If you still rely on legacy antivirus software to stop modern cyberattacks, this post is for you.Why Doesn’t Legacy AV Work?
Legacy AV uses strings of characters called signatures that are associated with specific types of malware. Using these signatures, AV software is able to detect and prevent attacks leveraging different forms of malware. However, this approach is becoming obsolete as sophisticated attackers have found ways to evade legacy AV defenses, such as by adopting fileless attacks, which now comprise the vast majority of cyberattacks.
Today’s adversaries are relentless. While many threat actors have adopted newer techniques such as data extortion, identity-based threats and in-memory attacks to achieve their goals, some continue to rely on tried-and-proven threats — and legacy software is no match for either.
Data from ESG shows that even as new threats emerge, ransomware in particular remains a serious problem for many organizations. In “Ransomware Preparedness: Insights from IT and Cybersecurity Professionals,” 620 IT and cybersecurity practitioners from midsize and enterprise organizations responded to the survey:
- 79% had been attacked by ransomware in the previous month
- 1 in 3 were hit multiple times
- Over half admitted to paying a ransom, yet only 1 in 7 received full data restoration
Many legacy security technologies struggle to keep up. This is especially true for antivirus (AV) software, which is notoriously sluggish due to its overreliance on signatures, hardware dependencies and the need to deploy new agents to implement new defensive capabilities. In this blog, we dig into what legacy AV is, why it can’t handle today’s threats and four ways modern endpoint security provides superior protection.
Why Doesn’t Legacy AV Work?
Legacy AV uses strings of characters called signatures that are associated with specific types of malware. Using these signatures, AV software is able to detect and prevent attacks leveraging different forms of malware. However, this approach is becoming obsolete as sophisticated attackers have found ways to evade legacy AV defenses, such as by adopting fileless attacks, which now comprise the vast majority of cyberattacks.Legacy AV security also leaves organizations locked into a reactive mode, only able to defend against known malware and viruses cataloged in the AV provider’s database. When signatures were first introduced, this approach was state-of-the-art. But today, with the average adversary breakout time down to only 79 minutes, a reactive defense that depends on time-intensive scans or signature updates puts organizations behind many attackers. eBook: Five adversaries targeting legacy AV and how to stop them Making matters worse, legacy AV software also lags in time-to-value, with the average deployment taking three months. This timeframe is necessary because legacy AV often relies on hardware to be installed on-premises. Moreover, once installed, most legacy solutions require quite a bit of tuning and manual configurations to be fully functional, adding to the operational burden of managing and updating legacy security tools.
Even once up and running, the footprint of legacy AV on the endpoint can be significant due to the continuous addition of security capabilities that bloat agents and include resource-intensive approaches to memory scanning, both of which negatively impact endpoint performance. The reliance on signatures means that signature databases must be updated constantly to include the latest additions. These updates consume a great deal of resources and time. Worst of all, the moment an update is completed, it’s often already out of date.
How Modern Endpoint Security Is Different
The answer to modern cyberattacks is a proactive defense that detects and stops evolving threats developed to bypass legacy systems. At CrowdStrike, we call this modern endpoint security, and it consists of next-generation antivirus (NGAV) and endpoint detection and response (EDR), delivered from a modern, unified platform. CrowdStrike Falcon® Prevent is a cloud-native NGAV solution that offers a modern, adaptive AV replacement. It’s more effective against threats, has virtually no impact on endpoints and can be deployed and fully functional across tens of thousands of endpoints within minutes — while also being easier to manage and maintain. CrowdStrike Falcon® Insight XDR unifies industry-leading endpoint detection and response (EDR) and extended detection and response (XDR) to deliver continuous, comprehensive visibility that spans detection, investigation and response to ensure nothing is missed and potential breaches are stopped. Here are four reasons why organizations prefer modern endpoint security over legacy AV.- Superior protection
- Immediate value
- Minimal impact to endpoint performance
- Lower total cost of ownership
Customers Who Made the Switch
Customers who made the switch from legacy AV to modern endpoint security describe it as a paradigm shift in how they think about security, their role and how they interact with the tools.Cushman & Wakefield, a commercial real estate firm, needed protection from social engineering email attacks and a way to secure its increasingly distributed workforce. The firm swapped its legacy security platform for CrowdStrike and was able to extend visibility, secure its endpoints, automate updates and receive actionable alerts to stop breaches. Berkshire Bank was facing the growing threat of identity attacks and increasing costs associated with managing legacy AV tools. With CrowdStrike, the bank was able to strengthen its EDR capabilities while reducing the operational overhead of time-consuming updates. A major real estate company wanted to sunset its legacy AV software for two reasons: to improve its security posture and reduce operational overhead. By consolidating to the Falcon platform, the company gets NGAV, EDR and 24/7 managed threat hunting for a similar cost as its previous legacy systems, with better security and performance.
Improve Your Security Posture
Legacy AV is ill-equipped to handle a new generation of rapidly evolving threats. With adversaries actively exploiting legacy AV and improving their cross-domain efficiency, make the switch to modern endpoint security today to immediately improve your security posture.Additional Resources
- Experience the power of CrowdStrike at Fal.Con 2023, the cybersecurity industry’s most anticipated annual event. Register now and meet us in Las Vegas, Sept. 18-21.
- Start your 15-day free trial of Falcon Prevent.
- Test-drive the Falcon platform in a real-time, hands-on lab.
- Read “Guide to AV Replacement” to learn how to replace legacy AV the right way.