With the announcement that Managed Antivirus within MAX RemoteManagement is now powered by Bitdefender, Ian Trump, Security Lead at LogicNow, explores what benefits this partnership brings.
“Antivirus is dead, no it isn’t. Antivirus is ineffective, no it isn’t.” This is the all-to-often refrain from security industry pundits, technical experts and vendors who offer alternative solutions for information security in the market place. There are arguments on both sides of the fence – all passionate; but in many cases the passionate defense of AV or condemnation of AV misses an important point: Antivirus is a must have in todays increasingly hostile internet environment.
I’m not a proponent of one brand of Antivirus product over another, but I can say LogicNow’s recent decision to upgrade the Antivirus engine to Bitdefender made Antivirus more interesting to me and our 12 thousand plus customers. Antivirus is one of the security technologies all our customers embrace – MAXfocus happens to be an easy, effective way to deliver managed Antivirus to endpoints and servers. The question in my mind is “what does Bitdefender bring to the security table that up until that point MAXfocus was missing?
Let me caveat what I am about to say in the strongest language possible. Good cyber defense for your customers and for your business includes a lot more items than a Managed Antivirus product. Managed Antivirus is a key layer of cyber defense, which also includes, Patch Management of OS and Third Party Applications, Controlling Administrative accounts, Web Protection, Mail Protection and Event Log Monitoring.
It turns out a peak under the Bitdefender hood reveals a feature, which may truly provide some defense against the latest round of cyber attacks and ransomware infections. Buried inside the anti-malware engine is a feature called behavior based scanning. This code continuously monitors the applications running on the computer, looking for malware-like actions. In a couple of experiments I conducted in a lab environment Cryptowall and some newer variants were prevented from executing. This was certainly a relief, however one must keep in mind there are thousands of variants of ransomware – some may make it past this defense.
Behavioral based scanning is a fairly simple concept to understand. When you click on a Word document; it’s expected that Word will launch on the computer. The Bitdefender scanning expects this to happen and allows Word to launch. Say however you click on a word document but in addition to Word, Adobe Flash launches; that’s a classic sign the word document, may contain an Adobe Flash exploit payload and is about to ruin your day.
It’s fair to say malware authors, the cyber bad guys will work hard to mess with, trick or disable this feature; however, it looks to be effective against preventing “unknown” or “zero day” infections simply by waiting for something unexpected to happen and preventing that action.
I suspect this behavioral based scanning and anti-malware engine improvements will have another direct benefit to customers as well: reduction of false positives
Antivirus false positive detection occurs when anti-malware software decides a clean file is malware, and usually blocks execution, quarantines or deletes the offending (but safe) file.
Reduction of false positive rates is imperative for customers and end users. Ponemon Institute on behalf of security firm Damballa, reported in 2015 organizations spend, on average, nearly 21,000 hours each year analyzing false negatives and/or false positives. This means companies waste roughly $1.3 million per year due to inaccurate or erroneous intelligence.
So why is the move to Bitdefender good for LogicNow’s customers? Quite simply it comes down to three basic items:
Try it, You will like it.