News

Blog

Tuesday, July 5th, 2016

Why Anti-Virus Is No Longer Enough

As the IT security business grows larger and larger, so does the range of security software. There are a range of tools that support the IT department, such IPS/IDS (Intrusion Prevention/Detection) Systems, Firewalls, AV (Anti-Virus), etc. These tools are commonly considered to be secure and trusted just by assuming that they are meant to keep your network secure. But times have changed. All the security software out there is still just software and may be as vulnerable as every other application.

Tavis Ormandy @taviso is a security researcher from Google Zero project who went on a small crusade against the Anti-Virus software this year. All the great brands have fallen under his strikes: Trend Micro, Avast, Kaspersky, Symantec. His latest discovery has detected vulnerabilities from the Symantec range. The vulnerabilities are actually so easy to exploit that the attacker only needs to send an email with a vulnerable attachment. It will then be automatically checked for malicious code. The irony is that this scan will execute the code and may possibly allow to “easily compromise an entire enterprise fleet”, as Tavis wrote. Pretty scary, eh?

What to do now?

This examples clearly shows that Penetration Testing is still the key to security – a manual verification for multiple attack vectors will discover a lot more than automatic tools.

This must be considered as a supporting tool for the IT department, not a replacement.

Last but not least – patch, patch, patch. I know that the bigger the network is, the more complicated patching can become. But there are tools that may help and for those organisations that do not have the necessary resources in house, outsourced Managed Security services can come in handy.

This is definitely not the end of security software vulnerabilities so better prepare yourselves:
Tavis Ormandy twitter

If you have any concerns about your network security contact us, get in touch with us today!

[fc id=’3′ align=’left’][/fc]

Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021