Less than 5% of the top 40 antivirus systems are able to detect previously non-cataloged viruses initially, a study has revealed.
A test by security firm Imperva, which used more than 80 previously non-catalogued viruses, showed that many systems took up to a month or longer to update their signatures following the initial scan.
“Enterprise security has drawn an imaginary line with antivirus solutions, but the reality is that every single newly created virus may subvert these solutions,” said Amichai Shulman, CTO at Imperva.
“We do not believe that enterprises are achieving the value of the investment of billions of dollars in anti-virus solutions, especially when certain freeware solutions in our study outperformed paid solutions,” he said.
Imperva collected more than 80 viruses, which were tested in a virtual execution environment that the firm claims ensured they displayed behaviour indicative of viruses but limited the vulnerability to computing resources.
Enterprises are not achieving the value of investment in anti-virus solutions
Amichai Shulman, CTO, Imperva
Automated data collection runs were conducted once a week for six weeks. The key findings of the study are contained in Imperva’s November Hacker Intelligence report.
Antivirus solutions were found to have a difficult time detecting newly created viruses and many lag in updating signatures, according to the report.
In the light of the study’s findings, the report concludes that investment in antivirus is misaligned, with 2011 Gartner figures indicating that more than a third of security budgets were spent on antivirus.
While Imperva did not find a single antivirus product that provided complete protection, the products that had the best detection rates included two freeware anti-virus products.
Despite the inadequacy of antivirus solutions, Imperva does not recommend completely eliminating them from an effective security posture.
Read more about antivirus
Instead, the company said security teams should focus on detecting abnormal behaviour, such as unusually fast access speeds or large volume of downloads, and adjust their security spend accordingly.