Antivirus detection gap widening, say security researchers

Incident response investigations show businesses cannot rely on antivirus systems alone for protection, say security researchers

Incident response investigations are increasingly showing businesses cannot rely on antivirus systems alone for protection, say security researchers.

The gap is widening between the common malware threats most antivirus systems will detect and the more targeted malware increasingly found in business computer networks, according to Ziv Mador, director of security research at Trustwave’s Spiderlabs.

In a recent incident response investigation, he came across some banking malware designed to steal customer credit card information.

Because this malware is targeted at only a few organisations dealing with customer credit card information, it is relatively rare and was not detected by any of the main antivirus detection engines it was tested on, Mador told Computer Weekly.

“Antivirus works well against common threats, but when it comes to targeted attacks, most of them fail miserably,” Mador said.

This shows businesses need to have a multi-layered approach to information security. This is because there is no single technology to offer complete protection against targeted attacks that typically exploit zero-day vulnerabilities, he said.

According to Mador, antivirus software still has an important role to play in defending against common threats. But it should be only one component of an defence strategy, he said.

On top of antivirus software and traditional firewalls, businesses should be layering additional protection mechanisms. These should include secure web gateways and host protection.

It is also important to pay attention to things like network segmentation and to ensure only authorised staff can access systems that process customer information.

Although businesses that process sensitive customer information are at a higher risk of targeted attacks, Mador said he would not recommend any information security team to ignore the possibility.

All businesses should be aware of the risks and protect themselves as best they can within the limits of their resources, he said.

Read more about antivirus software

Read more on IT risk management