Is Antivirus Software Powerless To Stop Data Breaches?

Data Breach

A report from Trustwave claims that antivirus (AV) software is powerless to stop data breaches. I say the study’s conclusion is similar to that of a Best Buy Guide to Chocolate Fireguards – the end result is always going to be a negative one.

This report conclusion made me smile, as the reality is that, if a system compromise has occurred, then the security surrounding IT has obviously failed. Never mind that 99.9 per cent of the other times the IT defences have worked – what this study really proves is that a multi-layered security defence strategy is the only way to go.

In taking a multi-layered security approach, IT security systems can help defend against today’s hybridised and multi-vectored technology aggression – ranging from a simple piece of virus malware, all the way through to a man-in-the-browser blitzkrieg.

And, while the primary aim of today’s attacks is to monetise a cybercriminal fraud – or simply embarrass an organisation, as illustrated by the latest politically-motivated hacktivist attacks – defending against these technology barrages requires a well-planned strategy.

That strategy goes way beyond the simple use of AV software and needs to involve advanced technologies that include security privilege management – controlling who can use which software assets, as well as from what location and at what time.

Although taking this approach may sound complex, the fundamental principle is one of breaking the security process into a series of simple stages and the building the defences up from there.

In the case of a Windows privilege management approach – which seeks to reduce the security risk profile of the Windows desktop – you manage the endpoint through the use of admin domains; UAC – user account control; software hardening; application whitelisting; and assigning privileges to each user.

Limiting admin privileges to true administrators only, engenders advancement towards the least risk Windows 7 desktop. By ensuring all other users log on with standard user rights, and only elevating applications, a new option previously unavailable to organisations is introduced.

Put simply, this means that if a hacker gains access to a general user account – which are in the majority – they have no admin privileges. Coupled with the aforementioned endpoint management controls, you then end up with the aim of a highly effective IT security strategy: a least risk environment.

This is the heart of a Windows privilege management approach to security and is designed to augment the basic AV software and firewall systems that many organisations still rely upon – and whose systems almost certainly feature in the 300 instances of data breaches identified in this report.

In my opinion, the takeout from this report is that AV technology should no longer be the solus security system that companies rely upon to defend the integrity of their data and allied IT platforms. Better security in today’s electronic space means tapping the power of technologies such as privilege management as an integral part of your defences.

Paul Kenyon is co-founder and Chief Operations Officer of Avecto. Paul is a successful business executive with an outstanding 15-year track record in building, growing and leading high-performing, multinational high tech companies in North America, Europe and the Pacific Rim. In 1999, he started AppSense, the global leader in User Environment Management for businesses and service providers. With the lead role on global sales, AppSense quickly grew to profitability with revenues of over $30 million.