Classical Antivirus is dead.Long live EDR?

We recall last year’s article in WSJ  quoted executives from antivirus pioneer Symantec declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.

I also wrote about it here: http://www.sorinmustaca.com/2014/05/08/is-antivirus-really-dead-it-depends-what-you-call-antivirus/

 

AV

Now the new concept has a name: Endpoint Detection and Response (EDR).

Kelly Jackson Higgins, an experienced editor at Dark Reading wrote this week an interesting article called “The Rebirth Of Endpoint Security” where she interviews representatives of various cybersecurity startups. “This is is clearly a pretty hot market from a VC perspective. There’s a lot of money flowing in from a lot of new startups,” says Peter Firstbrook, a vice president at Gartner. Firstbrook is tracking more than 30 vendors now in the so-called endpoint detection and response (EDR) security space, and in the past 12 months, EDR startups have raised $322 million, he says.

$322mil is a lot of money, but by far not enough to reach the tipping point where these technologies would be able to replace traditional antivirus (based on signatures and heuristics) which is multi billion worth yearly.

Krebs wrote also about it last year: http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

 

 

My opinion

  • As also expressed in the article, I think that the solution is two sided:
    take most known malware out using traditional AV which is must not overload your computer. So, requirements like 1GB RAM should no longer exist on the market! Loading millions of signatures in memory is stupid and irresponsible. An AV should never need more than 50 MB RAM in total! Ideally should have 10MB.
  • take the new threats using a EDR system

© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close