Classical Antivirus is dead.Long live EDR?

TOPICS:

Posted By: Sorin Mustaca October 23, 2015

We recall last year’s article in WSJ  quoted executives from antivirus pioneer Symantec declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.

I also wrote about it here: http://www.sorinmustaca.com/2014/05/08/is-antivirus-really-dead-it-depends-what-you-call-antivirus/

 

AV

Now the new concept has a name: Endpoint Detection and Response (EDR).

Kelly Jackson Higgins, an experienced editor at Dark Reading wrote this week an interesting article called “The Rebirth Of Endpoint Security” where she interviews representatives of various cybersecurity startups. “This is is clearly a pretty hot market from a VC perspective. There’s a lot of money flowing in from a lot of new startups,” says Peter Firstbrook, a vice president at Gartner. Firstbrook is tracking more than 30 vendors now in the so-called endpoint detection and response (EDR) security space, and in the past 12 months, EDR startups have raised $322 million, he says.

$322mil is a lot of money, but by far not enough to reach the tipping point where these technologies would be able to replace traditional antivirus (based on signatures and heuristics) which is multi billion worth yearly.

Krebs wrote also about it last year: http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

 

 

My opinion

  • As also expressed in the article, I think that the solution is two sided:
    take most known malware out using traditional AV which is must not overload your computer. So, requirements like 1GB RAM should no longer exist on the market! Loading millions of signatures in memory is stupid and irresponsible. An AV should never need more than 50 MB RAM in total! Ideally should have 10MB.
  • take the new threats using a EDR system

© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: