Classical Antivirus is dead.Long live EDR?

We recall last year’s article in WSJ  quoted executives from antivirus pioneer Symantec declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.

I also wrote about it here: http://www.sorinmustaca.com/2014/05/08/is-antivirus-really-dead-it-depends-what-you-call-antivirus/

 

AV

Now the new concept has a name: Endpoint Detection and Response (EDR).

Kelly Jackson Higgins, an experienced editor at Dark Reading wrote this week an interesting article called “The Rebirth Of Endpoint Security” where she interviews representatives of various cybersecurity startups. “This is is clearly a pretty hot market from a VC perspective. There’s a lot of money flowing in from a lot of new startups,” says Peter Firstbrook, a vice president at Gartner. Firstbrook is tracking more than 30 vendors now in the so-called endpoint detection and response (EDR) security space, and in the past 12 months, EDR startups have raised $322 million, he says.

$322mil is a lot of money, but by far not enough to reach the tipping point where these technologies would be able to replace traditional antivirus (based on signatures and heuristics) which is multi billion worth yearly.

Krebs wrote also about it last year: http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

 

 

My opinion

  • As also expressed in the article, I think that the solution is two sided:
    take most known malware out using traditional AV which is must not overload your computer. So, requirements like 1GB RAM should no longer exist on the market! Loading millions of signatures in memory is stupid and irresponsible. An AV should never need more than 50 MB RAM in total! Ideally should have 10MB.
  • take the new threats using a EDR system

© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch