WHY!?  If you’ve been hit by a ransomware or other malware attack in the last couple of years, that’s your first question, why.  You’ve spent good money (or at least I hope you did) on anti-virus and paid money to a professional IT person (either internal or contracted) to keep you protected.  We’ll explain what’s going on and why your “expert” might still be missing it.

Threats Outpacing Legacy Anti-virus

Anti-virus (AV) was created over 25 years ago. Back then you had a new virus every few months, maybe 10 a year.  I liken it to makes & models of cars.  The AV would make note of the new cars by their model (signature) and watch to make sure those cars weren’t allowed in your computer. GREAT!  Today, using the car analogy, there are over one MILLION new cars every single DAY. Until a model of those million is seen to be doing something bad, it’s allowed.  So you have a potential million new victims every single day using that legacy signature-based protection.

RELATED:  Ransomware is a “Risky Business" Epidemic

What Are We Paying For?

So why did your IT expert even sell you AV then?  The simple fact is 50% protection is better than nothing. Even legacy AV offers protections against some known bad websites and other protections whereas free or having no AV would be reckless. In keeping the car analogy, it would be like driving without collision insurance. Most IT folks don’t focus on cybersecurity. If you only hear from them when you have a problem, the AV isn’t a problem until it lets something in to wreak havoc.  Then he’ll fix it. Hey, you’re saving money that way, right?  Think about that the next time an employee can’t make a deadline or worse, lose a customer because you’re waiting on a “computer fix.” There’s an opportunity cost with lost productivity.  That includes your non-IT people performing IT jobs, just because they are “tech savvy.”

A Better Approach

Let’s keep going with the car analogy. Your AV should not only be looking for a “bad” model car, why not look at how the car is being driven? That’s exactly what SentinelOne and Sophos Advanced Endpoint Protection are doing.  They look at behavior in addition to the signature of a program running to give you maximum protection.  This also protects against “fileless” attacks as the criminals have figured out legacy AV needs a file to scan to catch malicious activity. No file, no protection unless you’re running the latest in advanced endpoint protection.

Ask Questions About Anti-Virus Now

Before your anti-virus renews, ask questions to ensure you’re getting the best value for the protection you’re paying to receive.

  1. Will this protect me against a file-less attack?
  2. Is the endpoint protection also checking for bad behavior?
  3. Will the endpoint protection roll back changes made by an attack?
  4. Will the endpoint protection give me forensics on what happened during the attack?
  5. Is there a Security Operations Center backing up my endpoint protection to catch never before seen attacks before I’m hit?
  6. And finally, does the protection offer a guarantee (backed by real money) that if I’m forced to pay a ransom, they pay me?

By the way, using our SentinelOne offering is a resounding YES to all six questions. If you’re feeling unprotected, call us.

About the Author

For over 25 years Rick Rusch has helped companies utilize technology safely & productively. Recognizing the dangers of the Internet age several years ago, Rick has passionately focused on cybersecurity to help clients guard their reputations & their most precious asset, their digital data. Learn more about me at https://www.secureerpinc.com/about-us/