Traditional signature-based antivirus is notoriously bad at stopping newer threats such as zero-day exploits and ransomware, but it still has a place in the enterprise, experts say, as part of a multi-layer endpoint security protection strategy. The best antivirus products act as the first layer of defense, stopping the vast majority of malware attacks and leaving the broader endpoint protection software with a smaller workload to deal with.
Antivirus products create a signature for each piece of malware that is detected in the wild, but it requires someone to be infected to get the process started. “And, once an antivirus company does this, it could be days or months for all endpoints to be properly updated with the correct signature,” says Ed Metcalf, senior director of product marketing at Cylance, Inc. “By this time, a cyber attack could easily spread throughout an enterprise and cause damage or steal data.”