If you’d asked us this question only a few years ago we would have laughed in your face. Today, not so much.
For the past 18 months, we’ve been comparing all the validated breaches we’ve detected at an investment banking client against 15 prominent AV vendors. These breaches completely bypassed best practice controls including NGAV, EDR, NGFW, Web and Email Gateway, WAF, SIEM and the client even outsources their security monitoring to a Gartner-leading MSSP.
We ranked these AV vendors using Virus Total results on their detection effectiveness. Our findings are outlined in the table below. We first published similar research over a year ago and due its popularity we’ve updated this table with new vendors.
Malware Missed Data Sheet
As this table demonstrates, Microsoft’s ability to use its footprint, research might and renewed focus on security is starting to pay off. In our testing, Microsoft was ranked third, missing 39 out of 94 malicious hashes. Only Fortinet (34 misses) and ESET (26 misses) ranked higher. Compare these results to the three worst ranked vendors who missed at least 80 malicious hashes and it’s clear Microsoft’s baked-in AV is one of the most effective.
This makes sense, and we expect Microsoft to continue to improve, considering it owns the code for their operating system and as such are best placed to identify weaknesses.
Recent reports suggest the global AV market is worth US$3.7 billion… for what? Our analysis shows more than half of the AV vendors missed most of the malicious hashes we discovered. So, is AV just a scam?
Enterprises across the world are collectively spending billions of dollars on commercial AV products when one of the best is available for free.
Are you feeling duped? Well don’t. Everyone is in the same boat, following the same security architectures and best practice standards. Despite following best practice, we see the same results in every organisation we work with. Regardless of the number of controls they have in place, ‘next-gen’ solutions continue to miss clearly malicious attacks.
Not only do some of the most expensive solutions consistently score the worst, Microsoft Defender – the free AV on every Windows 10 device – is always one of the best ranked… and it’s now available for Mac too. If you’re wondering, most of our clients rely exclusively on LMNTRIX to detect endpoint threats, those who don’t, use the free Microsoft Defender solution.
Still think your AV is effective?
Then consider this. Earlier this month, elite Russian hackers are reported to have breached the network of three U.S AV vendors. If confirmed, not only are these vendors’ offerings now even more worthless than they were previously, they also show they can’t keep themselves safe. Let alone you.
AV is just one of the problems plaguing cyber security. I could spend hours talking about how SIEM, SOCs and MSSPs continuously fail to detect anything worthwhile – in fact, I’ll write another post next week exploring these.
As an industry if we keep doing the same thing over and over again and expect a different outcome then we truly are insane. If we keep following each other like sheep, following compliance mandates and best practices that are outdated as soon as they’re published, breaches are only a matter of time. Something has to change if we expect a different outcome.
Are you starting to change your mind-set?
If you’re an end user organisation then I urge you to contact us on email@example.com and let us share with you how we achieve these incredible results. At the least we may be able to enlighten you further.
If you’re an AV vendor and feel a little bruised, don’t be. Instead hit ‘Like’ then forward this blog to your R&D team and tell them to get their sh!t together.
If you’re in the channel or an MSP and would like to truly help your clients improve their risk posture and deliver this exact advanced threat detection and response capability, then consider partnering with us. We sell exclusively through the channel and have global presence. Best of all, we work with you to deliver the end outcome to clients. To learn more, visit lmntrix.com or get in touch using firstname.lastname@example.org.
If you enjoyed this article and you would like to learn more about our thinking, the following articles are a good start:
- SIEMs, EDRs, SOCs, MSSPs – cyber security’s false prophets
- If vendors spent less on marketing and more on capability, our job would be a lot harder
- VIDEO – WHY YOUR SIEM MIGHT BE AS USEFUL AS A SELFIE-OBSESSED CELEBRITY
- The Three Pillars of Cybersecurity
- Stepping into the Breach
- LMNTRIX: Security Done Different