Antivirus have been a staple of the personal computer ecosystem and now of mobiles. They are probably the single most downloaded and piece of software ever and it is easy to see why.
Threats have evolved thanks to the explosive growth of connected devices and one can sense that, with the rise of IoT (Internet of Things), things are about to get far worse. But how will defenses evolve and how will cybersecurity actors organise themselves to fend off the ever increasing catalog of threats.
1. Do you think the term “antivirus” is altogether redundant? The search volume for it, according to Google, has decreased by 90% over the past decade globally.
If we’re to judge the term from a technical perspective, then yes, it is dated. From a communication point of view though, it makes perfect sense to the average computer user who associates it with threat protection. The past 10 years have brought numerous changes in the cyber-security landscape. Viruses, the malicious applications that copy their code to other files to propagate an infection, have gone almost extinct. They have been replaced by increasingly complex threats that blend several techniques to successfully compromise a host.
When we think of antivirus solutions, we most likely imagine those signature-driven products used to exclusively detect known malware samples before the Internet boom in the mid-2000s. As threats have become more advanced, so did security solutions. Cyber-security vendors have built one defense layer on top of another to improve detection for known or unknown samples. Heuristics, behavioral-based detection, file reputation, machine-learning algorithms, cloud-based threat intelligence feeds, anti-exploit technologies, and anomaly detection have been added on top of the good-old antivirus, which is now referred to as cyber-security suite or solution. Regardless of how complex the security suite is, normal people still refer to it as antivirus.
2. More security companies are embracing so-called secure Wi-Fi routers which are physical hardware solutions. Why do you think that is the case?
Secure Wi-fi routers serve two major purposes: the security of the router itself and the security of the devices connected to that router. Routers are some of the most frequently encountered devices in homes. They are long-use consumer products that are facing the Internet and are by design exposed to the cyber-attacks. Most router vendors don’t have long-term support plans for routing gear and abandon bug fixing or updates within the first two years since the release, leaving the device vulnerable to exploitation for the rest of its life. A quick look at Router Security shows how badly handled router security has been in the past few years.
The second main driver of network-based cybersecurity appliances is the proliferation of IoT. These internet-connected “things” feature a minimalistic operating system that runs within the constraints of hardware barely powerful for its specialized task. Given these circumstances, the installation of a security agent, however well optimized it might be, is impossible. And there is a growing need for cybersecurity when it comes to safeguarding Internet-connected gadgets. In 2016, the world witnessed the power of a devastating DDoS attack launched by hundreds of thousands of compromised DVRs and surveillance cameras. The result was massive disruption of services in the United States for almost a day. Known as Mirai, this botnet served as inspiration to dozens of emerging cybercrime groups focused on vulnerable IoT devices.
Our telemetry shows that on average, more than 70 percent of smart homes harbor at least one vulnerable IoT device that can be hijacked by cyber-criminals with a devastating impact on users’ privacy or to the safety of the Internet as an infrastructure. And these vulnerabilities, although publicly known, remain a mystery to the owner in the absence of some sort of reporting. When we created Bitdefender BOX, we wanted to build a platform that constantly receives updates – be they security fixes, performance improvements or new features to extend its functionality. We also wanted to make sure that whatever vulnerabilities exist in the smart home get reported to the owner, along with actionable information on how to plug these holes.
3. There seems to be a disconnect between security at home and in businesses. The details of nearly eight billion accounts have been leaked online and most of it is down to data breaches of businesses, not sloppy personal security hygiene. How will future security suites deal with that?
While businesses are the main source of leaks when it comes to private customer data, consumers are equally targeted by cyber-criminals. The only difference is in the way these attacks are reported to the public – a data breach affecting one million users will likely gen more traction than one million individuals getting infected by – say – ransomware within a month. The larger the data pool, the greater the hackers’ interest in it. Unfortunately, these data breaches are going to happen in the future at the same pace as until now. This is because the uneven balance between attackers and defenders: while defenders have to defend at all times, the attacker party only needs to find one small hole to breach the organization. The increasing complexity of business environments, the heterogeneity of technologies and the legacy application stacks will result in breaches, no matter what.
Security solutions aimed at businesses are now going past the detection and prevention stage. Technologies such as Endpoint Detection and Response can trace the “patient zero” inside the organization and also map any endpoints or servers that the attackers had access to. This helps IT security teams assess the extent of the damage, see what was exposed and take appropriate measures (reset passwords, notify customers, hire credit card monitoring companies and so on).
4. One of the arguments to suggest that antivirus as a single vector security solution is dead is that security suites now do so much more: VPN, parental control, anti-theft, performance optimizer and more. Where do you see these solutions evolving?
Security solutions have come a long way during the past few years in terms of features and cyber-security vendors are constantly releasing new functionalities. One of the most important characteristics in a security solution is not features, but the capability to detect malware. While features are nice to have, detection capability is crucial – you can pick a separate VPN solution from a different vendor, but you can’t buy an extra 2% of detection capabilities for your existing security solution. In addition to improving detection, I would expect that security solution will focus on offering tailored protection based on the user’s behavior. Behavioral biometrics will likely allow the security solution not only to offer this tailored security experience, but also handle authentication.
5. Traditional antivirus have relied on signature checking and heuristic analysis; i.e. checking a file vs a known database. Do you envisage a time where next generation AV solutions will depend solely on machine learning and artificial intelligence, becoming almost sentient?
While machine learning offers a huge help in fighting malware, it should not be regarded as a silver bullet to cyber-crime. Every day, Bitdefender processes between 300,000 and 500,000 samples of malware and we would not be up to the challenge without machine learning. We introduced our machine learning-based detection algorithms in 2009. Since then, we have been granted 11 patents for machine learning technologies. However, despite the progress, machine learning is still a detection layer and depends on the human analyst.