InsightaaS: ESG is a Massachusetts-based analyst firm that offers a wide range of research and advisory services. Today's featured post is based on a recent report published in the firm's security and related services. In it, senior principal analyst Jon Oltsik looks at the relationship between how antivirus is purchased and used and how it is viewed within the enterprise.
Oltsik begins by highlighting the perception of anti-malware as being ineffectual: 34% of respondents to an ESG survey believe that they get too many false positives, and 33% state that the software doesn't do enough to block real threats. However, the same survey found that nearly three-quarters of organizations use two or more antivirus products, and that, Oltsik believes, may be part of the problem: multiple products can lead to inconsistencies that create vulnerabilities.
Oltsik goes on to note that IT leaders are willing to swap out anti-malware products: 7% in pursuit of lower cost, and 33% in pursuit of best-of-breed capabilities. This proclivity exacerbates the churn of anti-malware, creating more opportunity for inconsistency and vulnerability: as Oltsik notes in the post, the data shows that antivirus is "managed as an infosec analogue to a revolving door, and this constant churn can certainly influence how well products perform." He closes by stating that "AV products may not be perfect, but large organizations should put a bit of work into using them correctly...in lieu of this type of effort and commitment, there isn’t a single security product in any category that will come close to working as advertised." This is good advice, and Oltsik's post, which is brief but interesting, is a good read, especially for SMB IT managers who are trying to balance anti-malware deployment and tuning with the dozens of other responsibilities associated with business technology.
For the past few years, everyone seems to be down on antivirus software. This sentiment was exhibited in a recent ESG research report, The Endpoint Security Paradox. When asked to identify challenges associated with their antivirus software, 34% of security professionals complained about too many false positives that classify benign files/software as malware, while 33% said that products are not nearly as effective at blocking and/or detecting malware as they should be.
This and other data give the impression that AV software simply doesn’t work, but there may be other factors in play here. For example, ESG found that 73% of enterprise organizations have two or more unique AV products deployed across the enterprise. Amazingly, 29% of large organizations have three or more unique AV products deployed across the enterprise.
Now, these products can be from different vendors or they can be different versions of an AV product from the same vendor, but the impact is the same: Multiple products mean multiple management consoles, configurations, administration, etc. All of these operational issues can impact AV efficacy and efficiency...