by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2015
FEDERAL AGENCIES are big users of antivirus software, and regardless of their techni- cal competence, government security professionals still find themselves victims of mal- ware. Unfortunately, simply installing antivirus technol- ogy does not protect today’s endpoints. In a 2014 Lastline Labs study on the effectiveness of antivirus scanners, much of the newly introduced malware went undetected by nearly half of the antivirus vendors. After two months, one third of the antivirus scanners still failed to detect many of the malware samples. The mal- ware dubbed “least likely to be detected” went undetected by the majority of antivirus scan- ners for months or was never detected at all. For those malware samples that initially eluded all of the scanners, the average time for at least one of the samples to achieve detection was two days. None of the antivirus caught every new malware sample. No matter how useful antivirus software can be, its drawbacks are causing information security profes- sionals to take a second look at antivirus protection – and the alternatives. Several years ago, the Milns- bridge Corp. sponsored case studies focused on a new ap- proach, called CloudAV that moves antivirus functionality into the network cloud and off personal computers. The study focused on virtualizing the detection functionality with multiple antivirus en- gines, significantly increasing overall protection. Traditional antivirus software that resides on most PCs checks documents and programs as they are accessed. Because of performance constraints and program incompatibilities, only one antivirus detector is typi- cally used at a time. CloudAV, however, can support a large number of malicious software detectors that act in parallel to analyze a single incoming file. Each detector operates in its own virtual machine, so the technical incompatibilities and security issues are resolved. Some of the drawbacks deal with speed in handling the vol- ume of data. While CloudAV stores previously screened data, processing time is an is- sue. There is also the concern of the cloud provider’s level of security in and of itself. Regardless, several CloudAV providers are available in today’s market. Many of the existing operating systems come with antivirus software built in. Others may use application whitelistings (AWL) – as op- posed to blacklisting – as an integral part of the OS. Most people in the IT field are familiar with blacklisting because it is the technology used in almost every antivirus product in existence. It simply checks every new file on a sys- tem to see if it contains mal- ware. If malware is detected, it is blocked from executing and carrying out any damage. AWL is just the opposite. It will deny the execution of any application not previously and explicitly identified as “not malicious.” AWL offers more security primarily because it denies malicious code that has never been seen before (zero-day issues) and code that blacklists won’t recognize immediately. Security profes- sionals must keep in mind that there is considerable expense in the AWL game, not only with the initial purchase but with the internal man-hours required to make changes and test new patches and applica- tion updates on the servers. Another reason information security professionals are tak- ing a second look at antivirus protection is the “cost vs. rewards” to their respective organizations. The advent of malware insurance has offset the cost incurred by dam- ages from malware; however, there are also losses to one’s reputation and possibly even regulator y fines to consider. Couple this with the premise that no antivirus technology will guarantee 100 percent security, and government security professionals find themselves in a conundrum when faced with the task of providing cost-effective advice to senior executives. So, what is an agency to do? While the drawbacks of using antivirus are all valid, many agree that the technology should still be used as part of a “security-in-depth” approach. Maintaining an arsenal of so- phisticated security tools that protect the enterprise network from the “outside-inward” is still the preferred, balanced approach to security. Equally important, antivirus technol- ogy must be complemented with a good security education and awareness program along with other information secu- rity policies and procedures. • — Members of the (ISC)2 U.S. Government Advisory Board Executive Writers Bu- reau include federal IT secu- rity experts from government and industry. Lou Magnotti, Executive Writers Bureau member, was lead author of this peer- reviewed article. JUNIT BY (ISC)2 GOVERNMENT ADVISORY BOARD EXECUTIVE WRITERS BUREAU, LOU MAGNOTTI INDUSTRY INSIGHT Is antivirus software still relevant? No matter how useful antivirus software can be, its drawbacks are causing security professionals to take a second look at the alternatives. 20 GCN FEBRUARY 2015 • GCN.COM 0215gcn_020.indd 20 2/2/15 9:40 AM