Why the best antivirus software isn't enough (and why you still need it)

Antivirus software can’t keep up with new malware or variants of known malware, but it still plays a role in an overall endpoint protection strategy.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Traditional signature-based antivirus is notoriously bad at stopping newer threats such as zero-day exploits and ransomware, but it still has a place in the enterprise, experts say, as part of a multi-layer endpoint security protection strategy. The best antivirus products act as the first layer of defense, stopping the vast majority of malware attacks and leaving the broader endpoint protection software with a smaller workload to deal with.

Antivirus products create a signature for each piece of malware that is detected in the wild, but it requires someone to be infected to get the process started. "And, once an antivirus company does this, it could be days or months for all endpoints to be properly updated with the correct signature," says Ed Metcalf, senior director of product marketing at Cylance, Inc. "By this time, a cyber attack could easily spread throughout an enterprise and cause damage or steal data."

Research reveals the changing role of antivirus software

According to a survey of last year's Black Hat attendees, 73 percent think that traditional antivirus is irrelevant or obsolete. "The perception of the blocking or protection capabilities of antivirus has certainly declined," says Mike Spanbauer, vice president of strategy and research at NSS Labs, Inc.

Plenty of recent research supports that point of view. In September, security company