For years, companies have relied on antivirus (AV) software to help detect, prevent and remove malicious code before it becomes a problem.But standalone AV is no longer effective at stopping today\u2019s increasingly sophisticated barrage of key loggers, backdoors, rootkits, Trojan horses, worms and spyware.\u201cIt is clear that traditional signature-based anti-malware solutions are increasingly ineffective,\u201d says Gartner analyst Neil MacDonald. \u201cIn cases where an enterprise is subject to an advanced targeted attack, it may provide no protection at all. [And] in cases where the end user is targeted directly, runs with full administrative rights on their PC and is tricked into running some kind of Trojan, traditional anti-malware solutions are of little value.\u201dSo why do companies still use it?There are several reasons why AV is still deployed on enterprise endpoints. The first is simply because antivirus is required for legal and compliance reasons.+ ALSO ON NETWORK WORLD: New weapons offer hope against advanced cyberattacks +All companies \u201cstill need to have something they can call \u2018anti-virus\u2019 on their checklist,\u201d says Adrian Sanabria, senior analyst in the Enterprise Security Practice at 451 Research.\u201cRegulated businesses simply have no choice, as compliance requires it. Unregulated companies would look irresponsible and might face lawsuits and could have problems collecting on breach insurance if they didn\u2019t use AV,\u201d he adds.Secondly, even though AV doesn\u2019t catch everything, it still provides some level of protection.It is clear that traditional signature-based anti-malware solutions are increasingly ineffective.Gartner analyst Neil MacDonaldAV is still required \u201cbecause there is so much malware out there,\u201d says IDC analyst Charles Kolodgy. \u201cMicrosoft has done studies to show that computers without any AV are infected at a much higher rate than computers with AV\u2014irrespective of what brand.\u201dIf a PC user with no AV software normally surfs the Internet for a week, \u201cI would expect that there is a high probability the computer will become infected with a basic piece of malware that would be easily stopped by AV,\u201d Kolodgy says.\u00a0He recommends that \u201cstandard signature AV should be one part of a more comprehensive endpoint security solution.\u201dAnother scenario where AV is appropriate is \u201cwhen you believe the risk to your endpoints is very low because of the purpose of those devices, how they are connected to a network and what additional security solutions are around those devices,\u201d adds Kolodgy.MacDonald agrees that AV still has a role to play. \u201cIf you have a signature that can identify an attack and can prevent it, by all means use it. What is clear is that won\u2019t always be the case. You must assume that some percentage of attacks will get past traditional signature-based defense mechanisms so additional protection capabilities are needed\u2014most notably the ability to monitor for unusual behaviors at endpoints that would be indicative of an attack.\u201dHow are traditional AV vendors adapting?The key question going forward is what new capabilities providers of AV will build into their products to make them more comprehensive.\u201cI don\u2019t think in terms of just anti-virus any more,\u201d adds Kolodgy. \u201cYes, there are still just pure AV products, but they are not what the vast majority of people are looking for.AV software is becoming more about suites that include desktop AV, host intrusion detection, desktop firewall, applications control and vulnerability monitoring, Kolodgy says.Although much of the change in the AV market is being driven by newcomers, the established vendors -- Symantec, McAfee, Kaspersky, Bitdefender, Sophos and Trend Micro \u2013 aren\u2019t sitting idle.\u201cThe traditional AV players are working very hard to incorporate advanced endpoint security technology into their existing products,\u201d Kolodgy says. \u201cThe challenge for the existing vendors is they have to incorporate the changes into their existing code base and make it manageable, again tied to their existing management consoles.\u201d+ ALSO: Death of antivirus software greatly exaggerated +The incumbents \u201chave all made efforts to evolve with the changing industry,\u201d Sanabria says. \u201cI think they need to do more to disassociate with traditional AV though, and leave that old moniker behind. In some cases, it isn\u2019t that the newer vendors are the only ones using new approaches and techniques to detect and stop malware, it is that their marketing and brand doesn\u2019t associate them\u201d with traditional AV products.What are the alternatives?Sanabria divides the AV market into three main categories: traditional, endpoint protection and incident response. \u201cThe traditional stuff can\u2019t keep the bad guys out, because the bad guys have access to traditional AV,\u201d Sanabria says. \u201cThey simply make sure it doesn\u2019t catch their malware before they release it.\u201dEndpoint protection products are much more effective at stopping malware, Sanabria says, \u201cbut mostly aren\u2019t as good at removing it, so most of them don\u2019t claim to replace traditional AV yet.\u201dSimilarly, products focused on incident response aren\u2019t that effective at remediation, so they\u2019re seen as being complementary to other AV offerings, he says.\u201cWe don\u2019t yet know exactly how the anti-malware market is going to play out, but I think it will be a combination of AV morphing into something more effective\u2014either through internal development work or acquisitions,\u201d Sanabria says. \u201cWe have definitely seen the end of AV as we know it, though in this new age we\u2019ll still see the old techniques and signatures being used by some vendors as complementary to newer techniques.\u201dExperts say much of the innovation in the market is being driven by players, such as Webroot, Bit9\/Carbon Black, Bromium, Triumfant, Invincea, Countertack, Cylance and Crowdstrike.\u201cOne of the more successful vendors at this point has been the merger of Bit9 and Carbon Black, with Bit9 providing the more traditional application control solution and Carbon Black with the EDR [endpoint detection and response] component,\u201d MacDonald says.\u201cCombined, they provide both a prevention and detection capability.\u201dOther technology advancements in the field are sandboxing, memory monitoring, virtual containers and machine learning. \u201cThe nice aspect is with the variety of potential technologies it becomes more difficult for attackers to create malware that is undetectable,\u201d Kolodgy says.Some of the newer vendors are making new anti-malware technology available to consumers and not just businesses, Sanabria says. That will help address the security needs of growing BYOD programs.What should your strategy be?Regardless of what the AV vendors are doing and what happens in the marketplace, IT, security and risk managers need to take a more proactive, layered approach to protecting their organizations against today\u2019s advanced security threats.They need to do this by using technologies that address the expanding attack surface present on many employee endpoints and servers, says Chris Sherman, an analyst at Forrester Research.In a 2014 report he authored on the AV market, Sherman recommends that companies consider layering multiple endpoint tools to minimize the attack surface and meet the different demands of servers and endpoints.A growing number of organizations are looking to replace their third-party AV tools with native operating system AV augmented with third-party alternatives such as application whitelisting, application privilege management, application integrity protection, endpoint execution isolation, and endpoint visibility and control, the report points out.By re-evaluating the role of AV within their overall information security strategy\u2014without necessarily eliminating it\u2014companies can best prepare themselves for today\u2019s and tomorrow\u2019s threats.Violino is a freelance writer. He can be reached at firstname.lastname@example.org.