Antivirus software is a set of software tools designed to prevent, identify, and potentially remove malicious programs from running on endpoint systems. Traditional Antivirus Software, also known as Legacy AV, was initially developed as an endpoint security tool to help mitigate the damage that could be accomplished from the outbreak of a computer virus. This occurs by scanning systems to any matches with known virus signatures. Once a virus is detected it can be blocked from execution or even deleted depending upon the Antivirus software used.
The proliferation of computer viruses and other malicious software has made the use of antivirus software an essential part of any environment’s defense strategy. Antivirus is often considered the first line of defense, detecting and preventing many commonly seen viruses from infecting your systems. Used in this way, antivirus software then allows your security team to focus on identifying and resolving malicious activity that is generally not caught by such a tool.
Legacy antivirus focused on scanning endpoints for matches against a listing of known virus signatures. This was initially effective but lead to additional concerns. Scans could often take long periods of time and were often taxing on systems resources which leads to performance degradation. Infections could also occur between scans or may go undetected if the signature database was outdated or incomplete.
This led to a redesign in antivirus software, which is incorporated into endpoint protection platforms, aimed at quickly identifying and preventing a larger range of malicious software, or malware. This next generation of antivirus software expanded detection capabilities beyond simple signature scanning and instead made use of new technology such as machine learning, behavioral analytics, and anomaly detection to identify and block malware. Current antivirus software is now able to perform these defensive actions even if a signature of the malware is question is unavailable.
As the first line of defense for many networks, modern antivirus solutions should include a necessary set of capabilities to ensure endpoint protection.
