Why Legacy AV Is an Easy Target for Attackers

Legacy antivirus software is no match for today’s adversaries. Modern endpoint security keeps you ahead of evolving threats.

If you still rely on legacy antivirus software to stop modern cyberattacks, this post is for you. 

Today’s adversaries are relentless. While many threat actors have adopted newer techniques such as data extortion, identity-based threats and in-memory attacks to achieve their goals, some continue to rely on tried-and-proven threats — and legacy software is no match for either. 

Data from ESG shows that even as new threats emerge, ransomware in particular remains a serious problem for many organizations. In “Ransomware Preparedness: Insights from IT and Cybersecurity Professionals,” 620 IT and cybersecurity practitioners from midsize and enterprise organizations responded to the survey: 

  • 79% had been attacked by ransomware in the previous month
  • 1 in 3 were hit multiple times
  • Over half admitted to paying a ransom, yet only 1 in 7 received full data restoration

Organizations must accept two immutable truths when it comes to modern cyberattacks: You face persistent and rapidly evolving threats, and to secure your estate, your defenses must adapt at a pace that matches or exceeds the speed of adversaries’ evolution. 

Many legacy security technologies struggle to keep up. This is especially true for antivirus (AV) software, which is notoriously sluggish due to its overreliance on signatures, hardware dependencies and the need to deploy new agents to implement new defensive capabilities.

In this blog, we dig into what legacy AV is, why it can’t handle today’s threats and four ways modern endpoint security provides superior protection.   

Why Doesn’t Legacy AV Work? 

Legacy AV uses strings of characters called signatures that are associated with specific types of malware. Using these signatures, AV software is able to detect and prevent attacks leveraging different forms of malware. However, this approach is becoming obsolete as sophisticated attackers have found ways to evade legacy AV defenses, such as by adopting fileless attacks, which now comprise the vast majority of cyberattacks

Legacy AV security also leaves organizations locked into a reactive mode, only able to defend against known malware and viruses cataloged in the AV provider’s database. When signatures were first introduced, this approach was state-of-the-art. But today, with the average adversary breakout time down to only 79 minutes, a reactive defense that depends on time-intensive scans or signature updates puts organizations behind many attackers.

eBook: Five adversaries targeting legacy AV and how to stop them

Making matters worse, legacy AV software also lags in time-to-value, with the average deployment taking three months. This timeframe is necessary because legacy AV often relies on hardware to be installed on-premises. Moreover, once installed, most legacy solutions require quite a bit of tuning and manual configurations to be fully functional, adding to the operational burden of managing and updating legacy security tools. 

Even once up and running, the footprint of legacy AV on the endpoint can be significant due to the continuous addition of security capabilities that bloat agents and include resource-intensive approaches to memory scanning, both of which negatively impact endpoint performance. The reliance on signatures means that signature databases must be updated constantly to include the latest additions. These updates consume a great deal of resources and time. Worst of all, the moment an update is completed, it’s often already out of date.

How Modern Endpoint Security Is Different

The answer to modern cyberattacks is a proactive defense that detects and stops evolving threats developed to bypass legacy systems. At CrowdStrike, we call this modern endpoint security, and it consists of next-generation antivirus (NGAV) and endpoint detection and response (EDR), delivered from a modern, unified platform.

CrowdStrike Falcon® Prevent is a cloud-native NGAV solution that offers a modern, adaptive AV replacement. It’s more effective against threats, has virtually no impact on endpoints and can be deployed and fully functional across tens of thousands of endpoints within minutes — while also being easier to manage and maintain.

CrowdStrike Falcon® Insight XDR unifies industry-leading endpoint detection and response (EDR) and extended detection and response (XDR) to deliver continuous, comprehensive visibility that spans detection, investigation and response to ensure nothing is missed and potential breaches are stopped.

Here are four reasons why organizations prefer modern endpoint security over legacy AV.

  1. Superior protection

Modern endpoint security uses sophisticated prevention methods such as AI to eliminate the sole reliance on signatures to detect malicious activity. Compared to legacy AV, security platforms built on cloud-native architectures, with extensive R&D investments, advanced memory scanning, behavioral analysis and access to the latest intelligence, are much better positioned to stay ahead of adversaries.

  1. Immediate value

As a cloud-native SaaS solution, modern endpoint security eliminates the on-premises infrastructure complexity of the past. Deployed in minutes with no reboot required, the Falcon platform works from Day One without requiring custom tuning, is automatically kept up-to-date and operates without interrupting your existing AV while you migrate.

Watch this episode of Under the Wing: Simple. Fast. Easy. How Deployments Should Be

  1. Minimal impact to endpoint performance

All Falcon platform modules are designed to employ a single, lightweight agent that is unobtrusive in nature, has a minimal impact on the endpoint and enables organizations to seamlessly deploy new defenses without requiring additional agents. The unified Falcon platform stops breaches by delivering comprehensive visibility and protection across all key attack surfaces, including endpoints, workloads, data and identity.

  1. Lower total cost of ownership

Organizations may focus on short-term savings without factoring the long-term costs associated with on-premises solutions. These costs may include hardware and software maintenance, upgrades, reduced endpoint performance and staff inefficiency. Then there’s the potential cost of a breach: business interruptions, exfiltrated data recovery, ransom payments and damage to company trust and assets — which quickly adds up. When you consider all of these factors, modern endpoint security often delivers a lower total cost of ownership than legacy AV.

Customers Who Made the Switch

Customers who made the switch from legacy AV to modern endpoint security describe it as a paradigm shift in how they think about security, their role and how they interact with the tools. 

Cushman & Wakefield, a commercial real estate firm, needed protection from social engineering email attacks and a way to secure its increasingly distributed workforce. The firm swapped its legacy security platform for CrowdStrike and was able to extend visibility, secure its endpoints, automate updates and receive actionable alerts to stop breaches.

Berkshire Bank was facing the growing threat of identity attacks and increasing costs associated with managing legacy AV tools. With CrowdStrike, the bank was able to strengthen its EDR capabilities while reducing the operational overhead of time-consuming updates.

A major real estate company wanted to sunset its legacy AV software for two reasons: to improve its security posture and reduce operational overhead. By consolidating to the Falcon platform, the company gets NGAV, EDR and 24/7 managed threat hunting for a similar cost as its previous legacy systems, with better security and performance.

Improve Your Security Posture

Legacy AV is ill-equipped to handle a new generation of rapidly evolving threats. With adversaries actively exploiting legacy AV and improving their cross-domain efficiency, make the switch to modern endpoint security today to immediately improve your security posture.

Additional Resources

Related Content