I was recently tasked on bypassing Microsoft's Windows Defender for a demo video on a Next Gen Endpoint Security Solution.
Whilst performing this research I discovered how easy it was to bypass every Antivirus (AV) solution on the market including the higher performing solutions like ESET and Kaspersky.
The reason they can be so easily bypassed is due to the way they detect malware. AV relies heavily on signature detection and the heuristics they use can also be bypassed by avoiding certain behaviour and using different Windows API calls.
Security is a layered approach and I am not saying that Antivirus has no value at all, it can certainly not be relied upon though. Anti-virus solutions are recognised as contributing to an effective cyber defence. However, the technical limitations of most anti-virus products means they should only ever form one layer of a multi-layered defence. Too many organisations - especially Small businesses - place too much trust in Anti-Virus solutions alone.
The best technical solution is to implement Next Gen Endpoint Solutions like Cybereason as they are able to pick up on file characteristics such as obfuscation, encryption and entropy. This rules out the ability for an attacker to use packers and file crypters to easily get known malware through every AV solution on the market.
User awareness training is also vital in preventing phishing attacks that deploy new strains of malware.
More than four years ago, Symantec, the company that dominated the antivirus market suggested that “antivirus is dead.” Zero-day threats, social engineering, attackers changing malware signatures more frequently, and other more advanced tactics have replaced many of the attacks antivirus systems used to detect and quarantine.