First AntiVirus was shown to have easy bypass methods, and now the new AI AntiVirus has been proven to have similar issues as shown by Skylight Cyber researchers with Cylance:
https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware
Now they only tried cylance but it is only a matter of time for similar techniques to be used and shown effective against other AI based antivirus such as Carbon Black or crowdstrike.
The challenge is using past flawed information to make future decisions, is inherently going to be flawed. This is the reason the US government, the FBI, the Australian government all recommend Application Whitelisting ahead of AntiVirus.
ShellProtect is an example of an Application Whitelisting solution, that works based on a predetermined list of what is allowed or disallowed. The disadvantage is that Application Whitelisting requires a little updating so new software may need to be added to the list before it can run. The question to ask your business is which would you prefer a couple of minutes inconvenience for new software or the high risk of having all your logins and files stolen by undetected malware?
Now if you need help picking which security products to use and know which ones have been tried and failed to provide sufficient security then contact us.
