Spoiler: Legacy antivirus (AV) is no longer capable of stopping adversaries. Modern endpoint security is required to stop breaches — period.*
Where Legacy AV Went Wrong?
Legacy antivirus (AV) technology is outdated and ineffective against modern cyber threats. It is slow to implement, resource-intensive, and relies on signatures that can't handle fileless attacks or new malware, which now constitutes 71% of threats. Despite efforts to improve with behavioral analysis and machine learning, these additions have been poorly integrated, creating a cumbersome system that quickly becomes obsolete. Modern endpoint security is essential to effectively stop breaches and keep up with evolving adversaries.
How Adversaries Evade Legacy AV?
Adversaries are shifting away from using malware as their primary entry method. Although malware is still a major threat, with 560,000 new pieces detected daily and over a billion in existence, it is now more commonly used later in the attack process. CrowdStrike research highlights this shift, indicating that new strategies are being employed to evade legacy antivirus systems.
7 Defense Evasion Techniques Legacy AV Can’t Stop:
Adversaries use various techniques to evade legacy antivirus (AV) systems:
Impairing defenses: Modifying or disabling defense mechanisms like firewalls and AV.
Removing indicators: Deleting or altering evidence of their presence.
Subverting trust controls: Undermining security controls and trust mechanisms, such as modifying registries or using stolen code-signing certificates.
Hijacking execution flow: Running malicious code by hijacking the normal execution of programs.
Injecting code into processes: Executing malicious code within other processes to evade detection and elevate privileges.
Proxying execution with system binaries: Using trusted binaries, often Microsoft-signed, to run malicious content.
Masquerading: Making malicious artifacts appear legitimate by manipulating names, locations, or file metadata.
Make the Switch: Modern Threats Require Modern Endpoint Security
Adversaries have evolved and devised numerous ways to evade legacy AV. If you want to protect your organization, you need modern endpoint security. CrowdStrike is the industry leader in modern endpoint security. CrowdStrike Falcon® Prevent is the new standard in NGAV, delivering superior protection from malware, exploits, malware-free intrusions and advanced persistent threats. CrowdStrike Falcon® Insight XDR endpoint detection and response delivers continuous, comprehensive visibility that spans detection, investigation and response to ensure potential breaches are stopped. All CrowdStrike solutions are deployed on the CrowdStrike Falcon® platform using a single lightweight agent. This integrated approach spans endpoint, identity, cloud and threat intelligence — allowing you to easily expand your protections as adversary TTPs evolve.
*Source: CrowdStrike eBook: Modern Adversaries and Evasion Techniques: Why Legacy AV Is an Easy Target? If you would like to download the full eBook, click the button below: