//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Conventional AV Systems Can Actually Harm You


Palo-Alto-Networks-Logo

There’s barely a day goes by when I’m not reading another batch of stories about how unsuitable conventional endpoint AV security is for dealing with modern malware, APTs, zero-day threats and so forth.

So replete are these tales of woe that it’s almost possible to switch off from the basic fact that in this uber-connected, cloud-enabled, everything-as-a-service, internet-of-thingamajigs world, most conventional endpoint AV systems are impotent and probably do more harm than good. I write almost, but not quite, because every now and again the occasional story jumps off the screen and gives you that all important wake-up call.

One such story that came to light a few weeks ago, centered around an Adverse Event Reportpublished by the U.S. Food and Drug Administration (FDA). Wherein, a patient (not named), undergoing a cardiac catheterisation procedure at a US Hospital (also not named) had to be sedated, mid-operation, for five minutes, while the procedure was suspended following the system crash of a vital piece of monitoring equipment.

The system in question monitors, measures and records patient data during cardiac catheterization procedures. The system is made up of a patient data module, used to capture the patient’s vitals, and a hemo monitor PC to display them. The two elements are connected via a serial interface.

During this particular procedure the monitor PC lost communication with the patient data module resulting in a black screen on the monitor and the patient having to be sedated while the system was rebooted. As the FDA report describes, the cause of this blackout was attributed to the installed conventional AV software, which at a critical point in the procedure initiated a scan of the system.

Although the system could be rebooted and the patient fortunately survived it got me thinking about the real-life harm a conventional AV could do to me. Quoting from the Manufacturers Narrative in the FDA Report, “Our experience has shown that improper configuration of anti-virus software can have adverse effects including downtime and clinically unusable performance.” So, although I may be sensationalizing the FDA’s paragraph a little, I’m not feeling that confident after reading the manufacturer’s narrative. Let’s face it: the team performing a standard cardiac catheterisation procedure is not likely to include an IT security engineer who can be called upon at a moment’s notice.

Could this scenario have been avoided with an Advanced Endpoint Protection system? The answer is probably yes. Traps, our advanced endpoint protection product, is not a conventional AV system — indeed, it’s a paradigm shift from “the way things used to be done.” Traps secures endpoints by preventing known and unknown malware and exploits from executing by focusing on blocking the few, core techniques used by attackers rather than application-specific characteristics. Furthermore, It does this in a lightweight, nonintrusive agent that definitely does not rely on system scanning.

Learn more:

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,682 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,533 other followers

Twitter Updates

Archives

June 2016
M T W T F S S
« May   Jul »
 12345
6789101112
13141516171819
20212223242526
27282930  
%d bloggers like this: