I was at my local supermarket the other day, walking down the canned food aisle, and I saw 21 different brands of peas. Yes, peas. They are all grown under essentially the same conditions in the same way, yet there are dozens of brands all of which vary in price. I then turned the corner and came to the water aisle. An entire aisle dedicated to water, something we get for free when we turn on our faucets. Athletes across the globe advertise different brands of water – which they deem the best – to the point where according to PR Newswire, the bottled water industry reached over $117 billion in 2013. It’s FREE in just about every household. I do understand there is a psychological aspect to it; even in my mind, bottled water does taste different, but it begs the question how much is it really worth? It happens all the time: people pay more for items that they perceive to be of better quality. This is the basis of brand equity. Consider consumers paying $4.00 for a gallon of milk, when they can buy store-brand for $3.00, which in actuality is the same exact milk (which really is no secret). I can’t help but relate this situation to the AV market.
You’re probably asking what the entire first paragraph has to do with AV. Well, I’ll tell you.
NSS Labstested 13 popular endpoint security suites to measure their effectiveness in protecting Windows computers against exploits. Based on market share, the key findings concluded that with a few notable exceptions, endpoint products do not provide adequate protection from exploits, noting the following:
- Between 65% and 75% of the world is poorly protected
- 75% to 85% of organizations in North America are poorly protected
- Keeping AV software up-to-date does not equate to protection, as evidenced by coverage gaps for vulnerabilities several years old
Despite the fact that most of these AV solutions are comparable in that they only detect a certain percentage of threats, organizations are continuing to invest in those costlier options, which still cannot catch everything on the endpoint.
I get it, companies need AV of some form, but do they really need to be paying the same as they did the previous year? Is it as effective as it was last year? The question I pose is this: who pays the same or doesn’t look for alternatives when something becomes less effective over time? AV went from a critical, “willing to pay for that bottle of water” type of technology, to “the tap is good enough.” It’s no longer frontline technology. As an analogy, it would be like using a bottle of Fiji water to boil a pot of water for spaghetti – nobody does this, because tap water is good enough. Plus, there are solid free AV options. You can evaluate which are the better solutions using free AV tests.
Perimeter defense is old school. I’m not saying leave the door open, but just understand most people already have the key to it. Don’t stop using AV, but stop paying for it. Combine a free AV solution with an endpoint detection tool, which will allow you to capture all of those threats that no AV – regardless of how much you pay – will ever detect and remediate on its own. You’ll get the best of both worlds.