Don’t Ignore Workloads When Replacing Legacy AV

Don't Ignore Workloads when Replacing Legacy AV

Why Workload Protection Should Be a Key Requirement When Modernizing AV 

Replacing legacy antivirus (AV) is not an apples-to-apples decision. So much has changed with the threat landscape, but also with how modern corporations store data and run applications. This means there is a lot more to consider for your security programs than just preventing malware on user devices. One of the most important considerations in this time of digital transformation is minimizing risk across your organization’s increasing cloud workload environment. 

AV Protection Is No Longer Just About the Application 

A decade ago, security was all about applications that were deployed on a desktop with a user accessing each individual instance. The security focus was within the application code. Historically, one way to ensure security of applications was to use AV to prevent malware from running on the endpoint that the application was hosted on. 

Enter cloud-based applications. Hosting applications in the cloud makes them more accessible to employees—but it innately also makes them more accessible to cyber criminals. This adds a new level of complexity to security since cloud applications are more dynamic than those operating on endpoints or end user devices.  

A cloud-based application may move through multiple environments and cannot work without all of the parts of the workload functioning properly. Securing and monitoring each part of the workload is now an additional part of securing your business. Traditionally, antivirus solutions don’t provide visibility into vulnerabilities that exist across cloud environments that could be exploited. Nor do they track activities that are occurring that may be unwanted. 

Not always control of, or visibility into, the environment(s) that the workload moves through adds to the complexity for security operations teams. 

Workload Protection Makes AV More Effective 

Modern security solutions often leverage behavioral analytics or machine learning, allowing you to be much more effective at stopping known and unknown attacks. This is a step in the right direction. But there’s more to preventing attacks than identifying risky behavior in the moment. There’s also the work that can be done ahead of time to prevent attacks such as setting rules for safe executions with whitelisting. 

Similarly, there are steps that can be taken to proactively identify vulnerabilities and harden workloads. However, configurations change so frequently that point-in-time vulnerability scans are quickly inaccurate. Workload security that is an active part of protecting against threats involves running ongoing assessments to track IT hygiene, find vulnerabilities and prioritize based on risk. This is critical to be able to reduce the attack surface area in a more proactive way—which means more attacks are prevented. 

Workload security not only gives administrators more power to take action and remove risk, but it also addresses a security gap that many modern AV solutions miss by focusing just on preventing malware. Workloads are a black hole for most security teams. They either don’t have access to tools that can surface vulnerabilities or they don’t have the knowledge and privileges to fix them. Endpoint security alone isn’t providing the information needed to the individuals who can truly make an impact on your security posture. It just makes sense that workload protection should be adopted alongside any next generation AV solution to ensure that your monitoring investment will be actionable and make the biggest impact to reducing attacks. 

Why Replacing AV is the Perfect Time to Add Workload Protection 

One of the biggest frustration organizations have faced as they add new security solutions is agent overflow or sprawl. This results in organizations having too many disparate, stacked agents all registering on the same set of events robbing you of critical system resources. Along with performance degradations, this is a pain to manage and leads to increased complexity that in itself can open your organization up to additional threat vectors. One of the biggest benefits you can get from thinking about workload protection during your AV replacement is to consider a solution that is agentless for workload monitoring. Workload protection can be built right into the virtualization layer, thereby eliminating the need for adding agents. 

Sharing a common understanding of vulnerabilities across applications and workloads is a key piece to helping all IT functions to work together to prevent attacks. With a shared data stream, administrators can easily prioritize vulnerability fixes and asset hardening while having the confidence that they are making the best impact possible for security. Similarly, the security team will be able to focus more on proactive prevention and detection knowing that administrators are doing their best to mitigate risks from insecure workloads. 

As an example, having complete visibility into blocked and detected attacks showing what happened, where it came from, and which machines were affected is great for security teams. When administrators also have this information, they can securely allow remote shell access into any protected server to perform full investigations and remediations quickly. Utilizing workload protection in combination with modernized endpoint protection is a more intelligent way to monitor and understand the behavior of your applications and workloads, and to protect them accordingly. 

Thinking more broadly about the AV replacement will allow you to cover more ground with less agents, bridge the gap between operations and security teams, and fundamentally prevent more attacks. 

Action Items to Bring Workload Protection into the AV Decision 

Taking a more comprehensive look at AV and application security means also considering workload protection. Consider taking the following actions to get up to speed on how workload protection can be partnered with next gen AV for greater success. 

  1. Learn about migrating from traditional AV to modern endpoint protection with this on-demand guide
  2. Watch this webinar on securing workloads as it explains how it works in conjunction with next gen AV as well as in modern cloud environments such as Kubernetes.  
  3. Read up on the VMware Carbon Black solution for workload protection in modern data centers. Includes data sheets and case studies. 
  4. Are you a vSphere user? If so, you can run a proof of concept to secure your vSphere workloads and get a taste of how much can be improved for overall AV protection.  

If you want to improve your protection against attacks now and into the future, it can’t be done with AV alone. You also need to plan for workload protection across multiple cloud environments. The time is right to consider options that get you visibility into multiple environments while consolidating and acting on security alerts from one dashboard.