Strengthening security posture: The case for using different antivirus products across your enterprise
Author : Lee Carter, Product Manager, Cyber Security, SolutionsPT
07 November 2023
In today's digital age, the importance of combined security cannot be overstated. Cyberattacks have become more sophisticated and prevalent, targeting not only personal computers but also industrial networks and operational technology (OT) assets. To safeguard critical infrastructure and sensitive operational data, organisations must adopt a multi-layered approach to security.
One vital component of this approach is the strategic use of different antivirus products across different security zones within the enterprise as well as the plant floor, creating an defence in-depth strategy that enhances overall cybersecurity.
We openly discuss zones and conduits in design reviews, but often overlook the same spirited approach when we consider end-point security.
When we speak to customers, we often find that they have taken the approach of ‘one size fits all'.
Does one size really fit? Let’s think of a similarity in the physical world by comparing a CCTV system vs a burglar alarm.
Both could sound an alarm if a door were opened or the scene changed, however, these solutions address the risk/threat in a different way to provide the same goal.
Understanding the ecosystem
Before exploring the benefits of deploying diverse antivirus solutions, it's crucial to understand the components of a typical ecosystem and their respective vulnerabilities:
Servers
Servers are the heart of any network, responsible for storing and processing critical data and applications. They are high-value targets for cybercriminals because compromising a server can have far-reaching consequences, including data theft, service disruption, and unauthorised access to sensitive information.
Workstations
Workstations are user-facing devices such as desktop computers, laptops, and even mobile devices connected to the network. While they may not store as much sensitive data as servers, workstations are often the initial entry point for cyberattacks, making them a key target for malware and other threats.
Operational technology
In industrial environments, OT systems control and monitor physical processes, including manufacturing, energy production, and infrastructure management. These systems are increasingly interconnected with IT networks, making them vulnerable to cyberattacks that can lead to physical damage, operational disruptions, and safety hazards.
Defence in depth
This strategy is a cybersecurity principle that emphasises the importance of using multiple layers of security controls to protect an organisation's assets. Deploying different antivirus products across servers, workstations and OT systems is a fundamental aspect of this approach, and here's why:
Diversified protection
No single antivirus product can offer comprehensive protection against all types of malware and cyber threats. By using different products, with different security features at different zones within your estate, you diversify your defences, increasing the chances of detecting and mitigating a wider range of threats.
Redundancy
In the event that one antivirus product fails to detect a specific threat or zero-day attack, having a second or even third layer of protection can act as a safety net, preventing the malware from infiltrating the network or causing damage.
Minimised attack surface
Cybercriminals often seek the path of least resistance in a network. By deploying different antivirus solutions, you create a more complex and challenging environment for attackers, making it harder for them to find vulnerabilities and weaknesses.
Customised protection
Every part of your enterprise ecosystem has unique characteristics and requirements. Servers, for instance, handle a vast amount of data and typically run critical applications such as databases, making them a prime target for advanced attacks. Workstations, on the other hand, are more diverse in terms of usage and user behaviour.
OT systems on the other hand may be running time-critical processes, often on legacy software and hardware. By using different antivirus products tailored to each context, organisations can achieve a more effective security posture:
Server-specific antivirus
Antivirus solutions designed for servers are optimised to handle the specific workloads and traffic patterns associated with these systems. They often include features such as enhanced performance, scalability, and support for virtualised environments and remote presentation of users such as RDP.
Additionally, server antivirus products prioritise server uptime and availability, reducing the likelihood of false positives that could disrupt critical operations. Some deployments require specific plugins or versions to protect certain applications such as mail servers etc.
Workstation-specific antivirus
Workstations are more susceptible to user-driven attacks, such as phishing and social engineering. Antivirus products for workstations often include features like web filtering and email scanning to provide an additional layer of protection against these threats. They are also optimised for ease of use and minimal impact on user productivity.
Operational technology antivirus
OT systems are unlikely to have web or email access and may have limited connectivity to enterprise solutions for updating. The prevalence of legacy hardware and software, many vendors no longer support installations for non-supported operating systems.
Key functions for industrial systems include a lightweight agent, legacy support, protection in offline environments, control of USB devices and the ability to enforce application whitelisting to deliver a fixed-function device.
Industrial networks and operational technology
In industrial environments, the stakes are higher, as cybersecurity breaches can lead to catastrophic consequences, including physical damage, loss of life, and environmental disasters. Deploying different antivirus products in these environments is not only beneficial but often essential:
Protecting critical infrastructure
Industrial networks control essential systems like power generation, water treatment, and transportation. Different antivirus solutions can safeguard these critical assets from malware that may target OT systems, ensuring operational continuity and safety.
In sensitive sectors, the use of different solutions at different security zones is standard practice.
Compliance and regulation
Many industries, such as energy and healthcare, are subject to strict regulatory requirements. Using diverse antivirus products can help organisations meet these compliance standards by providing robust security measures tailored to the unique needs of OT environments.
Isolation of threats
In the event of a malware outbreak in one part of the network, using different antivirus products can contain the threat and prevent it from spreading to other segments, minimising the impact on operations. This is more important in OT where AV signatures are considered changes and may not take place frequently if at all. This is why solutions that use artificial intelligence may offer a better level of protection.
Challenges and considerations
While using different antivirus products across different security zones offers substantial security benefits, it also presents some challenges and considerations:
Management overhead
Managing multiple antivirus solutions can be complex and resource-intensive. Organisations should invest in central management tools and skilled personnel to ensure efficient operation.
Compatibility
Compatibility issues between different antivirus products can sometimes arise, potentially leading to conflicts and operational disruptions. Thorough testing and proper configuration are essential to mitigate these risks.
Cost
Deploying multiple antivirus products incurs additional licensing and maintenance costs. However, the investment is often justified by the increased security posture and reduced risk of cyberattacks.
Is it right for me?
In an era of increasing cyber threats and attacks, combined security must be a top priority for organisations of all sizes and industries. Deploying different antivirus products across servers, workstations and operational technology is a strategic move that can significantly enhance network security through a defence in depth approach.
At SolutionsPT, we look to address and customise protection for each part of your digital ecosystem so organisations can minimise risks, reduce their attack surface, and safeguard critical assets. While this approach may require additional resources and management, the benefits of enhanced security and resilience make it a wise investment in the ever-evolving landscape of cybersecurity.
Contact Details and Archive...