Carbon Black & VMware Announce Expanded Partnership to Secure the Software-Defined Data Center (SDDC) Learn more

Replace Antivirus with NGAV, Stay Compliant

coalfire_cb_defense
Chris-Strand
November 1, 2016 / Christopher Strand

Many organizations are very unhappy with their traditional antivirus (AV) products. At the same time, there’s concern within these organization’s that if they try to replace AV, they will fail to meet compliance requirements. That’s no longer a concern with Cb Defense.

carbon_black_coalfire_thumb_1026-1Today, we announced that Cb Defense, Carbon Black’s next-generation antivirus (NGAV) solution, is the only NGAV to prove complete antivirus (AV) efficacy to directly meet Payment Card Industry Data Security Standard (PCI DSS) Requirement 5, providing organizations with the ability to replace traditional antivirus and stay compliant.

Coalfire Systems, a leading assessor for global PCI, compliance and IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities measured Cb Defense against the most comprehensive PCI DSS AV testing done in the market today.

Coalfire tested Cb Defense against all sections of Requirement 5 (the PCI DSS AV requirement) and provided proof of AV-efficacy for each one.

According to Coalfire’s PCI DSS requirement-coverage matrix, Cb Defense directly met the technical requirements of all anti-malware security controls listed in Requirement 5 of the standard and provided additional support for sections requiring merchant or manual action.

Requirement 5.1:  

Cb Defense detects all known types of malicious software.
Cb Defense removes all known types of malicious software.
Cb Defense Protects against all known types of malicious software.

Requirement 5.2:

Cb Defense ensures all AV mechanisms are maintained by keeping current, offering proof of endpoint analysis and security control and generating audit logs.

Requirement 5.3:

Cb Defense has tamper protection and can enforce policy and procedures.

Getting Ahead of the Compliance Curve with NGAV

The PCI Security Standards Council is continuing to evolve the PCI DSS.  It redefines many requirements to strengthen and enhance the baseline security controls in place to protect critical data. This includes strengthening the AV stipulation as well as encouraging defense in depth.  Regardless of the enhancements and updates to that requirement, anti-malware within PCI and other regulations will not be going away anytime soon.

NGAV is well positioned to become a strong direct security control to coincide with the gradual enhancement of the old PCI AV requirement as well as to help satisfy the increased defense necessary to protect critical data.  Enterprises that embrace and employ a NGAV solution will be well ahead of the curve as they will already have a thorough (and perhaps mandated) technology in place.

Having been associated and involved with the PCI community and the standard since it’s inception in 2006, I can tell you that the trend is to continue to reassess and strengthen the baseline controls to ensure that they are up to the challenge posed by the evolving threats targeting card data environments. NGAV is the next logical next step in ensuring thorough threat protection for that requirement.

Security Control vs. Compensating Control

Many NGAV companies say that their NGAV solution meets PCI DSS Requirement 5 anti-malware security-control obligation.  As a decision maker and a former security assessor, I would challenge these organizations to show me evidence that they can directly meet the standard.  If they are validated as a compensating security control, your internal security auditors will challenge the validity and efficacy of the solution and will require business and technical proof beyond a doubt that the control is indeed doing what it is supposed to do.

To that end, Cb Defense shows superior capabilities when compared to many other NGAV solutions due to its deep-analytic approach to inspecting files and identifying malicious behavior to block both malware and increasingly common malware-less attacks that exploit memory and scripting languages, such as PowerShell, and its ability to automate audit logs.

The Coalfire attestation report supports and provides proof that Cb Defense is indeed a direct control and will allow you to replace your current antivirus solution and stay compliant without challenge.

coalfire-report-html-thumb

For more information about Cb Defense and PCI DSS, click here. 

DraftKings Replaces AV with Lightweight Cb Defense

DraftKings recently replaced their traditional antivirus solution with Cb Defense. DraftKings evaluated several competing, next-generation solutions and Cb Defense won out. Of the solutions DraftKings vetted, they felt that most of them affected the usability of their endpoints. With Cb Defense, their developers didn’t even notice the software running in the background.

“The best part about working with Carbon Black is the insight that it gives us to the behavior of our endpoints,” said Trevor Albrecht, Desktop Support Manager at DraftKings. “It gives us a better idea of what our network looks like and what traffic to look for to better identify attacks. The lightweight agent is probably the biggest asset that the Cb Defense agent has. Our users feel like they’re not even running any kind of antivirus or endpoint security because they don’t see the drags that they would see on a daily basis with our prior solution.”

 

TAGS: Carbon Black / Coalfire / compliance / PCI DSS

Related Posts