Netflix Ceases Antivirus Use: Our Analysis
Around 26 August 2015, Forbes reported that Netflix was moving away from using antivirus on their internal workstations. This quickly trended across multiple social media outlets and obviously ruffled the feathers of many security practitioners. Below, I discuss why senior management may have made the decision and the possible outcomes of this decision in addition to (depending on how you see it) spoiling the headline.
“Netflix Ceases Antivirus Use” was an announcement essentially denouncing antivirus software (per se) citing the software’s lack of signature (in non-technical terms: the file that tells the software what it’s looking for) update responsiveness and the fact that at any given time, only 51% of antivirus solutions pick up malware (Forbes, 2105). Truth be told, they implemented SentinelOne EPP, a “Next Generation Endpoint Security Solution.”
Netflix is considered an innovator in the tech industry. When the headline of “Netflix Ceases Antivirus Use” is noticed, many companies will follow suit. The issue is that some companies will not read the story and will ditch the software without a viable replacement. Hopefully, they will be the extreme minority.
Furthermore, this will also force the antivirus software providers to adapt to this or go under/specialize elsewhere. As the tech industry witnessed after it became evident that Netflix used Amazon’s cloud, other companies followed suit. This will be no different. SentinelOne will see a huge surge in business. If this was a blog about the stock market, I would be asking if SentinelOne is public and/or how can I invest?
I see reluctance from other PCI, HIPAA, and FISMA regulated organizations in the near future. The rationale is that these regulations are not updated often; sometimes annually, others are updated every 5 years or longer. While organizations under these compliance schema may want to implement something like SentinelOne EPP, their PCI QSA (for example) may not see this as an adequate implementation of malware protection, thus voiding defense in-depth, and not approve their compliance documents.
While that is a rather extreme scenario, it is not unbelievable, as personnel in auditing positions can sometimes be behind the curve of technology and reluctant to accept new technologies as “secure.” I recall my time as a Federal IT Auditor, some of my colleagues weren’t exactly “thrilled” with cloud architecture and in turn, didn’t want to grant it a favorable risk acceptance decision, despite the requirements being met. In hindsight, it seems as if their lack of understanding and comprehension of cloud technologies coupled with their reluctance to learn new technologies and change is the root cause of such actions.
I rate this as a sound decision, now that I have actually read the story and have the full perspective. I have reservations, as all security practitioners do about new products and technologies. To the credit of the SentinelOne EDR and EPP software, they are both robust, with more than adequate capabilities. They can detect threats and neutralize them, similarly to host and software based intrusion prevention systems. Furthermore, the software can remediate some vulnerabilities, restore the system to the state before the malware, and perform forensic analysis. EPP has received the AV Test seal of approval, which is a rigorous test for antivirus software. The headlines similar to “Netflix Ceases Antivirus Use” haven proven to be a little extreme.
NOTE: Despite the discussion about EPP and EDR, this blog is not affiliated with SentinelOne or any of their products. No financial gain was made from this blog.
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.