Netflix Ceases Antivirus Use

 

Netflix Ceases Antivirus Use: Our Analysis

Background

Around 26 August 2015, Forbes reported that Netflix was moving away from using antivirus on their internal workstations. This quickly trended across multiple social media outlets and obviously ruffled the feathers of many security practitioners. Below, I discuss why senior management may have made the decision and the possible outcomes of this decision in addition to (depending on how you see it) spoiling the headline.

Scope

“Netflix Ceases Antivirus Use” was an announcement essentially denouncing antivirus software (per se) citing the software’s lack of signature (in non-technical terms: the file that tells the software what it’s looking for) update responsiveness and the fact that at any given time, only 51% of antivirus solutions pick up malware (Forbes, 2105). Truth be told, they implemented SentinelOne EPP, a “Next Generation Endpoint Security Solution.”

Possible Outcomes

Netflix is considered an innovator in the tech industry. When the headline of “Netflix Ceases Antivirus Use” is noticed, many companies will follow suit. The issue is that some companies will not read the story and will ditch the software without a viable replacement. Hopefully, they will be the extreme minority.

Furthermore, this will also force the antivirus software providers to adapt to this or go under/specialize elsewhere. As the tech industry witnessed after it became evident that Netflix used Amazon’s cloud, other companies followed suit. This will be no different. SentinelOne will see a huge surge in business. If this was a blog about the stock market, I would be asking if SentinelOne is public and/or how can I invest?

I see reluctance from other PCI, HIPAA, and FISMA regulated organizations in the near future. The rationale is that these regulations are not updated often; sometimes annually, others are updated every 5 years or longer. While organizations under these compliance schema may want to implement something like SentinelOne EPP, their PCI QSA (for example) may not see this as an adequate implementation of malware protection, thus voiding defense in-depth, and not approve their compliance documents.

While that is a rather extreme scenario, it is not unbelievable, as personnel in auditing positions can sometimes be behind the curve of technology and reluctant to accept new technologies as “secure.” I recall my time as a Federal IT Auditor, some of my colleagues weren’t exactly “thrilled” with cloud architecture and in turn, didn’t want to grant it a favorable risk acceptance decision, despite the requirements being met. In hindsight, it seems as if their lack of understanding and comprehension of cloud technologies coupled with their reluctance to learn new technologies and change is the root cause of such actions.

Our Verdict

I rate this as a sound decision, now that I have actually read the story and have the full perspective. I have reservations, as all security practitioners do about new products and technologies. To the credit of the SentinelOne EDR and EPP software, they are both robust, with more than adequate capabilities. They can detect threats and neutralize them, similarly to host and software based intrusion prevention systems. Furthermore, the software can remediate some vulnerabilities, restore the system to the state before the malware, and perform forensic analysis. EPP has received the AV Test seal of approval, which is a rigorous test for antivirus software. The headlines similar to “Netflix Ceases Antivirus Use” haven proven to be a little extreme.

NOTE: Despite the discussion about EPP and EDR, this blog is not affiliated with SentinelOne or any of their products. No financial gain was made from this blog.

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

 References

Forbes
SentinelOne EPP: The complete package that Netflix opted to use
SentinelOne EDR: The package that works with your existing Antivirus solution to provide enhanced capabilities.

Enter your email address:

Delivered by FeedBurner





Contact Us


Subscribe to our mailing list

* indicates required







About Joe Gray

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security. Joe is in pursuit of his PhD in Information Technology (with focus in Information Assurance and Security). His undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed a Graduate Certificate in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College. Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.