This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. It's a practice that is surprisingly common.
Weeks ago, Malwarebytes Labs released the SMB Cybersecurity Trust & Confidence Report, which revealed that the majority of small- to medium-sized businesses that we surveyed were taking proactive measures to test whether their endpoint protection was catching all the right—or wrong—stuff. We found that of those who did evaluate their endpoint protection tools, a hefty 58 percent did so strictly by using VirusTotal.
Now, VirusTotal is a massive online resource that countless cybersecurity researchers likely rely on every day. But it shouldn't be the only tool that security teams rely on, because VirusTotal has some gaps. In fact, all the evaluation methods that respondents told us about in our survey are far from perfect, and they might lead to uninformed conclusions.
If endpoint detection tools are supposed to stop an attack before it happens, what good is evaluating it with an incomplete tool? It puts too much at risk. And that isn't even mentioning the potential privacy threats involved.
"If you get a file that says ‘This looks like there’s a virus in it,’ be careful with what you’re uploading," Donovan said. "If you take something that is a confidential memo that flagged your antivirus, you may want to figure out how to look at that somewhere differently rather than putting that up in VirusTotal”
Tune in to learn about the smartest ways to test and implement endpoint protection into your small- to medium-sized business, and how to finally break free from the VirusTotal silo, on the latest episode of Lock and Code, with host David Ruiz.