Legacy antivirus solutions are built upon several outmoded technologies ranging from byte-matching to post execution behavioral analysis. Threat actors have adapted to these well-known cybersecurity measures and responded with increasingly sophisticated attacks. For example, using byte-matching to identify malware has been foiled by attackers implementing polymorphic, single-use, and fileless attacks. Post-execution behavioral analysis is too risky of an approach when modern ransomware may encrypt vital data before malicious activity is detected.
Many traditional AV companies respond to evolving cyber threats by implementing additional layers of protection. This approach is a double-edged sword as new security controls demand additional system resources. While the impact of a single security layer may be negligible, the accumulation of multiple layers creates considerable overhead that negatively effects productivity.