Is Microsoft Windows Security Essentials Enough for Enterprise Security?

by [Published on 5 Nov. 2014 / Last Updated on 5 Nov. 2014]

Is Windows Security Essentials enough to achieve satisfactory enterprise security or should enterprises be considering additional security strategies? Let's take a look...

Microsoft Windows Security Essentials (MSE) was first launched in 2009 as a security baseline strategy, bundled with the Windows OS. We are increasingly finding that more enterprises are considering utilising Windows Security Essentials as the sole security defence for their systems.

The approach that we’ve found to be most effective is that a good security posture is achievable through security diversity rather than one sole strategy, best is to adopt defence in-depth.

Introduction

Enterprises are progressively seeking to utilise Windows Security Essentials as their only security strategy. This has not been driven by security awareness or the need to improve the security of that organisation but mostly driven by cost and misinformation. Lack of understanding of the prevailing threat vectors and the total security landscape is a dangerous game, and many organisations have fallen into this trap only to return from battle wounded after an infection or inevitable intrusion.

Many businesses are finding themselves in the position where they eagerly need to find areas within business where cost savings can be made. With Windows Security Essentials thrown in with the OS, this seems to be an ideal area to achieve this…. no need to look any further for a solution and it’s bundled and free. Vendors and resellers alike also have little knowledge of the threats or use this method to ensnare unsuspecting customers and later the customers are left with the exposure long after the sale of the professional services.

Microsoft Security Essentials, the free ‘complete’ anti-malware tool released in 2009, aimed to replace Windows Live OneCare and Windows defender. MSE also comes built into Windows 8, also named Windows Defender, not to be confused with the previous version of Windows Defender that MSE replaced. Initially the MSE seemed to hold its own, faring well even against paid competitor products, however this did not last long and has not been the case for a very long time. It was comparable to some of the free solutions, but against commercial solutions it has always lacked features and enterprise grade functionality.

MSE may have a place in consumer security, for the home user that wouldn’t give much thought to security, under these circumstances any form of security is better than none but it is not recommended as a sole security tool for enterprise. For the security conscious and those wanting to protect more than what Microsoft tells them about, it’s best to stick to a more comprehensive and well-rounded defence solution.

Security is possibly the most important area of the enterprise and enterprises should always allow for the best security that can be afforded. MSE is a free ‘OK’ strategy (not a solution) but nowhere near offering the security enterprises require. Proven through having failed to achieve AV certification on a number of occasions.

Microsoft themselves have noted that MSE offers only ‘baseline performance’ and have indirectly acknowledged that it does not offer the security equivalent to that a commercial solution might. MSE is limited and far from robust. Even free third party alternatives perform better.

MSE, like solutions and security

The field of security is constantly changing, Microsoft is not focused on adapting and improving MSE and MSE has not been able to keep up with other AV products that have adapted over time and developed into far superior products. MSE does not provide the features required in an AV solution. MSE struggles to even compete for the first layer in your security solution.

Generally AV has a poor reputation in the security market, malware detection is haphazard with poor accuracy. AV companies struggle to stay on top of the ever-changing threats, and those are the companies that try to keep abreast. Although the protection from AV is questionable some products do fare better than others, the overall ineffectiveness of AV should highlight the need to ensure your enterprise is always using the cream of the crop of AV at any one time.

In enterprise security has gone beyond the point where a meek antivirus will suffice, under these considerations MSE is out-dated. Avenues of attack have progressed and some are capable of thwarting AV completely. Attack vectors like phishing use URLs and websites to trick users; MSE is incapable of protecting against this type of incident however there are solutions that offer this type of feature.

AV protection is still essential as a layer in enterprise security despite what many are now saying, it’s naive to think that it can be the only form of security for enterprise. Additional security strategies are essential to provide the best security posture. The security needs to be proactive rather than only reactive as with some AV offerings.

When compared with other like (also free) solutions MSE even falls short and it fails to offer all the management, deployment and security features an enterprise would need. Nearly 40% of undesirables go undetected compared with other solutions that have a superior detection capability in comparison.

Every AV requires the following capabilities:

  • Detection capability
  • Capability to defend against threats
  • Capability to quarantine threats
  • Should be proactive
  • Offer threat intelligence
  • Should be easily managed

What should an enterprise be looking for in a security solution?

Enterprise need to ensure that the level of security that they are achieving is optimal, this is very important. For a good security posture security diversity rather than one strategy is the answer. A multiple layer method utilises a combination of security technologies and procedures across conventional IT environments and the cloud. AV is a small part of this multi-layer approach and this is why it is so strange to imagine enterprise considering the use of MSE solely.

For an effective security posture enterprise should aim to acquire the following for comprehensive security.

  • The base-layer made up of the basics (antivirus, antispyware, firewalls, SIEM, gateways)
  • Install more than one type of anti-spyware program on your system, as all programs have their imperfections something the one may miss the other may detect. A combination of programmes will detect a broader range of malware
  • Consider installing a better firewall if you don’t trust the OS one
  • It's recommended to utilise an antivirus with HIPS detection (MSE does not have this as a specific feature)
  • Use IPS+IDS
  • Utilise advanced Threat Protection features in your gateway solution
  • Sandboxing tools for analysis of traffic is essential for achieving file analysis without compromising the network or its performance
  • Consider using a VM for software you are not sure about
  • Security monitoring and management software (event logging, patch management, regular scans)
  • Application whitelisting
  • Network forensic analysis tools for monitoring and recording network activity
  • Try to automate as much as possible this will assist in achieving faster detection and remediation

Security is only has effective as the weakest link in the strategy. For a complete successful solution all procedures and technologies should work seamlessly together. It’s important to keep your systems updated, not only the OS but also all applications running on the OS. Always keep and maintain a backup and finally don’t underestimate a comprehensive, robust multi-layered security solution.

Conclusion

MSE has failed to achieve what other AV solutions have; even most free solutions have proven to be far superior in performance and features offered compared with MSE.

An effective AV should stop majority of threats, withstand a wide variety of threats and threat vectors; have sufficient features and capabilities to perform optimally and to perform its function. MSE falls short.

Enterprises should not be entertaining the thought of skimping on Security, this can only conclude in disaster. Although the Microsoft offering is free, why invest the time in a product that the company themselves have admitted is no more than an entry level security strategy, when we all know that security is critical in enterprise.

Anyone taking security seriously will think further than MSE; surely they will want to think further than a strategy that is only ‘OK’.

The Threats faced by enterprises are very different however we are finding that enterprises have not kept up with the changes, most of the time enterprises are not even aware that they have been compromised. Enterprises that have kept abreast of the changes to the threat landscape have realised that AV is just not enough and have invested heavily in an alternate diverse security approach.

A third party AV solution with superior performance and features should be considered and this should form a small part of a wider security solution as noted earlier on, an improved security posture is achievable through diversity and not being reliant on one strategy or solution.

Security is always changing so AV offerings should be adapting all the time. If an AV solution does not keep up to date, the performance, features and ultimately security offered will not suffice. It is therefore essential to remain on top of your AV software, manage it and review annually to ensure that the AV you are using is still the best of the lot…if not don’t hesitate to adopt another. 

See Also


The Author — Ricky M. & Monique L. Magalhaes

Ricky M. & Monique L. Magalhaes avatar

Ricky M Magalhaes is an International Information Security architect, working with a myriad of high profile organizations. Monique is an international security researcher, she holds a BSc Degree (Cum Laude). Previously she has focussed on research and development at leading enterprises in the Southern hemisphere.