High Number of Hosts Not Updating Malware Signatures
Alerts when a high number of hosts not updating malware signatures have been discovered. These hosts should be evaluated to determine why they are not updating their malware signatures.
Similar to Detection of Uncleaned Malware on Endpoint, malware may persist if somehow, an endpoint protection solution is not updating its malware signatures. If there are a high number of hosts not updating, then this could indicate a sign of more widespread infection or other compromised state that is resulting in malware signatures not updating.
Uncleaned malware puts digital systems at risk. For any environments/systems that are involved in processing personal data, this situation can be critical, and especially so in a GDPR context. Article 32 of the GDPR requires that organizations regularly test, assess and evaluate effectiveness of implemented technical and organizational security controls. In the event that a Supervisory Authority executes powers to place an organization within the scope of a privacy audit, the organization must demonstrate compliance (Article 58). If the organization faces a personal data breach and individuals are impacted, those individuals have the right to demand compensation for material and non-material damage caused by the breach. The organization must prove that they have understood and addressed the risk appropriately and deployed proper countermeasures (Article 82).
Removing malware infections that antivirus and other legacy endpoint protection software cannot remove (whether due to file permissions or other configurations that prevents easy quarantine or cleaning) can be considered in many cases appropriate, and helps to demonstrate compliance.