Why antivirus alone isn’t enough anymore

25 March 2026

Endpoint Security

Why antivirus alone isn’t enough anymore

Most businesses have antivirus installed and assume they are protected. It is an understandable assumption — antivirus has been the standard for decades. But the threat landscape has changed, and traditional antivirus is no longer sufficient to protect your business from the attacks that are actually happening right now.

How traditional antivirus works — and where it falls short

Traditional antivirus software works by comparing files on your computer against a list of known threats. If a file matches something on that list, it gets blocked. If it does not match — it gets through.

Modern attackers know exactly how this works. They deliberately design their attacks to look unfamiliar, using tools already built into Windows, disguising malicious code inside legitimate software, or exploiting trusted processes like Microsoft Office or PowerShell. These techniques are known as living-off-the-land attacks — and they leave no signature for antivirus to detect.

“Attackers no longer need to bring their own tools. They use the ones already on your machine — PowerShell, WMI, Remote Desktop, Task Scheduler. Antivirus has no way to distinguish legitimate use from malicious use of the same tool.”

— Huntress Threat Operations

Current threats targeting New Zealand businesses

The most common attacks targeting small and medium businesses in New Zealand right now all have one thing in common — traditional antivirus does not stop them.

High risk Ransomware — attackers spend days or weeks inside a network before encrypting anything. Antivirus sees none of this reconnaissance. By the time files are encrypted, the damage is done.
High risk Credential theft — stolen usernames and passwords allow attackers to log in as legitimate users. With Microsoft 365 so widely used, a compromised account can give full access to email, files, and internal systems with no malware involved.
High risk Business email compromise — attackers gain access to a mailbox and monitor it silently, waiting for the right moment to redirect a payment or impersonate an executive. Antivirus has no visibility into this.
Risk Supply chain attacks — attackers compromise a trusted software vendor or service provider and use that relationship to reach their customers. Small businesses are increasingly targeted as a path into larger organisations.
94%
of malware uses evasion techniques that bypass traditional antivirus
21 days
average time an attacker spends undetected before discovery
68%
of breaches involve a human element — phishing, credentials, or social engineering

What Huntress EDR does differently

Endpoint Detection and Response (EDR) takes a fundamentally different approach to security. Instead of looking for known threats, it watches for suspicious behaviour — it does not need to recognise an attack to flag it.

We use Huntress EDR across all of our managed clients. Huntress was built specifically for small and medium-sized businesses, and it is particularly effective at catching the kinds of attacks that traditional antivirus misses.

Here is what Huntress EDR monitors:

  • Process behaviour — if a Word document tries to spawn a PowerShell script, or a legitimate tool starts behaving in an unusual way, Huntress flags it immediately
  • Persistent footholds — Huntress specifically hunts for the mechanisms attackers use to maintain access between reboots, including scheduled tasks, registry modifications, and startup entries
  • Identity threats via ITDR — Huntress monitors Microsoft 365 and Entra ID for signs of account compromise, including unusual login locations, impossible travel, privilege escalation, and suspicious application consents
  • Pre-ransomware activity — the reconnaissance, lateral movement, and data staging that precedes an encryption event are all detectable behaviours that Huntress can identify before the damage occurs

Antivirus vs Huntress EDR: a direct comparison

Capability Traditional antivirus Huntress EDR + SOC
Known malware ✓ Signature matching ✓ Behavioural + signature
Unknown / zero-day threats ✗ Not detected ✓ Behavioural detection
Living-off-the-land attacks ✗ Not detected ✓ Process behaviour monitoring
Ransomware early warning ✗ Detects only at execution ✓ Detects pre-execution activity
Credential and identity threats ✗ No visibility ✓ Huntress ITDR for M365 and Entra
24/7 human monitoring ✗ Automated only ✓ Huntress SOC analysts
Incident response support ✗ Not included ✓ SOC-guided remediation

The missing piece: human expertise

EDR generates a significant amount of data and alerts. Without someone to review and act on that information, alerts pile up and genuine threats can go unnoticed for days or weeks. This is a common problem even for organisations that have invested in good security tooling.

That is where the Huntress Security Operations Centre (SOC) comes in. The Huntress SOC is a team of security analysts who monitor alerts around the clock, investigate suspicious activity, and respond when something needs urgent attention.

An important distinction: every alert generated by Huntress EDR is reviewed by a human analyst — not just an automated system. If a genuine threat is confirmed, we are notified immediately so we can take action on your behalf. For most small businesses, running an in-house security operations centre is simply not feasible. Huntress makes that capability accessible.

What Huntress EDR and SOC covers

When we deploy Huntress for a client, here is what is included:

Endpoint detection and response
Continuous behavioural monitoring on every managed device — desktops, laptops, and servers
Persistent foothold detection
Active hunting for the mechanisms attackers use to maintain long-term access to a compromised system
Identity threat detection (ITDR)
Microsoft 365 and Entra ID monitoring for compromised accounts, suspicious sign-ins, and privilege abuse
24/7 SOC monitoring and response
Human analysts reviewing every alert, around the clock, with direct escalation to your IT provider when action is needed

The bottom line

If your business is still relying on antivirus alone, you have a gap in your defences that modern attackers actively exploit. The most common threats facing New Zealand businesses — ransomware, stolen credentials, and email compromise — all bypass traditional antivirus with ease.

Huntress EDR with SOC coverage gives your business enterprise-grade threat detection and a team of security analysts watching your environment around the clock — without the enterprise price tag. If you are not sure what security your business currently has in place, it is worth finding out before you need to.

Sources: Huntress Threat Operations Blog · Huntress Security Resources · Verizon Data Breach Investigations Report 2024

Back to Articles