Stop all the clocks, cut off the telephone, prevent the dog from barking with a juicy bone – this week once again the slow death of anti-virus was claimed again.
After Imperva declared it to be dead in 2012 in its own research, a new report emerged this week in the esteemed Wall Street Journal claiming that anti-virus was dead once again.
In an interview, Brian Dye, Symantec’s senior vice president for information security suggested that it does not “think of anti-virus as a money maker in any way” as it attempts a reinvention towards more targeted attack protection. This is in the wake of targeted attack protection vendor FireEye investing more money this week in forensic analysis with the acquisition of nPulse, the article suggested that this was an area Symantec wanted to make a move to.
Dye told the Journal: “It’s one thing to sit there and get frustrated. It’s another thing to act on it, go get your act together and go play the game you should have been playing in the first place.” The article claimed that anti-virus and other products that run on individual devices accounts for more than 40 per cent of the company’s revenue, and it owns the consumer Norton brand.
Symantec has diversified its portfolio of products in recent years, as has its main competitors Trend Micro, McAfee and Kaspersky. CEO of the latter Eugene Kaspersky said: “I’ve heard anti-virus being declared dead and buried quite a few times over the years, but they’re still here with us – alive and kicking.
“I fully agree that single-layer signature-based virus scanning is nowhere near a sufficient degree of protection – not for individuals, not for organisations large or small; however, that’s been the case for many years. Today, security is about a combination of various technologies – heuristics, sandboxing, cloud protection and many others – which form essential elements of any superior-quality IT security solution, in addition to good old time-tested signature-based virus detection.”
This was echoed in a recent conversation I had with James Lyne, global head of security research at Sophos, who said that anti-virus is not the single solution for security, but it was an essential part of any security framework.
TK Keanini, CTO of Lancope, said: “Asserting that anti-virus is dead is attention getting and a great opportunity for the real discussion which is that advanced threat requires a more advanced defence. Instead of looking at security as a battle that is won or lost, we now need to accept that it is a war of many battles, some won, some lost – but over time, it is just a part of doing business in our connected world.”
Luis Corrons is head of PandaLabs. He said that as a company it has continued investing and evolving in the field, but that ”anti-virus has to evolve”.
He said: “It has been evolving and it will be evolving forever. To evolve you need to invest in it, and no company invests in something they consider dead. To be involved in the creation and development of new technologies and revolutionary approaches to combat malware and fighting cyber criminals is one of those secret ingredients.”
Corrons made legitimate claims about the validity of Norton anti-virus, and as a
consumer, Sati Bains, COO of Sestus, said that as a consumer “I know that I need an anti-virus solution”.
He said: “To be fair, these days I am more likely to buy an internet security solution as nearly all of the anti-virus suppliers have evolved their products to do more than just find a virus threat. For a lot of people, this type of software represents their primary security software. Your average consumer isn’t in a position to react to the advanced persistent threats that organisations like Bromium and now Symantec are focused on. They just want to know that they are safe in what they do on the internet; and as a consumer, I don’t really want to know that my anti-virus supplier has given up on the desktop.”
Rahul Kashyup is head of security research at Bromium, and he said that he agreed that anti-virus has been dead for quite a while, but it is still required for regulatory compliance. He recommended a combination of Microsoft’s free endpoint protection tools and hardware isolation – such as Bromium micro-virtualisation.
Tom Cross, director of security research at Lancope, said: “A recent study by Microsoft showed that consumer PCs are five times more likely to be infected with malware if they don’t have anti-virus installed on them, so anti-virus certainly has a role to play.
“However, attackers can consistently remain one step ahead of preventative systems like anti-virus software. There is a lot of money to be made in attacking computer networks, so attackers are highly motivated to find way to subvert any security solution that we put in place.”
As I said at the start, this isn’t the first time that the anti-virus coffin has been lowered into the ground, and perhaps the most recent claim on this was by Imperva’s then director of security Rob Rachwald, who has since left the company to work for FireEye.
In its response to widespread criticism of conducting “flawed” research, Imperva defended itself thoroughly. This week, Imperva CTO Amichai Shulman, said that its research was refuted by Symantec and others and now, a year later they are admitting that organisations should be looking for a different type of solution.
“This is exactly the problem of 95 per cent of budget going to the wrong [security] solutions. Some are suggesting malware detection solutions that do not rely on end points and signatures (e.g. FireEye). We believe that solutions should be put closer to the data sources that they protect. The reality is that these two should be combined (much like we actually do with FireEye).”
Nothing is really dead, that is why an industry exists for technologies; in his recent talk at BSides London, Arron Finnon refuted claims that the intrusion detection and prevention sector was dead, and these fresh claims about anti-virus will be as welcome.
It is a strange move but perhaps one that shows Symantec’s intention to move into a new direction, one that its existing competitors obviously think is still viable.
