A New York Times article highlighted the fact that anti-virus is falling farther behind when it comes to detecting and eradicating APTs and other advanced threats. No surprises there. But that said, anti-virus will continue to be a crucial component of an overarching security strategy, and thus, is likely here to stay for the foreseeable future.
Perhaps more than any other security solution, anti-virus has been considered one of the true security basics that organizations can't do without. However, in recent years, anti-virus' role as a security cornerstone has been challenged by an eruption of increasingly advanced threats renowned for their ability to deftly evade detection mechanisms.
But will a rapidly evolving threat landscape be enough to boot anti-virus solutions into extinction? Probably not. And while its function in an organization's security posture may be changing, it's likely that the channel will continue to offer some kind of anti-virus tucked into their security portfolios for the foreseeable future.
Over the extended holiday weekend, The New York Times featured an article revealing that anti-virus products are falling farther and farther behind in adequately detecting and blocking myriads of new, sophisticated threats. True enough.
The article was based around a study conducted by Redwood, City, Calif.-based security firm Imperva, Inc., which found that initial detection rates in basic anti-virus products manufactured by industry leaders such as Symantec Corp., McAfee, Inc., Microsoft Corp. and Kaspersky Lab ZAO hovered somewhere near 5 percent.
On top of that, it took anti-virus vendors almost a month to update detection mechanisms in their products in order to spot new threats, the Imperva study revealed.
And nowhere was that more apparent than with new and increasingly evasive advanced persistent threats that have recently emerged on the security horizon.
In particular, the Flame virus, a cyberespionage tool discovered by Kaspersky Lab researchers in May, became a tangible symbol that underscored the anti-virus industry’s failure to stay on top of the latest threats and keep users safe.
Upon closer inspection, researchers discovered that the APT known as Flame had been skulking around the threat landscape for around five years, siphoning off sensitive data from critical systems with features that included the ability to stealthily record audio and capture screenshots. And all the while it had also been evading detection by the vast majority of anti-virus products.
Meanwhile, consumers and businesses spent a combined $7.4 billion on antivirus software last year, representing nearly a half of the $17.7 billion of the total spend on security software in 2011, according to Gartner Inc.
Inevitably, the fallout from the anti-virus industry’s shortcomings in general – and the New York Times article in particular -- will rest on the shoulders of the channel. And among other things, solution providers will be called upon to talk their customers down off the ledge when it comes to their current and future anti-virus investments.
However, the net-net is that the forecast for anti-virus is not as bleak as it may seem. Here’s why: Anti-virus was never intended to be a cure-all or security threat panacea. In fact, since its inception, it was meant to be a critical piece of a more comprehensive security strategy. Will it ever be able to single-handedly catch high-profile threats such as Flame, Stuxnet and others? No, but it was never supposed to.
Like your basic food groups, anti-virus alone can't be the only source of nourishment for an organization's security strategy. That said, anti-virus serves as a critical foundation. Without it, organizations will have gaping holes in the fabric of their security posture that could leave them even more susceptible to looming malicious attacks. In short, they’d be in deep trouble.
Decades ago, when computer viruses were in their infancy and infinitely simpler, anti-virus was intended to be applied in tandem with network firewalls and intrusion prevention solutions.
As threats have become increasingly more sophisticatde and complex, industry experts have extolled the virtues of a layered approach to their security strategy. And those layers have become deeper and more numerous over time.
In 2003, SANS Institute researchers reinforced that at the bare minimum, organizations required e-mail security, gateway and network firewall, and Web filters, as well as numerous endpoint and desktop solutions. That also included relying upon multiple antivirus products to cover all of your bases.
Flash forward to 2011, and that layered approach includes robust patch management, application whitelisting, intrusion detection and data protection technologies such as encryption and even data loss prevention (DLP).
And looking ahead to 2013 and beyond, that layered concept will likely incorporate various forms of security intelligence, threat analytics, and advanced detection solutions.
Anti-virus, however, is always a crucial ingredient baked into a larger security pie.
Meanwhile, anti-virus products are being updated to proactively detect threats, now incorporating a variety of behavioral and reputation based technologies, while leveraging the cloud and other new platforms as a delivery mechanism.
For solution providers, anti-virus by itself has long since become commoditized -- its time as as profitable standalone come and gone. However, almost every solution provider will continue to carry some form of anti-virus in their portfolio, used in tandem with their own unique blend of security solutions and services.
Ultimately the resulting combination will be the determining factor in their ability to nab APTs and other emerging threats. But anti-virus will continue to be the common denominator for quite some time to come.