With antivirus software revenue falling, security giant Symantec has finally conceded a point that has seemed obvious to the rest of the industry for some time. Antivirus software “is dead”, senior vice president for information security Brian Dye has told the Wall Street Journal.
There is likely to be some backlash, not least because Dye followed up his rather bleak assessment with the revealing sentence that the firm no longer “think[s] of antivirus as a money-maker in any way."
Other firms have been saying similar things about antivirus for a while, usually because they don’t have products that depend on this technology but for a Symantec vice senior VP to utter the same view will be seen as an important moment. But is antivirus dead or is it simply a case that Symantec can’t make enough money from it as security budgets are spread more thinly across newer products?
Dye made his remarks as the company confirmed its move into alternative forms of protection with the announcement of new products and services that mimic the success of younger, smaller upstarts.
Chief among these will be the firm’s new advanced threat protection (ATP) system, still in beta testing but due for release within 12 months. This will include Symantec’s Dynamic Malware Analysis Service cloud-based sandboxing system, hooked into the mail scanning and endpoint security, to provide an integrated anti-APT protection layer of the sort made fashionable by rivals such as FireEye.
Backing this up from next month will be Symantec Managed Security Services Advanced Threat Protection (MSS-ATP), as its name suggests a suite of managed security services that aims to protect endpoints from complex threats such as zero-day attacks and targeted malware.
In addition, Symantec plans to launch threat visibility and incident response services through a research portal designed to keep customers abreast of the threats facing them at any moment in time.
“To successfully defend against the types of targeted attacks we’re seeing today, you need to expand the focus from prevention to detection and response,” said Dye.
“Network security alone isn’t going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint. Organizations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. Symantec is bringing that powerful arsenal to market.”
This should be good news for Symantec’s investors and consistent with another admission made by Dye that antivirus now catches only 45 percent of malware. But by taking on its more dynamic rivals – including a rejuvenated McAfee - Symantec is also conceding that it is no longer a security leader so much as an eager follower.
Not everyone is convinced that the announcement is anything other than clever window dressing.
“[It] rather depends on how you define anti-virus doesn't it?,” countered Graham Cluley, a UK security expert who spent two decades working for antivirus stalwarts Dr Solomon’s and Sophos but now works as an independent commentator.
“If they're talking about the approach anti-virus companies took 20 years ago, then of course that can't cope with the modern threat. But the term ‘anti-virus’ is just a convenient shorthand for a multitude of technologies that security firms recommend corporations use today to protect against and detect malware and hacker attacks.”
According to Cluley, Dye’s comments are really a statement of the obvious.
“Looking at the article, it acknowledges that the Symantec Norton security suite is much more than traditional anti-virus, but then so is everybody else's these days. I really don't think Dye has said anything earth-shattering here - everyone acknowledges that anti-virus software is an essential part of the armoury, but not 100% of the solution.”
It was true that antivirus couldn’t spot targeted malware but most malware remained variants on common forms, he said.
None of this will come as news to a security industry that has long since moved on to seeing antivirus as just another layer among many. Last week’s Infosecurity Show in London was a perfect example of this, with a new generation of security firms such as FireEye taking centre stage with large stands as traditional antivirus firms were forced to work hard to grab the same attention they once enjoyed by right.
Some of thee firms booking floorspace were familiar - Trend Micro for instance - but many others were either new or independent European vendors once seen as small outsiders. The security industry is changing and now Symantec with it.