COMMENT Revolution has been a big theme of 2011. Not just in the political sphere, but in the tech world as well.
Indeed, the two became intertwined during the Arab spring, when social media was used as a key communications tool for the revolutionaries.
An insurrection of sorts looks set to take place in the security industry too. The two overlords of the market - Symantec and McAfee - are under attack.
Anti-virus is a hoax. The engines are not working.
The minnows of the industry are starting to get aggressive, especially in their comments about the old guard.
Over the past few months, a refrain has repeatedly crept up in conversations with these young up-starts: the old systems don't protect against new threats.
The mighty minnows
According to Nir Zuk, founder of Palo Alto Networks, traditional vendors are still selling the same engine used to detect threats that was created nearly two decades ago.
"Anti-virus is a hoax. The engines are not working," Zuk told IT Pro.
He believes traditional AV vendors are even wasting money on ensuring their products are the default choice on PCs sold directly to consumers. What's more, they don't even seem to be gaining any financial benefit from it, he claimed.
"That's something you will not see in their results," Zuk added. "The consensus is that they will never see their money back."
Another consensus amongst these security companies is that the old database, or signature-based system does not work as highlighted by M86 Security recently.
They make a valid point you can't detect zero-day threats by referring back to a database of known malware. It's just not possible. For real protection, you need systems that can identify dodgy traffic or dangerous code in real-time, or close to real-time at least.
As attacks become more targeted and are able to bypass standard AV, it becomes clear the old systems do little to prevent serious breaches.
Of course, there are some histrionics on the behalf of these feisty new security companies. They need to make a name for themselves and lambasting the security giants of today's world won't do them much harm. Having said that, Zuk's firm is partnered with Symantec so take his comments with a punch of salt. On top of that, Palo Alto uses a database itself behind its appliances is a Webroot database. Make of that what you will.
Regardless, their comments about the flaws within the old systems are hard to deny.
The Symantec way
So what does Symantec have to say about others openly trashing the way it detects threats? Greg Day, who recently moved from McAfee to Symantec (saying his new role as EMEA CTO was "a breath of fresh air"), was convinced the claims against the number one security player were rubbish.
"The first thing is, Symantec is not purely signature dependent. We have in there signatures that we put to the client and we also make use of the cloud to gather real-time intelligence and apply smart controls in much the same kind of mentality that M86 do," Day said.
He pointed to Insight, which uses a wealth of information to determine whether a file is safe or not, such as looking at its provenance or whether it has a digital signature. That's still not a real-time model is it? Does it not still require old information to detect a potential threat?
"I agree it's not quite real-time because it's comparing with others in the cloud but I would say that it's probably real-time plus a few seconds," was Day's response.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
IT contractor guilty of interfering with US Army databaseNews The disgruntled ex-employee now faces a decade in prison and expensive fines
-
WatchGuard Firebox T30-W reviewReviews Affordable and packed to the gills with gateway security measures – a top choice for SMBs
-
WatchGuard Firebox T70 reviewReviews With top performance and features, the Firebox T70 is an enterprise-class security appliance at an SMB price
-
Check Point wants to protect SMBs from cyber attacksNews New appliances will offer 'enterprise grade' security for smaller businesses
-
TechUK helps cyber security firms mitigate export risksNews Trade body guidance aims to stop cyber security products falling into wrong hands
-
BlackBerry 10 cleared for use by US government agenciesNews BlackBerry maker's forthcoming device gets security thumbs up from US government.
-
Kensington BungeeAir Power Wireless Security Tether for iPhone reviewReviews A wireless case and keyfob combination that sounds an alert if an iPhone 4 strays out of reach. But is it just another gimmick or a viable business accessory? Jennifer Scott aims to find out in this review.
-
WatchGuard XCS-770 reviewReviews WatchGuard makes a big play for the web and message content security market with its new XCS appliance family. In this review we see how the mid-range XCS-770 stands up.
