When the senior vice president of information security of Symantec announced that antivirus was dead last week, it raised a few eyebrows. Antivirus is, at least nominally, a big chunk of their business. However, back in 2008, the CEO of Trend Micro was quoted as saying the antivirus industry “sucks”, so we shouldn’t be all that shocked.
For a long while, antivirus has been the target of naysayers calling it “worthless.” There is some basis for that - creating signatures for detecting a set of malware or virus executables is ineffective, as new technology has emerged to make it trivial to evolve malware to avoid this detection technique. Symantec and other companies have been struggling to keep antivirus revenue sources viable by adding features like password management, spam blocks and ways to identify suspicious links.
So, it’s really no surprise that Symantec is willing to say antivirus is dead, and for Trend Micro to say the antivirus industry sucks. But malware is very much alive, and we as an industry have a problem.
Malware isn’t getting any easier, either. According to the Check Point Software 2014 Security Report, 84 percent of the 996 organizations they surveyed had systems infected with malware and 73% had at least one bot on their network.
Symantec also announced its Advanced Threat Protection (ATP) last week. It’s pretty interesting - integrating next generation firewall information from Check Point Software, Cisco and Palo Alto Networks, with endpoint protection software. When a zero-day exploit is identified by one of the firewalls, a defense could be pushed down to the Symantec endpoints. An incident response service is also in the works, where Symantec will leverage information from endpoints to respond to events.
It’s good to see that other security companies are recognizing the need for security point solutions to work together to identify real threats. But I want to continue to challenge us to be more open and inclusive, which our Open Threat Exchange (OTX) is. OTX allows for anonymous sharing of threat intelligence, or “crowd-sourced threat intelligence.” Several security vendors have joined OTX to both contribute and use the information it provides. The growing list of partners includes Spiceworks, Risk I/O, Cegeka, GoGrid, Netflow Logic, ThreatStop and Ziften. Security partners who share data in the OTX are entitled to access to the collective shared data. AlienVault does not charge customers or partners for OTX.
We invite Symantec, Cisco, Check Point, Palo Alto Networks and any other security vendors that want to help all businesses unite against the hackers to join the Open Threat Exchange. Join us if you believe like we do that while we may compete in the market, it’s time that we joined forces as collaborators in the community. The common enemies we face are more profound than the differences we have.