Symantec develops new business strategy, says AV is dead

Symantec says that AntiVirus is dead, citing it as one of the reasons they're shifting focus and mapping out a new plan of attack when it comes to dealing with threats

Symantec says that Anti-Virus is dead, citing it as one of the reasons they're shifting focus and mapping out a new plan of attack when it comes to dealing with threats.

On Sunday, in an interview with the Wall Street Journal, Symantec's VP of Information Security, Brian Dye, said that Anti-Virus was dead, adding that the company didn't view it as a moneymaker anyway. Dye's comments were part of a story on Symantec's new direction, which includes harm minimization as well as incident response.

According to the Journal, Symantec said that they expect to start selling threat intelligence and offering incident response to recently compromised firms within six months.

The Symantec Global Intelligence Network (GIN), as the offering will be called, will collect data from a wide range of sources, a majority of them customers, and enable Symantec to package reports and monitor various malicious activities on the Internet in near real-time.

Six months is rather quick for a detailed intelligence offering, but Symantec seems to have the basics down, as they're launching Symantec Managed Security Service - Advanced Threat Protection (MSS-ATP) in June. MSS-ATP will integrate Symantec endpoint offerings with those from Check Point, Cisco, Sourcefire, and Palo Alto.

But is Anti-Virus dead? It's no silver bullet, that's for sure, but death could be a bit of an exaggeration.

Dye told the Journal that Anti-Virus catches about 45 percent of attacks these days, which without context looks bad, but in reality 45 percent is a good figure, considering that Anti-Virus is rarely a standalone feature in an organization's security program.

However, Vince Steckler, the CEO of AVAST, an Anti-Virus firm focused mostly on consumers, noticed the undertone of Symantec's statement almost immediately. In an email, he told Salted Hash that Symantec's statement seems to relate to the Enterprise, and not the consumer / SMB market.

"Antivirus though is a broad-spectrum defense and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about. In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection. They have one, their AV product," he said.

In fact, the Anti-Virus of today is nothing like it was in the 90's.

"They instead incorporate firewalls, intrusion detection, heuristics, virtualization, sandboxes, and may other layers of protection and not just antivirus. Therefore, we believe AV is not dead in the consumer space. It is far from dead there," Steckler added.

In reality, the claims surrounding the death of Anti-Virus seem to be centered on Symantec's move to branch out into new business markets, competing with other intelligence and incident response services like FireEye.

The company hasn't had an easy time lately. Some would say they're hurting, as is evident by several rounds of cost cutting, which led to reported profits, even as revenue fell over the last two quarters.

Moreover, the company fired their CEO, Steve Bennett, in March – the second CEO to be given the boot in as many years.

Brian Kenyon, Chief Technical Strategist at McAfee, arguably Symantec's top competitor, said that Anti-Virus still plays a critical role in stopping known threats at the individual or organizational level. His thoughts mirror those of the other vendors, going so far as to say that announcing the death of Anti-Virus isn't helping.

"There are countless new advanced technologies for identifying malware popping up everyday, but no silver bullet exists among them. As a result you simply don't see organizations removing AV. Why? Because when all else fails, their AV is still stopping threats every second even when they have these advanced tools. Statements like 'AV is dead' do not get our industry anywhere," Kenyon said.

To be fair though, AntiVirus as a means of sole protection is dead, and it has been for years.

"Relying solely on antivirus is a dead end - and it has been for at least 8 years now. But that’s like saying that aspirin is dead because it’s not the cure for cancer," commented BitDefender's Catalin Cosoi, their Chief Security Strategiest.

"Aspirin still works for a hangover or a mild cold and people still keep it in their medicine chests. Other techniques were developed for other illnesses. The same way, other [smaller] companies have brought new innovative technologies that expanded their spectrum and started defending against several other threats. [Anti-Virus] is just one feature within a security suite."

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies