Several people have been claiming for a long time that anti-virus needs a major re-imagining, and after Mandiant released its annual M-Trends report on data breaches yesterday, that chorus of voices is only getting louder. Kowsik Guruswamy, CTO for Menlo Security, is responsible for one of those voices:
“I’d say a new approach to cyber security is well overdue, but perhaps from a different perspective”, said Kowsik. “As the man from Symantec said, ‘antivirus is dead’. That’s pretty significant given that nearly all security technologies today are essentially antivirus by another name – they all ultimately try to tell the good from the bad”
He claims the current approach is failing badly, asserting that even ‘cutting-edge’ security products incredibly take an average of 205 days to uncover breaches. “The take away is we’ve got to get smarter about eliminating Malware all together”, he adds. “Not just invest more time and resources in post-breach detection technologies.”
In addition to the 205-day average, 69 percent of breaches were reported to the target organizations from an external source rather than by their own products and surveillance. It means that faced with what Kowsik terms ‘data breach fatigue’, the public are increasingly demanding answers as to who are behind the hacks and who had been effected. “Symantec’s Senior Vice President for Information Security came out last year in an WSJ interview saying anti-virus is dead… and the Mandiant report confirms just that”, said Kowsik. “If security software completely fails to detect a piece of attack software whose source code is out in the open, what are the odds of it having any hope against zero days or closed source malware?”
“We instinctively know that malware is malware and all forms are bad for an organization, but it turns out the lines are getting blurrier between nation-state attacks and financially motivated cybercrime” he says. “First it was Regin, then it was QWERTY, and then turns out it they were the same. It’s one of the reasons why the ‘whodunnits’ are get harder to pin point”.
Whatever the future may hold for anti-virus, changes are needed. It’s people like Kowsik and reports like Mandiant’s that are going to be the drivers behind those changes, as companies and governments wake up to the realisation that their clients and customers will no longer stand by passively as their data is stolen, often from organisations who’ve criticised for amassing the vast amounts of information in their first place.
What do you think? Is Kowsik right or do you have a different interpretation of the report? We’d love to hear from you.
By Daniel Price