The once-thriving anti-virus software industry was built upon the premise that the best viral attack was the one that never got into your servers. Now that line of thinking is being retooled with the acceptance breaches are going to happen.
Does that mean anti-virus software developers have given up? No, it means the focus is on minimizing damage from the inevitable attacks.
Brian Dye, Symantec’s senior vice president for information security, has declared anti-virus “dead,” according to an article in the Wall Street Journal. “We don’t think of antivirus as a moneymaker in any way.” The article adds,”Dye is leading a reinvention effort at Symantec that reflects a broader shift in the $70 billion a year cybersecurity industry.”
The article continues, “Rather than fighting to keep the bad guys out, new technologies from an array of companies assume hackers get in so aim to spot them and minimize the damage.”
Different approaches are being considered to what is basically the philosophy of closing the barn door after the horse has escaped. The Wall Street Journal highlights Juniper Networks, which wants its customers to place fake data on its sites – the equivalent of placing costume jewelry next to the good stuff to confuse thieves.
Sajan Paul, director, systems engineering, India and SAARC Juniper Networks, explains in an article at InformationWeek.com that Juniper Networks favors the concept of bug bounty programs that “reward individuals who find vulnerabilities in a software product and report it to the respective vendor instead of going public with the information or selling it on the black market.”
He added, “Major undiscovered vulnerabilities fetch very high prices from government buyers and security companies. Vendors, for their part, are finding bug bounty programs 100 times more cost-effective than hiring full-timers for the same job.”
Also mentioned is FireEye, which hunts down evil code that has breached a system’s preliminary defenses. On its blog, FireEye says, “Under the banner of ‘cyber resilience,’ security leaders are beginning to acknowledge that cybersecurity must evolve. Striving to ward off attacks is no longer enough — organizations must also respond to incidents with a focus on managing their business impact.”
The company surveyed 25 security leaders across Europe, the Middle East and Asia about their experience and perceptions on cyber attacks. “Our survey found a split in where security teams focus their response. About 60 percent base their response plan around all IT systems, and 40 percent focus on critical systems and resources. This response, too, suggests that organizations see many breaches as a technical problem rather than a business problem,” the blog said.
But not all sides are ready to declare anti-virus software dead. Its need has transitioned to the mobile market, according to CloudTimes.org. It quotes a McAfee study that says, ” … in 2014 the majority of the innovation in the field of cyber threats will focus on mobile platforms. Thus, the range of ransomware – malware files on a computer hostage by encrypting them – would sharply increase for mobile devices this year.”
The article adds, “McAfee expects the first attacks on Near Field Communications (NFC). NFC is a communication technique that can be used for mobile payments without a PIN or other forms of authentication. The company expects to see more attacks using legitimate apps that have been modified to steal information without being detected.”
The McAfee study also says, according to CloudTimes.org, “… in 2014, new PC attacks will exploit application vulnerabilities in HTML5, which allows websites to come alive with interaction, personalization, and rich capabilities for programmers. On mobile platforms, it is expected that attackers will attempt to break out of the security sandbox of the browser and provide attackers as direct access to the unit and then running services. Also, cybercriminals will increasingly abuse of vulnerabilities that are below the level of the operating system, stored in the storage and even in the BIOS.”