End point security spend of around $8 billion, is the single largest software component of the total IT security spend of around $60 billion. Organisations and individuals spend huge sums on antivirus solutions for their final line of defence. Companies that supply traditional antivirus products include Symantec, McAfee, Trend Micro, Kaspersky, AVG, Norman, Bitdefender, Webroot, ESET, Sophos, Panda, and others.
Traditional antivirus solutions are based primarily on signature scanning, a technology that is effective only against older, known threats. However the main threats today are from newly-released malware which evade signature scanning. To offset this increasingly ineffective methodology, most traditional antivirus companies have bolstered their solutions with heuristic technology. By analysing characteristics and behaviour of a file, heuristics tries to identify malicious activity. However, criminals test against the popular antivirus solutions before releasing their malware and simply make tweaks until their file avoids detection from heuristic analysis. The end result is that traditional antivirus solutions now identify very few of the newly-released malware – it is hopelessly inadequate against today’s biggest threats.
So why do CISOs and IT managers continue to spend the greatest single chunk of their resources on inadequate technology? The reason is because of fear – the fear of consequences of not doing so. CISOs and IT managers are scared that when (not if) they experience cyber attack, if the CEO discovers they have not invested in basic traditional antivirus, they will be seen as incompetent or irresponsible and may lose their job. So many organisations continue to invest in technology that fails time and again, simply because everyone else is doing so. Group-think perpetuates the status quo. By following what is assumed to be a low risk strategy, many organisations are actually putting themselves at high risk.
As the New York Times put it: “The antivirus industry has a dirty little secret: it’s products are often not very good at stopping viruses”. Shortly after this article appeared, the New York Times themselves experienced a cyber attack in which traditional antivirus only picked up one of 45 pieces of malware.
Sooner rather than later, things will change. As more and more evidence of the failure of traditional antivirus builds, it is like the pressure of rising water behind a dam wall. Eventually the pressure will become too much and leaks will appear, as more and more courageous organisations refuse to plough scarce resources into outdated technology. Very quickly a tipping point will be reached, and the trend will become a flood as the dam wall disintegrates.
Numerous small companies have developed smart alternative technologies that effectively protect end points against cyber attack. Their innovative products have been proven to be far more effective than traditional antivirus. Many of these technologies start with the premise that the computer system is infected with malware which cannot be identified, so the data itself needs to be secured. When the dam wall breaks, organisations and individuals will shift their end point security spend into these new technologies. The end point security landscape will rapidly start to look entirely different.
Up to now, innovative security start-ups have survived on scraps that fall from the table of the large traditional antivirus companies. Some of these new technologies will be snapped up through M&A by the traditional antivirus players, however it remains to be seen whether they can fully incorporate radical new technology into their core product. Other start-ups will thrive independently, and through strategic alliances become major players on a new security playing field. One point is clear however, a major restructuring is not only imperative, it is inevitable. These looming changes promise to cause the most dramatic restructure in the history of IT security.