Big changes are happening. When the dust settles, the information security industry will be a completely different shape. Last week, Brian Dye, VP of Information Security at Symantec, announced that anti-virus software is dead – it only stops 45% of malware. This is not news for most of us in the industry – many say that AV detection rates are closer to 5%.
After the Symantec “bombshell”, the rest of the AV industry spent the past week scurrying around trying to stop a total erosion of confidence in their products. The reaction of Kaspersky was typical of the industry – they said that although signature scanning is now pretty hopeless, AV products comprise several more layers which provide protection. The reality however, is that it does not matter how many layers AV has – it simply does not stop nearly enough malware. Symantec have pulled their fingers out the dyke – pressures to change are fast becoming a flood. AV is based on an outdated premise of attempting to prevent malware infections.
The recent AV debate is indicative of fundamental structural changes which are taking place throughout InfoSec. Any visitor to an InfoSec trade show over the past decade would clearly have seen the dominance of the AV companies. The shake-up happening now is a fundamental paradigm shift.
Elements now coming to the fore in information security include:
1. End device protection must include technology that protects data even when the device is infected with malware. Examples are more proactive anti-key logging and anti-phishing end point solutions.
2. Security derived from data analytics of big data. Our ability to analyse big data to make our systems more secure is evolving fast.
3. Increased use of cloud-based, real-time analysis of electronic transactions. This creates more sophisticated risk-based authentication. More and more security analysis will be performed in the cloud.
4. Realisation that mobile security is totally different to PC security. Threats on mobile stem primarily from the installation of “legitimate” apps approved and downloaded from the official app stores, many with improper permissions. Techniques successful on mobile, such as sandboxing and whitelisting, are being used more in non-mobile environments. Encryption is utilised more and more.
5. Solutions addressing the need for privacy alongside government’s national security needs. This includes inter alia, off-shore cloud hosting and homomorphic encryption.
The move away from the dominating dependence on AV, will drive a flurry of M&A activity over the next year or two. Traditionally, leading InfoSec firms enlarge their technology and drive growth through acquisitions – this will become even more prevalent. A dance of musical chairs is playing out, while leading firms jostle, acquire, and re-align. The moves made now will determine who will dominate a more lucrative information security industry over the next decade.
Clearly companies such as Symantec realise the urgency to morph and have been aggressively buying new technology for a while. Others who cling to outdated technology will wither and die. With such high stakes up for grabs, many organisations, not traditionally in core AV, are also part of the infosec musical chairs, such as FireEye, IBM, Akamai, Cisco, Intel, etc. There will be spectacular returns for the winners of this restructuring – global spending on information security is going to escalate way above current (already high) levels.
Patents and intellectual property in the new security paradigm are incredibly valuable. Security M&A prices are based less on revenues but on the strategic positioning of the technology and IP – and what it can leverage for the acquirer. We look forward to seeing how this shake-up plays out. When the new landscape settles, the cross pollination of different technologies and expertise will produce the next wave of innovative solutions. And some of the new breed will rise – while others, once mighty, will fall.