AV: Mind the gap
If you’re a subscriber to Virus Bulletin, we have an article in May’s edition, http://www.virusbtn.com/news/2012/05_01_vb.xml . I discuss whether AV has run it’s course and it’s time to move on, or do we just need a more realistic view in our industry of what the real threat landscape is, and what our products can do?
“Some vendors are now pushing new approaches, like Indicators of Compromise, yet these too are merely signatures by another name
A key point that gets little acknowledgement from security vendors: while a sophisticated threat actor can bypass signature-based
products more or less at will, the cost of doing business has risen dramatically for cybercriminals.
As an industry, we collectively push two falsehoods:
1. That our products provide the security the user needs.
2. That the cybercrime threat is pervasive and out of control.
I believe that the second point is true for certainindustries and governments. I’ve sat with incident response teams as they play whack-a-mole with compromised machines. For them, the reality is that at any given moment a certain number of their endpoints will be compromised, often by sophisticated statesponsored attackers. “