The IT security market remains dominated by anti-malware vendors whose business model is based on the detection of new malware and selling subscription-based updates that block new malware as it is released. Two of the world’s biggest security companies, McAfee and Symantec – while both have diversified into services – still focus much of their global marketing effort on anti-malware and being seen to be on the offensive against the malware creators. And to the general public, cyber security IS anti-malware.
At the same time, despite coming up with new product categories that supposedly meet new types of threats as they appear, many parts of the IT security vendor community continue to license those core anti-malware products from the major manufacturers, and neatly package them into a wide variety of tin boxes in categories such as anti-malware gateways, anti-malware management, UTM and content filtering.
While it is true that security technology has improved in the last ten years, with a move to more intelligence and risk-based tools such as SIEM and vulnerability assessment products, too much effort is being placed on trying to defeat what is now increasingly clear to be undefeatable: the continuous tide of malware and zero-day vulnerabilities.
This unwinnable war on malware continues to be good business. In 2011, Gartner reported that (US) consumers spent $4.5 billion on antivirus while enterprises spent $2.9 billion, a total of $7.4 billion or more than a third of the total of $17.7 billion spent on security software.
In its marketing efforts, the anti-malware industry focuses on its valiant efforts to defeat malware. We are increasingly told how malware and, by extension, its authors have never been more “sophisticated” or the volume more eye popping.
“Today’s security threats are more sophisticated and targeted than ever, and they’re growing at an unprecedented rate. Malicious URLs, viruses, and malware have grown almost six-fold in the last two years, and last year saw more new viruses and malware than all prior years combined.” reports McAfee Labs.
Not to be outdone, F-Secure claims that, “Cybercriminals are following the money. They are authoring ever more sophisticated, difficult-to-detect malware”. And just to complete the picture here’s Sourcefire: “Today, malware is more sophisticated and evolving more quickly than ever before. Many customers find it impossible to keep up.”
The security press does its bit too. In the United States, SC Magazine says that malware remains an emerging area of concern “because it is always changing”.
“We used to worry about zero-day threats. Now it can be zero-hour. Malware is proliferating at a ferocious rate.” it added in the foreword to one of its group tests, failing to see the irony in describing malware as an emerging area of concern.
So we know for sure that malware has never been more sophisticated or that there is a lot of it about. And yet for all their efforts, the anti-malware lobby do not seem to be doing a very good job of managing the threat. Efficacy is a problem. A report by Israeli cloud security company Imperva collected and analysed 82 previously non-catalogued viruses against more than 40 anti-virus solutions, and it found that less than five per cent of anti-virus solutions were able to initially detect previously non-catalogued viruses. It also found that some freeware AV solutions performed better than those from the major brands.
At this point, I should say that I am not trying to blame any company for the anti-malware conundrum. McAfee, Symantec, Kaspersky and the rest all do valuable work for the industry in many different ways.
We still need anti-malware, just like we need PCs but I am sure that deep within the citadels of those businesses is the realisation that anti-malware as it exists now is not working and we need to be moving on from the anti-malware era.
The vendors that matter, I am sure, are giving this matter serious consideration. They are spending billions of dollars trying to defeat an entity that simply won’t go away and passing the cost onto their customers in a cycle of diminishing returns. The more we spend, the less the impact.
I am not cynical enough to believe that the anti-malware industry would prefer this negative status quo in order to maintain profits. This war on malware has led to the stasis of containment which is not good for the industry, its customer base or the economy. We have got there together.
So what’s the answer? Find out here.
Follow Paul Fisher on Twitter: @pfanda