Antivirus is "dead" says Symantec security head as firm launches more services and cloud security

Dead or simply not profitable?

With antivirus software revenue falling, security giant Symantec has finally conceded a point that has seemed obvious to the rest of the industry for some time. Antivirus software "is dead", senior vice president for information security Brian Dye has told the Wall Street Journal.

There is likely to be some backlash, not least because Dye followed up his rather bleak assessment with the revealing sentence that the firm no longer "think[s] of antivirus as a money-maker in any way."

Other firms have been saying similar things about antivirus for a while, usually because they don't have products that depend on this technology but for a Symantec vice senior VP to utter the same view will be seen as an important moment. But is antivirus dead or is it simply a case that Symantec can't make enough money from it as security budgets are spread more thinly across newer products?

Dye made his remarks as the company confirmed its move into alternative forms of protection with the announcement of new products and services that mimic the success of younger, smaller upstarts.

Chief among these will be the firm's new advanced threat protection (ATP) system, still in beta testing but due for release within 12 months. This will include Symantec's Dynamic Malware Analysis Service cloud-based sandboxing system, hooked into the mail scanning and endpoint security, to provide an integrated anti-APT protection layer of the sort made fashionable by rivals such as FireEye.

Backing this up from next month will be Symantec Managed Security Services Advanced Threat Protection (MSS-ATP), as its name suggests a suite of managed security services that aims to protect endpoints from complex threats such as zero-day attacks and targeted malware.

In addition, Symantec plans to launch threat visibility and incident response services through a research portal designed to keep customers abreast of the threats facing them at any moment in time.

"To successfully defend against the types of targeted attacks we're seeing today, you need to expand the focus from prevention to detection and response," said Dye.

"Network security alone isn't going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint. Organizations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. Symantec is bringing that powerful arsenal to market."

This should be good news for Symantec's investors and consistent with another admission made by Dye that antivirus now catches only 45 percent of malware. But by taking on its more dynamic rivals - including a rejuvenated McAfee - Symantec is also conceding that it is no longer a security leader so much as an eager follower.

Not everyone is convinced that the announcement is anything other than clever window dressing.

"[It] rather depends on how you define anti-virus doesn't it?," countered Graham Cluley, a UK security expert who spent two decades working for antivirus stalwarts Dr Solomon's and Sophos but now works as an independent commentator.

"If they're talking about the approach anti-virus companies took 20 years ago, then of course that can't cope with the modern threat. But the term 'anti-virus' is just a convenient shorthand for a multitude of technologies that security firms recommend corporations use today to protect against and detect malware and hacker attacks."

According to Cluley, Dye's comments are really a statement of the obvious.

"Looking at the article, it acknowledges that the Symantec Norton security suite is much more than traditional anti-virus, but then so is everybody else's these days. I really don't think Dye has said anything earth-shattering here - everyone acknowledges that anti-virus software is an essential part of the armoury, but not 100% of the solution."

It was true that antivirus couldn't spot targeted malware but most malware remained variants on common forms, he said.

None of this will come as news to a security industry that has long since moved on to seeing antivirus as just another layer among many. Last week's Infosecurity Show in London was a perfect example of this, with a new generation of security firms such as FireEye taking centre stage with large stands as traditional antivirus firms were forced to work hard to grab the same attention they once enjoyed by right.

Some of thee firms booking floorspace were familiar - Trend Micro for instance - but many others were either new or independent European vendors once seen as small outsiders. The security industry is changing and now Symantec with it.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsymantecsecurity

More about APTATPATPDr Solomon'sFireEyeMcAfee AustraliaNortonSolomonSophosSymantecTrend Micro AustraliaWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts