I read this earlier today. It is an article about some statements made by Brian Dye, Symantec’s senior vice president for information security. He says antivirus “is dead.”
There is a bit of hyperbole in that statement, but the implications are interesting the AV only catches about 45% of the cyber-attacks. It does partially prove out a point we like to make at Alvaka that patching is more important than a firewall. Now that is a bit of hyperbole, too, but it helps make the point that managing security requires multiple layers. Those layers include the firewall, e-mail spam filtering, antivirus, patch management, intrusion detection and intrusion prevention, OS security policy and more. One of our NOC engineers was working on a project recently. He discovered that he could place encrypted code onto a storage device and none of the leading AV software he tested could detect its presence. Basically the code was FUD or fully undetectable. That is scary.
I am curious what Dye’s definition is for “cyber-attack?” One this is for sure, the motivation of hackers and malware has changed dramatically over the years. The threats are new and different today. Going back in history most malware was related to someone wanting cyber fame, making a political statement or just plain mischievousness. Now with the advent of ransomware, spam mailing bots and more, malware has become big business. In some regions where the hackers are protected by local officials, the business of hacking is a formal business. In some eastern European regions in some towns you can see an office building with a name on it and a bunch of people working inside. They even have HR departments, marketing groups, etc. What makes these business so interesting is that they are hackers, ransomware crooks, spam mailers, etc., but they have now matured into real businesses… just not the type of business anyone appreciates outside of that town. They are too vital to the local economy to shut-down so the officials look the other way.