Now when it comes to anti-virus, there’s a number of ways to look at this particular issue. Yes, in fact, definitions-based anti-virus is fast-becoming a dinosaur of sorts. The problem is that there’s so many new variants and new malware code being generated it’s just plain hard to keep up with that. One day Symantec see’s a new virus and we write a signature, the next day McAfee see’s a new virus and writes that signature. It just depends on which AV Vendor see’s that particular malware on a particular day. Not a race, just reality.
I kind of laugh when I hear about companies that complain about their AV vendor and say things like, “Your stuff couldn’t find this virus, but when I went out and bought an AV software from ElCheapoAV.com, they found it easily. Why did they find it and yours didn’t?” First of all many of these ElCheapoAV.Com’s have ratcheted their detection engines so high you not only detect the virus in question, but you actually end up, at times, with more false positives to chase around after. Suffice it to say, the problem with AV today is that you have to have it on your endpoint before the AV vendors can detect it and deal with it. So, “Detection-Based” AV is a big challenge. There is clearly a need for more advanced methods.
This is one of the reasons why, at Symantec, we’ve created multiple layers of defense into their endpoint security products that in many cases don’t even require the malware to get to the endpoint at all. We actually know about malware before you and/or your users have a chance to download from the internet or otherwise introduce to the endpoint. So, whether it’s Symantec or our Norton branded endpoint protection, we bring “Prevention-Based” to the problem of prolific malware distribution.
The multiple layers of defense are made up of several advanced detection and prevention technologies that are highly integrated into our endpoint protection capability; from the basic signature based malware detection, to OS and browser based Intrusion Prevention, Firewall, real-time memory scanning and detection of rogue processes, and Insight, a reputation-based prevention capability, each of these capabilities work in concert to ensure that malware detection and prevention provide a significantly higher degree of efficacy. Insight (Reputation) provides malware prevention by already knowing whether or not an .exe/.dll is known good, known bad, or has some questionable level of reputation. This knowledge assists customers in deciding what levels of reputation they want to allow into their organizations. In short, files with questionable reputations or known bad are not even allowed to get to the endpoint to infest a company.
To summarize, while it may seem like these important technologies may have lost their luster or are not the sexiest new latest security craze, they provide an important layer of defense (and offense), whether it’s knowing where your most sensitive information assets are or ensuring no malware attacks take root in the computing environment.