I disagree with parts of that - as one in the field who every minute of every day see where folks go, what they do, and what tries to get to us, it's just the target that's changed. AV needs to point at "malware" and "adware" which can still be fought with the same tools, just revised and re-aimed. Vendors are missing huge boats - I for one would love to see vendors target the sneak-in-ware that is packaged with software, the fake AV, the toolbars, and the browser helpers that pretend to be helpers but are really spys. I have to manually set up SEP to catch that garbage. It should already have those defined and allow me to turn that feature on - YES, block ALL IE and other toolbars, block ALL BHOs unless I whitelist them, and block ALL adware and spyware. Stop anything and everything from hijacking our browsers. But these vendors are simply ignoring our largest annoyance today. I spend most of my time fighting adware and spyware and add-ins that are snuck in than I do any real viruses. I've not seen a virus in a very long time. But I fight "crap-ware" every single day. Click here for a free...." click this to make your browser easier, that sort of garbage, or things piggy-backed into install packages, sneak-in-ware, spyware, adware, browser tools - if a product would block that sort of crap my life would be a whole lot easier, a whole lot.
I also disagree that "they will get in anyway". Not here, no they won't. But they will when the guard dogs like Symantec give up and shrug, ok, they'lll get past us so let's minimize the damage. I'm shocked at that attitude. I work in the trenches and I challange them to come visit ME and watch me for a day, if you have a great product and know HOW to use it and how to configure it, no, they won't get in. Not past our firewalls, IPS, SEP and other products they won't. Maybe in other state agencies, yes, ok, they will - but that's because they don't have ME! (and I'm not joking or showing off- it's something that some have actually admitted to. This agency passes muster and rates highly each year because I force us to, along with SEP and common sense!)
If you know how to use the security settings of the OS, if you don't tamper with them, if you assume the OS has holes and are diligent at watching for them, patching, and not putting all your eggs in one basket, there's no reason for you to be hacked or compromised.
So they'll get in, aim to spot them and minimize the damage. That's a bit defeatist, isn't it? Minimize? ANY damage is too much damage! How can you know how much or how little? How can you know that they got 1 piece of your info or 1 million? Why not prevent? If the bad guys can find ways to get in - then can't people also find ways to prevent them getting in?
I guess the major vendors have cried uncle? So now we have to ride along with them and assume since the vendors will no longer prevent, we have to keep documents ready to send out telling people "we've been hacked and your info MAY be out there" but have no clue as to if they got a lot or a little.
People get in because things are broken or were never good to begin with - so why not fix what's broken?
OK, so I should give up locking my doors at home, assume I'll be broken in to, and just take more effort to hide things and set up cameras so when I get home and find things gone or trashed, I can tell what's gone? And in the meantime suffer the damage and consequences of lost stuff- in this case DATA, customer or client PII?
So we have to tell clients - sorry, we no longer prevent access to your PII - we now concentrate on making sure that only you and 1 or 2 others suffer.
I'm so glad I only have 4 or 5 years left till retirement - I won't be able to handle such a "we give up" attitude.
And frankly, if businesses are "losing the battle", I propose it's the PEOPLE, not the product. I've witnessed it in this very state - same product as we use, and yet other agencies have problems. Why have we not had the problems? I've checked into it - again, it's because it wasn't properly configured, they didn't keep things patched, they weren't keeping up with knowledge and staying informed, diligent. They didn't have me - or the right person setting things up and suggesting policies. They failed or lost their battles not becuase of product failure, but because of people failure. One agency says "5 or 6 infections a day is pretty typical". I'd freak out if we had that many a year. Typical? Why accept that? Configure the software. Stay ahead in the game. I do it.
300 users/computers. 3 plus years no infections, no machines have had to be re-imaged or rebuilt. And our people surf and click like there's no tomorrow.
Symantec needs to get me on the team designing strategies for the endpoint protection.
I've a proven track record. ;-)
But I warn you - I speak my mind (it's a medical thing, honestly)