Customers are becoming more and more indifferent to traditional antivirus technologies, according to Lumension’s Alan Bentley.
Speaking to CBR, Bentley, SVP International at the vulnerability management firm, said that there is a mass acceptance that antivirus "just works" but the changing threat landscape and the increased management requirements that come with that mean users are beginning to look at alternative security methods.
"Customers are becoming disenchanted about what antivirus can do. It’s struggling after 15 years because of the changing threats. There are now multiple attack vectors to deal with. We’re now seeing close to one million unique malware signatures per month; we used to see that in one year. AV vendors have to understand the threat to be able to fix it" Bentley told us.
The challenge for the industry is how to cope with those new threats. A recent survey by Cyveillance found that AV vendors detect on average less than 19% of malware threats. That detection rate increases only to 61.7% after 30 days, suggesting that the industry is struggling to keep up with the bad guys.
"Cyveillance is not the first to report that sort of thing," Bentley said. "There are free sites online that do the same thing. There is so much unique malware out there it is creating a problem for AV vendors."
The first real signal that the bad guys were upping their game when it came to malware was the discovery of Conficker in November 2008. It was a clear indication that malware creation was becoming a highly professional and very well organised industry, Bentley said.
"It was blended malware obviously written by very good coders – a bunch of different people writing different parts of it that were then brought together. It was very sophisticated," he said.
So is this "disenchantment" resulting in a change in the security industry? Bentley believes that more companies are beginning to look at a trusted model of security rather than a threat model; in other words has the time for whitelisting finally arrived?
With whitelisting only pre-approved applications are allowed to run on a computer, rather than the traditional blacklist approach which blocks applications that are listed as being bad.
Critics of whitelisting claim that it can be difficult to keep up with, particularly when a vendor updates its software. Lumension is pushing what it calls Intelligent Whitelisting, which CEO Pat Clawson says addresses a lot of the concerns about it.
"Traditional whitelisting is hard to use, it’s exceptionally manual for the IT manager to maintain, whenever there’s a change you have to rebuild and push that image out. What it does is exceptionally effective. It eliminates all the questions about what is allowed on a machine and therefore removes the risk. But it’s difficult to manage and doesn’t lend itself to an environment where workers are out and about. It drives the average end user crazy because you can’t update programs," he told CBR earlier this year.
"We have something called the Trusted Updater. This allows you to take common things that do background updating – such as Adobe, WebEx or a bespoke system – and update them automatically. This maintains the whitelist automatically without burdening the IT department or stopping the worker from doing their job – which was always one of the legacy issues with whitelisting," Clawson added.
You can read the full Q&A with Pat Clawson here.