Sunday, July 24, 2011

Security Executive(s) Say Every Security Company is Misleading Consumers about Protection Offered, (Seven Years Apart)

In a July 15 ITPro article, M86 Chief Executive Officer John Vigouroux stated that every other security company bar his is misleading consumers about the malware protection they offer. "The security industry has done a miserable job of defending the world against malware," Vigouroux said, claiming the best legacy systems are only stopping 40 per cent of threats. http://www.itpro.co.uk/634951/is-the-security-industry-lying-about-malware-protection

Vigouroux did not discuss in any detail the wide variety of techniques beyond pattern files being by security providers to identify and stop malware and other threats, other than for M86. Technologies beyond pattern files include heuristic analysis, sandboxing, and pushing defense to the cloud, not waiting to stop malware before it reaches the desktop. M86’s product line utilizes a variety of technologies, including URL filtering, and standard malware signatures. Vigouroux is quite vigorous in denigrating pattern files, nonetheless. M86’s “parts” through acquisition/merger are, Marshal, Avinti, 8e6, and Finjan. M86 positions themselves as delivering “Today’s Technology for Tomorrow’s Threats”.

Nonetheless, there is some truth in what Vigouroux is talking about. In Av-Comparatives.org May 2011 “Retrospective Test, Static Detection of new/unknown malicious software”, the top four results were from:

• 61% - G Data
• 59% - Eset
• 59% - Avira
• 55% - Kaspersky

This particular test evaluated only the offline heurist/generic detection of the company’s products against unknown and known malware. www.AV-comparatives.org , www.AV-test.org , www.virusbtn.org, www.icsalabs.com, and www.westcoastlabs.com are great sites to go to for information on products tests.

http://www.av-comparatives.org/images/stories/test/ondret/avc_retro_may2011.pdf

Revisiting Trend Micro, March 22, 2004 – Déjà vu, All over Again

Trend Micro Executive Eva Chen had a Q&A with CRN (www.crn.com) in March 2004. Chen stated in response to a question about security management, “The other thing we are thinking about is outbreak prevention. We always say we are in the antivirus business. But I was so frustrated that I called our CEO, Steve Chang, and said we've been lying to our customers for 10 years. We call ourselves antivirus, but we have never prevented a virus from hitting our customers. None of the antivirus vendors have ever done that. From that day, we started to rethink the whole business about antivirus.” http://www.crn.com/news/channel-programs/18841262/crn-interview-eva-chen-trend-micro.htm since 2004 has probably been one of the leaders in moving protection out to the cloud. Quite a migration from their pre 2000 positioning as “Your Internet Viruswall”.

Eva Chen gets bonus points for being prescient and raising the pattern file issue in the press seven years before Vigouroux. Obviously, the industry has evolved. Viruses and malware are just a small part of the threats. Larger companies may also find themselves targeted by Advanced Persistent Threats (APTs). Both companies (and numerous others) have pushed the battle out to the cloud in addition to providing other technologies to provide a multi layer solution. A number of vendors are also offering security as a service, though the acronym SecaaS has not quite caught on, yet.

Trend Micro positions themselves as “Securing Your Journey to the Cloud”. From a traditional AV/Malware security provider perspective, they are in 3rd after Symantec and Intel subsidiary McAfee. Kaspersky is going after them for the 3rd position.

Virtualization as an Option

This is a topic for another blog. However, virtual desktops are being utilized by some larger organizations. MokaFive (www.mokafive.com), for example, promotes providing seven layers of security for their virtual desktops. These layers are:

• Built-in anti-virus scanning (AVG Technologies)
• Virtual desktop encapsulation to keep the virtual desktop completely independent of the host computer.
• AES 256 encryption to keep data secure
• Tamper resistance and copy protection to keep the virtual desktop from being moved or edited.
• AD and two-factor RSA SecurID authentication to allow access to only authorized users.
• Granular security policies
• Remote revoke or kill

No comments: