An article in the Wall Street Journal of May 5, 2014 summarized what I have been talking about these last few years. 25 years ago, Symantec was one of the first IT security companies to develop commercial antivirus software to protect computers from hackers. Now the company says that's no longer working. Antivirus "is dead," says Brian Dye, Symantec's senior vice president for information security. "We don't think of antivirus as a moneymaker in any way." Mr. Dye estimates antivirus now catches just 45% of cyberattacks.
Antivirus products try to keep the bad guys out of a computer. But hackers often get in anyway, using 0-day threats, social engineering and other tactics. So Brian Dye is reinventing Symantec; instead of protecting against the bad guys, he is now focusing on detection and response, following FireEye which recently paid $1 billion for Mandiant who act like hackbusters after a data breach.
Ted Schlein, who helped create Symantec's first antivirus product, describes such software as "necessary but insufficient." As a partner at venture-capital firm Kleiner Perkins Caufield & Byers, Mr. Schlein invests in new cybersecurity companies that compete with Symantec.
It is clear that new strategies need to be deployed to make sure defense-in-depth is effective. Providing effective Kevin Mitnick Security Awareness Training is the starting point, but moving toward whitelisting as a measure to block unauthorized executables is another way to stop malware from taking hold on a computer.