Traditional antivirus does one thing very well: it limits the damage from widespread, well-known threats. Once a given malware passes the threshold of detection, usually measured by how widespread the malware is deployed, our antivirus ecosystems provide infrastructure to rapidly deploy signatures—across the enterprises of you and your peers.
This was sufficient for years, when the only threats to a network were from opportunistic attackers compromising computers to increase the size of their botnets, send more spam or click more ads. However, recent years have seen an increase of attackers compromising your data as opposed to just someone’s computers.
These attackers are not content with just any computer; they are focused on compromising your organization to gain access to your data. We call these attackers “advanced” although neither the attackers nor their techniques need be especially advanced to be successful.
For the first time, these “advanced” attackers are actually testing our defenses—and these defenses are failing.
In an attempt to counter the continued success of these “advanced” attackers, AV vendors have repeatedly increased the complexity of traditional antivirus (which increased its cost and decreased user satisfaction) to no avail. They’re trying to hammer a square peg into a round hole, shoehorning traditional antivirus into a role for which it’s unsuited.
At its essence, this is not a technology problem, it’s an operational one. It’s time for an operations revolution. As an industry, we must recognize the inevitability of compromise and ensure that when attackers do get in, we have the processes, procedures and technology in place to detect and respond—immediately. It’s an entirely new information security operations model that shifts from a mindset of static protections to a lifecycle of continuous protection, detection and response as part of your team’s daily operations.
At Bit9, we are fully committed to supporting this new operational model. We offer you best-in-class prevention tailored to your environment, not dependent on signatures and different than your peers. And with Carbon Black, we offer the best in detection and response that ties your enterprise to the cloud and enables your team to respond to alerts in seconds. Most importantly, these capabilities are integrated—both with our own product as well as the other devices deployed in your network.
So Symantec, welcome to club “real world.” We’re glad you’re here. As an industry, we have a lot of work to do as we revolutionize our operations, and it’s bigger than any single company.