Cisco Subnet An independent Cisco community View more

Antivirus Software Is Not Quite Dead Yet

Symantec statement must be put in context of endpoint defense-in-depth

In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that "antivirus is dead."  Dye goes on to proclaim that, "we (Symantec) don't think of antivirus as a moneymaker in any way." 

I beg your pardon, Brian?  Isn't Symantec the market leader?  Just what are you saying?  In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors - about Symantec, AV, etc.  Panic and wild predictions abound.  Dogs and cats living together in the streets . . .

I've been researching the endpoint security market for a good dozen years so allow me to put Dye's death certificate in context.

1.  Symantec's point is that organizations should not rely solely on signature-based AV and I wholeheartedly agree - this type of infosec security strategy is certainly dead and has been for some time.

2.  AV signatures have been supported by other technologies like heuristics, statistical analysis, and security intelligence for a number of years.  Symantec and others like Bit9, Cylance, Crowdstrike, Kaspersky, Malwarebytes, McAfee, Symantec, Trend Micro, and Triumfant continue to innovate in these areas.

3.  Many organizations that complain about AV either don't know about these additional security technologies or choose not to use them in many cases. 

4.  While AV was really focused on incident prevention, future endpoint security technologies will add layers for incident detection and response.  This means new types of malware analysis (a la FireEye, Palo Alto, Cisco/Sourcefire, etc.) as well as endpoint forensics (i.e. like Carbon Black, Guidance Software, RSA ECAT, Tanium, etc.).

5.  For the time being, many government and industry regulations require AV software on endpoints and servers.  So in reality, AV is not dead until the PCI DSS says it's dead.

Brian's quote was certainly provocative but let's not get carried away here.  No one is ready to tell the world to throw the AV baby out with the cybersecurity bath water just yet.  AV isn't dead at all although it no longer has a starring role.  In truth, AV is alive and well as part of an evolving multi-layered endpoint security defense architecture. 

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.