Those who run expensive antivirus software solutions religiously but still encounter intrusions might be interested to hear the opinion of one particularly vocal anti-malware solutions provider.
John Prisco, CEO of Triumfant Security, wrote in a recent article for The Next Web that the cybersecurity industry is a "con" and that vendors are selling software that they know doesn't work.
"This scam makes them arguably more corrupt than the hackers themselves," he says.
The article makes entertaining reading. In it, Prisco says that companies selling antivirus software are a "racket."
He says classic antivirus and newer anti-malware software—using the same principals as antivirus—don't work because they only function if a similar attack has been seen before. It relies on having prior knowledge of an attack. In other words, comparing code to a repository of attacks.
But, he says, attacks no longer work like that.
"Modern cybercriminals are more sophisticated than that. We are no longer looking at kids in a dorm room coming up with annoying little hacks," Prisco says.
He added that the cybersecurity efforts need to work out what's occurring without referring to a list. The list is going to be "stale and incomplete."
Prisco says that Big Data and machine learning is a better approach. That means identifying patterns and predicting discrepancies "in real-time, based on actual circumstances, not old or useless information."
Conveniently, his company Triumfant sells those kinds of solutions.
Signature-based defenses, like those used in traditional cyber-protection, can be bypassed with newer attacks, and Triumfant's analytics solution "detects, analyzes and immediately resolves attacks," according to its website.
So, why aren't other major security vendors going the analytics route?
"Because it is in their best interest to keep the breaches happening," Prisco writes. And "for this, they are just as culpable as the hackers themselves," he reckons.
And of the hackers themselves? Prisco says they're "professionals with the support of well-resourced crime syndicates and nation states who put millions of dollars into research and development."
Signature-based solutions don't work
Some other vendors are trying to make advances too, though.
Bob Violino, writing in Network World in April, says innovation in the anti-malware market is being led by Bit9/Carbon Black, Bromium, Countertack, Crowdstrike, Cylance, Invincea, Webroot, as well as Prisco's Triumfant.
Violino quotes Gartner analyst Neil MacDonald, who says: "It is clear that traditional signature-based anti-malware solutions are increasingly ineffective."
Violino says that one reason that antivirus is still being deployed is because it's required for "legal and compliance reasons." Plus, although it "doesn't catch everything, it still provides some level of protection," he says.
An 'unholy alliance'
Prisco is more blunt. He writes that the reason enterprises still buy into this "unholy alliance between hackers and cybersecurity vendors," is in part due to secrecy.
"The security industry is not transparent in an alleged effort to protect security, and this means that these inadequate products continue to sell and continue to fail."
Incumbents are failing
"If you put a hundred million items on your security software's blacklist, hackers will come up with an engineered attack that is the hundred millionth and one," Prisco says.
Traditional "approaches to security do not really protect anyone because what happened a day ago is not necessarily relevant to what is happening today."
And that's where the incumbents are failing, he thinks, quite vocally.
This article is published as part of the IDG Contributor Network. Want to Join?