Over the past five years, the anti-virus market has experienced tremendous growth as many new technologies have emerged in response to current conditions.

What was once a market consisting of very few players has evolved into a multi-billion dollar enterprise consisting of dozens of companies with huge assortment of anti-virus products varying in focus and quality.

According to analysts, the global anti-virus market is forecasted to surpass $58 billion by 2010 with the introduction of new technologies in the areas of data loss prevention, virtualization security, security-as-a-service and many others.

Despite this growth, the technology behind anti-virus today is highly inefficient when it comes to protecting against modernized threats. This is fueled by the fact that vendors simply can't keep up with all of the new malware surfacing each and every day. The situation has created a breakdown in the quality and effectiveness of their underlying core technology.

This problem is evident in today's high-profile security incidents. According to the Identity Theft Resource Center (an organization that tracks incidents relating to exposure of confidential information), the number of recorded breaches more than doubled in the first quarter of 2008.

This problem is even more visible when you take into account the current application delivery model employed by various end-point technologies today.

This agent-based delivery model introduces several challenges, not only on the side of administration, management and ease of use, but to the degree necessary to provide an adequate level of protection against zero-day, zero-hour, and zero-minute threats.

This traditional model has the following characteristics:

· Upgrades require time and effort to implement, leaving a dangerous window of opportunity to become infected. This problem is amplified if the upgrade includes engine revisions to detect new strains of malware.

· Enterprise protection suites require deployment of a dedicated management infrastructure that in some cases will require additional hardware.

· Some end-point protection suites that use a policy driven system are particularly complex to manage and maintain, therefore the total cost of ownership will increase overtime.

· Anti-malware intelligence has traditionally resided on the end-point, thus, the trade-off between security and resource consumption has always been a challenge.

· The memory and CPU foot-print is directly proportional to the size of the signature file. Therefore, the growth of new threats will ultimately affect the user's experience.

· On average, the foot-print for leading products is anywhere from 100MB to 150MB, depending on the modules enabled (i.e. firewall, anti-virus, anti-spam, host intrusion prevention, etc).

· Most end-point products on the market today have a very narrow, short sighted view of the threat-landscape and do not provide protection for all malware currently in circulation and affecting users.

· Nodes do not share intelligence amongst themselves, thus, reducing the overall efficiency to detect and prevent against targeted attacks.

When we examine this security model further, the small and medium size business (SMB) market will be affected the most. The traditional anti-virus model introduces significant challenges for SMBs who have tight budgets for security. This is especially true as they often do not have the expertise or resources in-house to manage and administer complex anti-malware solutions.

The best alternative that an SMB can take when it comes to security is out-sourcing their services to a hosted infrastructure and/or adopting a Security-as-a-Service model. This helps reduce complexity and time to market when implementing new security technologies and will not require a high degree of skill to maintain the solution.

Security-as-Service revolves around the concept known as Software-as-Service or SaaS. SaaS changes the way that applications are currently delivered to customers by hosting them "in the cloud" and providing a web interface to interact with the applications. Previously, software had to be installed directly on the user's system and managed inside the business or manually remote controlled by an outside service provider.

Customers of an SaaS solution benefit from real-time up-to-the-minute content provided on a continuous basis through a subscription model making life a lot easier. This model allows companies, their IT consultants, managed service providers or value added resellers to more efficiently manage protection against malicious malware, freeing up valuable time and resources to stay focused on the business.

In conclusion, the SaaS model offers an alternative approach to the way that end-point security is delivered today. Since 2008 and 2009 will certainly focus on consolidation (anti-virus, data leakage prevention, end-point encryption, etc), it is essential that SaaS be adopted as an industry standard in end-point security protecting businesses from the SMB to the very large enterprise.

For more information on Security-as-a-Service for SMBs go here.

1 PandaLabs Research Study 2007:
http://research.pandasecurity.com/
archive/Think-you_2700_re-protected_3F00_-Think-again.aspx

2 http://www.idtheftcenter.org/artman2/publish/
m_press/Breach_List_2008_Q1.shtml

Ryan Sherstobitoff,
Chief Corporate Evangelist
Panda Security
www.pandasecurity.com