The Senior Vice President for Information Security at Symantec recently said that anti-virus software is dead. But don’t stop buying anti-virus software just yet – about 55% of malware is stopped by anti-virus software – but the trend is disturbing. (and 40% of Symantec’s revenue still comes from anti-virus software sales!).
The internet landscape is also rapidly changing – its not just PCs anymore – networked TVs, blu-ray players and other devices could be flooding networks with malware! In addition, malware now is fundamentally different from that of the past – 70% of malware exists only once (single iteration malware) – a model that anti-virus software cannot deal with effectively. Think Target – the malware used was pretty custom and is unlikely to be seen elsewhere again.
So what do the experts recommend? Security needs to shift from a model that emphasizes quick identification during the attack (rather than after it has died). Also compliance mandates should reduce the emphasis placed on anti-virus and other reactive signature based approaches. The idea here is that this would enable companies to adopt more innovative approaches.
Update: Was on krebsonsecurity.com