As we've seen recently with Heartbleed and the massive Internet Explorer bug, the security products of old are just no match for the product flaws and zero-days that are becoming more commonplace. With each new attack, many IT Pros are finding that antivirus software is essentially useless and are turning to other products that can mitigate instead of protect. In fact, 'protection' is probably too strong a word in relation to securing PCs, tablets, smartphones, and corporate infrastructure. Malware writers and hackers have moved beyond simple antivirus software. Antivirus software seems to be more of an annoyance and less of real threat to today's cyber criminals.
Symantec, long known for antivirus solutions (well, and acquiring other firms and destroying them), is seeking to improve security through advanced threat protection with some upcoming offerings. The company unveiled a roadmap for its new approach, culminating in new product releases over the next year.
The first, Symantec Managed Security Services -Advanced Threat Protection will roll out by June 2014. Symantec Managed Security Services -Advanced Threat Protection is a managed service intended to reduce the time it takes to detect and respond to security incidents. The service will be integrated with partners' solutions and products as part of the Symantec Advanced Threat Protection Alliance. Current partners include Check Point Software Technologies, Palo Alto Networks, and Sourcefire (Cisco).
The second solution, Symantec Advanced Threat Protection Solution, will be available within a year. This solution will provide end-to-end integration for endpoints, email, and gateways and seek to provide proactive detection and response. Beta for the service should start within the next 6 months.
With the landscape of security changing with each newly reported vulnerability or critical defect, it's actually surprising that Symantec has taken this long to announce services like these. Almost all companies still purchase and deploy antivirus software, but the value of the products are diminishing. I've seen many threads where IT Pros are even now questioning if using antivirus software is a waste of budget.
And, then these new Symantec solutions won't be available for another 6 months to a year. It just seems like Symantec is playing catch-up.
Also interesting is that Symantec's market for antivirus software has spiraled downward. I believe a lot of the freefall is due to Microsoft's release of Security Essentials. Security Essentials is a free product for Windows users. When Microsoft first released the product, I wondered how long it would take before Symantec (and others) would attempt to sue Microsoft for making malware security free. That never happened. So, instead, Symantec has seen its market dwindle considerably.
A Wall Street Journal piece over the weekend shows that Symantec is at least aware of the loss of market viability for antivirus software. In the article, Brian Dye, Symantec's senior vice president of security, says this:
"Antivirus "is dead. We don't think of antivirus as a moneymaker in any way."
So, Symantec is clearly justified in branching out in other, more innovative security areas. It's just going to take another year to get it done. By then, the security landscape could be quite a bit different even than it is now and the new roadmap could lead to a dead end.