Despite what you might have heard, antivirus (AV) technology isn't dead, at least according to Brian Foster, senior director of endpoint security products at Symantec. Signature-based AV is not enough, but it's not dead. It's still very important because a lot of machines remain unpatched and old viruses are still making the Internet email rounds.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
So what do you need to supplement your old-technology AV solution? Foster says that Symantec's next-generation AV product, code-named Hamlet, will include behavioral technology that goes after zero-day threats. Companies that have strict policies about which applications can run on corporate systems will be able to take advantage of a whitelisting feature that lets only those approved applications operate and denies other software. Device control technology will enforce policies about what types of devices can be used, and how they can be used, with a company's computers. And an intrusion prevention system (IPS) feature will provide generic exploit blocking.
Foster contrasted this super-AV solution with Microsoft Forefront Client Security, which launched the day I spoke with him (May 2). He said Forefront Client offers strictly signature-based AV and antispyware protection.
Foster says his team is focused on reducing complexity, hence the integration of all these technologies into one product, and cost--no word yet on Hamlet's pricing. The product is due out by the end of the year.