Panda Takes Pause to Reconsider AV
Panda Security is doing something interesting, publicly scrutinizing the viability of its own anti-virus technologies (and those of its rivals to an even greater extent I'd bet) in an upcoming Webcast.
But it's clearly a discussion worth having.
This week at the Black Hat Security 2008 conference in Las Vegas, and its sister Defcon show, some of the smartest and most creative people in the vulnerability and IT security research business will show off a wild array of methods they've created (or at least deduced) to circumvent traditional on-premises anti-virus and systems defense mechanisms.
For a while now, even the largest "AV" vendorsincluding Symantechave admitted that traditional malware defense systems aren't catching quite a few of the attacks, particularly those designed with newer techniques, such as short-run targeted threats that cut at vendors' abilities to establish attack patterns.
Whether it's stronger behavior monitoring tools or whitelisting, or more likely some combination of both, the answer to what it is that will eventually replace today's ubiquitous signature-based technologies isn't completely clear. And pretty much everyone in the space admits it, with most vendors preaching layers of different defenses aimed at thwarting all the various attacks.
"The technology behind anti-virus today is highly inefficient when it comes to protecting against modernized threats," Panda said in a press release announcing the event. "This is fueled by the fact that vendors simply can't keep up with all of the new malware surfacing each and every day. The situation has created a breakdown in the quality and effectiveness of their underlying core technology."
That's pretty honest.
It does feel like we're reaching some crossroads in this conversation, and it will be intriguing to see to what extent the Black Hat research crowd will be able to cut away further at the level of confidence still associated with many popular AV products.
Panda itself offers several hosted services, including subscription-based anti-malware services, with much of its emphasis seemingly aimed at delivering them to small and midsize businesses, as others in the space have similarly done.
SAAS hasn't taken off for security as one might think it would have. Traditional AV products have had live hooks into them for ages for the active downloading of new signature content, or virus updates, and there are physical issues in terms of remotely protecting some assets, but analysts did seem to think this product-to-service evolution would occur more rapidly.
It's always curious to me to see so many vendors in any space openly discussing the major shortcomings of their existing products. It's smart of them to do so though because this is probably the best way to get answers.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.