COMMENT Revolution has been a big theme of 2011. Not just in the political sphere, but in the tech world as well.
Indeed, the two became intertwined during the Arab spring, when social media was used as a key communications tool for the revolutionaries.
An insurrection of sorts looks set to take place in the security industry too. The two overlords of the market - Symantec and McAfee - are under attack.
Anti-virus is a hoax. The engines are not working.
The minnows of the industry are starting to get aggressive, especially in their comments about the old guard.
Over the past few months, a refrain has repeatedly crept up in conversations with these young up-starts: the old systems don't protect against new threats.
The mighty minnows
According to Nir Zuk, founder of Palo Alto Networks, traditional vendors are still selling the same engine used to detect threats that was created nearly two decades ago.
"Anti-virus is a hoax. The engines are not working," Zuk told IT Pro.
He believes traditional AV vendors are even wasting money on ensuring their products are the default choice on PCs sold directly to consumers. What's more, they don't even seem to be gaining any financial benefit from it, he claimed.
"That's something you will not see in their results," Zuk added. "The consensus is that they will never see their money back."
Another consensus amongst these security companies is that the old database, or signature-based system does not work as highlighted by M86 Security recently.
They make a valid point you can't detect zero-day threats by referring back to a database of known malware. It's just not possible. For real protection, you need systems that can identify dodgy traffic or dangerous code in real-time, or close to real-time at least.
As attacks become more targeted and are able to bypass standard AV, it becomes clear the old systems do little to prevent serious breaches.
Of course, there are some histrionics on the behalf of these feisty new security companies. They need to make a name for themselves and lambasting the security giants of today's world won't do them much harm. Having said that, Zuk's firm is partnered with Symantec so take his comments with a punch of salt. On top of that, Palo Alto uses a database itself behind its appliances is a Webroot database. Make of that what you will.
Regardless, their comments about the flaws within the old systems are hard to deny.
The Symantec way
So what does Symantec have to say about others openly trashing the way it detects threats? Greg Day, who recently moved from McAfee to Symantec (saying his new role as EMEA CTO was "a breath of fresh air"), was convinced the claims against the number one security player were rubbish.
"The first thing is, Symantec is not purely signature dependent. We have in there signatures that we put to the client and we also make use of the cloud to gather real-time intelligence and apply smart controls in much the same kind of mentality that M86 do," Day said.
He pointed to Insight, which uses a wealth of information to determine whether a file is safe or not, such as looking at its provenance or whether it has a digital signature. That's still not a real-time model is it? Does it not still require old information to detect a potential threat?
"I agree it's not quite real-time because it's comparing with others in the cloud but I would say that it's probably real-time plus a few seconds," was Day's response.
