Information security needs fresh approach
Information security has largely failed the IT industry, and in particular, anti-virus has not fulfilled the promises it has made in the past.
During today's ITWeb Security Summit 2012, Haroon Meer, founder of and researcher at Thinkst Applied Research, questioned the relevance of anti-virus (AV) and whether vendors have traditionally rolled out technology that does not solve security problems.
He explained that the information security industry has been struggling with the same problems for years, adding that most companies don't even know when the majority of their breaches occur.
Meer pointed to an example of when HBGary was hacked and gigabytes of information were taken from e-mail servers without the organisation knowing what information had been leaked to the public.
Cyber criminals are the opponents who get to see the whole security chessboard, while the anti-virus companies are the opponents that only respond to a threat once it has already caused damage.Haroon Meer, Thinks
According to Meer, the security industry is using old technology methodologies to try and address new security threats. He said the days where blacklisting worked are long gone, and users should now be turning to white-listing.
“White-listing only allows certain data to run on the machine, and it trumps anti-virus, yet the majority of people aren't even using it. AV companies are always behind the attackers.
“The cyber criminals are the opponents who get to see the whole security chessboard, while the anti-virus companies are the opponents that only respond to a threat once it has already caused damage.”
Meer noted that AV vendors are on the losing side of the security battlefield. “AV vendors will show how they disassembled a malicious piece of code only once it has already happened, and that which they have not been able to stop.”
However, Meer added that he doesn't believe AV is “completely useless”. He notes: “A small company would pay for an AV as a person would pay for a tax. AV is ok for what it is, but we are just stretching its capabilities. There is still room for innovation. Clearly what we are doing up until now is not working.”