Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Symantec: Antivirus is dead

    Declaring Antivirus Software Dead, Firm Turns to Minimizing Damage From Breaches

    By Danny Yadron

    Updated May 4, 2014 10:41 p.m. ET

    Symantec Corp. invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.

    Antivirus "is dead," says Brian Dye, Symantec's senior vice president for information security. "We don't think of antivirus as a moneymaker in any way."

    Antivirus products aim to prevent hackers from getting into a computer. But hackers often get in anyway these days. So Mr. Dye is leading a reinvention effort at Symantec that reflects a broader shift in the $70 billion a year cybersecurity industry.

    Rather than fighting to keep the bad guys out, new technologies from an array of companies assume hackers get in so aim to spot them and minimize the damage.

    Network-equipment maker Juniper Networks Inc. wants customers to place fake data inside their firewalls to distract hackers. Shape Security Inc., a Silicon Valley startup, assumes that hackers will steal passwords and credit-card numbers so seeks to make it difficult to use the pilfered information. FireEye Inc. created technology that scans networks for malicious-looking computer code that made it past the first line of defense. FireEye recently paid $1 billion for Mandiant, a small firm led by former Air Force investigators who act like cyber-Ghostbusters after a data breach.

    Symantec seeks to join the fray this week. It is creating its own response team to help hacked businesses. Within six months, the Mountain View, Calif., company plans to sell intelligence briefings on specific threats so clients can learn not just that they are getting hacked, but why as well. Symantec also is developing technology to look for more-advanced malicious software inside a network that mimics offerings from its rivals.

    The company needs a turnaround. Revenue fell in each of the past two quarters, though profit rose because of cost cuts. The company, which reports earnings Thursday, forecast revenue of $1.62 billion to $1.66 billion for the quarter through March, down at least 5% from a year earlier. The company in March fired Chief Executive Steve Bennett, the second time in two years it had ousted a CEO.

    Mr. Dye, who has spent more than a decade with Symantec, says it was galling to watch other security companies surge ahead. "It's one thing to sit there and get frustrated," he says. "It's another thing to act on it, go get your act together and go play the game you should have been playing in the first place."

    Symantec pioneered computer security with its antivirus software in the late 1980s. The technology keeps hackers out by checking against a list of malicious code spotted on computers. Think of it as an immune system for machines.

    But hackers increasingly use novel bugs. Mr. Dye estimates antivirus now catches just 45% of cyberattacks.

    That puts Symantec in a pickle. Antivirus and other products that run on individual devices still account for more than 40% of the company's revenue. Specialized cybersecurity services for businesses account for less than one-fifth of revenue and generate smaller profit margins. It would be impractical, if not impossible, to sell such services to individual consumers.

    Ted Schlein, who helped create Symantec's first antivirus product, describes such software as "necessary but insufficient." As a partner at venture-capital firm Kleiner Perkins Caufield & Byers, Mr. Schlein invests in new cybersecurity companies that compete with Symantec.

    Mr. Dye says Symantec's Norton security suite has evolved beyond antivirus software and already looks for suspicious activity that may come from previously unseen viruses. It also includes, among other things, a password manager, a spam blocker and a tool that scans a user's Facebook feed to guard against dangerous links.

    The company has no plans to abandon Norton but will find revenue growth in its new product lines, he says. "If customers are shifting from protect to detect and respond, the growth is going to come from detect and respond," Mr. Dye says.

    Other traditional antivirus makers such as McAfee, Intel Corp.'s security unit, have moved in the same direction. Michael Fey, McAfee's chief technology officer, says there is typically a two- to three-year lag on developing the technology Symantec seeks to create. "They haven't been part of the thought-leader group for some time," Mr. Fey says.

    International Business Machine Corp. on Monday plans to unveil its own security suite that looks for irregular behavior in computer networks.

    If Symantec has an opening, it is that no security company has determined how consistently to defeat the most ambitious hackers from China, Iran and the former Soviet bloc. Hackers linked to Iran last spring breached the digital perimeters of energy companies and one of the U.S.'s five biggest banks but were caught before moving further into the systems. The incidents were notable because the two industries have among the best private-sector cyberdefenses.

    Cybersecurity firms also want to help discern the most serious threats from the less serious. Before Target Corp. was breached last year, FireEye security equipment alerted the retailer to suspicious activity. But the company decided it didn't require follow up. Former Target employees say the team lacked the resources to pursue all threats.

    "What do we do with all the things that we're 60% sure are a problem?" Mr. Dye says. Analysts say Symantec's software runs on so many machines that it may be able provide more guidance on which hackers can be ignored and which are truly a problem.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    IBM Boosts Its Security Presence as Data Breach Costs Rise

    May 5, 2014, 8:16 AM PDT

    By Arik Hesseldahl

    Computing and technology services giant IBM has boosted its presence in the booming computer and information security business today, with a new set of services aimed at fending off attacks and analyzing breaches after they’ve occurred.

    IBM today launched its Threat Protection System and a service called Critical Data Protection, which it says are the result of two years of investment and a series of acquisitions, including one last summer for Israel-based Trusteer, which at the time was pegged at nearly $1 billion.

    And while IBM doesn’t disclose how much revenue its security services bring in each year, the research firm IDC has ranked it third behind Symantec and Cisco Systems in the security business. According to its annual report, Big Blue grew its overall security business by 19 percent in 2013.

    The two services are essentially enhancements to existing efforts. The Threat Protection service builds on technology IBM acquired from Trusteer and Q1 Labs, another acquisition, to block attacks that are getting more sophisticated. And when blocking fails, there are new forensic tools and an expanded global emergency response service.

    The second service, Critical Data Protection, is built around the assumption that the most valuable data inside a company — the stuff attackers usually want to steal — generally amounts to about two percent of all the data it has but can account for as much as 70 percent of a publicly traded company’s value.

    The trouble is, in many cases companies don’t necessarily know exactly what this data is, where it’s stored, how many copies of it exist and who has access to it. That’s a recipe for trouble because when a hacker gets in, it’s almost always a matter of days or weeks before the attack is discovered, by which time it’s too late.

    And about that: IBM’s announcements coincided with the release of some new research from the Ponemon Institute showing that the average cost of a data breach is going up. The organization estimates that the average cost to U.S. companies for every data record stolen is $201, up from $188 in 2013.

    It may not sound like much, but when you take into account the average number of records per breach among the 383 companies and government organizations in the survey sample — which was north of 29,000 — it starts to add up quickly. The average total cost per breach among companies surveyed was nearly $6 million. This year’s report also represents a reversal of a trend: The cost per breach had been on the decline in the last few years, it said.

    IBM couldn’t have asked for better marketing on Monday: One data breach led to the resignation of Target’s CEO. And with the revelation last month of the Heartbleed vulnerability, it’s likely we’ll be talking about rising breach costs for awhile.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens