Signature-based endpoint security on its way out: McAfee
- 29 May, 2013 22:00
"We are seeing about 150,000 new pieces of malware every day now," says Simon Hunt, vice president and CTO of Endpoint Solutions at security vendor McAfee. "The attack is just impossible and we're purely on the defensive. Before we know about any new virus, somebody has to be a sacrificial lamb and die and tell us about it. It's an awful way of doing things."
Signature-Based Anti-Virus Destined for Failure
"I can't say blacklisting is dead, but I want it to be," he says. "I know I cannot continue down that path. It's quicker just to do a signature check and you reward me for your PC not slowing down. I'm rewarded for keeping the PC performing as fast as possible."
But while a signature-based approach reduces the performance hit to the systems on which it runs, it also means somebody has to be the sacrificial sheep. Somebody has to get infected by a piece of malware so that it can be identified, analyzed and other folks protected against it. And in the meantime the malefactors can create new malware that signature-based defenses can't defend against.
The obvious conclusion is that signature-based defenses are not enough to defend against today's malware threats. But if you had gone to McAfee yesterday looking to a comprehensive security package, you would have found nine different suites of products to choose from, each of them a bundle of different security technologies.
"The challenge has been there are so many different threats that our customers suffer from now," Hunt says. "And typical big company behavior is that as soon as we discover a new threat, we develop a new solution."
And that, in turn, has led to a great deal of confusion for customers, Hunt says. A new approach was required. So McAfee rethought its endpoint protection strategy, slimming its offerings down to two comprehensive suites that both incorporate its newest security technologies.
Read more about security in CIO's Security Drilldown.