Symantec Says Black Hats are Winning – We Say Don’t Throw in the Towel Yet!

There is an interesting article floating about on multiple web sites with the title: “Black Hats are Winning, Symantec Says”.  The article appears in ComputerWorld, PCWorld, NetworkWorld and other sites.

While this may be an interesting admission by Symantec, I think the bigger problem is that we are allowing the black hats to out-innovate us.  More precisely, we are allowing market dynamics and an aversion to adopting new technologies to stifle innovation unnecessarily and therefore give the adversary an even bigger advantage.  We are, in some sense, helping them win.

Organizations trusted the AV vendors to address the signature problem and got the long list of technologies cited in the article: heuristic, behavioural and intrusion prevention technologies.  The AV vendors trotted each of these technologies out to solve the shortcomings of their solution and each proved in turn to have significant shortcomings.  The cycle perpetuated itself because traditional thinking and the reliance on prior knowledge hampered these supposed solutions.  Because these technologies failed, Symantec is now emphasizing their reputation-based security, while McAfee has been leaning hard on their whitelisting technology.

The very real innovations that are available today often do not get the opportunity to prove their worth and show that they can help win the ongoing fight.  The big vendors will protect their turf by telling customers that they “can do that” when a closer look may prove otherwise.  Much of what the 800-pound gorillas bring to the market is based more on justifying their latest acquisition rather than innovating to keep up with the bad guys.  Organizations respond by taking what they perceive to be a less chancy path and trusting the big vendors in spite of their track record, because innovation often comes from smaller companies that may be perceived as introducing risk due to their size.  This cycle serves to hand the innovation advantage to the adversary.

The adversary already has an advantage, because defense will always trail offense.  What we must collectively avoid throwing in the towel and allowing our actions to widen the gap needlessly.  Organizations must look past the traditional vendors to new and innovative detection technologies, and the larger established 800 pound gorillas in the room must stop stifling innovation through their “not invented here” attitudes.

No matter what Symantec or any other traditional vendor may say, there is no reason to throw in the towel if organizations would think beyond traditional companies and approaches and embrace innovation.  We obviously think Triumfant is one such innovation, but I have seen many other good ideas on the market.  Let’s not declare the battle over just yet, but instead let’s make sure we create an environment where innovation can flourish and be readily engaged in the battle.  The adversary certainly has no such artificial barriers.