The statement by one of the world's largest security companies that 'anti-virus is dead' might have created some consternation and surprise in many quarters, but it is simply a reflection of the reality in cybersecurity which we have been observing for sometime.
The suggestion from Symantec that 55% of malware is missed by traditional anti-virus, or AV, software seems amazing to many but it reflects that cybersecurity has changed from a matter of just trying to defend the network and stop threats getting in in the first place to a more proactive method of dealing with the threats and the inevitable fact some will get through.
As we know, today's cybercriminals use a wide variety of techniques and approaches to compromise computers and networks and AV is simply not able to manage all these threats.
That's not to say we should all let our AV subscriptions lapse - it still is effective way to stop a large number of the 'normal' attacks we see everyday and not having it there will make our security far worse.
However, clearly just putting AV on your computers is not good enough.
All the data concludes, and most importantly customers report, that despite the millions of dollars spent every year on cybersecurity, attacks continue to increase and it seems hardly a day goes by without some major company or government reporting it has been compromised in some way.
Talking to Chief Security Officers and their teams shows that there is now a unanimous acceptance that it is impossible to deliver 100 percent cybersecurity, so the risk of breach and compromise has to be calculated and accepted. That means the 'game' has changed and now it is about tracking the whole attack continuum, before, during and after the attack so that damage can be mitigated and the incident dealt with quickly and without impacting integrity of data or operational functionality. At the end of the day, a major business cannot cease to function due to a cyber threat.
Traditional security is much like a medieval castle. The bad guys are on the outside looking for a way in and the defenders watch their walls and towers to ensure attacks don't get in. But much like the historic besiegers, many cyber attackers recognize that subterfuge and an indirect approach is often the best way to breach defences.
So much like the castle builders, we need to look beyond the walls and traditional defences like AV.
Given this landscape, and the seeming inevitability of getting hit, you need to look at your security in a different way. The question you need to ask is, would you do security differently if you knew you were going to be hacked?
What is more important today is how quickly you are aware you have a problem, then being able to measure how serious that problem is; and how quickly you can stop it spreading around your organisation to limit the damage done.
Despite 'snake oil' claims from many security product vendors, there are no silver bullets and security is no longer simply a question of building up the walls around your business, you need to have threat visibility across your entire enterprise and deal directly with the issue quickly and efficiently. Only by deploying a solution to execute on the entire lifecycle of the threat can you ensure you are protected before, during and after the attack.