Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Targeted Hacking Forces a New Reality on Antivirus Companies

An influx of advanced malware will force big antivirus companies to either evolve or cede turf to a crop of startups.

Malware is exacting a growing economic toll on businesses, governments, and individuals.

When the New York Times revealed this month that hackers had recently breached its networks, what turned the heads of security experts wasn’t that the attacks had occurred. It was a top antivirus company’s unusually candid admission about the limits of its own technology.

Symantec was put on the defensive because its software only once detected and quarantined any of the 45 pieces of custom malware the hackers had used to target the New York Times and ferret out certain reporters’ e-mails, a heist the newspaper itself reported in a news article. According to a Times spokeswoman, the paper did have the latest antivirus software on all computers on its network; but to guard against so-called advanced persistent threats, “antivirus software alone is not enough,” read Symantec’s statement.

That its core product was essentially useless against the attack—allegedly sponsored by the Chinese government—came as no surprise to those in the know. But the blunt admission points to a rapidly changing computer security landscape and a growing threat to Symantec’s $6.7-billion-a-year business. A recent study by Imperva, a California data security startup, found that antivirus products from top vendors detected less than 5 percent of more than 80 new viruses tested.

As attacks become more targeted and customized (see “The Antivirus Era Is Over”), startups are positioning themselves as alternatives to conventional antivirus vendors. Some are advocating that security managers, especially those on a budget, use free or low-budget antivirus software to catch simple, common viruses, and invest in specialized services to better protect key assets.

Ashar Aziz, chief information officer of one startup selling technology to ward off a “new breed of cyberattacks,” argues that the faulty assumption that antivirus software is effective against today’s cyber threats has created “a wide and gaping hole” in every security architecture that exists. “I have yet to go into an organization and find that they are completely clean. It has never happened,” Aziz says.

Rather than using a blacklist to block known threats—the conventional method employed by antivirus software—FireEye works by assuming everything is suspect and testing programs in a safe “sandbox” before allowing them to run on a machine. In November, the CEO of the major security vendor McAfee left to join FireEye, which claims that nearly 30 percent of Fortune 500 companies are its customers and has raised more than $100 million in venture capital funds.

FireEye is far from the only startup gaining traction as malware becomes more targeted and as the latest methods of the most sophisticated hackers become more quickly democratized and disseminated.

And while the established industry is clearly aware of the shortcomings of its long-held defensive approaches, it may have been slow to adopt new methods. Imperva’s director of security strategy, Rob Rachwald, believes the industry has expended less effort on staying on the cutting edge of protection, and more on developing “nice whiz-bang dashboards” to impress customers. Aziz, who now works side by side with McAfee’s former CEO, says the large vendors are now racing to catch up to where FireEye began in 2004.  

From the perspective of Liam O’Murchu, Symantec’s manager of security response operations, these views that his company’s products aren’t keeping up are already outdated.

The California-based business now sells advanced detection methods and includes some in its standard antivirus programs. These include programs that score links sent via e-mail or IM and applications based on the reputation of their source, scan for suspicious patterns of behavior, and look to predict the behavior of a file itself. In development, says O’Murchu, are technologies designed specifically to protect against so-called “zero-day” attacks, so named because software makers aren’t yet aware of them and thus have had no time to react. These are the kind of attacks that well-funded criminal organizations or governments are most likely to use (see “Welcome to the Malware-Industrial Complex”).

The way companies approach security will likely change, as will the services they buy, says Nicolas Christin, a security researcher at Carnegie Mellon University, though he also notes that some alternative approaches may be less effective than many security sellers make them seem. For example, he says, even a behavioral detection engine still requires some definition of what “bad behavior” looks like, and that might not always be obvious.

According to a survey of 670 companies conducted by the Ponemon Institute, advanced persistent threats and “hactivism” were the biggest headaches for IT departments last year, and many blamed higher IT operating expenses on malware.

The experiences of Mandiant, the security company that worked with the New York Times to respond to and root out the attack on its networks, bear this out. It used to be that only a large Wall Street bank had to worry about targeted malware, says service director Marshall Heilman. Now, not only are small regional and community banks targeted, but so are payment processors. “If you are a successful company, then you are probably doing something interesting” that could attract hackers, he says. A detailed account of how Mandiant tracked an attack on the South Carolina Department of Revenue last November shows how easily these attacks can occur and how long they can go undetected. 

The Times, for its part, hasn’t given up on its antivirus company yet. “For now, we are continuing to use Symantec,” says spokesperson Eileen Murphy.

The latest Insider Conversation is live! Listen to the story behind the story.

Subscribe today
Already a Premium subscriber? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.