For the last two decades, the RSA Conference has enabled some of the best minds in the security industry to gather and engage in valuable discussions. For engineers like me, however, one goes to security conferences to watch and soak up the industry talk and see real, compelling security issues as they are inspected from all sides. Here, new technologies and technology applications are dissected, connections are made, secret stories are revealed.
Is AV really, truly dead?
Thus, considering some truths already well-known to security practitioners, it might appear quite strange to see a panel entitled, “The Death of Signature-Based AV: How to Stop Today and Tomorrow’s Malware.” We already know that malware volume is growing exponentially, and that just as technology has evolved, the number of threats and the means by which they are delivered have also changed over the years, so one-is-to-one signatures are no longer effective overall.
The panel’s title perhaps expresses a final poke at the issue, because we do know that the question about whether AV is dead has been summed up time and again by several security experts, including our very own Eva Chen in 2008, with a strong yes. Or maybe a qualified yes: after all, signature-based AV will continue to be a necessary but insufficient element of security measures, but insofar as using it as the singular strategy to combat malware in the foreseeable future, its heyday is very much over.
The panel was comprised of executives from some of today’s top security companies (Raimund Genes, Nikolay Grebennikov, George Kurtz, and Stephen Trilling), so anything that was to come out of the discussion would more or less carry some weight. True enough: all panelists were in agreement that a silver bullet solution for threats no longer exists. As Trend Micro CTO Raimund Genes said, signature-based technology is only good for system cleanup and in identifying the specific system modifications made in order to restore the system to its original state. Effective threat prevention today requires a more proactive combination of approaches that take various infection vectors into consideration.
Enter: the Cloud, etc.
This similar thinking was evident in the overall theme of the tracks for this year’s conference. With cloud computing, virtualization and their various models and implementations, and the consumerization of mobile devices as the industry’s current major ‘new frontiers,’ security experts and users alike need to keep up and take full responsibility for the what, when, where, how (and even why) data is transmitted. Consider the entry to the cloud as an opportunity to challenge existing notions about security, and to build security from the ground up, instead of bolted on as an afterthought.
The discussion ended with the host asking the panelists if they think that after five years they will still be talking about the same topic. All agreed that malware will still be discussed however, it will focus more on malware that uses different technologies and attack vectors.
As Arthur Coviello said in his keynote speech, we are only as good as the last attack we have withstood. Cloud computing works and it will continue to work as it becomes further integrated into the industry. It is no longer a question of whether the cloud can be trusted to do its job. The real challenge is protecting the cloud so it can do its job securely and enable an effective ecosystem of trust.
Post from: TrendLabs | Malware Blog – by Trend Micro
From RSA 2011: Last Nail in the Coffin for Signature-Based AV
