Antivirus is dead, according to the company that invented it. Symantec is amending its 25-year-old anti-malware product because antivirus software alone doesn't work. "We don't think of antivirus as a moneymaker in any way," Symantec's senior vice president for information security told the Wall Street Journal.
Companies spend billions of dollars on cybersecurity systems only to have their systems hacked, a la Target. Breaches can cost organizations tens of millions of dollars, and in the case of Target, the top executive his job. More than ever, businesses and individuals need cybersecurity protection. "But the whole concept of detecting what is bad is a broken concept,” Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers, told the New York Times at the end of last year. But, if not antivirus software, then what?
Three former National Security Agency officers think they have created part of the solution, with Area 1 Security. Unlike Symantec's soon-to-be defunct software, Area 1 Security, which Monday announced a $2.5 million round of funding, detects cyber-attacks in earlier phases. "Most people in the security industry focus on malware," CEO Oren Falkowitz told Fast Company. (The other founders prefer to remain anonymous for now.) But at that phase in a hack, it's already too late. It can often takes days, months, or years from when an employee clicks a malicious link in a phishing scam to when that virus turns into malware. "In that period between when you would click [the bad link] and when it would be discovered there is tremendous amounts of data and intellectual property lost," added Falkowitz.
The average time it takes to resolve on attack is 32 days, costing an average of $32,469 per day. Area 1 hopes to catch viruses way before then. "What we try to do is provide insights about what users are doing on the web that would lead to clicking on the link and bringing malicious things into your network," explained Falkowitz. Instead of cleaning up a malware mess after it's way too late, Area 1 will alert companies about unsafe sites that employees are visiting, or recommend defenses for parts of their web network.
The company is also focusing on accurate alerts. "One thing that has plagued companies in this space before is throwing lots of flags around. It has reduced confidence," Falkowitz explained. Target, for example, missed multiple warnings about its epic hack because it assumed they were false positives.
Area 1 sees its technology as one of many solutions that companies will cobble together to minimize the damage from hackers. Its product complements what companies like Synack and Splunk are trying to do. Synack tests app for vulnerabilities; Splunk provides insights about users in the network. There are also a handful of other startups trying to wedge into the space. Bit9 uses a technique called whitelisting. FireEye, which recently acquired Mendiant, scans networks for malicious-looking computer code that made it past the first line of defense.
Symantec is also developing its own detection software, according to the Wall Street Journal. "Within six months, the Mountain View, California, company plans to sell intelligence briefings on specific threats so clients can learn not just that they are getting hacked, but why as well," writes the Journal. McAfee, another former leader in the space, has buffed up its efforts too.
For years, many companies have treated security as low priority in their budgets. But things are starting to change. "With the retail breaches this year, that has really changed. People have focused less on budgets and more on long-term costs to having to respond to a breach," Falkowitz said. Area 1 Security wouldn't share pricing for its services--for now it's testing its software with a small group of early adopters. But Falkowitz thinks companies will start investing in multiple solutions to fight potentially expensive hacks.
"In the past, antivirus has positioned itself as the solution," said Falkowitz. "But clearly it's not good enough."
[Image: Flickr user Yuri Obukhov]