It is true that signature-based virus detection is obsolete, but that is no reason for security VARs to burn their existing stock ­ it has been dead since viruses stopped having signatures back in the early 1990s.
The debate about anti-virus is clearly being oversimplified, but the ever-growing number of malware variants has now caused a shift in the IT security industry ­ from reactive to proactive detection techniques. Traditional malware detection required security companies to receive, analyse and create detection for each threat. As the sheer number of threats began to mushroom, the task became increasingly difficult.
Today, with tens of thousands of unique threats seen each week, trying to analyse these using
only manual and reactive techniques would be, quite simply, laughable. The situation clearly needs addressing.
There is, of course, still a need for malware experts to analyse threats, but many firms include a host intrusion prevention system (HIPS) in their IT security strategy.
HIPS involves a proactive approach, analysing the behaviour of all applications as they attempt to run. In essence, the technology can identify malicious activity and block code before it executes through automated analysis of the ‘genes’ in each application. By cross-referencing its findings against threats and unwanted applications, and looking for similarities, HIPS proactively offers an additional layer of defence against new and unknown threats.
The result is good news for resellers, as those able to offer security services with the best HIPS are in the best position to win market share in the security arena.
The anti anti-virus crowd may have got their argument muddled, but it is important that resellers do not fall into the same trap.
Only by offering proactive security solutions such as HIPS can resellers help organisations to defend their networks against unknown threats.
Andrew Bradshaw is vice president of UK sales and marketing at Sophos.