RSA claims too much spent on antivirus technology

End users spending too much on supporting legacy security technologies, claims vendor

Security threats are more potent. Security breaches cost more and result in greater damage. The combination of these two trends should mean businesses invest in advanced security technologies. Instead, they spend millions of dollars on antivirus technology.

That's a mistake, according to RSA, the security division of EMC.

This week, RSA made its Security Analytics platform available for managed services providers, putting the power of big data in the hands of experts that can identify and response to their customers' security threats.

RSA's Security Analytics is a part of a higher level of security technology that's designed to detect anomalous activity before it becomes a security breach. Security Analytics, which correlates volumes of disparate information to identify threats, can provide users with visibility into network activity, investigative and forensic tools for diagnosing problems, and intelligence for prioritizing alerts and responses.

Additionally, Security Analytics includes mechanisms for detecting and remediating malware infections on endpoints without relying on conventional antivirus signatures.

A platform such as Security Analytics is complex and expensive. RSA is providing adopting MSPs access to training, certifications and support to ease the transition to operationalising the platform as a service.

For end users, Security Analytics is expensive to implement from the perspective of technology acquisition and a total cost of ownership through staffing and support. By fielding Security Analytics as a service, RSA and its MSPs will bring down the costs by spreading the resources and expense across multiple accounts.

While services often make technology costs more palatable, the expense is still often high. And RSA concedes that too much money is still going to support legacy security technologies, in particular antivirus applications. Stop paying for antivirus when the difference between free and paid is often slim points of effectiveness, said Paul Stamp, director of product marketing at RSA, in an interview with Channelnomics.

RSA is hardly the first security vendor to make this argument. While the security community has long-recognized traditional firewalls and antivirus applications are not as effective at detecting and stopping threats. Nevertheless, these technologies continue to generate billions in upgrades, new installations and ongoing maintenance.

Another vocal proponent of moving away from traditional antivirus tech is FireEye, which specialises in advanced threat detection technologies. In particular, FireEye has the ability to identify and thwart damaging malware that often evades traditional antivirus technologies. In particular, FireEye CEO Dave DeWalt is rallying support for new security approaches, and that isn't sitting well with traditional antivirus providers.

"We aren't even close to antivirus being old technology," said McAfee president Michael DeCesare. "De Walt makes this noise constantly that the antivirus industry is dead, but show me one single company that has de-installed antivirus because they have FireEye."

DeCesare is right, but antivirus sales are actually trending down. It has little to do with the effectiveness or perceived value of the technology as much as the declining PC sales. Fewer desktops and notebooks being sold means fewer license activations.

Moreover, businesses - particularly enterprise and midmarket - want more than just antivirus protection; they want manageability and other complementary technologies. Virtually no antivirus vendor - Symantec, McAfee, Sophos, Kaspersky Lab or Trend Micro - offers antivirus alone. Their endpoint or server packages include spam protection, Web filtering, encryption, configuration management as well as antivirus scanners.

Security budgets and skilled experts are finite, which makes services such as RSA Security Analytics valuable. And while arguments can be made against antivirus, few would advocate for a complete abolition of the technology. The real issue is how security spending is prioritized and demonstrated return value. RSA is proposing a tradeoff, and individual providers and business must calculate the cost to determine whether such a switch is worth the risk.

For more US channel coverage from Channelnomics, visit Channelnomics.com