杀毒软件江湖未冷:赛门铁克公司转向高端安全服务
业界早就认定,杀毒软件已经风光不再。不过,这话从杀毒软件开山鼻祖赛门铁克公司嘴里说出来还是引起了一番震动。但事实是,杀毒软件现在依然发挥着必要的作用,大家不要着急卸载。
“杀毒软件已死!”,就在一周前,赛门铁克公司(Symantec)信息安全部高级副总裁布莱恩•代伊在接受《华尔街日报》(Wall Street Journal)采访时发表了这番简短的悼词。“无论如何,我们都不再把杀毒软件当作摇钱树。”
网络安全界对这样的观点已经习以为常。大部分人都认为,杀毒软件早在七八年前就已不是首要的安全防御手段。目前业界倾向于采用更加灵活的监测和反应模型去构建全方位的安全防御体系。思科(Cisco)安全业务集团首席技术官布莱特•哈特曼说:“整个安全界早已弃用杀毒软件,这不是什么新鲜事。”
但作为安全领域的第一道防线,杀毒软件的作用仍然十分重要。根据代伊的估算,传统安全方法能防御45%以上的威胁。他强调,目前的问题是光靠杀毒软件远远不够。“我们在接受《华尔街日报》采访时想表述的观点是,仅靠杀毒软件是不够的,而我们对客户也在一直强调这点,”代伊在接受《财富》(Fortune)采访时强调。“杀毒软件能抵挡一切威胁的时代已经一去不返。”
赛门铁克公司诺顿(Norton)事业部副总裁弗兰•罗施说:“如果只使用杀毒软件,那你就危险了。”
不少信息安全公司已经开始尝试新的反恶意技术。瞻博网络(Juniper Networks)就是一例。这家公司有意设置一些假漏洞,诱骗入侵者上钩。“一旦他们接触到了这些故意设置的信息,我们就能打上标记,”瞻博网络副总裁兼信息安全部总监纳威•比塔尔说。然后,这家公司就会进一步分析,这些入侵者是否是恶意的。
其它一些公司则在积极并购。例如FireEye公司在年初收购了安全公司Mandiant,后者在探测网络漏洞、追踪和分析黑客方面颇有一套。半年前,思科也收购了安全信息服务商SourceFire。虽然这些并购交易表明,整个安全界的重心已从防护扩展到监测和反应领域,但赛门铁克的声明无异于一颗重磅炸弹,因为它表明,赛门铁克——商业化杀毒软件的发明者已经改弦易辙了。
凯鹏华盈基金(Kleiner Perkins Caulfield & Byers)普通合伙人特德•施莱恩称:“外界唱衰杀毒软件没什么,但就连杀毒软件之父也出来唱衰杀毒软件那就不一样了。”施莱恩在上世纪八十年代曾参与开发了赛门铁克第一款商业化杀毒软件。
赛门铁克仍然有40%以上的营收来自杀毒软件,但这块业务如今每况愈下。从截至3月28日的季度财报来看,赛门铁克营收同比下滑7%。
安全咨询公司Bishop Fox联合创始人兼合伙人维尼•刘在邮件中写道:“杀毒软件的营收和增长前景黯淡。他们不是在坐视老式预防性技术的收益递减,而是发现能通过适应性工具获得较高的投资回报率。”
换言之,为了保持自身地位,赛门铁克选择了跟着钱走。市场研究公司高德纳(Gartner)2013年5月的一份研究称,“到2020年,60%的企业信息安全预算将用于快速监测和反应。2013年时,这个比例还不足10%。”这显然是个巨大的成长机遇。
宣判杀毒软件的死亡后,赛门铁克公布了两项新的高端安全服务,作为旗下现有企业级旗舰业务的补充。赛门铁克希望向企业用户报告安全威胁、分析黑幕活动网络以及检测漏洞,借此与FireEye等竞争对手正面交锋。
AccessData首席战略官克雷格•卡彭特在邮件中写道:“这对赛门铁克而言是一个明智的举措。”卡彭特指出,赛门铁克近年来已经掉队了。“赛门铁克要想迎头赶上(拿出可行的解决方案并将其推向市场),最快的方法就是依靠自身优势(庞大的客户群和在客户端的强劲实力),推出一两项管理服务,并以合作伙伴生态系统填补关键的市场空白【例如威胁智能监控、红外(事件响应)等】。”
赛门铁克今年三月份罢免了首席执行官史蒂夫•本内特,这是这家公司两年来罢免的第二位首席执行官。显然,赛门铁克力图革新。施莱恩说:“处理自己的遗留系统极具挑战性。我希望赛门铁克能找到合适的领导者来实现变革。”
但杀毒软件真的已经死了吗?思科(Cisco)的哈特曼表示,没有什么技术会彻底退出历史舞台,它们只不过会变得更加商品化,或是变得不那么有价值。罗施将杀毒软件比作汽车安全带。它是第一层保护;随着汽车行业不断发展、安全措施日益完善,又出现了肩带、安全气囊以及更好的防护设施。
施莱恩说:“我认为杀毒软件有朝一日将变得毫无价值。但眼下它还发挥着很大的作用。”
所以,先别急着卸载杀毒软件。(财富中文网)
译者:项航
Just over a week ago, Symantec's (SYMC) senior vice president of information security Brian Dye delivered a concise eulogy for anti-virus software. It "is dead," he told theWall Street Journal. "We don't think of antivirus as a moneymaker in any way."
This isn't news to the cybersecurity community. Most agree that anti-virus lost primacy seven or eight years ago as a traditional prevention tactic. The notion of setting up perimeter defenses around a network to keep hackers out has given way to a more flexible detection and response model. "The entire industry has moved beyond anti-virus a long time ago," said Bret Hartman, chief technology officer of the security business group at Cisco (CSCO). "It's not a surprise."
But anti-virus protection remains important as a first line of defense against threats. According to Dye's estimates, traditional cybersecurity methods catch more than 45% of threats. The problem, he says, is that anti-virus alone is insufficient. "The point that we were making in the interview with the Wall Street Journal and that we make with our customers on a regular basis is that anti-virus alone is not enough," Dye clarified in an interview with Fortune. "The era of anti-virus-only is over."
"If that's all you're using to protect yourself, you're vulnerable," said Fran Rosch, senior vice president of Symantec's Norton consumer business.
Other security firms have already begun implementing a new slate of security technologies. Juniper Networks (JNPR), for instance, lures malicious intruders into revealing themselves by placing bait within a network. "Once they touch a false piece of information we've planted, we flag it," said Nawf Bitar, senior vice president and general manager of the security business at Juniper. The company can then determine whether an intruder is up to no good.
Others in the space are keeping up by acquisition. At the beginning of this year, FireEye (FEYE), for example, bought Mandiant, a cybersecurity firm able to investigate network breaches and track and detail hackers. Six months ago, Cisco purchased SourceFire, which also analyzes and tracks threats. Though the deals demonstrate that the industry at large is evolving beyond protection to detection and response, Symantec's announcement is particularly notable for indicating a sea change at the company that originally invented commercial anti-virus software.
"It's one thing for the outside world to bash anti-virus," said Ted Schlein, general partner at Kleiner Perkins Caulfield & Byers, who helped create the earliest commercial anti-virus software products at Symantec in the late 1980s. "It's another thing for the anti-virus king to bash anti-virus."
Symantec still rakes in more than 40% of its revenue from anti-virus products. But year-over-year, that revenue is in decline. In the company's latest quarterly earnings report, revenue fell 7% for the quarter ended March 28 compared to the same quarter last year.
"The only dead thing about A.V. are its revenue and growth prospects," wrote Vinnie Liu, co-founder and partner at security consultancy Bishop Fox, in an email. "Instead of settling for diminishing returns on old school preventative technologies (e.g. A.V.), they're finding they can achieve higher R.O.I. from adaptive tools."
In other words, in order to remain relevant, Symantec has chosen to follow the money. "By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches," according to a May 2013 study by the market research firm Gartner, "up from less than 10% in 2013." That certainly sounds like an opportunity for growth.
Following the pronouncement of the death of anti-virus, Symantec announced the additionof two new premium security services to its existing flagship products for business. The company wants to go head-to-head with competition like FireEye by briefing companies on threats, analyzing networks for shady activities and detecting breaches.
"It is a smart move by SYMC," wrote Craig Carpenter, chief strategy officer from AccessData, in an email, noting that Symantec has lagged in recent years. "The quickest way for SYMC to catch up (i.e. get to market with a viable solution) is to launch a managed service or two leaning on their advantages (a large installed base and strong presence on the client) and filling in key gaps with a partner ecosystem (e.g. threat intelligence monitoring, IR [incident response], etc.)."
Having ousted its second CEO in two years -- Steve Bennett -- in March, Symantec is clearly trying to reinvent itself. "It's challenging dealing with your own legacy system," said Schlein. "I hope they get the leadership in there to make those changes."
But has anti-virus drawn really its last breath? Cisco's Hartman added that no technology truly dies, it just becomes more commoditized or less valuable. Rosch analogizes anti-virus software to the seatbelt in a car. It's the first layer of protection; as the industry continues to evolve and safety grows more sophisticated, shoulder strap, airbags, and better braces follow.
"I think anti-virus someday won't be needed at all," Schlein said. "But right now it takes care of a lot of the known items."
So don't uninstall just yet.
传统的杀毒软件基于特征码检测可疑的代码程序,通过比对黑名单来识别威胁。这种做法,确实在好几年前就已经过时了,因为现在很多复杂的攻击手段都可以绕过杀毒软件直接渗透到PC中,特别是通过社会工程的方式,犯罪分子诱导用户打开不应该打开的附件,点击不应该点击的链接,屡屡得手,俨然形成了一条网络犯罪的地下黑色产业链。
而且令情况更加复杂的是,安全厂商FireEye透露,在该公司探测到的所有恶意软件中,有82%只会保持一个小时的活跃性,70%只会出现一次,因为恶意软件作者经常调整软件代码,以便绕过传统杀毒软件的扫描,这更使得杀毒软件在探测和预防威胁上显得软弱无力。这样一来,传统的杀毒方式到了需要快速变革的时候了。
腾讯科技讯(悦潼)北京时间1月10日消息,据国外媒体报道,企业科技业界的用户都在紧密关注安全新兴企业FireEye,这是为什么呢?主要原因就是这家公司在最新一轮融资中,再次筹集到5000万美元,而且FireEye此轮融资的估值已经达到12.5亿美元。
FireEye首席执行官达夫·德瓦尔特(Dave DeWalt)刚刚向Business Insider讲述了新一轮融资的消息。对于一个不为多数消费者所熟悉的新兴企业,FireEye当前的表现的确值得关注。
经过了此新一轮融资之后,FireEye的总融资额已经达到了8550万美元。FireEye正在谋求进行IPO(首次公开募股)。据德瓦尔特称,FireEye最快可能就在今年进行IPO。
FireEye这一轮融资的投资方包括红杉资本、Norwest Venture Partners、Juniper Networks、硅谷银行(Silicon Valley Bank)及其他一些投资者。作为一家安全企业,FireEye如今已经非常热门,就连美国中央情报局旗下的投资机构in-Q-tel也持有该公司的股权。造成此举的主要原因就是,FireEye能够解决两大真正的安全难题——能够阻止那种公司此前无法阻止的网络攻击,即所谓的“零天(zero day)”攻击和“高级持续性威胁(APT)”。
零天攻击利用软件厂商还未发现的软件漏洞来发动网络攻击,也就是说,黑客在发现漏洞的当天就发动攻击,而不会有延迟到后几天再发动攻击,软件厂商甚至都来不及修复这些漏洞。高级持续性威胁则是由那些想进入特殊网络的黑客所发动的一系列攻击。
FireEye的安全应用整合了硬件和软件功能,通过在一个保护区来运行可疑代码或打开可疑电子邮件的方式来查看这些可疑代码或可疑电子邮件的行为,进而发现黑客的攻击行为。FireEye的这些处理过程将在瞬间进行。
德瓦尔特于去年11月加盟FireEye,此前他曾在防病毒软件制造商McAfee公司担任首席执行官,但是,McAfee公司最终被英特尔收购。此后曾有传闻称,德瓦尔特将会接替欧德宁担任英特尔首席执行官。
如今,FireEye年营收约为1亿美元。FireEye目前的估值约为12.5亿美元,对此,德瓦尔特解释称,这主要是因为FireEye公司今年的营收将会翻一倍。FireEye公司目前拥有500名员工,该公司将利用新融资资金来扩展国际市场。
Why FireEye
Security-conscious organizations choose FireEye for industry-leading comprehensive protection against advanced threats. FireEye Platform delivers best-in-breed threat prevention products, coupled with 24x7 global support, and rich actionable threat intelligence. The FireEye Threat Prevention Platform supplements traditional and next-generation firewalls, IPS, AV, and gateways, whose signatures and heuristics cannot stop this new generation of threats.
Comprehensive Protection Against Today's Advanced Cyber Attacks
FireEye Protection Against Advanced Persistent Threats (APT) & Malware
Organizations are under assault by a new generation of cyber attacks that easily evade traditional defenses. These coordinated campaigns are targeted, stealthy, and persistent. And they are perpetrated by well-funded threat actors set on finding weaknesses in the organizational security posture. Traditional defenses – next-generation firewalls, IPS, AV, email and Web security gateways – were designed to detect known patterns of attacks using signature-based defenses. The new generation of attacks is dynamic, polymorphic, and coordinated to cut across multiple threat vectors and multiple stages – consequently there are significant security holes in the majority of corporate networks.
With security talent in short supply globally, organizations are also challenged to defend against the growing cyber threat landscape. And the ever-evolving threats and nation-state funded actors further push the limited security resources against the wall.
Combating these advanced threats and persistent adversaries necessitates a real time, proactive approach to security with an ability to respond immediately to any type of danger, and provide assistance to any type of company or entity anywhere in the world.
Through FireEye Platform, FireEye offers the industry's first global, real time, continuous threat protection platform to help secure brands, intellectual property, and data against today's advanced cyber attacks. FireEye Platform combines the power of products and people to assist organizations defend and respond to the evolving threat landscape.
Threat Prevention Platforms: By combining signature and signature-less detection, and providing visibility into the entire attack life cycle along with correlation across multiple threat vectors, FireEye stops today's advanced multi-vector, multi-stage attacks with near-zero false positives.
Network Security – The Web threat prevention platforms stop Web-based attacks that traditional and next-generation firewalls, IPS, AV, and Web gateways miss. It protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe.
Network Forensics – The FireEye Network Forensics Platform allows you to identify and resolve security incidents faster. Integration with the FireEye Threat Prevention platforms provides deeper insight into the scope and impact of potential breaches through simple drill-down access to captured, indexed, and stored connection and packet information.
Email Security (EX Series) – The email threat prevention platforms secure against spear-phishing email attacks that bypass anti-spam and reputation-based technologies. The integrated EX and NX platforms offer the only solution to address blended, advanced targeted attacks that use spear phishing, zero-day exploits, and malicious URLs.
Content Security (FX Series) – The content threat prevention platform analyzes network file shares to quarantine resident malware brought into the network through the Web, email, or other manual means, such as online file sharing.
Endpoint Security (HX Series) – The FireEye HX series is a threat prevention platform that helps drive faster, more accurate decisions about potential security incidents on endpoints. The HX series connects the dots between activity on the network and activity on the endpoints, improving the approach and reducing the time to remediate a security incident.
Forensic Analysis (AX Series) – The forensic analysis platforms give threat analysts hands-on control over a powerful auto-configured test environment where they can deeply inspect advanced malware, zero-day, and targeted advanced persistent threat attacks embedded in common file formats, email attachments, and Web objects.
Dynamic Threat Intelligence: Complementing the FireEye platforms with rich and actionable threat intelligence allows FireEye to generate powerful insights, identify ever-evolving threat patterns, and isolate potential targets to continuously improve organizational defenses against advanced threats.
Intelligence sharing: The real-time sharing of auto-generated threat intelligence from global deployments of FireEye Threat Prevention Platforms enables customers to be protected against potential threats targeting their industry.
Big Data analysis: Analyzing large volumes of attack data from global deployments enables FireEye to recognize global attack patterns and pinpoint potential targets, and provide customers much needed foresight into advanced threats.
APT Discovery Center: By analyzing hundreds of current and past advanced persistent threat campaigns, the APT Discovery Center helps security teams, law enforcement, and government agencies gain insight into the evolving threat landscape and continuously improve defenses against cyber threats.
Support and Subscriptions: Building on the FireEye Threat Prevention Platform and Dynamic Threat Intelligence cloud, FireEye support and subscriptions provide advance warning of APT activities and access to the FireEye global team of researchers and incident response experts to augment organizational security teams in assessing their current security posture and protecting against advanced threats.
Continuous Monitoring: The Continuous Monitoring subscription enables FireEye to assist customers in monitoring for APT attacks, ensure appropriate product operations, assist with upgrades and health checks and, importantly, also provide advance warnings to security teams when advanced threats impact their industry or geography.
发此贴之目的,在于阐述现代杀毒软件之发展趋势。多为大段复制,与官网原文。以及未来杀毒软件的运作结构,以及这方面的领先公司FireEye,该公司尚未推出中文产品,是目前杀软新兴企业。阐述这个公司理念的目的不是让杀软综合征再现江湖,而是希望向吧友传递这样一个信息,那就是杀毒软件的理念与运作结构。相比杀软综合征,这才是最重要的。此贴发出,相信卡饭样本评测区应该消停一会了。世界在改变,只不过我们一无所知。 |
发表于 2014-8-18 18:12:36
发表于 2014-8-18 20:30:31
