The New York Times being hacked by the Chinese is making the rounds of news these days. I’m mostly ‘meh’ about the story because the Chinese hack everyone and its really not a novel story anymore. But in a very unusual move and candid admission, Symantec issued a statement about their customer the New York Times, stating that simple AV endpoint security is not enough for today’s threats. This admission of failure is about 6 years past due.
From the Reg here:
“Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant”.
Although Symantec’s policy is not to comment on its customers, it wasn’t long before it released the following as a “follow-up” to the Times story.
“Advanced attacks like the ones the New York Times described … underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”
Endpoint security is the last line of defense to protect an enterprise. And antivirus is notoriously insufficient to stop most of today’s malware. The key is to not allow threats to get to the endpoints, and that is the big challenge for most enterprises. You have to monitor the network traffic itself to find violations of policy and be nimble enough to implement new policies on the fly. Nothing in Symantec’s arsenal of security products provides this capability. McAfee has better capabilities at the network level, but only moderately so.
But its about time an AV company publicly admits that their software, which requires constant updates, is a crappy solution to prevent compromises on a network.