This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Palo Alto Networks CTO: anti-virus technology can't stop targeted attacks

Share this article:

Anti-virus is dead because it is unable to detect attacks properly and is incapable of working on mobile devices, according to Nir Zuk, founder and CTO of Palo Alto Networks.

Zuk told SC magazine that the "15-year-old technology is unable to detect everything on the network" and "does not run on mobile devices".

He added: “Why does it not detect? Because attacks are very different, they are so widespread and, because of that, vendors see them and assume they are bad.

“This was good a few years ago when anti-virus vendors would see an attack and assume that it was propagated to as many machines as possible. But now they are targeted and the attacks are against a small number of companies and to a single user, so anti-virus cannot detect them.

“The attacker can pick up targets by finding out who works for a company via LinkedIn, what they like from Facebook and make them go to a website or receive an attachment from a trusted person - and there is nothing that anti-virus can do about it.”

Zuk said there is a gap in the mobile security market and solutions will come from new companies. “In the same way that Microsoft leads on the OS but is not a mobile or internet player, [mobile] is ruled by Apple and Google. But the market is so big that new vendors will come in,” he said.

David Harley, chief executive of Small Blue-Green World, said it was hard to defend the position that "anti-virus doesn't detect anything", and a more reasonable argument would be that "anti-virus doesn't detect everything".

“Then I would have agreed with [Zuk] and so would every other researcher in the anti-virus business. But then, I have yet to see any '100 per cent' solutions. A totally generic solution may get close to blocking 100 per cent of threats, but will discard some ‘true positive' objects,” he added.

“Personally (and in principle) I'd rather advocate a sound combination of defensive layers than advocate the substitution of one non-panacea for another, as vendors in other security spaces sometimes seem to. Actually, a modern anti-virus solution is already a compromise between malware-specific and generic detection, but I still wouldn't advocate anti-virus as a sole solution, any more than I would IPS, or whitelisting, or a firewall.”

Harley also disagreed with the assumption that anti-virus technology does not bother to block non-generic, targeted attacks.

He said: “The sheer number of malicious attacks does mean that anti-virus labs have to prioritise to some extent, but that prioritisation is rather more complex than that and it is far from the only factor in detection. The relationship between a given binary and other malware families, for instance, is a big factor in determining whether that binary is detected at a time when there is no malware-specific detection for it.

“It's quite possible that a single, targeted attack won't be detected initially by many or any anti-virus solutions, especially if it involves the combination of a zero-day and the use of multi-scanning to tweak the binary until no common engine detects it, but to dismiss anti-virus on those grounds is to throw out a whole generation of babies with a very small quantity of bathwater.

“The fact that anti-virus is focused on malicious binaries does make it less effective in attack scenarios that are more generic in nature, but that's why you need multi-layering. Horses for courses.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.