Why not just tell the truth?
Some recent work as well as some recent conversations with various people have had me thinking about the way we position and sell security products. Then, I saw this article, written by Michael Fitzgerald which in a way helps prove my point. The article talks about how various people are calling Anti-Virus and signature based technology “dead”. The main supporting argument to this claim is that signature based protection cannot possibly protect you, especially in a proactive way, from all threats.
I know I have been around this industry too long and have become bitter and cynical but I felt this article was stating the obvious and any real security professional can agree with this point. But does that actually mean that Anti-Virus is dead and that all signature based technologies are dead?
What this article meant to me was that vendors themselves need to start being more honest about what their signature based products can and cannot protect you from. The real problem here is not that signatures suck and can only protect you from a small percentage of issues, the problem is that vendors are willing to say that they protect you from something when in reality they do not.
An exercise that you can do on your own and draw your own conclusions from is pick an event that most security vendors will comment on, for example Microsoft Patch Tuesday. Take a look at what each vendor says they do and do not protect you from and then actually test that protection. You might be surprised with the results.
I am a huge fan of being honest about what you can and cannot protect against (no I will not retype the profanity filled rant in a private email thread on this) but the market consistently punishes vendors that are honest about their abilities.