杀毒软件江湖未冷：赛门铁克公司转向高端安全服务

    “杀毒软件已死！”，就在一周前，赛门铁克公司（Symantec）信息安全部高级副总裁布莱恩•代伊在接受《华尔街日报》（Wall Street Journal）采访时发表了这番简短的悼词。“无论如何，我们都不再把杀毒软件当作摇钱树。”

    网络安全界对这样的观点已经习以为常。大部分人都认为，杀毒软件早在七八年前就已不是首要的安全防御手段。目前业界倾向于采用更加灵活的监测和反应模型去构建全方位的安全防御体系。思科（Cisco）安全业务集团首席技术官布莱特•哈特曼说：“整个安全界早已弃用杀毒软件，这不是什么新鲜事。”

    但作为安全领域的第一道防线，杀毒软件的作用仍然十分重要。根据代伊的估算，传统安全方法能防御45%以上的威胁。他强调，目前的问题是光靠杀毒软件远远不够。“我们在接受《华尔街日报》采访时想表述的观点是，仅靠杀毒软件是不够的，而我们对客户也在一直强调这点，”代伊在接受《财富》（Fortune）采访时强调。“杀毒软件能抵挡一切威胁的时代已经一去不返。”

    赛门铁克公司诺顿（Norton）事业部副总裁弗兰•罗施说：“如果只使用杀毒软件，那你就危险了。”

    不少信息安全公司已经开始尝试新的反恶意技术。瞻博网络（Juniper Networks）就是一例。这家公司有意设置一些假漏洞，诱骗入侵者上钩。“一旦他们接触到了这些故意设置的信息，我们就能打上标记，”瞻博网络副总裁兼信息安全部总监纳威•比塔尔说。然后，这家公司就会进一步分析，这些入侵者是否是恶意的。

    其它一些公司则在积极并购。例如FireEye公司在年初收购了安全公司Mandiant，后者在探测网络漏洞、追踪和分析黑客方面颇有一套。半年前，思科也收购了安全信息服务商SourceFire。虽然这些并购交易表明，整个安全界的重心已从防护扩展到监测和反应领域，但赛门铁克的声明无异于一颗重磅炸弹，因为它表明，赛门铁克——商业化杀毒软件的发明者已经改弦易辙了。

    凯鹏华盈基金（Kleiner Perkins Caulfield & Byers）普通合伙人特德•施莱恩称：“外界唱衰杀毒软件没什么，但就连杀毒软件之父也出来唱衰杀毒软件那就不一样了。”施莱恩在上世纪八十年代曾参与开发了赛门铁克第一款商业化杀毒软件。

    赛门铁克仍然有40%以上的营收来自杀毒软件，但这块业务如今每况愈下。从截至3月28日的季度财报来看，赛门铁克营收同比下滑7%。

    安全咨询公司Bishop Fox联合创始人兼合伙人维尼•刘在邮件中写道：“杀毒软件的营收和增长前景黯淡。他们不是在坐视老式预防性技术的收益递减，而是发现能通过适应性工具获得较高的投资回报率。”

    换言之，为了保持自身地位，赛门铁克选择了跟着钱走。市场研究公司高德纳（Gartner）2013年5月的一份研究称，“到2020年，60％的企业信息安全预算将用于快速监测和反应。2013年时，这个比例还不足10％。”这显然是个巨大的成长机遇。

    宣判杀毒软件的死亡后，赛门铁克公布了两项新的高端安全服务，作为旗下现有企业级旗舰业务的补充。赛门铁克希望向企业用户报告安全威胁、分析黑幕活动网络以及检测漏洞，借此与FireEye等竞争对手正面交锋。

    AccessData首席战略官克雷格•卡彭特在邮件中写道：“这对赛门铁克而言是一个明智的举措。”卡彭特指出，赛门铁克近年来已经掉队了。“赛门铁克要想迎头赶上（拿出可行的解决方案并将其推向市场），最快的方法就是依靠自身优势（庞大的客户群和在客户端的强劲实力），推出一两项管理服务，并以合作伙伴生态系统填补关键的市场空白【例如威胁智能监控、红外（事件响应）等】。”

    赛门铁克今年三月份罢免了首席执行官史蒂夫•本内特，这是这家公司两年来罢免的第二位首席执行官。显然，赛门铁克力图革新。施莱恩说：“处理自己的遗留系统极具挑战性。我希望赛门铁克能找到合适的领导者来实现变革。”

    但杀毒软件真的已经死了吗？思科（Cisco）的哈特曼表示，没有什么技术会彻底退出历史舞台，它们只不过会变得更加商品化，或是变得不那么有价值。罗施将杀毒软件比作汽车安全带。它是第一层保护；随着汽车行业不断发展、安全措施日益完善，又出现了肩带、安全气囊以及更好的防护设施。

    施莱恩说：“我认为杀毒软件有朝一日将变得毫无价值。但眼下它还发挥着很大的作用。”

    所以，先别急着卸载杀毒软件。（财富中文网）

    译者：项航

    Just over a week ago, Symantec's (SYMC) senior vice president of information security Brian Dye delivered a concise eulogy for anti-virus software. It "is dead," he told theWall Street Journal. "We don't think of antivirus as a moneymaker in any way."

    This isn't news to the cybersecurity community. Most agree that anti-virus lost primacy seven or eight years ago as a traditional prevention tactic. The notion of setting up perimeter defenses around a network to keep hackers out has given way to a more flexible detection and response model. "The entire industry has moved beyond anti-virus a long time ago," said Bret Hartman, chief technology officer of the security business group at Cisco (CSCO). "It's not a surprise."

    But anti-virus protection remains important as a first line of defense against threats. According to Dye's estimates, traditional cybersecurity methods catch more than 45% of threats. The problem, he says, is that anti-virus alone is insufficient. "The point that we were making in the interview with the Wall Street Journal and that we make with our customers on a regular basis is that anti-virus alone is not enough," Dye clarified in an interview with Fortune. "The era of anti-virus-only is over."

    "If that's all you're using to protect yourself, you're vulnerable," said Fran Rosch, senior vice president of Symantec's Norton consumer business.

    Other security firms have already begun implementing a new slate of security technologies. Juniper Networks (JNPR), for instance, lures malicious intruders into revealing themselves by placing bait within a network. "Once they touch a false piece of information we've planted, we flag it," said Nawf Bitar, senior vice president and general manager of the security business at Juniper. The company can then determine whether an intruder is up to no good.

    Others in the space are keeping up by acquisition. At the beginning of this year, FireEye (FEYE), for example, bought Mandiant, a cybersecurity firm able to investigate network breaches and track and detail hackers. Six months ago, Cisco purchased SourceFire, which also analyzes and tracks threats. Though the deals demonstrate that the industry at large is evolving beyond protection to detection and response, Symantec's announcement is particularly notable for indicating a sea change at the company that originally invented commercial anti-virus software.

    "It's one thing for the outside world to bash anti-virus," said Ted Schlein, general partner at Kleiner Perkins Caulfield & Byers, who helped create the earliest commercial anti-virus software products at Symantec in the late 1980s. "It's another thing for the anti-virus king to bash anti-virus."

    Symantec still rakes in more than 40% of its revenue from anti-virus products. But year-over-year, that revenue is in decline. In the company's latest quarterly earnings report, revenue fell 7% for the quarter ended March 28 compared to the same quarter last year.

    "The only dead thing about A.V. are its revenue and growth prospects," wrote Vinnie Liu, co-founder and partner at security consultancy Bishop Fox, in an email. "Instead of settling for diminishing returns on old school preventative technologies (e.g. A.V.), they're finding they can achieve higher R.O.I. from adaptive tools."

    In other words, in order to remain relevant, Symantec has chosen to follow the money. "By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches," according to a May 2013 study by the market research firm Gartner, "up from less than 10% in 2013." That certainly sounds like an opportunity for growth.

    Following the pronouncement of the death of anti-virus, Symantec announced the additionof two new premium security services to its existing flagship products for business. The company wants to go head-to-head with competition like FireEye by briefing companies on threats, analyzing networks for shady activities and detecting breaches.

    "It is a smart move by SYMC," wrote Craig Carpenter, chief strategy officer from AccessData, in an email, noting that Symantec has lagged in recent years. "The quickest way for SYMC to catch up (i.e. get to market with a viable solution) is to launch a managed service or two leaning on their advantages (a large installed base and strong presence on the client) and filling in key gaps with a partner ecosystem (e.g. threat intelligence monitoring, IR [incident response], etc.)."

    Having ousted its second CEO in two years -- Steve Bennett -- in March, Symantec is clearly trying to reinvent itself. "It's challenging dealing with your own legacy system," said Schlein. "I hope they get the leadership in there to make those changes."

    But has anti-virus drawn really its last breath? Cisco's Hartman added that no technology truly dies, it just becomes more commoditized or less valuable. Rosch analogizes anti-virus software to the seatbelt in a car. It's the first layer of protection; as the industry continues to evolve and safety grows more sophisticated, shoulder strap, airbags, and better braces follow.

    "I think anti-virus someday won't be needed at all," Schlein said. "But right now it takes care of a lot of the known items."

    So don't uninstall just yet.