The Wall Street Journal reported yesterday that several software antivirus companies are reinventing their business models after decades of trying to prevent hackers from penetrating its customers IT infrastructure. According to Mr. Brian Dye, Senior Vice President of Information Security, at Symantec, Corp., the antivirus “is dead” from a money-maker perspective. Rather than try to thwart hackers, by keeping them out of a business’s IT network, software antivirus companies now assume hackers can get in (or are already there!), and, for a fee, will sell products and services that will provide customers with intelligence briefings that tell them two things: (1) their business is under attack; and (2) why their business is getting attacked. However, what a customer really wants to know when it’s IT network is under attack is, how do we make it stop?
While, in and of itself, the new business model shift may create an overall issue of product integrity for the software antivirus industry (e.g. the intended purpose is not capable of being met), there is a silver lining in the message being sent. Namely, on its face, software antivirus products and services alone will not prevent mission-critical business data from being released in an unauthorized manner. A holistic comprehensive corporate data governance model is still the proper risk management step for organizations to employ. Antivirus detection services from IT security companies like Symantec, Corp., Juniper Networks, Inc., FireEye, Inc., and Shape Security, Inc., are important, but should not be solely relied upon by the business organization.