Symantec calls antivirus 'doomed' as security giants fight for survival

The traditional antivirus is "dead" and "doomed to failure," Symantec's information security chief declares. Quelle surprise, considering Norton is fading into oblivion. But what next?
Written by Zack Whittaker, Contributor
Image: CNET/CBS Interactive

Antivirus products are "doomed to failure," according to Brian Dye, senior vice president for information security at Symantec, a security firm and maker of antivirus products.

From The Wall Street Journal on Sunday, the antivirus giant said that end-point security technology isn't a "moneymaker" in any way, and highlighted that the company needs to adjust and adapt.

Which isn't a surprise for Symantec, whose Norton antivirus products have barely made any new dents in the security market in years — despite it being bundled with almost every new Windows computer as premium bloatware.

But what Dye was saying is that the malware market is dwindling and hackers are instead increasingly focusing on cyberattacks, like denial-of-service assaults, spearphishing, and network intrusion, rather than mass-emailing a crafted executable file randomly to millions — including to a burgeoining base of Mac users that are immune to such attacks.

Antivirus products are catching less than half of all cyberattacks, Dye said, which puts his company between a rock and a hard place. Not least because antivirus products still make up about 40 percent of the company's revenue as of its fiscal third quarter earnings. And its cybersecurity systems it sells to big businesses and enterprises makes up half of that revenue, but comes with narrower profit margins.

Symantec began to mix things up and push beyond the traditional end-point security model back when it had the chance. 

But so have others.

In recent months, in partnership with Symantec, IBM announced a new cybersecurity offering to protect networks and critical data from zero-day attacks, by detecting irregular patterns in network traffic.

"If customers are shifting from protect to detect and respond, the growth is going to come from detect and respond." — Brian Dye

Meanwhile, Juniper announced earlier this year its expansion of its Firefly suite of products, which aims to bulk up business firewalls and the wider network perimeters. The company is also gunning to put "fake" data within internal networks in efforts to distract hackers from the real corporate goods.

Cisco is also pushing harder on its enterprise solutions in order to prove that the outer edges of the network is just as important as the desktop end-point services. 

It's clear that the traditional desktop-running antivirus market isn't floating anybody's boat anymore. It's not the be-all and end-all, but it's hard to see any major antivirus company ditching its end-user services any time soon.

Though the company won't retire its Norton suite in favor of larger projects, it's looking ahead to other areas in order to find its place in the ever-evolving security market.

The Journal's report points to Symantec joining the data breach aftermath party later this week by creating its own response team to hacked businesses. After its initial launch, the company aims to help plug the holes in enterprise systems by selling intelligence reports in order to educate businesses on how and why they are suffering breaches.

It's a hole in the market that some firms are hiring and acquiring in order to fill — the niche sector of the market that goes after the attackers rather than just protecting against intrusions and breaches in the first place.

Other companies are also fighting to remain relevant to big businesses, where profits are higher and contracts can be lucrative.

FireEye, for instance, bought Mandiant for $1 billion in January in efforts to bolster its response efforts. The company's chief executive David DeWalt said one of the reasons behind snapping up the firm was to receive the first call companies make after an attack.

The company came to prominence after it emerged it alerted Target to suspicious activity, something the company decided to ignore.

"If customers are shifting from protect to detect and respond, the growth is going to come from detect and respond," Dye told the Journal.

Antivirus products might be doomed, but if it can maintain that edge over its counterparts and rivals, it might just have that 60 percent revenue slice nailed down in a year or two.

Editorial standards