Analytics to drive next generation of antivirus?

Big data and analytics.  They’re not just things for Charles Barkley and Houston Rockets General Manager Daryl Morey to snipe about at each other.  A little ways up the I-45, they’re also hot topics at the SAS Global Forum Conference this week in Dallas, TX, which seeks to discuss them in the context of current cybersecurity issues.  IT security has become a major concern for everyone from business to government to the consumers, and as traditional antivirus measures fail to recognize or protect against cyber criminals’ new and increasingly sophisticated efforts, those involved are eager for solutions.

One of the takeaways from the conference, then, is a rapidly swelling support for predictive analytics, and the belief that traditional antivirus platforms aren’t capable of dealing with the threats out there in today’s landscape.  That type of antivirus works based on samples of previously discovered and identified malware, thus enabling the software to recognize the strain in future instances, comparing it to the appropriate signatures stored in a vendor-maintained database: all this means that the software’s effectiveness depends on the database’s update status, and yet with the exponentially multiplying forms of attack that pop up every day—strains that won’t be in the database—the feeling is that the old guard won’t be able to keep up.

In contrast, proponents of new, analytically driven antivirus measures espouse a proactive, rather than reactive, approach, using automated, cloud-based analysis of malware threats, to spot and pre-empt patterns and attacks before they occur.

Of course, even these new methods wouldn’t be free of challenges.  For example, executives often still don’t prioritize cybersecurity incidents: up to 85 percent, according to a Ponemon study.  IT security remains for many a budgetary inconvenience that they think isn’t worth the investment.  Fortunately, as watching the recently ended 2015 RSA Conference suggests, more organizations are prepared to bulk up their data security investments.  In fact, this year’s conference was more attended than ever, and several of the topics covered were of such a nature, including data center security, better network visibility, and security services.

As NetworkWorld’s Jon Oltsik points out, however, “let’s remember that the RSA Conference popularity is a function of just how dangerous the threat landscape has become.”

If the push for analytics-based next-gen antivirus tools is any indication, it does seem like organizations are starting to take notice.

By: Jonathan Weicher