Security Software Ineffective? So Says Symantec

As reported in the CompTIA Smart Brief on May 6th, the Wall Street Journal is reporting that Symantec, the inventor of antivirus software, is declaring that host-based software security solutions can not stop enough malware exploits to be useful.  The problem with most exploits is that they take advantage of computer users’ trusting nature and gullibility to trick them in to permitting something that the software would usually like to block, or the malefactors gain access to systems and networks using stolen but legitimate user credentials.  Software based solutions can not block what is permitted by a human user, and are vulnerable to these types of exploits.

So rather than futilely battling to keep the cyber-attackers out,  Symantec and other computer and network security firms are looking at standalone hardware based perimeter defenses, intrusion detection systems, and traffic analysis systems to detect when a breach is occurring, likely to be occurring, or has already occurred, and take action to alert security and system administrators and locate and minimize the amount of damage that can happen.

The take-away for business owners is that you need to be upping your game when it comes to computer and network security, and look to acquire some significant perimeter defenses.  It probably makes sense to find a information security expert to consult about a project of this type.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.