Security is now an urgent issue security is a significant concern for Fortune 500 businesses. The number and severity of security breaches are increasing as security experts in-house are inadequate. Executives depend on large analyst companies such as Gartner and Forrester to fill the gaps in their security knowledge.
It could be a valuable procedure. However, Gartner and Forrester consistently recommend software that could be more effective in increasing an organization's security. I want the prominent analysts some space, as the security community can better teach these analysts and the general public about the best methods. It's the right time to engage with prominent analysts to advocate a proactive and defensive approach to security. I want to push the major analyst firms to look beyond traditional antivirus software. In particular, firms such as Gartner and Forrester must highlight products that promote a proactive (rather than reactive) security-focused culture in the enterprise.
Due to political reasons, only a few security experts speak out regarding the dangers of traditional antivirus software. Businesses like Google and Mozilla must maintain good relations with conventional AV software developers. Their hands are also bound. There's silence on traditional AV within the security industry as many people who are the most aware of the problems with conventional AV (people who develop browsers) can't discuss the issue publicly.
The shortcomings of the traditional antivirus software are well-known. However, the security industry is stuck in a vicious cycle. The major analyst firms release reports recommending an endpoint program (i.e., the traditional Antivirus.) The software could be more effective, and the installation of it creates more risks for users.
Recommend norton 360 activation
Enterprise customers are content to pay for traditional Antivirus because they think it's beneficial and provides an easy solution. (If security was simple as putting on multiple layers of security!) These enterprise buyers are content to keep paying the principal analyst firms. Analyst firms continue to charge thousands of dollars each year for their research.
Everyone earns money, but nobody wins. If big analyst firms promote conventional antivirus programs as a helpful security tool, they're not serving their clients. In the vast amount of money paid to companies such as Gartner and Forrester, corporate customers are entitled to learn about preventative methods for security and be educated about the potential risks associated with the most famous traditional antivirus programs.
According to the page on its about, Gartner is "the world's most renowned research and advisory business." Their mission is to provide strategic guidance and best practices proven to help clients achieve their most critical tasks. Gartner's stated mission is "to challenge the thought processes of our clients in order to aid them in bringing about change in their businesses." In addition, when it comes to other industries, principal analyst firms can be beneficial sources.
With their mission statements and standing as a partner with Fortune 500 companies, it's reasonable to assume that they will give better advice on security.
Let's look at recent recommendations regarding endpoint security. In the year 2017, Kaperskey Labs received a platinum award from Gartner. Based on the Kaspersky Labs website, this was the sixth consecutive year Gartner positioned the company as an industry-leading company.
This was because of "completeness of view" and "ability to implement." The award was given although reporters had reported that Kaspersky Labs was developing products for the FSB and was part of agents' raids. In the last quarter of 2017, the US government was preparing to prohibit Kaspersky software from being used by federal agencies.
Let's forget about international politics and concentrate on the concerns surrounding the recommendation of traditional antivirus software. Symantec is a great illustration and a frequent popular choice for significant analyst companies. In 2017, Symantec was recognized as a "Leader of 2017" in the Gartner Magic Quadrant" for Secure Web Gateways. However, research conducted through Project Zero of Google Project Zero showed that installing Symantec Antivirus made systems more susceptible to attack instead of more secure. Google Project Zero discovered several vulnerabilities impacting Symantec.
Concerning these vulnerabilities, Google said, "These vulnerabilities are as severe as they get. They don't require involvement from the user, they only affect the software's default configuration, and it operates with the highest levels of privilege feasible. In certain instances on Windows vulnerable software, it's even embedded into the kernel leading to the kernel's memory being corrupted remotely." Every one of the Symantec products, including Norton antivirus, was affected. Symantec has released patches, but it's still troubling that Symantec didn't identify and correct these flaws. Instead, they needed intervention from Google's Project Zero.
In the blog post that discusses the problems with Symantec, Travis Ormandy of Google Project Zero outlines some of the main problems with traditional antivirus software. According to Ormandy, "The issue with both these options is that they're extremely complicated and vulnerable to security vulnerabilities. It's incredibly difficult to create code that is this secure."
Ormandy warns administrators of the dangers of installing traditional antivirus programs, saying, "An attacker can take over an entire fleet of enterprises with a flaw such as this. Network administrators must keep situations such as this in mind when making a decision to install Antivirus. It's a huge trade-off when it comes to increasing the security risks."
Ormandy isn't the only one discrediting conventional Antivirus for its security measure. Security experts recommend that users adopt preventative measures, such as regular updates to software and operating systems and ensuring good computer hygiene rather than relying solely on the endpoint's detection and response.
Google Chrome's security head, Justin Schuh, said the conventional antivirus programs are "my main obstacle in delivering the most secure browser."
Firefox developer Robert O'Callahan had to wait until he left Mozilla (due to the unfortunate politics of advocating for good security practices) to say, "Disable your Antivirus Software." Robert claims, "Users have been fooled to believe that AV vendors are synonymous with security, and you shouldn't have to hear AV vendors slandering their products." The prominent analysts could be of help by promoting best practices in security instead of prolonging the existence of these useless tools.
The issue has nothing to do with the problem with Kaspersky or Symantec. Still, with the smugness of the recommendation of antivirus software that isn't traditional initially. The major analyst firms are well-placed to provide suggestions that will help Fortune 500 companies in truly improving their security.
Security is ultimately an ongoing process, not a complete product. This is a harrowing fact for customers in the enterprise sector, as it is a continuous effort and investment. It's the responsibility of prominent analysts to aid their clients in making the right decisions, even though implementing those decisions requires substantial resources. It's time for significant analyst firms to focus on prevention and creating security, a mindset, and a mentality. Let's unite to push influential analysts to think beyond traditional Antivirus.