Flooding market with cheap antivirus kit isn't going to help ANYONE

There has been a lot of talk in information security circles over the past few weeks about the revelations of advanced persistent cyber attacks on several big name US newspapers including the Wall Street Journal and The New York Times.

The attacks, which are suspected to have been launched by Chinese hackers, were highly targeted in nature, using sophisticated techniques to breach systems and remain hidden for as long as possible. I’d argue that they’ve raised a lot of important questions about IT security vendors’ threat protection capabilities and should be cause for channel firms to stop and think whether their sales strategies are appropriate given the changing threat landscape.

The truth is that these kinds of attacks are becoming an increasingly common sight on the global stage. The worry for organisations is that they’re no longer being launched by nation states alone. Once a victim has been chosen and the trap set, it can be extremely difficult to protect against that initial network infection – which often comes in the form of a zero day threat – and most firms’ security systems are simply not advanced enough to spot the silent cyber insurgent lifting data from right under their noses.

The New York Times claimed that software from its security provider Symantec detected only one out of 45 pieces of malware used by its attackers. This in turn provoked a robust response from the vendor, which maintained that customers relying on basic, signature-based antivirus products cannot possibly hope to defend themselves against this kind of advanced threat.

I’ve got to say that on this one I’d probably agree with Symantec. Signature AV has been the bread-and-butter of the security industry for years and will still protect against 99 per cent of threats. The problem is that the one per cent that cause an organisation real damage, like the targeted attacks above, are not covered.

Resellers: It's about results

So why should the channel care? Well, you could argue that those resellers engaged in fierce price competition have effectively commoditised the AV industry, often at the expense of quality.

If a more sensible approach to pricing prevailed then perhaps the vendor community would have invested more into research on targeted threats.

The commercial reality, unfortunately, is much different – the reseller race to the bottom has spawned a market flooded with cheap AV kit. The fact is that resellers are missing a trick here by failing to offer those tools which are designed to defend against targeted threats.

The reseller in this scenario has an opportunity to be a trusted advisor to an end user, offering the kind of advanced products which will help not only to foster lasting growth but most importantly give their customers the most comprehensive protection possible against an increasingly sophisticated and determined foe. Let's be honest, it’s difficult out there for channel firms.

Trend Micro has hundreds of resellers on its books, as all of its competitors do, and when renewal time rolls around again it can be a struggle for them to win business. More reason than ever, therefore, to choose to differentiate not on price but on value. It is certainly worth your while to educate the customer about the difference between commoditised AV and a solution which offers a better chance of protection against that one per cent of killer threats. Both are necessary for an increasing number of organisations and they should be offered in an integrated package.

Basic AV and advanced protection against targeted threats have become polarised during the wide-ranging debate on where the threat landscape is headed, but they need to come under the same roof to provide truly effective protection. ®