With antivirus software revenue falling, security giant Symantec has finally conceded a point that has seemed obvious to the rest of the industry for some time. Antivirus software "is dead", senior vice president for information security Brian Dye has told the Wall Street Journal.
There is likely to be some backlash, not least because Dye followed up his rather bleak assessment with the revealing sentence that the firm no longer "think[s] of antivirus as a money-maker in any way."
Other firms have been saying similar things about antivirus for a while, usually because they don't have products that depend on this technology but for a Symantec vice senior VP to utter the same view will be seen as an important moment. But is antivirus dead or is it simply a case that Symantec can't make enough money from it as security budgets are spread more thinly across newer products?
Dye made his remarks as the company confirmed its move into alternative forms of protection with the announcement of new products and services that mimic the success of younger, smaller upstarts.
Chief among these will be the firm's new advanced threat protection (ATP) system, still in beta testing but due for release within 12 months. This will include Symantec's Dynamic Malware Analysis Service cloud-based sandboxing system, hooked into the mail scanning and endpoint security, to provide an integrated anti-APT protection layer of the sort made fashionable by rivals such as FireEye.
Backing this up from next month will be Symantec Managed Security Services Advanced Threat Protection (MSS-ATP), as its name suggests a suite of managed security services that aims to protect endpoints from complex threats such as zero-day attacks and targeted malware.
In addition, Symantec plans to launch threat visibility and incident response services through a research portal designed to keep customers abreast of the threats facing them at any moment in time.
"To successfully defend against the types of targeted attacks we're seeing today, you need to expand the focus from prevention to detection and response," said Dye.
"Network security alone isn't going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint. Organizations need security across these control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. Symantec is bringing that powerful arsenal to market."
This should be good news for Symantec's investors and consistent with another admission made by Dye that antivirus now catches only 45 percent of malware. But by taking on its more dynamic rivals - including a rejuvenated McAfee - Symantec is also conceding that it is no longer a security leader so much as an eager follower.
Sign up for CIO Asia eNewsletters.