Monday 18 June 2012

Flame, Stuxnet and Behaviour-based Anti-virus

Quite a few security commentators are calling the Flame malware 'the end of signature-based anti-virus'. Unfortunately it has been clear for some years that targeted attacks, and 'advanced persistent threats,' have signalled the inadequacy of signature-based prevention. The real issue here is where is behaviour-based anti-virus? There have been products around for some time in this area but I don't know how widespread take-up has been. Is it so poor that it could miss such a glaring threat as Flame? There is a critical need for innovation, and scope for new products. It is not the end of signature-based AV. Let's just hope there's a resurgence of behaviour-based protection measures to provide the defence-in-depth.