A leitmotif at last week's Infosecurity trade show in London was the snub delivered to next-generation endpoint protection vendors by Google's VirusTotal website, where IT security firms share the findings of their malware research. In essence, VirusTotal made unlimited access to its data conditional upon providing findings of your own.
"Support it or lose it" is the message to next-gen security companies
The reason for this move is that, while traditional heavyweights in the sector such as Symantec, Intel Security/McAfee, and Trend Micro provide their data as well as view that of their peers, there was a perception that some of the new players such as Cylance, SentinelOne, and Palo Alto downloaded information without uploading anything in return. To make matters worse, from the perspective of the old guard, the newcomers' marketing makes much of their nonreliance on virus signatures, yet in reality they benefit from the work done by the very companies they deride as "yesterday's news."
Clearly the "old boys" were instrumental in urging VirusTotal to change its rules, and of course, the new kids on the block have responded by saying that there are other places they can go for the information, which is at least partly true, even though the Google site is the first option.
Ovum's main concern in this situation is for the customers. While we understand, nay applaud, the principle of fair play that VirusTotal champions on the old guard's behalf, we must ask what will happen in the short term to customers who have trusted their security to one of the newcomers. Sure, these customers can hurry back to one of the incumbent players, but how many unnecessary breaches will they suffer until they do? And indeed, is hurrying back the right answer? The next-gen vendors say they can get malware data elsewhere that is as good as that found on VirusTotal – a point they will have to prove as they move to use other sources.
Rik Turner, Senior Analyst, Infrastructure Solutions