Databases and signatures cannot keep up with modern day threats, John Vigouroux says
John Vigouroux, CEO of M86 Security, has told CBR that his rivals in the security space are doing a "miserable" job of protecting their customers by relying on out of date technologies that are not able to keep up with modern threats.
Vigouroux slammed his rivals in the security space, claiming they are not doing enough to keep up with evolving threats and consequently not protecting their customers as well as they could.
"I was on a panel at RSA with other security CEOs and they were all saying 'If you use me, you're secured'. It's a crock," he said. Vigouroux went on to say that while the security industry has grown at around 40% over the last four years the cybercrime industry has shot up around 400% in the same time.
"Clearly the industry is doing a miserable job," he continued," but at the same time it's saying 'I'm McAfee, Sophos, Symantec: use me and you're safe'. Clearly that's not working so well. The industry is doing something wrong."
The issue with the old guard is their technology, Vigouroux continued. "A firewall is a 2,000 year old strategy of encircling something with walls, moats, fire and you protect what comes in and out. It has some very good practical application controls but from a security point of view it's not working."
The same goes for antivirus, he said: "The notion of antivirus is that you find a virus in the wild, identify it, send it to a security company and they create a signature and upload it to customers, who then download it. It's not working."
The evidence that these technologies are not working is the huge rise in malware, Vigouroux told CBR. He also claimed that technologies used by rival security companies are capable of stopping just 40% of threats.
The problem with traditional approaches to security is their reliance on signatures and databases, Vigouroux said. They cannot keep up with zero-day threats as they can only block what is on their database.
The speed at which new malware is created, coupled with the fact that 92% of malware is downloaded from infected websites, means these security companies are not capable of stopping enough malware, he added. "Any product that uses a database is never going to catch something that is brand new. You can't scan the Internet in milliseconds," he said.
Unsurprisingly Vigouroux claims his company approaches security in a different way. M86 doesn't rely on a database; instead it analyses the code running on a site and looks for any malicious intent.
"In milliseconds we can do two things: identify any malicious intent in the code and then rip it out and continue to serve the page," Vigouroux told CBR. "The bad guys can't get around that."
M86 was formed in September 2009 after a number of mergers and acquisitions. Web filtering firm 8e6 Technologies merged with email and web security vendor Marshal Software to form Marshal8e6. The new venture then acquired antimalware company Avinti and changed its name to M86. The new company rounded out its product portfolio by acquiring Finjan, who offered a secure web gateway platform.
Vigouroux joined M86 as CEO in April 2009. He had previously worked at Finjan in the same role.