Over the past five years, the anti-virus market has experienced tremendous growth as many new technologies have emerged in response to current threat conditions.

What was once a market consisting of very few players is now a multi-billion dollar enterprise consisting of numerous companies with multiple anti-virus products that vary in focus and quality.

According to some analyst forecasts, the global anti-virus market will likely surpass $58 billion by 2010 through the introduction of new technologies in the areas of data loss prevention, virtualization security, security-as-a-service, and many others.

Despite this growth, the technology behind anti-virus today is highly inefficient when it comes to protecting against modernized threats. This is fueled by the fact that vendors simply cannot keep up with all of the new malware surfacing every day. The situation has created a breakdown in the quality and effectiveness of their underlying core technology. [1]

This problem is evident in today's high-profile security breaches. According to the Identity Theft Resource Center, an organization that tracks incidents relating to exposure of confidential information, the number of recorded breaches more than doubled in the first quarter of 2008.[2] It is even more visible when you take into account the current application delivery model employed by various end-point technologies.

This agent-based delivery model introduces several challenges, not only on the side of administration, management and ease of use, but to the degree necessary to provide an adequate level of protection against zero-day, zero-hour, and zero-minute threats.

This traditional model has the following characteristics and limitations:

• Upgrades require time and effort to implement, leaving a dangerous window of opportunity to become infected. This problem is amplified if the upgrade includes engine revisions to detect new strains of malware.
• Enterprise protection suites require deployment of a dedicated management infrastructure that in some cases will require additional hardware.
• Some end-point protection suites that use a policy-driven system are particularly complex to manage and maintain and will increase the total cost of ownership.
• Anti-malware intelligence has traditionally resided on the end point, making the trade-off between security and resource consumption a challenge.
• The memory and CPU footprint is directly proportional to the size of the signature file. Therefore, the growth of new threats will ultimately affect the user's experience.
• On average, the footprint for leading products is anywhere from 100MB to 150MB, depending on the modules enabled (i.e., firewall, anti-virus, anti-spam, host intrusion prevention, etc.).
• Nodes do not share intelligence among themselves, thus reducing the overall efficiency to detect and prevent against targeted attacks.

When we examine this security model further, the small and medium-size business (SMB) market will be affected the most from the shortcomings of agent-based anti-virus. In particular, this model introduces significant challenges for SMBs that have tight budgets for security. This is because they often do not have the in-house expertise or resources to manage and administer complex anti-malware solutions.

As a result, we're seeing a lot of SMBs outsource their desktop malware requirements to a managed service provider and/or adopt a Security-as-a-Service model. This helps reduce complexity and time-to-market when implementing new security technologies and will not require a high degree of skill to maintain the solution.

Security-as-a-Service revolves around the concept known as Software-as-a-Service or SaaS, which has been popularized by non-security related on-demand software providers such as Salesforce.com. SaaS changes the way that applications are delivered to customers by hosting them "in the cloud" and providing a web-based interface for users to interact with the applications. Previously, software had to be installed directly on the user's system and managed inside the business or manually controlled by an outside service provider.

While SaaS has been around for several years, the model is just now gaining traction in the security software sector. Companies with a SaaS-based desktop anti-malware solution can now benefit from the many promises of this model, including real-time updates, provided on a continuous basis through a subscription model. This model allows companies, their IT consultants, managed service providers or value-added resellers to more efficiently manage protection against malicious malware, freeing up valuable time and resources to stay focused on their business.

In conclusion, the SaaS model offers an alternative approach to the way end-point security is delivered. Given that consolidation in the security software sector will continue through 2009 (anti-virus, data leakage prevention, end-point encryption, etc.), it is essential that SaaS be adopted as an industry standard among major end-point security providers. This is imminently important for safeguarding SMBs against targeted malware attacks and will no doubt reshape the security approaches for very large enterprises in the months to come.

References

1. http://research.pandasecurity.com/
archive/Think-you_2700_re-protected_3F00_-Think-again.aspx

2. http://www.idtheftcenter.org/artman2/publish/
m_press/Breach_List_2008_Q1.shtml