The security industry has no future and traditional virus-fighting efforts are “a never-ending cycle of success and failure”, according to one of IBM’s leading security executives.

"The security business [is obsessed] with fighting worms, trojans, viruses, insiders, outsiders, criminals, Martians. It’s a futile pursuit," said Val Rahmani, the newly annointed managing director of IBM Internet Security Systems ISS), at a conference in San Francsico ealier this week.

"We keep rolling that boulder up the hill, and just when we think we’ve got there, along comes a new threat and we are starting all over again," said Rahmani. "The security business has no future. We’re putting an end to it.”T

Rahmani said businesses should move away from traditional security models and instead invest in business sustainability.

"The computer industry is growing at a rapid pace, and the threats they face are growing even faster. However, the security business is lagging," she said. “Security spending is growing three times faster than IT spending, but almost half of this spending is on people to manage the ever more complex security infrastructure.”

She added that while the IT industry had advanced in leaps and bounds, the security industry “pretty much looks like it was 20 years ago.”

"Every product has a point solution,” she explained. “The problem with this mentality is that it is much better geared at solving Elk Cloner [one of the first microcomputer viruses to spread in the wild] instead of current parasitic threats."

IBM ISS has been investing heavily in what it has desribed as a security platform, buying no less than 12 security technology providers in 2007 alone. Rahmani’s speech this week serves to further distance IBM ISS from traditional information security methods, where security is maintained only at the perimieter of the organisation.

“Security needs to be a part of the technology itself. We don’t need to add security to VoIP and virtualization. We need secure VoIP and secure virtualization. Security needs to be intrinsic to the technology,” she explained.

“It means having the CSO take a more holistic view of what the business is trying to accomplish and making sure security is stitched into that fabric.”

Meanwhile Russian security specialists and ‘Martian’ fighter Kaspersky Labs is predicting a ten fold increase in malware this year.

Last year the company added 250,000 new signatures to its database; this year it predicts it will be adding more than a million – over 1200GB worth of code. And it’s not just the quantity of viruses Kaspersky is worried about.

"The quality of malicious programs is also improving," said the company’s senior technology consultant, David Emms.

"New and more complex samples, such as the notorious Zhelatin, are emerging that demonstrate a wide range of hostile behaviour and distribution methods," he said.

Further reading

An interview with Steve Mills In a rare and exclusive interview, IBM’s software chief, Steve Mills, opens up on the company’s agenda for software-as-a-service, virtualisation, Green IT, corporate social networking, Google and more

Anti-virus vendors – Fighting a losing battle Anti-virus vendors are struggling to keep up with the new malware methods

Cyber assault The threat to the UK’s critical IT infrastructure from cyber terrorists and activists is growing

Find more stories in the Security & Continuity Briefing Room