Vendors and victims need to share malware data

A lack of openness about attacks is hampering data security, according to security vendor IronPort

A culture of secrecy surrounding organisations and anti-malware vendors is damaging the fight against malicious threats, according to email security specialist IronPort.

The firm's vice president of technology, Patrick Peterson, told IT Week that despite data breach notification laws in the US, many firms try to hide the evidence of malicious attacks on their systems because of the adverse publicity that could result from their disclosure.

This also means that the inadequacies of many anti-malware products are not exposed and remedied, leaving firms with less effective tools to prevent attacks, he added.

"There has been a massive erosion in the efficacy of [many of] these products; they are inferior to what the companies claim," he argued. "The vendors are getting away with it because consumers don't understand [the technology] while enterprises do understand but don't want to roll out [thousands of] new products onto desktops."

At an internet security conference held by Cisco this month, several industry experts demanded a more open and collaborative approach from the vendors, which will ultimately enable them to provide better protection for enterprises, Peterson explained. "Some people are critical of the way the anti-virus companies have evolved and see the need for a new way," he said. "Spyware and bots are certainly areas where we will see a more collaborative environment."

IronPort also announced that it is now posting response times of top-antivirus vendors on its web site, where is alleges that some of its rivals can take as long as two days to respond to new malware outbreaks.