Risk
2/15/2011
11:36 AM
50%
50%

Symantec Intros Endpoint Protection 12

Client-side security software for SMBs will utilize cloud-based data to identify mutating malware and other rapidly changing threats, Symantec says.

12 Money Saving Tech Tips For SMBs
(click image for larger view)
Slideshow: 12 Money Saving Tech Tips For SMBs

Symantec on Tuesday announced version 12 of its Endpoint Protection and Endpoint Protection Small Business Edition (SBE) software. Both will be released this summer, with a public beta beginning in April.

The new versions will leverage Symantec's Insight technology to identify and protect against mutating malware and other threats as they change and adapt, based on information from the 2.5 billion files that Symantec "sees" across its cloud-based database of 175 million endpoints.

"Think of [Insight] as an algorithm, but it's an algorithm that's based on a pretty large sample size," said Blake McConnell, senior director of product management at Symantec, in an interview. "Insight will put files into context: What is the age of that file? What is the frequency or prevalence? What is the source or location? Where was that file created? What are the behaviors or associations of that file?"

McConnell said that the concept of context is critical because it enables Symantec to block potential threats before they're actually identified in the digital landscape. "The 'today problem' is around malware mutations that are generated from attack toolkits," McConnell said. In other words: Although traditional signature-based protection is still in place, it is no longer enough.

Executables and other files are rated for risk by Symantec -- these ratings are preconfigured for SBE, while midsize and larger customers set their own comfort levels with various potential threats. McConnell added that although the SBE comes with more preconfigured options out of the box, customers can modify those settings if they wish. SBE targets firms with 5-99 employees or endpoints, while the flagship is geared for 100 or more seats.

Insight won't scan "known good files," meaning it can skip 70% of files on typical systems, according to Symantec.

"That clearly has a dramatic impact on scan time and scan overhead," McConnell said, adding that idle-only scans also help boost system performance. "We don't even want the user to know we're there."

Planned updates for version 12 also include Mac support and Sonar 3, Symantec's behavioral engine. If Insight is the lock on the front door, Sonar is the hall monitor -- it enforces policy-based behavioral rules. McConnell notes that while the composition of a malware file might change on the fly, its goal does not.

"People who are looking to steal passwords are still looking to steal passwords. Spambots are still looking to do spam," McConnell said. Sonar goes looking for evidence of the bad seeds, such as keystroke logging or changes to the homepage of a Web site. "[Sonar] will ask behavioral questions: 'What has [the file] done?"

McConnell shares the view that small and midsize businesses (SMBs), though perhaps less likely to be the victim of headline attacks such as Stuxnet or the Nasdaq hack, are increasingly at risk for malware infections, particularly because of the rise of attack toolkits.

"What we tend to see more of [with SMBs] is the impact that these attack toolkits have had on the amount of malware that is in the market, " McConnell said, adding that the boom in quantity was a key driver of Endpoint Protection's reputation-based and behavior-oriented enhancements. "No one -- Symantec or others -- will be able to keep up with that amount of malware with a classic signature business."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.