Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Symantec Readies New Client Tools

CTO, research VP offer glimpse at company's product drawing board

Symantec Corp. (Nasdaq: SYMC) is on a mission to make users' online experiences more secure. And if you don't believe it, give 'em a few months and they'll show you.

That was the message earlier today when Mark Bregman, CTO of Symantec, and Stephen Trilling, vice president of Symantec Research Labs, gave Dark Reading a peek at its technology directions and some of the products on its drawing board.

The company is working on a range of new software -- some developed on its own, and some resulting from recent acquisitions. "There's an image of Symantec that it isn't very innovative because we do so much of our growth through acquisition," says Bregman. "But 15 percent of our annual revenue [of about $4 billion] goes into research and development. That's a pretty substantial piece of change."

Several of Symantec's new products are designed to improve security at the client level, according to the execs. For example, in the fall the company plans to roll out the "Norton Identity Client," a PC package that enables users to manage their personal information and vet companies or Websites before interacting with them.

The Norton Identity Client will let users store their own identifying information and release only the data that the online business needs to know, Bregman says. "If a site starts asking for Social Security information or other data that's not normally required for that site, we can flag the user."

The software also collects data about a prospective site's security and its overall reputation, warning users of potential problems before they log on, Bregman says. It also can help users set up a site-specific email proxy or a one-time-use credit card number to prevent the seller from re-using (or losing) their personal data.

Symantec's new software differs from Microsoft's CardSpace product, which also promises to manage personal information for the user. "Microsoft lets users create credentials for themselves, but it's relying on third parties to validate those credentials," Bregman says. "We want to be one of those third parties that does the validation."

Symantec is also developing new products that respond to shifting trends in attacks, according to Trilling. For example, the company is working on a new application, code named "Canary," that identifies signatures for all types of browser-based exploits -- not just worms and viruses --and stops them as soon as they are known.

"What we know about patches is that they can take a while to come out, and even longer to deploy," says Trilling. "What we need is a way to shut down the attack on day one, without forcing the user to wait for the patch."

Canary will generically block attacks against key browser vulnerabilities as soon as Symantec finds out about them and develops the appropriate signature, Trilling says. "As we see something emerge, we can tell you that a threat is detected and we can block it" until a patch is installed, he says. Canary, which will be given another name, could be available in late summer or early fall.

Symantec also has developed a new tool that will help identify rootkits in users' systems that usually escape its antivirus tools. The new product, called "Raw Disk Virus Scan," goes below the file level to read raw blocks of data, enabling it to "see" rootkits that otherwise would be difficult to spot, Trilling says. It is in beta now.

In the future, Symantec hopes to develop a new "reputation-based" security system that will help rank frequently downloaded files and give users some idea of how vulnerable or dangerous they might be.

"Think of it as sort of a restaurant review," says Bregman. "We'll be able to say that this one appears to be very popular -- a lot of people are using it -- and here's an estimate on how many people got sick eating there." Symantec will eventually be able to develop lists of the most popular, most secure, and most vulnerable files, he says.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.