Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Symantec Readies New Client Tools

CTO, research VP offer glimpse at company's product drawing board

Symantec Corp. (Nasdaq: SYMC) is on a mission to make users' online experiences more secure. And if you don't believe it, give 'em a few months and they'll show you.

That was the message earlier today when Mark Bregman, CTO of Symantec, and Stephen Trilling, vice president of Symantec Research Labs, gave Dark Reading a peek at its technology directions and some of the products on its drawing board.

The company is working on a range of new software -- some developed on its own, and some resulting from recent acquisitions. "There's an image of Symantec that it isn't very innovative because we do so much of our growth through acquisition," says Bregman. "But 15 percent of our annual revenue [of about $4 billion] goes into research and development. That's a pretty substantial piece of change."

Several of Symantec's new products are designed to improve security at the client level, according to the execs. For example, in the fall the company plans to roll out the "Norton Identity Client," a PC package that enables users to manage their personal information and vet companies or Websites before interacting with them.

The Norton Identity Client will let users store their own identifying information and release only the data that the online business needs to know, Bregman says. "If a site starts asking for Social Security information or other data that's not normally required for that site, we can flag the user."

The software also collects data about a prospective site's security and its overall reputation, warning users of potential problems before they log on, Bregman says. It also can help users set up a site-specific email proxy or a one-time-use credit card number to prevent the seller from re-using (or losing) their personal data.

Symantec's new software differs from Microsoft's CardSpace product, which also promises to manage personal information for the user. "Microsoft lets users create credentials for themselves, but it's relying on third parties to validate those credentials," Bregman says. "We want to be one of those third parties that does the validation."

Symantec is also developing new products that respond to shifting trends in attacks, according to Trilling. For example, the company is working on a new application, code named "Canary," that identifies signatures for all types of browser-based exploits -- not just worms and viruses --and stops them as soon as they are known.

"What we know about patches is that they can take a while to come out, and even longer to deploy," says Trilling. "What we need is a way to shut down the attack on day one, without forcing the user to wait for the patch."

Canary will generically block attacks against key browser vulnerabilities as soon as Symantec finds out about them and develops the appropriate signature, Trilling says. "As we see something emerge, we can tell you that a threat is detected and we can block it" until a patch is installed, he says. Canary, which will be given another name, could be available in late summer or early fall.

Symantec also has developed a new tool that will help identify rootkits in users' systems that usually escape its antivirus tools. The new product, called "Raw Disk Virus Scan," goes below the file level to read raw blocks of data, enabling it to "see" rootkits that otherwise would be difficult to spot, Trilling says. It is in beta now.

In the future, Symantec hopes to develop a new "reputation-based" security system that will help rank frequently downloaded files and give users some idea of how vulnerable or dangerous they might be.

"Think of it as sort of a restaurant review," says Bregman. "We'll be able to say that this one appears to be very popular -- a lot of people are using it -- and here's an estimate on how many people got sick eating there." Symantec will eventually be able to develop lists of the most popular, most secure, and most vulnerable files, he says.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17424
PUBLISHED: 2019-10-22
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.