March 26, 2007, 1:00 PM — Symantec Corp. is set to dramatically expand its mobile security offerings this week, adding VPN (virtual private network), data encryption, antispam and other features.
The company will unveil on Monday its first suite of security software for Microsoft Corp. Windows Mobile devices. So far Symantec has only offered antivirus software for Windows Mobile and a suite of antivirus and firewall for Symbian, said Paul Miller, managing director of mobile and wireless at Symantec. The suite is called Symantec Mobile Security Suite 5.0, to match the upcoming version 5.0 of the company's suite for the Symbian OS. Symantec plans to show off the new software at the CTIA Wireless show in Orlando.
Businesses are getting more concerned about mobile security as they put smart phones and other handheld devices in the hands of roving workers. Meanwhile, they are faced with an array of regulations on the handling of data, and some high-profile losses of private information in the field have made mobile data protection a hot topic. Symantec aims to extend the same kind of protection it gives PCs.
PC viruses dwarf the number of threats aimed at mobile devices today, so companies haven't seen as much of a need for protection on them, Miller said. But if left unguarded, handsets could become attackers' next major path into company networks, he said. So Symantec has added new tools to secure devices while they're being used and combined those with features to prevent data loss if they are lost or stolen.
Companies will be able to encrypt everything on a handheld device and its storage cards, or just selected files, using 256-bit AES (Advanced Encryption Standard) encryption. Either way, access to the data is protected via a username and password when starting the device or trying to access the encrypted folder, Miller said. The antivirus component keeps users from accessing infected files and lets administrators regularly scan devices. The antispam feature can filter out and delete spam text messages, Symantec said. Also included are an IPSec (Internet Protocol Security) VPN, a tool for keeping devices that are not compliant with policies off the network, and a mechanism for keeping employees from using selected features of a device.
If a device falls into the wrong hands, administrators can wipe off the data remotely or set it up so the data is eliminated after a specified number of password tries. The suite also includes an audit log feature that keeps track of activity on the device so the company can see everything that happened after it fell out of the employee's hands, Miller said.
Some of the technology in the suite, primarily VPN and encryption, is licensed from BlueFire Security Technologies, according to Symantec spokesman Brian Modena.