Symantec looks to protect users from mutating malware

By , Network World |  Security, Symantec

Symantec today announced the 12th edition of its flagship enterprise desktop anti-malware product, Symantec Endpoint Protection, that looks to go beyond traditional anti-virus signatures to use a cloud-based file-identification system to protect users from virus mutations.

More on security: Antivirus didn't help in zero-day attack on power plant

By itself, anti-virus signature-based defense is becoming ever more futile because malware code authors are adept at finding ways to generate virus mutations at an enormous rate, making it practically impossible to block malware based on code signatures alone. Symantec counted 240 million viruses in total in 2009 and is still tabulating last year's count, which appears to have doubled, says Hormazd Romer, director of product marketing for the enterprise security group at Symantec.

"The malware authors have moved to a micro-distribution model based on mutated viruses," Romer says. "It's exploding."

To defend against this onslaught, Symantec is enlisting a cloud-based file-identification method it calls Symantec Insight that will be added to Symantec Endpoint Protection v. 12.0 . Insight is a technology Symantec tested out last year in its Norton consumer anti-malware software, and it works through cloud-based analysis of files being downloaded to the user.

By gauging what occurred to millions of Symantec customers, plus other factors, the goal is to determine the risk presented by the file under inspection. Important factors, Romer says, are whether the file is known, how often it's been seen, and how old it is.

"These mutated malware stick out like a sore thumb," says Romer, saying Symantec is tracking more than 2 billion files based on "the premise normal software doesn't mutate like this."

The new release of Endpoint Protection will make use of the Insight technology in a way that enterprise security managers will be able to decide to use it or not as an option, Romer points out. The Insight capability will let the security manager apply policy settings for users based on groups and the "configuration dial" settings in Symantec Endpoint Protection 12.0 would allow for different low or high "risk thresholds."

Depending on risk, it would be possible to decide to block any file, from the Web or e-mail, or just inform the user what's known about the file if it's suspicious. There could be a cautionary note not to open it though the user would make the choice.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question