Symantec touts success with reputation tech

Symantec is aiming to emulate the success of reputation-based defense in its consumer antivirus product, in its new enterprise offering, according to an executive.

Insight, the security vendor's reputation technology incorporated into Norton Antivirus last year, has worked well with its threat detection behavioral system, or Sonar (Symantec Online Network for Advanced Response), reported Unmesh Deshmukh, the company's director of endpoint security sales for Asia-Pacific and Japan. Accordingly, Symantec has achieved "tremendous and encouraging results", in terms of the number of threats both systems have managed to block, he said.

Speaking to ZDNet Asia last week on the sidelines of a media briefing in Tokyo, the Singapore-based executive revealed that as of September 2010, Insight was preventing more than 39,000 malicious file download attempts daily, while Sonar detected over 55,000 bad files each day.

The reputation-based technology is an opt-in system within the Norton consumer product, relying on "feedback" from user machines. Judging by the numbers--data submitted by 175 million PCs--the Internet community is willing to "look out" for each other, in turn creating a safer environment, Deshmukh pointed out.

"Really, this has accounted for more than 2.5 billion files that we have in our database, and on average we're adding more than 31 million files a week," he said. "People are opting in, there is a lot feedback coming in, hence the technology will get better."

The hybrid reputation-detection system, he noted, is an effective alternative to traditional signature-based defense, where users are protected based on signatures developed for malware instances.

Signature-based technology, noted Deshmukh, was no longer adequate to keep IT systems safe, given the exponential rise in threats to today's enterprise.

"Over the last few years, the rise in viruses is putting pressure on the system, as it is impossible to churn out so many signatures and have them updated on the system continuously," he explained.

Figures released by Symantec showed that in 2009, 90 percent of data breaches involved organized crime targeting corporate information, with customized malware employed in the theft of 140 million records or 97 percent of breaches. In addition, 98 percent of data breaches occurred at servers.

Signature-based defense is also said to be increasingly less effective as malware authors are finding ways to generate virus mutations at an alarming speed. Data from Symantec revealed that in 2009, the average number of systems that were impacted before malware mutated was 15.

To help enterprises better guard against the surge of threats, the Insight and Sonar technologies have been incorporated into Symantec's new cloud-based Endpoint Protection 12. The upgraded corporate security suite was announced at the RSA Conference in San Francisco last week.

The Insight system in version 12 will, like the consumer version, remain an option for enterprise security managers to decide if they want to turn it on, based on low or high "risk thresholds".

Depending on risk, it would be able to block files from the Internet or e-mail, or inform the user on "suspicious" files.

Consumers a testbed
Deshmukh pointed out that it has been "a fairly common trend" for the company to debut a particular technology in the consumer market, before implementing in to enterprises.

"We would typically introduce a technology in the consumer space, then once we are very sure of it works and what benefits it brings, then we could start working on implementing in the enterprise space," he explained.

Implementation of technologies in the enterprise realm, needs "to take into account networks, administration, dashboards, common management--it's about managing technology across multiple systems in the network", noted Deshmukh.

The latest Endpoint Protection also comes with a simplified version for small and midsize businesses (SMBs), which is not virtualization-optimized and has a different management console. With the entire security system going onto the "cloud", Deshmukh admitted that more needs to be done in terms of educating partners, SMB owners and IT executives in overcoming cloud fears.

"It works in such a way that the customers decide how they want to deploy this. If they do not want to have certain applications that they developed to be in the cloud, they can let it remain in their database--Insight has the flexibility to do that," he explained.

Version 12 is now launched as a private beta, with the public beta for Windows, Mac and Linux out in April. Symantec says it will be made commercially available this year.