Security giant Symantec is trying to give companies a better way to determine how trustworthy files are.
Symantec chief Enrique Salem outlined at the RSA Conference a new reputation-based security feature built into the company's new Endpoint Protection 12 client-side security software. It gives files a score based on the scanning of 2.5 billion files the company keeps track of in its cloud-based database.
The Insight Reputation System looks at files that have been downloaded from the web and gives each one a score based on risk. This is based on what kinds of things the file does, as well as who it's from.
"The idea of a blacklisting approach is no longer going to be effective, and IP-based recognition where we track IP addresses is not good enough," Salem said. "We need real-time, contextual tracking that look at a series of attributes; things like file age, download source, prevalence, and brings all those things together."
The tool for that, Salem said, is Endpoint Protection 12, which the company claims is the only reputation-based system that's context-aware. The new tool is the first major update to the Endpoint Protection suite in three years and will be released in April.
Salem said it was important to identify threats at the point of download given the consumerisation of IT and the proliferation of consumer devices within businesses — both things that have made it difficult to keep threats at bay.
"It wasn't that long ago that you as security professionals had control," Salem said. "You had control of the desktop, you had control of the database, you had control of the applications, you had control of the servers, and to some extent, you even had control of the users."
The problem, Salem said, was that control had been toppled with new devices, and new ways of doing business. "Now what's happening is that those days are over, because all kinds of devices are coming into your office: USB drives, notebooks, and many of them aren't your devices. They're your partners, they're people that are bringing them into your environment," Salem said. "And what are they doing? They're accessing corporate email, they're logging into their Facebook pages and their Twitter accounts."
Symantec's solution to get above the problem is a new initiative called O3 which is made up of three security layers:
- A rules engine for enforcing the information specific devices can access from anywhere.
- A protection enforcement layer that determines what employees from what devices can access the information.
- A compliance/monitoring layer for access and understanding of what policies are being enforced.
"That's our approach, that's our vision for what has to be done. It has to be a layer above the clouds," Salem said.