|
Technical experts at Symantecs Pune based Response Lab
are busy 24x7x365 trying to catch up with the bad guys who are creating
viruses and malwares and attacking computer networks, individual machines across
the world. As the nature of attacks changes leading to rise of polymorphic
threats and multiple variants of malware, Symantec is asking its customers to
move beyond the current signature based and even heuristic and behavioral
approach. The threat landscape is changing with more and more web based attack.
Also, tool kits on how to create viruses and malware are available freely on the
Internet, and it moves very fast to vulnerable countries.
Global intelligence networkwhich Symantec has the largest
amongst all the competitorscovers the whole world. Symantec has managed devices
in about seventy countries from which it gets feeds. It has also deployed 40,000
sensors in 200 countries and around 120 mn threat viruses submission system. The
virus submissions are also done by customers on a voluntary basis. This also
includes the enterprise customers. The company has created decoys and probes
network, and also, there is a consortium where different vendors get together
and share the best practices. According to Ratnamala Dam Manna, head, security
technology and response, Symantec Corporation, "We in the Response Lab deliver
signatures for all the threat classes through live update. The Response Lab is a
24x7 global operation with a worldwide coverage on a follow-the-sun model. There
is a research and analysis team also which is constantly engaged in identifying
trends, and providing clues to the response engineers to keep up with the
changing nature of threats.
|
 |
| The Response Lab
delivers signature for all the threat classes through live updates
Ratnamala Dam Manna, head security technology and response, Symantec |
The Strategy
The Pune team is focussing on three areas. It bases its protection on what
is happening in the real world.
As traditional signatures are no longer valid for various
reasons, the experts at the Pune center are trying to move towards more
proactive Daisy row kind of threat. Symantec has recently released the new
reputation based security models. The lab, which was inaugurated in November
2006, covers all the threat vectors under a single umbrella. They are related to
each other because one vector is used to a payload of another kind of vector.
The team is focused on all kinds of threatsmalware, security risk, spam, fraud
vulnerability. They work closely with each other, and help in a faster
resolution and a better understanding of the threat scenario. The center has
servers which host both known and unknown threats. It also leverages across
different vectors and through the global intelligence network.
Threat Outlook
Some countries dont have laws to monitor threats. Because of all this,
there has been a huge rise in malwares. Symantec released 1.6 mn signatures in
2008 alone which is 60% of what it did in twenty-five years. According to Manna,
"It is constantly increasing, and releasing singleton signatures for these
unique threats that are not viable and have shifted from mass distribution to
small number of threats which are unique and very distinct." There is a string
called polymorphic viruses, where the same virus and strains change slightly and
your signatures start failing. Though these signatures are needed, but they are
not as effective and the effectiveness keeps reducing. The Response Lab is aware
of 1.8 mn distinct malware strains, and are continuously engaged in collecting
several thousands every day to make life threat free for its customers.
Sudesh Prasad
sudeshp@cybermedia.co.in Page(s) 1
| 
Print
Comment
Email
Digg
Del.icio.us
Reddit
Twitter
