Surveying the Internet Security Threat Landscape

STAR is part of the Office of the CTO headed up by Stephen Trilling, chief technology officer. With response centers located throughout the world, STAR monitors malicious code reports from more than 130 million Symantec and Norton systems across the Internet, receives data from 40,000 network sensors in more than 200 countries, and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection. STAR has three broad areas of responsibility:

Technology Research and Development

STAR oversees the research and development efforts for all of the security technologies that form the core protection capabilities of Symantec’s corporate and consumer security products. This includes the core antivirus engine that formed the nucleus of Symantec’s original security products, as well as more recent technologies such as anti-spyware, intrusion prevention, and behavioral detection. Over the past few years, STAR has also aggressively invested in an entirely new generation of technologies to ensure protection against both emerging and future threat classes; for example, STAR developed its industry-first reputation-based security technology to address the problem of today’s micro-distributed malware.

Security Response

STAR’s Security Response organization develops and deploys new security content (malware fingerprints, reputation data, behavioral rules, new heuristics, etc.) to Symantec’s tens of millions of customers, around-the-clock. Our team of global threat analysts operates a follow-the-sun-model to provide 24x7 coverage to Symantec customers to track the latest developments on the threat landscape. Analysts continuously monitor a worldwide network of Symantec protected machines as well as a large-scale, global network of honey pots (machines designed to lure attackers). Using all of this data and intelligence, the Security Response team generates virus definitions and signature content for all of our core security technologies (e.g spyware, adware, viruses, spam, etc). This content is maintained in the STAR cloud-based infrastructure, and, where appropriate, pushed out to our customers computers via our patented LiveUpdate™ technology.


In order to handle the massive volume of activity in today’s threat landscape, STAR has developed a sophisticated back-office infrastructure to automate most collection, analysis and deployment activities. This enables Symantec to discover new threats and deliver new protection to our global customer base extremely quickly.