The Symantec Advanced Threat Research Team
Since this is my first Symantec blog entry, I’d like to start things off by giving you some insight into our Advanced Threat Research team, which is a part of the Security Response group here at Symantec. We are responsible for generating all of Symantec’s protection content, which includes antivirus definitions, intrusion detection signatures, spam analysis, phishing site analysis, DeepSight early warning, and vulnerability alerts. Any content that is delivered through LiveUpdate or that drives the protection of Symantec products is delivered by Security Response.
The Advanced Threat Research team has the sole responsibility of researching new and emerging technologies and identifying how those technologies can be attacked. Our goal is fairly simple: to identify areas where attackers will strike next. There is no shortage of things to research, but we are interested specifically in those technologies and threats that will make the most impact within the next 12 to 24 months. This includes new operating systems, new network protocols, and new software applications.
Unlike similar research groups, our primary goal is not to find vulnerabilities, but to perform a complete top to bottom architectural review of new technologies with the purpose of identifying opportunities for attack. In the course of this work we will find security vulnerabilities, but our goal is to identify attack vectors, not to perform exhaustive vulnerability research. Our research results in two main types of papers: an attack surface analysis, and a threat analysis. In an attack surface analysis, our goal is to look at a new technology and perform a scientific, repeatable, and documented analysis on the security implications of that technology. Examples of this include Windows Vista, mobile devices, embedded devices, IPv6, and others. Given the proliferation of such technologies in our daily lives, we don’t foresee a shortage of areas to research. In a threat analysis, we are primarily concerned with the deep analysis of a given category of threat, and what future generations of that threat will look like. This analysis will, in turn, help us to improve our products. This includes threats such as phishing, rootkits, keyloggers, and bot networks, just to name a few.
The Advanced Threat Research team is a relatively small group with a core of six people; however, we benefit from the extended team (Security Response) that consists of hundreds of experts located in countries around the world. Some of us are good at building things, while others are very good at tearing things apart. Needless to say, everyone on the team excels at computer security and computer security research. We perform a lot of internally focused research to drive Symantec’s product direction and from time to time we will be making our research public. I hope that this gives you a good overview of the team, and I would ask you to keep an eye out for future blog entries that will refer to our research and developments.