Symantec's Cutting Edge 2008 engineering conference had a remarkable symmetry on the second day.  The first keynote was delivered by Enrique Salem, COO of Symantec, and the last one by Chris Hoff, Chief Architect of Unisys. 
 
Remarkably, they spoke with almost color-coordinated phrases. Enrique said that the way Symantec was going to differentiate itself from competitors was to focus on virtualization, information risk management and SaaS (software as a service). Chris Hoff talked about the "virtualization of security" or as he said, the three most important trends in the industry at the moment: virtualization, security and management of risk, and lastly, "cloud computing"/SaaS. Chris described the four horsemen of the apocalypse (be afraid, be very afraid) in trying to focus attention on the challenges posed in the brave new world of network security in a virtualized world. 
 
It brought to mind the biggest opportunity and the biggest...

Here at Cutting Edge we have a lot of exciting technological developments and innovations to share. At the top of the list for me is the Symantec Open Collaborative Architecture (OCA), which prescribes a technology direction to enable collaboration among Symantec products and third-party and partner products.

The architecture is based on a loosely coupled interoperability model that requires products to adhere to a limited set of technology requirements in order to be considered OCA-enabled. The Symantec OCA enables products to interoperate for the purpose of data/information sharing among multiple products. This allows task and operational control of one product to be initiated by another product while creating loosely integrated process automation solutions for IT domain-specific processes, as prescribed in ITIL, for example. Working across IT domains, sharing and exchanging data, and enabling automation all contribute to greater cost effectiveness and risk...

This year's Cutting Edge, Symantec's internal conference "for engineers, by engineers," promises to be an interesting one. Why? The last few years have brought serious challenges to the dominant antivirus fingerprinting approach. Right now, the security industry is built around the fingerprinting model – all of our processes, our automation, our data collection, our publishing systems – they’re all designed around the blacklisting model. 
 
Unfortunately, while the industry had its head down honing the blacklisting approach (Symantec can automatically analyze and fingerprint up to 6M samples per week – how’s that for honing?), the rest of the world changed. Recent Symantec studies show that the volume of malware released now outpaces good software (potentially representing up to 65% of all unique software apps). Furthermore, industry reviews show that many new malware programs slip past all major antivirus products...

The first day of the Black Hat conference briefings came to an end and in retrospect, it was far from bland. From Professor Angell’s esoteric keynote speech touching on how the combination of computers and human activity systems can spawn systemic risk, to a Palace 1 conference room packed wall-to-wall with eager ears ready to listen to Dan Kaminsky deliver his briefing for DNS titled “DNS Goodness.”

In fact, the room was packed so much that an organizer dryly announced over the PA system: “Speakers in parallel talks, you can’t skip your talks even though nobody is going to be there.” It was a good briefing, but it was two other entirely separate briefings that stole the show for me, by a huge margin actually. Neither of these briefings received an abnormal amount of limelight, but both of them involved appliances that are very commonly used in inter- and intra-network infrastructure. The briefings “Cisco IOS Shellcodes and Backdoors” by Gyan Chawdhary and Varun Uppal...