Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Emerging Threats
Showing posts in English
Joe Pasqua | 08 Oct 2008 18:39:40 GMT | 0 comments

Last week's Cutting Edge event was an absolute blast. Cutting Edge is our internal technical conference where we gather top engineers, architects, and researchers from across Symantec globally to share ideas, best practices, technologies, imagination and energy. The goal is to keep Symantec at the cutting edge of technology, which we view as critical to winning in the marketplace. Besides that, it's just tremendously stimulating to be around four or five hundred really smart people.

The theme of this year's conference was "How We Win." In a way, everything we discussed boiled down to one thing: we win by making our customers win. We win by helping to solve their problems, adding value to their businesses, and making their lives more secure. Sounds obvious, but how do we do that? We touched on a number of approaches, from the macro down to the micro. For example, at the macro scale we talked about our Open Collaborative Architecture which uses open standards and...

Tom Thomassen | 07 Oct 2008 14:39:11 GMT | 0 comments

Symantec's Cutting Edge 2008 engineering conference had a remarkable symmetry on the second day.  The first keynote was delivered by Enrique Salem, COO of Symantec, and the last one by Chris Hoff, Chief Architect of Unisys. 
Remarkably, they spoke with almost color-coordinated phrases. Enrique said that the way Symantec was going to differentiate itself from competitors was to focus on virtualization, information risk management and SaaS (software as a service). Chris Hoff talked about the "virtualization of security" or as he said, the three most important trends in the industry at the moment: virtualization, security and management of risk, and lastly, "cloud computing"/SaaS. Chris described the four horsemen of the apocalypse (be afraid, be very afraid) in trying to focus attention on the challenges posed in the brave new world of network security in a virtualized world. 
It brought to mind the biggest opportunity and the biggest...

Tom Thomassen | 03 Oct 2008 20:51:50 GMT | 0 comments

Symantec's Cutting Edge 2008 conference closed on Friday, October 3rd. As the Chair of this year's Cutting Edge conference, hosted each year by the Office of the CTO, I can say it was a wonderful opportunity to manage an event that brings together engineering groups across Symantec. Known as "a conference by engineers, for engineers," Cutting Edge continues to provide an atmosphere where people feel comfortable discussing ideas across organizations.
This year's theme is "How We Win," and there are three key areas where we see this taking shape. First, we must highlight the Symantec innovation model, which is a balance between organic innovation and innovation by acquisition of leading technologies. Second, the direction of our innovations must be driven first and foremost by our customers. Our customers are telling us that they like our products, and we must continue to listen to their needs and include features to help them do their business better...

Rob Clyde | 02 Oct 2008 22:10:08 GMT | 0 comments

Here at Cutting Edge we have a lot of exciting technological developments and innovations to share. At the top of the list for me is the Symantec Open Collaborative Architecture (OCA), which prescribes a technology direction to enable collaboration among Symantec products and third-party and partner products.

The architecture is based on a loosely coupled interoperability model that requires products to adhere to a limited set of technology requirements in order to be considered OCA-enabled. The Symantec OCA enables products to interoperate for the purpose of data/information sharing among multiple products. This allows task and operational control of one product to be initiated by another product while creating loosely integrated process automation solutions for IT domain-specific processes, as prescribed in ITIL, for example. Working across IT domains, sharing and exchanging data, and enabling automation all contribute to greater cost effectiveness and risk...

Carey Nachenberg | 02 Oct 2008 13:54:41 GMT | 0 comments

In a nutshell, Symantec's new approach to detecting threats automatically derives reputation ratings (e.g. safe, unknown, unsafe) for every executable file available on the Internet. The reputation ratings are derived automatically using algorithms, not unlike Google's Page Rank algorithm, from literally billions of Norton Community Watch file reports from our tens of millions of participating users. Just like you use reputation ratings to choose whether or not to buy a book or a new MP3 player on sites like, the next generation of antivirus software can use the project's data to determine whether or not to allow an application to run on your computer. Think of it as the world's largest list of rated applications.
Unlike traditional antivirus, all of our reputation data is stored in the cloud - that is, in Symantec data centers - meaning that...

Carey Nachenberg | 01 Oct 2008 10:35:47 GMT | 0 comments

This year's Cutting Edge, Symantec's internal conference "for engineers, by engineers," promises to be an interesting one. Why? The last few years have brought serious challenges to the dominant antivirus fingerprinting approach. Right now, the security industry is built around the fingerprinting model – all of our processes, our automation, our data collection, our publishing systems – they’re all designed around the blacklisting model. 
Unfortunately, while the industry had its head down honing the blacklisting approach (Symantec can automatically analyze and fingerprint up to 6M samples per week – how’s that for honing?), the rest of the world changed. Recent Symantec studies show that the volume of malware released now outpaces good software (potentially representing up to 65% of all unique software apps). Furthermore, industry reviews show that many new malware programs slip past all major antivirus products...

Anthony Roe | 14 Aug 2008 18:47:54 GMT | 0 comments

Well, sadly the time seemed to fly by and last week's conference ended more quickly than I would have liked. I didn't have the time to stay in Vegas and attend the DEFCON conference either. Even though I really wanted to see Christopher Tarnovsky demonstrate smartcard/microcontroller fault induction in person, I decided to attend briefings that greatly complemented the briefings that I attended previously. Particularly, I enjoyed Felix Lindners ("FX") briefing entitled “Developments in Cisco IOS Forensics”, which actually did a lot to ease my previous fears that the defensive side of the arms race for Cisco IOS was being left behind.


Felix began his talk by explaining the impact of successful exploitation of Cisco IOS vulnerabilities, providing some details about Cisco IOS internals, and then explaining why the flat memory format is so dangerous...

Anthony Roe | 13 Aug 2008 16:42:55 GMT | 0 comments

The first day of the Black Hat conference briefings came to an end and in retrospect, it was far from bland. From Professor Angell’s esoteric keynote speech touching on how the combination of computers and human activity systems can spawn systemic risk, to a Palace 1 conference room packed wall-to-wall with eager ears ready to listen to Dan Kaminsky deliver his briefing for DNS titled “DNS Goodness.”

In fact, the room was packed so much that an organizer dryly announced over the PA system: “Speakers in parallel talks, you can’t skip your talks even though nobody is going to be there.” It was a good briefing, but it was two other entirely separate briefings that stole the show for me, by a huge margin actually. Neither of these briefings received an abnormal amount of limelight, but both of them involved appliances that are very commonly used in inter- and intra-network infrastructure. The briefings “Cisco IOS Shellcodes and Backdoors” by Gyan Chawdhary and Varun Uppal...

Zulfikar Ramzan | 08 Aug 2008 14:42:03 GMT | 0 comments

On the opening day of BlackHat 2008, Symantec commissioned an anonymous survey among the attendees to learn about contemporary views on security related topics, such as vulnerability research, future threats and trends, and what types of challenges we as security professionals will collectively face in the coming year.


We received exactly 500 responses, 21% of which coming from IT managers. The field also represented security researchers (17% independent and 11% employed by a vendor) and executives (11%). These respondents represented several industry sectors, including high tech (40%), government (25%), banking (10%), and healthcare (2%). Also, the demographic varied, with 18% of respondents attending from regions outside of the United States (Canada - 4%, EMEA - 7%, AsiaPac - 4%, Latin America - 1%) – a clear indication that information security issues are truly an international concern and that we share common pain points with our colleagues across the world....

Sean Hittel | 08 May 2008 22:23:43 GMT | 0 comments

Lately, I have been feeling like a bit of a broken record, each week singing nearly the same tune. Well, this week is no exception. Neosploit has updated again. Starting on May 2, our honeypots again picked up an update to the omnipresent exploit kit.

This time, the update includes a new packer, apparently designed to restrict the unlicensed deployment of the exploit toolkit. The Neosploit packer has always been (dare I say it) innovative. In addition to scrambling variables and ensuring that the exploit delivered is different each time a victim is iframed to an infectious site, Neosploit also uses itself as the key to decode itself. This means that clumsy attempts to modify the decoder in attempt to decode it will result in gibberish, rather then the properly decoded exploits. In addition to this, the new version adds a check to ensure that the exploit is hosted on the intended site. Essentially, what the authors of Neosploit did was append the URL...