Securing the enterprise has never been easy, but thanks to the heightened number of attacks and an ever-changing threat landscape, the challenge has reached new levels of complexity.
Malware authors have been shifting tactics, away from mass distribution of a single strain that hits millions of PCs, to a micro distribution model where far more unique variants are created. The Symantec report provides evidence of this trend by logging 403 million unique threats in 2011, up 41% from 2010, with an alarming 13 malware variants discovered every second. In addition, attacks are increasingly targeted with more than 75% of malware infecting less than 50 machines. Throw in a new genre of Web-attack toolkits that make it easier for malware authors to create unique strains, and organizations of all sizes across all industry sectors are now at risk—not just the largest companies and government organizations and no longer just C-level titles.
In the face of this mounting and continually morphing threat landscape, security professionals need to recognize that traditional signature-based protection no longer provides adequate protection. Simply scanning files for fingerprints and cross-referencing them against a database of known virus strains will leave their systems exposed.
Alternatively, security solutions have to enable strategic IT initiatives designed to enhance and deliver value, not stand in the way. As a result, those charged with protecting the enterprise need to embrace more proactive forms of protection that take the battle against malware to the next level, safeguarding against never-before-seen threats and remediating strains that are not well-documented members of the threat landscape.
Security professionals should consider these five areas when evaluating protection technologies to ensure they cover all the bases:
File-based protection. A modern anti-virus solution should go beyond simple pattern matching to determine a good or bad file and provide multiple methods, including both generic and heuristic techniques, to identify both known and unknown threats. While there are other means of attack, having infected files on a target machine remains an on-going problem, which means filed-based protection is still necessary in detecting, neutralizing, and removing threats from individual machines.
Network-based protection. Block malicious attacks before they can introduce malware onto a system. Network-based protection analyzes incoming data streams arriving via network connections, and blocks threats before they hit the system.
Behavior-based protection. To push security to the next level, behavior-based protection is required. This technique examines the dynamic behavior of malicious activity as opposed to static characteristics. Moreover, applying analysis and artificial intelligence to examine the attributes of what good and bad applications do is a much more effective way of creating profiles of behaviors for applications that are previously unknown. In addition, this approach provides protection no matter what the end user does or how the malware ends up on a machine.
Reputation-based protection. Among the newest forms of protection, reputation-based technology considers the meta-information of a file to provide context. The context of a particular file--for example, its origin, its age, where it exists, and where it travels—is used to determine whether the file is safe or a threat, and then, if necessary, initiate the proper course of remediation.
Optimized for virtualization. Virtualization is a strategic business imperative for an increasing number of organizations—one designed to deliver value by facilitating more agile IT infrastructures and creating a path to the cloud. Next-generation security technologies need to be optimized for virtualization, not impede the technology by getting in the way of performance.
Symantec's Security Technology and Response (STAR) division is aggressively pursuing new protection technologies. These technologies are part of an eco-system of five layers of security that protect endpoints against everything from social engineering attacks to Bots and Botnets and targeted attacks. This level of protection is also effective against advanced persistent threats (APT), Trojans and general malware zero-day threats.
The latest Symantec Endpoint Protection 12.1.2 release is architected on a multi-point security foundation. It is also differentiated by SONAR (Symantec Online Network for Advanced Response), the only behavior-based protection available on the market. SONAR combines the classification of nearly 1,400 file behaviors with artificial intelligence and human-authored signatures to provide zero-day protection against new and previously unknown threats.
In addition, Symantec's Insight has access to the world’s largest intelligence network to provide reputation ratings for nearly every file on the Internet. This advanced data mining technology creates reputation-protection that is able to separate at-risk files from those that are safe based on their context. By computing highly accurate reputation ratings on every file, Insight can deliver effective protection not just against popular malware, but also identify the most arcane threats.
Beyond the wealth of security and remediation technologies, Symantec Endpoint Protection 12.1.2 has also been built from the ground up to optimize virtualized environments and enable increased performance. The platform integrates directly with VMware's vShield Endpoint to off-load scanning and preserve system I/O. Administrators can view virtual machines, set unique policies, monitor performance, and drill down on potential threats.
Via capabilities like virtual image exception, offline image scanning, deduplication, and a shared Insight cache, Symantec Endpoint Protection 12.1.2 outperforms agentless solutions without sacrificing security. It does so by eliminating unnecessary scanning and employing resource leveling which reduces disk I/O by as much as 90% thus, allowing virtualized environments to remain protected without impacting system performance.
In terms of business continuity, Symantec Endpoint Protection 12.1.2 will support both Mac OSX 10.8 (Mountain Lion) and Windows 8 platforms. The protection in the new release builds on the technology that provided Symantec Endpoint Protection the only AAA rating by the independent test released by Dennis Labs.
In today’s complex threat landscape, a single data-breach can cost upwards of $5.5 million between both direct and hidden costs. The days of relying solely on signature-based antivirus are long gone.