Symantec announces new endpoint solutions

Software is 70% faster than previous versions due to reputational scanning

Tags: MalwareSymantec Corporation
  • E-Mail
Symantec announces new endpoint solutions Endpoint Protection uses Symantec's Insight community and cloud based technology to keep up with threats, says Doo.
By  Georgina Enzer Published  February 17, 2011

Symantec has announced the new generation Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition, aimed at providing businesses of all sizes with advanced protection and an improvement in system performance.

Both software systems are powered by Insight, Symantec's community and cloud-based reputation technology which detects possible infected files based on a database of 175 million customer computers. Any files introduced into the database are assigned a reputation based on user recommendations and number of downloads and this system allows Symantec Endpoint Protection 12 to scan computers up to 70% faster than previous versions.

"By assigning a reputation to files, we can reduce the time for scanning a hard-drive based upon the fact that we know up to 70% of those files are 100% trusted and won't change, so we don't have to scan them. By blocking the threat vectors before they can even be downloaded we are avoiding the infection rates on the PCs as well. It is all about increasing the perimeter defence while also increasing the user performance in terms of how quickly we can run our scans," said Justin Doo, security practice director for emerging regions at Symantec.

Security threats globally have become more sophisticated and more prolific, according to Symantec, in Jan 2007 there were 250,000 types of viruses or malware, in December 2010 there were over 286 million.

"What is happening is to try to avoid detection, the threats are mutating very quickly so we are seeing average infections of 15, maybe 20 PCs before the code itself polymorphically changes and you need another detection pattern to detect that new variant. So we are seeing thousands and hundreds of thousands of new variants with very similar code, but it needs a new pattern file to detect it," said Doo. "You can see with 286 million malware samples out there, the typical response of the industry, which is to issue a bunch of new pattern files on a daily or hourly basis, we can't keep up, and it is almost like a denial of service attack against the anti-virus industry."

This explosion of malware in terms of both scope and complexity is due in large part to the creation of easy-to-use attack toolkits-such as Zeus-which lowers the barrier of entry in cybercrime and can cost just $400 to $500.

"We are seeing almost a consumerisation of the threat vectors, but we are also seeing very concentrated and sophisticated attacks against organisations, against verticals, for example banking or finance. The net return for these organisations is money; it is all about a physical cash income. The latest figures from the US treasury are something like two times the world's global drug trafficking value is made in compromising PCs and data breaches. What we are seeing is a massive explosion in terms of the number of threats that we have to deal with," said Doo.

The new Symantec Endpoint Protection 12 is designed to block new and unknown threats missed by traditional signature, heuristic, behavioural and HIPS-based security solutions.

All of the product's security engines are now reputation-enabled, using Insight's online reputation database to identify and block malware attacks. Symantec's Insight can automatically derive highly accurate security ratings for more than 2.5 billion unique good or bad software files.

The software also utilises SONAR 3, a hybrid behavioural-reputation engine, which blocks zero-day and highly targeted threats based on their joint behaviour-reputation profile.

The software also uses cloud-based community intelligence to reduce the virus scanning load by approximately 70% by using Insight to check the reputation of files, leaving those that are known good files, for example Adobe or Microsoft applications, unscanned until they change.

Symantec Endpoint Protection 12 is also designed to conduct scans when computers are idle, meaning that a user can run a scan in the background while continuing with their work without the computer slowing down significantly.

Symantec Endpoint Protection 12 also uses 57% less memory than the average security solution, according to Symantec.

The security software is optimized for performance on virtual systems and is designed to offer comprehensive defence against all types of attacks.

Symantec Endpoint Protection 12 can whitelist baseline images, maintain a local Insight cache, randomise scans and updates, and automatically identify and manage virtual clients. This is designed to radically reduce the load on virtual hosts, alleviating ‘AV Storms' concurrent scans from bogging down system resources, and allowing for faster, more responsive systems.

"We know for a fact that virtual machines and environments are more popular than ever and we have to provide protection for those so we created enhanced technologies to provide full protection against virtual threats," said Doo.

Symantec Endpoint Protection 12 is currently in invitation-only beta testing and is expected to be available for public beta in April 2011.

The new versions of Symantec Endpoint Protection 12 will be available in summer.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code