The old methods of either blacklisting software or whitelisting it for full access are no longer sufficient in today's threat environment he said.
Instead his company was working on new software that assesses the reliability of applications based on their history and reputation.
“We've spent three years to build software that divines reputations automatically,” he said.
“In this model we divine a computer's reputation of the program from its origin, age, source and using some other secret source that we can't disclose. The new method isn't just about blocking software, but about defining policies for access.”
He gave the example of a systems administrator who can set policies to only allow software on the network that is more than 30 days old, to eliminate new malware, and that is in use by at least a million people.
“That sounds to me like the Conficker virus,” said Adi Shamir, professor of the Computer Science Department at the Weizmann Institute of Science in Israel.
“It was around longer than 30 days. Also I understand the security code on that malware is very good.”
In a similar theme Salem said that other security features need to be automated to make them faster and more effective. For example, if an employee loads protected data onto a USB memory stick then they should automatically be alerted to breaking policy, with a similar warning being sent to the administrator.
This was an issue of personal interest for Salem, as he admitted he had personally lost a USB stick containing confidential information.
Half of lost USB sticks contain confidential information he said.
The new approaches to security are needed he said because the threat landscape was getting much more difficult.
Attacks are reaching 200,000 every half hour worldwide and 90 per cent of those attacks were aimed at harvesting confidential information.
