Symantec boss pushes “reputational security”

By

The new head of Symantec has used his keynote at the RSA 2009 conference to call for a new method of security operations.

The old methods of either blacklisting software or whitelisting it for full access are no longer sufficient in today's threat environment he said.

Instead his company was working on new software that assesses the reliability of applications based on their history and reputation.

“We've spent three years to build software that divines reputations automatically,” he said.

“In this model we divine a computer's reputation of the program from its origin, age, source and using some other secret source that we can't disclose. The new method isn't just about blocking software, but about defining policies for access.”

He gave the example of a systems administrator who can set policies to only allow software on the network that is more than 30 days old, to eliminate new malware, and that is in use by at least a million people.

“That sounds to me like the Conficker virus,” said Adi Shamir, professor of the Computer Science Department at the Weizmann Institute of Science in Israel.

“It was around longer than 30 days. Also I understand the security code on that malware is very good.”

In a similar theme Salem said that other security features need to be automated to make them faster and more effective. For example, if an employee loads protected data onto a USB memory stick then they should automatically be alerted to breaking policy, with a similar warning being sent to the administrator.

This was an issue of personal interest for Salem, as he admitted he had personally lost a USB stick containing confidential information.

Half of lost USB sticks contain confidential information he said.

The new approaches to security are needed he said because the threat landscape was getting much more difficult.

Attacks are reaching 200,000 every half hour worldwide and 90 per cent of those attacks were aimed at harvesting confidential information.

Symantec boss pushes “reputational security”
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?