Symantec Aims to Fix Broken Links in Security Chain

Symantec announced on Tuesday four newsecurity and compliance software suites that it claims remedy the most commonsecurity shortcomings exploited by today’s targeted attacks.

These latest softwaresecurity products complement the company’s four-pronged approach basedon the phases of a targeted breach attack versus a more tradition massattack. The security suites provide a range of options in helpingorganizations combat poorly enforced IT policies, poorly protectedinformation, poorly managed systems, and poorly protected infrastructure.

“Any number of things has to happen for an attack to be successful.Symantec’s goal with the new security products is to break the chainin several places,” Dave Dorosin, director of product marketing forSymantec, told TechNewsWorld.

The new productsare designed to protect from the four phases of a breach, he said.

Research Results

The risk to confidential information continues to grow as ITexecutives face an increasing number of threats to their informationfrom both internal and external sources, according to Symantec.

Today’s attacks are more sophisticated, well-organized and covert innature compared to attacks in recent years. This prompted Symantec toforge a new defense strategy.

The recent Hydraq attacks highlight the targeted nature of today’sthreats, designed specifically to steal confidential information.Other security reports refer to this type of breach attack as an”Aurora Attack,” said Christian A. Christiansen, program vice presidentfor security products and services at research firm IDC.

Symantec’s Internet Security Threat Report, which will be releasedlater this month, reports that in 2009, 60 percent of identitiesexposed were compromised by hacking attacks.

“Symantec has revised its security strategy to address this new levelof sophistication. We’re finally starting to see the fulfillment ofSymantec’s promises over the years,” Christiansen told TechNewsWorld.

Attacker Mentality

During what Symantec called the “Incursion Phase,” the attacker breaks into the network bydelivering targeted malware to vulnerable systems and employees. Thisphase is now much more finely tuned.

“Attackers are showing a lot more preparation. This is a bigdifferentiator from previous attack strategies,” said Dorosin.

In the Discovery Phase, hackers map an organization’s defenses fromthe inside and create a battle plan. In the Capture Phase attackersaccess data on unprotected systems and install malware to secretlyacquire crucial data.

Hackers are showing an increased level of patience and are taking theneeded time to monitor end point behavior, he explained.

Tactical Changes

In the Exfiltration Phase, the attackers send confidential data backto a home base for exploitation and fraud. The latest trend shows abig difference now in where the compromised data is sent.

Attackers are using temporary relay points, which make them much harderto track and shut down, according to Dorosin.

A mass attack in the Incursion Phase often uses generic social engineeringthat produces infection by chance. By comparison, a targeted attackuses handcrafted and personalized methods of delivery.

A mass attack typically has no discovery phase and assumes the contentis in a predefined and predictable location. A targeted attackexamines the infected resource and monitors users to determine otheraccessible resources and network enumeration.

More Changes

In the capture phase, a mass attack has predefined specific data ordata which matches a predefined pattern, such as a credit card number.Targeted attacks rely on manual analysis and inspection of the data,said Dorosin.

In the Exfiltration Phase of a mass attack, information goes to a dumpsite with little protection. That dump site serves as a long-termstorage location. However, in a targeted attack, the stolen information goesdirectly back to the attacker and is not stored in known location foran extended period.

The challenge security researches face is to develop and enforce IT policies,protect the information, manage systems and protect theinfrastructure, said Dorosin in explaining Symantec’s strategy.

Meeting the Challenges

New features in Control Compliance Suite 10.0include centralized evidence collection and management, dynamicWeb-based dashboards, integration with Symantec Data Loss Preventionand the new CCS Vulnerability Manager

Data Loss Prevention Suite 10.5 covers information protection. Newfeatures include better visibility and control of unstructured data,enhanced protection for social media sites, new protection for privateclouds and new endpoint option for less complex environments.

IT Management Suite 7.0 helps admins manage their systems. These newfeatures include new comprehensive suite that brings together allAltiris components, automated end-to-end Windows 7 migration process,intelligent software management providing complete visibility andprocess automation of complex, time-consuming IT tasks.

Symantec Protection Center and Symantec Protection Suite EnterpriseEdition Family focuses on protecting the infrastructure. New featuresin the Symantec Protection Center include new securitymanagement solutions and simplified management with improved securityposture. The Symantec Protection Suites are three new productsdesigned to meet the needs of enterprise IT personnel in endpoint,gateway and server functions.

Results Realized

The features in Symantec’s new security suites go in a new direction,said Christiansen. These more sophisticated attacks require asophistication response.

“The integration of these elements in unique to Symantec. No othercompetitor as the strength in all these elements. It is all brand-new,” said Christiansen.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

Technewsworld Channels