Symantec has unveiled Ubiquity, a security technology it describes as a breakthrough approach to fighting malware.
Speaking at the company's Vision 2010 event in Barcelona this week, SVP for Symantec's Enterprise Security Group, Francis deSouza, says Ubiquity is a community-based reputation technology that goes beyond signature and behaviour-based analysis to deliver unmatched protection, by reducing false positives.
He says it is a result of more than four years of development, and allows Symantec to harness the anonymous software usage patterns of the more than 100 million Symantec customer computers.
In this way, he says it is particularly effective against custom malware, as it tackles threats that have no current signature, delivering protection against micro-distributed, mutating threats, that would otherwise completely evade traditional security solutions.
Security solutions traditionally require vendors to capture and analyse, or create a signature for specific strains of malware before they can protect against them. “2009 saw Symantec discovering 240 million unique threat samples alone.”
deSouza says Ubiquity's approach is fundamentally different as it finds threats missed by traditional approaches. It adds a new layer of protection that complements the company's existing defences, that includes signature-based protection, intrusion prevention and behavioural and heuristic detection functionalities.
In addition to other proprietary calculations, the technology derives a security rating for each file, based on information about the context of the file such as its origin, age and its adoption patterns across the security giant's user base.
Although cyber criminals often mutate or customise a malware's file contents to help it avoid traditional signatures, they have less control over crowd-based demographics. “Ubiquity is the only technology in the industry to use this complementary approach,” says deSouza.
By utilising the usage patterns of over 100 million Symantec customers, Ubiquity lets the company compute a safety rating for practically every software application on the Internet. “This gives us the ability to protect our customers against targeted, mutated malware that would otherwise evade traditional virus fingerprints,” he concludes.
Share