SAN FRANCISCO--Security giant Symantec is trying to give companies a better way to determine how trustworthy files are.
At the RSA Conference here, Symantec CEO Enrique Salem outlined the new reputation-based security feature built into the company's new Endpoint Protection 12, client-side security software that gives files a score based on the scanning of 2.5 billion files the company keeps track of in its cloud-based database.
Dubbed the Insight Reputation System, the feature looks at files that have been downloaded from the Web and gives each one a score based on risk. This is based on what kinds of things the file does, as well as who it's from.
"The idea of a blacklisting approach is no longer going to be effective, and IP-based recognition where we track IP addresses is not good enough," Salem said. "We need real-time, contextual tracking that look at a series of attributes; things like file age, download source, prevalence, and brings all those things together."
The tool for that, Salem said, is Endpoint Protection 12, which the company claims is the only reputation-based system that's context-aware. The new tool, which is the first major update to the Endpoint Protection suite in three years, will be released in April.
Salem also went into specifics about how it was becoming increasingly important to identify threats at the point of download given the consumerization of IT and the proliferation of consumer devices within businesses--both things that have made it increasingly difficult to keep threats at bay, and represent the new battleground for threat activity itself.
"It wasn't that long ago that you as security professionals had control," Salem said. "You had control of the desktop, you had control of the database, you had control of the applications, you had control of the servers, and to some extent, you even had control of the users."
The problem, Salem said, was that control had been toppled with new devices, and new ways of doing business. "Now what's happening is that those days are over, because all kinds of devices are coming into your office: USB drives, notebooks, and many of them aren't your devices. They're your partners, they're people that are bringing them into your environment," Salem said. "And what are they doing? They're accessing corporate e-mail, they're logging into their Facebook pages, and their Twitter accounts."
Symantec's solution to get above the problem is a new initiative called O3, which Salem compared to the Earth's ozone layer, protecting the surface from outside forces. O3 is made up of three security layers:
1. A rules engine for enforcing the information specific devices can access from where.
2. A protection enforcement layer that determines what employees from what devices can access the information.
3. A compliance/monitoring layer for access and understanding of what policies are being enforced.
"That's our approach, that's our vision for what has to be done. It has to be a layer above the clouds," Salem said.