New Disarm technology and network threat protection for Mac computers added to Symantec’s protection portfolio
KUALA LUMPUR, Malaysia – January 16, 2014 – Symantec (NASDAQ:SYMC) today announced new additions to its industry leading protection technologies to protect organisations from targeted attacks. The powerful new innovations include Disarm technology in Symantec Messaging Gateway and the addition of Network Threat Protection in Symantec Endpoint Protection for Mac computers.
Defending against sophisticated targeted attacks is now the norm, and it’s not just large companies that are being impacted. Targeted attacks are growing significantly among businesses with fewer than 250 employees. Small businesses globally are the target of 31 percent of all attacks, according to the 2013 Internet Security Threat Report. Small companies are an attractive target for cybercriminals as they have fewer security safeguards and often have business relationships with larger companies which may be the ultimate target of attackers.
“The new technologies, combined with our comprehensive solution portfolio, will protect organisations in Malaysia from threats at the gateway, on the endpoint and in the data centre,” she added.
Protection at the Gateway: Disarm Technology
Developed by Symantec Research Labs, Symantec’s advanced research division, the new Disarm technology in Symantec Messaging Gateway 10.5 uses a first-of-a-kind technique to protect companies from targeted attacks. Most targeted attacks are now delivered in the form of malicious, but seemingly innocuous, documents delivered over email. Each such malicious document, e.g., a PDF, DOC or XLS file, contains an embedded attack, and when a victim simply views the document, their computer is automatically and silently compromised.
Traditional protection technologies attempt to scan documents for suspicious characteristics. The problem is that many of these document-based attacks are purposefully crafted so they don’t look suspicious, and as a result, they go undetected.
“Disarm technology takes a whole new approach. Instead of scanning the document, it essentially makes a digital harmless carbon copy of every incoming email attachment/document, delivering this carbon copy to the recipient, rather than the original, potentially malicious document. The result is that the recipient is never exposed to the attacker’s malicious attachment,” said David Rajoo, Principal Consultant, Symantec Malaysia.
According to Symantec research, the Disarm technology would have blocked 98 percent of attacks that exploit zero-day document vulnerabilities thus far in 2013 – these are attacks that were entirely unknown and would therefore have likely evaded all traditional scanners, heuristics, emulators and even Virtual Execution (VX) solutions.
Protection at the Endpoint: Network Threat Protection for Mac Computers
Symantec has added its advanced Network Threat Protection technology to the Mac version of the Symantec Endpoint Protection 12.1.4. “Many Mac users think they’re impervious to attacks, and as a result don’t take security seriously. But the reality is that this makes Mac users a potential goldmine for targeted attackers. Symantec’s Network Threat Protection technology intercepts incoming network traffic before it can impact the Mac computers, looking for targeted attack exploits and automatically blocking them,” said David.
Network Threat Protection technology uses a patented, application-level, protocol-aware Intrusion Prevention System to not only identify and block known attacks, but also identify and block many unknown or day-zero attacks.
Protection at the Data Centre: Solutions to Protect the Physical and Virtual Data Centre
Symantec also protects an organisation’s critical assets and information in the data centre. Symantec offers Symantec Critical System Protection (CSP), a server lockdown solution designed to protect both physical and virtual infrastructure. Organisations can install and configure CSP so it only allows known-legitimate activities on your servers and blocks all other (anomalous) activities. If a targeted attacker does compromise a server, they must – by definition – perform activities that will deviate from the norm in order to access sensitive data on the machine, or elsewhere in the data centre. CSP automatically detects and blocks those deviations, stopping the attack automatically. Only approved software programs are allowed to run, and those programs are only allowed to perform approved behaviors, access approved resources, etc.
Targeted Attack Protection Powered by Unmatched Expertise, Global Intelligence
In addition to these new innovative technologies, Symantec’s security solutions are powered by the Symantec Global Intelligence Network (GIN) and a team of more than 550 researchers around the world. Symantec’s GIN platform collects anonymous telemetry from Symantec’s hundreds of millions of customers and sensors around the clock. Symantec uses this data – more than 2.5 trillion rows of security telemetry – to automatically discover new attacks, and monitor attacker networks. Symantec also uses this data to develop predictive, proactive protection technologies, such as Symantec’s Insight reputation technology, for gateway, endpoint and data centre offerings.
Symantec (赛门铁克) 在马来西亚推出独特新技术全方位防御不断演变的针对性攻击
Symantec (赛门铁克)扩大防御产品组合推出新 Disarm 技术和网络威胁防护更完善保护 Mac 电脑
吉隆坡,马来西亚 - 2014年1月16日 – Symantec (赛门铁克) (NASDAQ:SYMC) 今日宣布为业界领先的防御解决分案推出全新独特技术,帮助用户全方位防御针对性攻击。此次发布的强大创新技术包括在 Symantec (赛门铁克) Messaging Gateway 中置入全新 Disarm 技术,及在Symantec 端点安全防护产品 (Symantec (赛门铁克) Endpoint Protection) 中融入网络威胁防护 (Network Threat Protection) 技术,提升保护Mac 电脑系统的功能。
如今,防御复杂的针对性攻击已成规范,而且针对性攻击不仅限于大型企业机构。规模少于250名员工的公司,受到针对性攻击的数次也显著增加。根据2013 互联网安全威胁报告 在所有攻击对象中有31%是全球的小型企业。小型公司成为受欢迎的攻击目标,是因为小型公司具有较少安全措施,并常与大企业展开业务联系;而这些大企业或许是黑客发动针对性攻击的最终目标。
Symantec (赛门铁克)马来西亚总监Josephine Ho(何美丽)说:“严守防线,避免企业机构受到不断演变的针对性攻击,是目前首席资讯安全执行员(CISO)和 IT经理最关注的要务;针对性攻击已成为主要威胁趋势的重要部分。”
她补充:“新技术结合我们的全方位解决方案组合,保护马来西亚的企业机构免受到从网关、端点、数据中心或任何其他途径进入企业网络的威胁。”
保护网关:Disarm 技术
在 Messaging Gateway 10.5 中新增的 Disarm 技术,是由Symantec (赛门铁克) 的高阶研发部 Symantec 研发实验室开发,采用业界创新技术以保护公司免受针对性攻击的侵害。现在的大部分针对性攻击通过电子邮件发送看似无害的文件作恶意攻击。这些恶意文件例如PDF,DOC或XLS格式的文档,其中含有嵌入式攻击。当用户打开这些恶意文件时,他们的电脑就会在完全不知情的状况下,自动受到攻击。
传统保护技术会扫描文件以检测可疑特征。但问题是,这些恶意文件都经过精心策划,伪装成无害的样子,因此都不会被发现。
Symantec (赛门铁克)马来西亚首席顾问David Rajoo说:“创新的Disarm技术采用全新方法对抗攻击。有别于一般扫描文件,它将每一个进来的邮件附件/文件,替换成无害数码副本,然后将副本交付给收件人,而不是可能附有恶意程序的原件。因此收件人不会接触到恶意文件。”
据 Symantec 的研究发现,Disarm 技术能够拦截至2013年为止 98% 利用zero-Day 漏洞的攻击。因为这些攻击完全未知,因此可能逃避传统的病毒指纹、启发式检测、模拟器以及虚拟执行(VX)解决方案。
保护端点:网络威胁防护,全面保护 Mac 电脑系统
Symantec (赛门铁克)已将其先进的网络威胁防护 (Network Threat Protection) 技术,加入 Mac 版Symantec (赛门铁克) Endpoint Protection 12.1.4。David 说道:“由于许多Mac用户认为不会受到攻击,因此忽视安全问题。而事实是这种想法使 Mac用户成为针对性攻击者的潜在金矿。Symantec (赛门铁克)的网络威胁防护技术能迅速截获进入系统的网络流量,从而准确定位针对性攻击的漏洞利用并自动将其拦截,有效防止 Mac 电脑受到攻击。”
网络威胁防护采用一项获得专利的应用层协议感知入侵防御系统(Intrusion Prevention System ),不仅能识别和拦截已知攻击,也能识别和拦截许多未知攻击或Zero-Day漏洞攻击。
保护数据中心:保护现实和虚拟数据中心的解决方案
Symantec (赛门铁克) 也保护企业机构于数据中心的重要资产和资讯。Symantec (赛门铁克)提供Symantec (赛门铁克) Critical System Protection(CSP),一款专为保护现实和虚拟基础设施的服务器锁定解决方案。企业机构可以安装和配置CSP,令它只允许已知的合法活动在服务器上运行,并拦截其它所有(反常的)活动。如果针对性攻击对服务器构成威胁,它们会根据规定采取偏离常态的行动,以访问电脑上或数据中心任何地方的敏感数据。CSP将自动监测到这些行动,并自动拦截攻击行为。只有被许可的软件程序可以在系统中运行,而且这些程序只能执行被许可的行为操作、访问被许可的资源等等。
针对性攻击防护技术获得尖端技术团队和全球智能网络的支持
除了这些创新技术,Symantec (赛门铁克) 的安全解决方案由Symantec 全球智能网络k (GIN) 及一支由世界各地550多名研究人员组成的专业队伍提供积极支持。Symantec的GIN平台昼夜不停的收集来自Symantec (赛门铁克)数以百万计用户和传感器的匿名遥测。Symantec (赛门铁克)运用此超过2.5万亿行安全遥测数据以自动发现新的攻击,并监控攻击者网络。此外,Symantec (赛门铁克)也运用这些数据开发可预测的主动防护技术,例如Symantec (赛门铁克)的 Insight信誉技术,供应网关、端点和数据中心产品。
No comments:
Post a Comment