Symantec Unveils Intrusion-Prevention System, Models Worm Behaviors - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:54 PM

Symantec Unveils Intrusion-Prevention System, Models Worm Behaviors

Symantec reveals an intrusion-prevention defense that can protect applications and operating systems without needing constant updating.

Symantec on Monday announced a new intrusion prevention defense that when added to existing Symantec enterprise products, can protect applications and operating systems without needing constant updating.

The Cupertino, Calif.-based security vendor also unveiled a simulation tool that models how past major worms spread, and said it plans to expand the tool so that enterprises can simulate how a specific, and current, attack propagates through their own networks.

The intrusion prevention system, dubbed Symantec Critical System Protection 4.5, will defend against day-zero attacks -- exploits for which no patch exists -- and proactively protects applications and OSes on both clients and servers by enforcing behavior-based security policies.

"We're extending the endpoint security infrastructure by adding a layer of robust protection against new malicious threats," said Chirantan Desai, director of product management Symantec's client and host security group, in a statement.

Critical System Protection uses behavior-based techniques to watch for as-yet-unknown threats, includes a high-performance firewall, and also protects against buffer overflow and memory-based exploits, said Symantec.

A central console monitors covered clients and servers, and lets administrators manage the configurable security policies for apps and operating systems. Those policies, said Symantec, automatically and dynamically adapt to the OSes and applications installed on the machines so that IT doesn't have to configure new policies to cover different types of systems.

Critical System Protection 4.5 will be available late June through Symantec's resellers, distributors, and systems integrators.

Also on Monday, Symantec touted a new worm attack modeling tool, dubbed Worm Simulator, that graphically shows how several notable malicious attacks spread in the past, both on a macro and on a micro scale.

The simulator, which can be downloaded free of charge from Symantec's Web site, shows how six of the biggest worms of the last two-and-a-half years -- MSBlast, MyDoom, Netsky, Sasser, Slammer, and SoBig -- spread throughout the Internet in general, and in several "typical" network configurations specifically.

Although Symantec officials said that the simulator will be used by its sales staff to demonstrate large-scale attacks, they also said it's a worthwhile tool for end users now, and would get better down the road.

"We want common users to use this to get an idea of how threats develop and spread," said Carey Nachenberg, the chief architect of Symantec Research -- the company's R&D effort -- and the holder of several security patents. "And while we now have models of typical networks [in the simulator], in the long run we'll give tools to enterprises so they can map their own networks to see how attacks affect them."

As new worms appear in the wild, Nachenberg said, Symantec plans to release simulation files that can be run using this modeling tool. Symantec is already using the tool internally for a better understanding on how major worms spread, and has tweaked the simulator sufficiently for Nachenberg to be confident of its accuracy.

"In our initial modeling of the Slammer worm, for instance, we had it flooding the world's systems in a third of the time it took in the real attack. The real thing took longer because it clogged up routers and slowed because of the reduced bandwidth."

Although he wouldn't promise that new worm simulator "definitions" would be released in enough time for companies to run a simulation before the attack hit them, he claimed that "once we understand how a worm works, it's pretty trial, a half hour's job or so, to create a simulation for it."

In the future, Nachenberg said, Symantec has plans to not only provide manual tools for companies to accurately model the specifics of their own networks -- to see how a particular worm spreads, to gauge how effective patching certain systems will be to defend the network as a whole -- but he hopes to give administrators the ability to automatically sniff out the construction of their networks.

"That's the plan in the long run," said Nachenberg.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll