Symantec takes aim at mutating software and zero day threats

BARCELONA: Symantec has launched malware detection software dubbed Ubiquity, which is designed to identify malicious files from day zero and give enterprises increased protection from mutating software.

At its Vision 2010 event, Symantec claimed to have created the largest clean file database, utilising its 100 million customers, which is uses as the basis of Ubiquity.

Ubiquity works by creating a security rating for each file, based on where it came from, how old it is and its adoption patterns across the clean database, the firm said. This means that even if attackers mutate a malware file’s contents to make it invisible to traditional detection methods, it is harder to avoid being detected by Ubiquity, Symantec said.

If a previously unseen file is run against this database and is not found, it is treated as suspicious. Similarly, if it is located but only on machines that have previously been compromised, it is also treated as suspicious, explained Francis deSouza, senior vice president for the enterprise security group at Symantec.

The software effectively adds an entirely new layer of protection on top of the existing signature-based protection, intrusion prevention, behavioral and heuristic detection capabilities used, the firm said.

Symantec claimed that this results in dramatic performance gains, as only files that are identified as risky are scanned.

The data provided by Ubiquity can be also used to allow administrators to control what software enters their users’ environments.

“Ubiquity is the next generation of security technology and we created it to address the problem of custom malware,” deSouza said.

“We can use our scale to help make the very quick determination about whether a file you are seeing for the first time is good or bad.”

Symantec will roll out Ubiquity across a wide range of enterprise products over the coming year, starting with Symantec Web Gateway.