RSA 2009: Symantec boss pushes “reputational security”

Salem: This isn't about blocking software, it’s about defining policies for access

The new head of Symantec, Enrique Salem, used his keynote at the RSA 2009 conference to call for a new operational approach to security.

The old methods of either blacklisting software or whitelisting it for full access are no longer sufficient in today's threat environment, he said. Instead, his company is working on new software that assesses the reliability of applications based on their history and reputation.

“We've spent three years building software that divines reputations automatically,” he said. “In this model we divine a computer's reputation of the program from its origin, age, source and using some other secret source that we can't disclose. The new method isn't just about blocking software, but about defining policies for access.”

He gave the example of a systems administrator who can set policies to only allow software on the network that is more than 30 days old, to eliminate new malware, and that is in use by at least a million people.

“That sounds to me like the Conficker virus,” said Adi Shamir, professor of the Computer Science Department at the Weizmann Institute of Science in Israel.

“It was around longer than 30 days. Also I understand the security code on that malware is very good.”

Moving to another theme, Salem said that security features need to be automated to make them faster and more effective. For example, if an employee loads protected data onto a USB memory stick then they should automatically be alerted that they are breaching policy, with a similar warning being sent to the administrator.

This was an issue of particular interest to Salem, as he admitted he had personally lost a USB stick containing confidential information. Half of lost USB sticks contain confidential information, he said.

The new approaches to security are needed because the threat landscape is getting much more difficult, Salem said. Attacks are reaching 200,000 every half hour worldwide and 90 per cent of those attacks are aimed at harvesting confidential information.