Home > Security > Symantec’s Norton 2010 products use cloud based intelligence

Symantec’s Norton 2010 products use cloud based intelligence

October 28, 2009

Recently, Symantec brought a completely unique approach to online security with Norton 2010. The Norton Internet Security 2010 and Norton AntiVirus 2010 leverage a new model of security, codenamed Quorum, to attain unmatched detection of new malware and advance far beyond traditional signature and behaviour-based detection.

Gaurav Kanwal, Country Sales Manager – India, Consumer Products & Solutions, Symantec.I managed to catch up with Gaurav Kanwal, Country Sales Manager – India, Consumer Products & Solutions, Symantec, to find out more about this release. Of course, Symantec was kind enough to share a copy of the software.

Norton 2010 products and their unique approach
Cybercrime has surpassed illegal drug trafficking as a criminal money maker. Cybercriminals use phony emails, fake websites and online ads to steal everything you’ve got. Your money, your identity, even your reputation.

To do that, cybercriminals are furiously writing and then rewriting new and unique pieces of malware, hoping to stay under the radar of threat signatures for as long as possible. Symantec security researchers see more than 200 million attacks on average every month, the vast majority of which are never-seen-before threats and delivered via the web.

Kanwal said: “The reality is, the signature approach and other traditional methods of security are not keeping pace with the sheer number of these threats being created by online criminals. Traditional security solutions are obsolete today.

“The faster, safer and smarter Norton 2010 is anything but traditional. Norton 2010 harnesses the power of millions of users united against cybercrime and gives consumers the power to ‘deny’ digital dangers and ‘allow’ a safe online experience.

“Norton 2010 achieves this by leveraging a new and unique model of reputation-based security, codenamed Quorum, to attain unmatched detection of new malware and advance far beyond traditional signature and behaviour-based detection.

“In short, the code name Quorum takes the greatest weapon cyber criminals have in their arsenal – their ability to generate unique pieces of malware at an alarming rate – and turns that very weapon against them.”

The other key and unique feature in the Norton 2010 products is the Norton Insight family of technologies, which uses extensive online intelligence systems to proactively protect the PC and keep users informed of the security and performance impact of files and applications that they encounter in their everyday online experience. The suite consists of:

Norton Download Insight – Uses extensive online intelligence systems leveraging reputation to proactively protect your PC. Analyses and reports on the safety of new files and applications before users install and run them.

Norton System Insight – Provides features and easy-to-understand system information to help keep PCs performing at top speed. Automatic and on-demand application optimisation rejuvenates application performance. Provides a view of recent events on the computer, providing the information required to research and analyze PC issues. Performance graphs help pinpoint what’s causing a computer to slow down.

Norton Threat Insight – Provides details on threats that have been detected on your PC – including useful information on where it came from (the URL) and when it was initially encountered.

Norton Insight Network – Leverages a cloud-based approach unique to Symantec. Based on the technology codenamed Quorum, it takes cloud-based security beyond traditional blacklists and whitelists. It uses a statistical analysis of file attributes based on billions of scans on millions of computers to identify the trust level of a file. This way Norton can identify files to be trustworthy or untrustworthy that would otherwise fall into the grey area of the unknown with only traditional security methods.

Additional key technologies:

SONAR 2 – Sophisticated second-generation behavioural security technology that detects entirely new threats based on their suspicious actions, without the need for traditional fingerprints. Leverages data from the reputation cloud, firewall, network communications (IPS), and file attributes such as location on the PC, origin information, etc., to decide when to detect a program as a threat.

New Antispam (Norton Internet Security only) – Powerful Enterprise-grade spam blocking engine helps keep you clear of unwanted email and safe from email-based scams and infections. 20 percent more effective than the previous engine and requires no training.

Norton Safe Web (Norton Internet Security only) – Website rating service that annotates Google, Yahoo! and Bing.com search results with site safety ratings to warn users about sites that may pose a danger to them. It also includes ecommerce safety ratings to help users make safer online shopping decisions.

OnlineFamily.Norton (Norton Internet Security only) – Norton Internet Security 2010 users can opt to try a subscription to OnlineFamily.Norton, a new Web-based service that keeps parents in the loop on their kids online lives and fosters communication about what’s appropriate and inappropriate behaviour on the Internet.

Quorum — reputation-based technology
So what’s this Quorum — the reputation based technology — all about?

Kanwal said that the Norton 2010 products leverage a revolutionary new technology, codenamed Quorum, which uses cloud-based intelligence to identify malware in an entirely new way beyond traditional signatures and behavior-based detection. With more than three years in the making, the technology, codenamed Quorum, is a real-time reputation system that is unique to Norton. It tracks files and applications and dozens of attributes such as age, download source, digital signature, and prevalence.

“These attributes are combined using numerous algorithms to determine a reputation. As a file is distributed across the Internet and these attributes change, the code name Quorum updates the reputation of the file. This reputation is especially important when a file is new, likely to be a threat, and traditional defenses are not likely to detect it.

“The reputation-based technology, codenamed Quorum, leverages the tens of millions of users in the worldwide Norton Community Watch who choose to anonymously contribute data about the applications running on their systems. This data is fed into a reputation engine where dozens of attributes for each file, such as age, download source, digital signature, and prevalence are combined to determine its reputation. Without ever having to ask the user, Norton can infer with an extremely high degree of accuracy the likelihood of an unknown application being good or bad.”

Building security technologies on Quorum
Why is it likely that the Internet security industry will be building on technologies like Quorum for the next 10 years?

According to Kanwal, the current security solutions are designed around the fingerprinting model. This works like a “wanted” poster – warning users against dangers that have already been identified, or “fingerprinted”. However, it’s woefully inadequate when faced with new threats.

“This will change however with the introduction of the new security model, codenamed Quorum, that’s found in the Norton 2010 products. The reputation- based technology takes the greatest weapon cyber criminals have in their arsenal – their ability to generate unique pieces of malware at an alarming rate – and turns that very weapon against them.

“That is important because the fact is cybercriminals are now destroying lives rather than just computers. Every three seconds an identity is stolen, and 1 in 5 people becomes a victim of cyber crime.

“Another reason why the industry will build on the reputation-based technology, codenamed Quorum, is that traditional security solutions – signature files and behavioural heuristics – alone, are obsolete. Cyber criminals are furiously writing and then rewriting new and unique pieces of malware – Symantec sees more than 200 million attacks on average every month.”

Furthermore, these threats are polymorphic – they are able to hide because every instance changes slightly to evade detection by conventional defenses. Each change keeps the malware active, but it modifies the file’s signature and renders security vendors’ technologies (both signatures and heuristics/behaviors) all but useless against the new breed of unknown threats.

The Web also greatly eases the distribution of polymorphic threat variants since most threats today are delivered via Web-based attacks. Norton 2010 addresses these by using the reputation-based technology, codenamed Quorum, against the bad guys by making such a new file capable of being detected because of its poor, un-established reputation.

That is why the information security industry will be building on technologies like code name Quorum for the years to come.

SONAR2 technology in Norton 2010
Finally, what’s with this new SONAR 2 technology in Norton 2010?

The advanced SONAR 2 technology found in the Norton 2010 products is a sophisticated second-generation behavioural security technology that detects entirely new threats based on their suspicious actions, without the need for traditional fingerprints. It leverages data from the reputation cloud, firewall, network communications (IPS), and file attributes such as location on the PC, origin information, to decide when to detect a program as a threat.

According to Symantec, SONAR 2 intelligently measures feedback across the PC to make high accuracy decisions, seamlessly switching between protection types as needed. It uses real-time, online intelligence and proactive monitoring to detect and stop new threats before traditional definitions are available.

This system can stop today’s rapid-fire attacks even before traditional signature-based definitions are available because it watches out for typical behaviors performed by malware. This technology feature makes the Norton 2010 range superior to other products in the market.

Part two of my conversation with Gaurav Kanwal will focus on trends in cyber crimes, how users can protect themselves against malware, phishing and other attacks, and some India based statistics.

Advertisements
  1. pc-veryslow
    October 31, 2009 at 2:40 am

    Thank you for this blogpost ! It was really helpfull !
    Could you provide us more information regarding this subject?

  1. No trackbacks yet.
Comments are closed.
%d bloggers like this: