Norton by Symantec is the consumer brand of the world’s largest pure-play security company Symantec. As such, Norton branded products benefit from the masses of enterprise threats that Symantec sees and conversely enterprise benefits from the enormous consumer user-base in its global intelligence network.
This has become even more evident over the past few months with Symantec's acquisition of Blue Coat which gives it the most comprehensive end-to-endpoint offering and the world’s largest global intelligence network. The combined GIN discovered masses of additional threat vectors that benefit Norton users.
Mark Gorrie, director, Norton Business Unit, Pacific region gave an overview of issues facing consumers and what Norton was doing to address this via updates to its Security Premium product.
The slide says it all – most alarmingly every two seconds someone becomes a victim of identity theft (ID), Australia is the third most targeted for malware, 21 million apps have privacy leaks or intrusive behaviour (more on that later) and 19% of Australians have experienced credit card fraud online this year.
Google Play’s Android store claims it has about 2.75 million apps – how can 21 million be “suspect”? Via Norton’s GIN it has identified a total of 30 million Android apps (these may be enterprise, special purpose, different or variants) in the wild and two-thirds are “suspect.
It merely shows that developers are focused on writing apps, not being security specialists, and few apps are hardened against the brute force attacks that cyber criminals can use. For example, the author of a common audio/video player app never realised that it could be exploited to record from a microphone and Web camera, much less be used to gain root privilege.
As AI and machine learning become more a part of security defence, the cyber criminals too have access to similar resources. Using these tools Symantec set up a Centre for Advanced Machine Learning (CAML) with 10 PhDs who have 100+ years of experience in applied machine learning, including deep learning, manifold learning, Bayesian learning and more, plus extensive security expertise. Add to that all the resources of its 3000+ software engineers and 15 global security centres and the GIN was able to block 500,000 more attacks daily.
But it was a never-ending circle of block one and another variant appears — kind of a whack-a-mole scenario — that has led to predictive machine learning, a loop that constantly trains itself and can find “pre-zero-day exploits” – protection against yet to be exploited vulnerabilities.
Gorrie said that consumer protection had moved way beyond “signature-based” detection and now covers attack vectors – email and anti-spam, the web (reputation of sites), USB/external storage, network incursion), blocking calls to C&C servers, looking at machine behaviour (Sonar) and so much more.
He mentioned Norton Mobile (iTWire article here) because cyber criminals had found Android and, to a lesser degree, iOS fertile ground. The main work here was in the “App adviser” to show what granting various permissions to apps can do, and a simple “Report card” that allows users to see the state of their phone and, if necessary, do something.
He spoke about Symantec’s acquisition of Lifelock; when it is introduced to Australia it will provide identity and fraud protection services for the connected world.
Gorrie said that Norton subscribers had received considerable new functionality throughout the year – improved proactive exploit protection, a new emulation feature, predictive machine learning, and more in IoT and home network protection.
His final words – “It is not a matter of if but when you get attacked. Norton adds considerable value over free AV solutions.”