Whitelisting, virtualization-based endpoint security (VIBES) and positive
fingerprinting are soon going to mark their place in the security shelves. The
driver would shift from protecting information and users by building a fort
around, to a format of equipping them with bullet-proof protection instead.
As notoriety and publicity oriented mass-target attacks are being replaced by
money oriented, small-multiple attacks in the new online threat landscape, we
can also see criminals now looking at browsers as their new quarry. “Attackers
today are not targeting a device or a computer but information. This
'information as a target' trend would be the underpinning of new security
softwares and solutions too,” explained Shantanu Ghosh from Symantec.
Information as a target
So far all the malwares detected were through fingerprinting the bad guys,
for instance, he illustrates, “Through signatures of malicious programs, the
anti-virus vendors used the same logic as cops do with fingerprints. But as the
total number of malwares keeps ballooning at overwhelming rates, the same
approach can turn into a performance killer with heavy loads of downloads every
time. So there is a new approach of fingerprinting the good guys.” The
whitelisting approach is already showing its presence in Symantec's products.
There would be new technologies combining blacklisting and whitelisting, as
well as for files which fall in none of these categories. “This cool technology
would work by using the repertoire of information of past actions and
extrapolate to surmise a file's genuine degree.” said Ghosh.
Apart from this, Symantec is also working on browser-oriented technology of
VIBES, which is in R&D mode and will appear as multiple products. VIBES stands
for virtualization-based endpoint security.
The three virtual execution environments in the current VIBES prototype are
user virtual machine, trusted virtual machine and playground machine. The first
one handles browser-based online transactions in the HTTP mode. The second one
handles more sensitive transition in the HTTPS mode, while the third one is
where more adventurous, untrusted activities are carried out, such as visiting
unknown websites or downloading unknown applications.
The new security scenario will, in addition, see the challenging task of
handling collision between enterprises and consumers. “The next generation is
growing up with digital devices and
it's a part and parcel of their everyday life. At the same time, enterprises
have to put access barriers for employees' devices. Add to that the issues of
mobile workforce, anywhere workforce, etc. The way we do our jobs today is
different than yesterday. Balancing security with productivity is going to be a
challenge. End point devices can allow high degrees of intelligence to juggle
between security concerns and productivity issues.
Pratima Harigunani
(Courtesy: CMN)