/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsPUNE, INDIA: Whitelisting, VIBES and positive fingerprinting are soon going to etch their place in the security shelves. The driver would be a shift from protecting information and users by building a fort around to a format of equipping them with bullet-proof protection instead.
As notoreity and publicity oriented mass-target attacks are being replaced by money-oriented, small-multiple attacks in the new online threat landscape, we can also see criminal now looking at browsers as their new quarry. "Attackers today are not targeting a device or a computer but information. This 'Information as a target' trend would be the underpinning of new security softwares and solutions too." explains Shantanu Ghosh from Symantec.
So far all the malwares detected were through fingerprinting the bad guys, for instance, he illustrates. "Through signatures of malicious programs, the anti-virus vendors used the same logic as cops do with fingerprints. But as the total number of malwares keeps ballooning at overwhelming rates, the same approach can turn into a performance killer with heavy loads of downloads every time. So there's a new approach of fingerprinting the good guys." The whitelisting approach is already showing its presence is Symantec's products.
There would be new technologies combining blacklisting and whitelisting as well as for files which fall in none of these categories. "This cool technology would work by using the repertoire of information of past actions and extrapolate to surmise a file's genuine degree."
Apart from this, Symantec is also working on browser-oriented technology of VIBES, which is in R&D mode and will appear as multiple products.
VIBES stands for Virtualisation-based endpoint security. "VIBES leverages virtualization technology to protect end users by preventing sensitive data entered in online transactions from being stolen and mitigating the risks associated with executing malicious content downloaded from the Internet. It transparently sets up multiple isolated virtual execution environments, each with its own level of trust, and this new approach significantly improves browser security by enabling users to seamlessly use different virtual execution environments to carry out different Web transactions. The three virtual execution environments in the current VIBES prototype are user virtual machine, trusted virtual machine and playground machine. The first one handles browser-based online transactions in the HTTP mode, the second one handles more sensitive transition in the HTTPS mode while the third one is where more adventurous, untrusted activities are carried out, such as visiting unknown Web sites or downloading unknown applications."
The new security scenario will in addition, see the challenging task of handling collision between enterprises and consumers. "The next generation is growing up with digital devices and it's a part and parcel of their everyday life. At the same time, enterprises have to put access barriers for employees' devices. Add to that the issues of mobile workforce, anywhere workforce etc. The way we do our jobs today is different than yesterday. Balancing security with productivity is going to be a challenge. We intend to take care of that with our new software in the next few years. End-point devices can allow high degrees of intelligence to juggle between security concerns and productivity issues."
Commenting about the recent changes in storage landscape with technologies like de-duplication, thin provisioning and SSD (Solid State Disks) he agrees that the magnitude is huge. "Even more people are spending on storage due to the increase in information. Large part of IT budgets are being used in storage." Yet, as he points out, apart from the complexity and sophistication of new ways is affecting the utilization rates which are as low as 30 per cent. "Visibility and dashboards for users is what is needed along. It's time to change from a prison guard format of security to a tour-guide one that is helpful to users in a more hands-on and mobile way. This trend is what our software and products are moving towards. Our features and releases ahead will see multiple different products along these requirements." Ghosh says.