upload - symanteceval.symantec.com/.../b-ciodigest_april09_upload.en-us.pdf[upload] beyond static...

[UPLOAD]

Beyond Static Protection

4 CIO Digest April 2009

By Stephen Trilling Vice President Security Technology and Response (STAR)

[ Data Loss Prevention During

Downsizing ]

A recent survey conducted by

the Ponemon Institute and

Symantec found that more than

half of ex-employees admit to

stealing company data. The

survey included employees

who lost or left a job in 2008,

revealing that 59 percent of

ex-employees take confidential

company information with them.

Customer information, contact

lists, and employee records are

the most commonly identified

types of records taken.

The survey results also

show that if companies had

implemented better data

loss prevention policies and

technologies, many instances

of data theft could have been

avoided. “Data loss during

downsizing is preventable,”

states Rob Greer, senior direc-

tor of product management for

Data Loss Prevention solutions

at Symantec. “We can prevent

employees from emailing

sensitive content to personal

Webmail accounts or down-

loading it onto USB drives.” By

implementing clear policies,

introducing adequate data

access controls, and enhanc-

ing employee communication,

>Continued on page 5

yx SYMANTEC CHRONICLES

yx SECURITY TECHNOLOGY AND RESPONSE

Modern criminology uses offender profiling to better understand the “abnormal psyche” of the criminal mind, enabling more effective law enforcement. Symantec is applying the same approach to identify malware.

In the last issue of CIO Digest, I described how Symantec is supplementing traditional

virus signatures with new technologies that can detect and block entirely new threats, without researchers having seen them before. I used the analogy of a suspicious looking individual wearing an ankle length coat in the middle of summer with something obviously concealed underneath: although the person hasn’t yet done anything wrong, and their fingerprint may not yet be on file, there still may be cause for concern.

While this is an oversimplified example, it’s a good way to explain how heuristic technology works. By examining the attributes of executable files to check for suspicious characteristics, we can detect new threats that don’t yet have virus signatures and stop them before they have a chance to run on a user’s machine.

But what makes criminals different from law-abiding citizens, besides breaking the law?

Our challenge is to “profile” the differences between good programs and bad ones—and never block the good ones. This involves analyzing the attributes of millions of pre-classified legitimate and malicious files, a task Symantec is undertaking in building a new advanced

version of our “Bloodhound” heuristic technology. Here’s how it works: known good and bad executables are fed into an

extractor tool, which produces a list of “features” for each program.

For example, such features could include the size of the program, whether or not the program file is compressed, or particular operating system functions that are used by the program. All of

these feature lists, along with the status of each file (good or bad),

are then fed into a machine learning tool. The tool automatically identifies

features or combinations of features that are highly correlated with either legitimate files

or malware, essentially “learning” how to profile new, unknown threats. For instance, the machine learning tool may determine that programs that are compressed and have no visible operating system calls are highly likely to be malicious.

The rules that result from this analysis—less than 1,000 rules in the case of this current effort—are checked against Symantec’s collection of known valid files to identify any false alarms and then added to our

imA

ge

S.c

om

symantec.com/ciodigest 5

And while mobile attacks currently lag behind PC attacks—there are approximately 300 mobile

viruses in circulation, compared with nearly 400,000 for PCs—MessageLabs expects these to catch up in a hurry during 2009. Attacks disguised as free application downloads and games have already targeted smartphones in 2008. Now, cybercriminals will be able to target mobile users by autodialing SMS texts to their phones, with the intent of bilking credit from the mobile user’s account—similar to the “porn dialers” of the last decade.

MessageLabs, now part of Symantec, is a leading source of information and analyses on global security issues, based on live data feeds from more than 14 data centers around the world, scanning billions of messages and Web pages each week.

Download the 2009 Security Predictions report at go.symantec.com/securitypredictions. Download the Web Based Threats white paper from Symantec at go.symantec.com/webthreats.

companies can minimize the

risk of data loss. To find out

more about data loss pre-

vention technologies, visit

go.symantec.com/dlp_

ciodigest.

[ Norton and Ask.com Make

Web Searching Safer ]

Surfing the Web is the essence

of the Internet experience;

however, it is not without risks.

Safe Search, a new offering

from Ask.com and Symantec,

makes searching the Web

safer by providing users with

ratings before they visit sites

that could damage or infect

their PCs.

The site ratings are embed-

ded into the search experience

so users can conduct searches

directly from their Norton

toolbars and see site ratings

presented on a customized

search results page. Using

color-coded icons, Safe Search

helps users decide whether to

visit or avoid sites that may be

malicious or harmful.

Safe Search, with search

powered by Ask.com, is now

available with Norton Safe Web

as part of the Norton 360 ver-

sion 3.0 public beta. To try Safe

Search, visit www.onlinefamily.

norton.com.

[ Intelligent Software

Management to Altiris Suite ]

Making new inroads into cli-

ent and server management,

Symantec recently announced

version 7.0 of Altiris >

>

>> Graduating with Distinction

The Symantec Research Labs Graduate Fellowship program is now in its third year. In Feb-

ruary, Symantec announced the re-cipients of its Graduate Fellowships for 2009: Kevin Butler, a doctoral candidate in computer science and engineering at Penn State University, Marco Cova, a doctoral candidate in computer science at University of California, Santa Barbara, and Polo Chau, a doctoral candidate at the Machine Learning Department, School of Computer Science at Carn-egie Mellon University, who also won the fellowship in 2008.

The fellowship is awarded to promising graduate students who demonstrate interest in investigating innovative solutions to real-world challenges in information security, storage, and systems management. The one-year fellowships cover 100 percent of the recipients’ tuition and fees, along with a competitive stipend to fund ongoing research in their areas of expertise. Symantec’s Graduate Fellowship program will pair Butler, Chau, and Cova with mentors from Symantec Research Labs to provide ongoing technical guidance on their research during graduate training.

Top Web Threat Trends for 2008

1 Drive-by downloads from mainstream Web sites are increasing

2 Attacks are heavily obfuscated and dynamically changing, making traditional antivirus solutions ineffective

3 Attacks are targeting browser plug-ins instead of only the browser itself

4 Misleading applications infecting users are increasing

5 SQL injection attacks are being used to infect mainstream Web sites

6 Malvertisements are redirecting users to malicious Web sites

7 Explosive growth in unique and targeted malware samples

Source: Symantec Corporation

Beyond Static Protection Continued from page 4

fingerprint database. Now, when users update their virus definitions, in addition to new virus signatures, they’re also downloading patterns of heuristic logic for additional protection.

This new version of advanced Bloodhound heuristics is shipping in Symantec’s 2009 consumer products and has had 20 million detections of new threats on customer machines

to date, all without a single classic signature. Symantec Endpoint Protection users can enable this technology by setting the “Bloodhound” slider bar in the product to Level 3. After further evaluation in corporate environments, we hope to enable these heuristics by default. However, we encourage Symantec Endpoint Protection customers to evaluate this new technology today by enabling Bloodhound Level 3, as we believe it provides significant improvement in detection of new threats.


Client and Server Manage-

ment Suites. Designed to offer

better visibility into IT assets,

simplify day-to-day manage-

ability, and improve end-user

productivity, the solutions

help customers realize sig-

nificant cost savings and value

from existing IT investments.

“Symantec’s comprehensive

endpoint management solu-

tions help us to do more with

less by taking the guesswork

out of managing more than

10,000 desktops and 1,000

servers,” says Dave Durkee,

systems engineer, Meijer, a

grocery retailer that operates

185 supercenters across the

eastern United States.

The upgrade, the first since

Symantec’s acquisition of Altiris

almost two years ago, includes

new features for remotely

deploying and managing Mac

and Linux desktop PCs and,

on the server side, improved

performance monitoring of

physical and virtual machines.

The features significantly boost

Altiris’ Mac management fea-

tures, which the company began

adding in 2002.

For server management,

Altiris 7 offers both agent and

agentless monitoring and can

be set to automatically choose

the best method. The software

also manages virtual machines

created by both VMware ESX

as well as Microsoft’s Hyper-V.

For more information Altiris

7.0, visit go.symantec.com/

altiris7.

[UPLOAD]

>

Do women bring a unique perspec-tive to thorny issues such as in-formation security, risk manage-ment, and privacy? Indeed they do, according to

a powerful group of senior women executives in this field who attended the first western regional meeting of the Alta Associates Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF) in Mountain View, California.

Speaking at the conference, Joyce Brocaglia, EWF Founder and CEO, noted that “women approach the world of IT differently than men do. They are innately more collaborative and strong communicators, which en-ables them to foster trust and bring innovation into their companies. Security issues extend across an organiza-tion, and women executives are able to drive the consen-sus needed to implement new solutions effectively.”

And yet, the presence of women in computing-related professions has been declining. In 2007, women earned only 19 percent of all Computer Science degrees in the United States, while back in 1984 that number was 37 percent. Overall, there has been a 70 percent decline in the number of incoming undergraduate women choosing to major in Computer Science between 2000 and 2005.1

“We hope that by showcasing the success of women in a field that has long been dominated by men, we can help change this trend,” says Brocaglia. Each year, the forum pres-ents the “Women of Influence Awards” to recognize women who exhibit creativity and innovation in solving problems and have made significant contributions to the IT industry.

Founded in 2002 to provide women in IT a platform to share their experience, success, and challenges, the EWF has grown into an organization of 400 influential executives at companies ranging from small startups to Fortune 500 corporations.

Leading the panel discussion at the western regional meeting, sponsored by Symantec, were Mary Ann Davidson, CISO, Oracle Corporation, Michelle Dennedy, Chief Governance Officer for Cloud Computing at Sun Microsystems, Erin Hintz,

vice president, Worldwide Consumer Marketing at Sy-mantec, and Joanne Moretti, senior vice president, Prod-uct Marketing and Analyst Relations, CA, Inc.

A resonant theme in the lively conversation was that while tough economic cycles

trigger complex management challenges for all executives, such times can be even more demanding for women as they strain to maintain work-family balance. “Creating support systems is critical for professional success, especially at times like these” noted Amy Gonzales, West Coast Regional Direc-tor, WOMEN Unlimited, Inc. “That’s what the EWF does,” says Brocaglia. “We provide a trusted community for women to share ideas and form relationships with like-minded women.”

Nurturing new talent, the EWF also awards a full-tuition scholarship to a woman for the Master of Science in Information Security Technology and Management (MSISTM) program at Carnegie Mellon. Offered in partner-ship with the Information Networking Institute (INI) and Carnegie Mellon CyLab, EWF Fellowships aim to encour-age historically underrepresented student communities.

For Tyelisa Shields, the winner of the 2008 fellowship, an education at Carnegie Mellon and access to EWF mem-bers has been a transforming experience. “The program has given me amazing opportunities to grow and succeed,” said Shields. “I’ve been able to find so many mentors who are so accessible and supportive of what I’m trying to achieve.”

Programs such as these are funded in part through corporate sponsorships. “We’re able to offer these opportuni-ties thanks to the support we receive from companies like Symantec, CA, Sun Microsystems, Microsoft, E&Y, Archer, and so many more,” said Brocaglia. “It’s one of the most satisfying things we’re able to do at the EWF—recognize the contribu-tions of some remarkable women in IT and have them mentor the next generation of women executives.”

1“By the Numbers,” Women & Information Technology, 2009, www.ncwit.org/pdf/BytheNumbers09.pdf.

Dee V. Sharma is a managing editor with CIO Digest and an execu-tive at NAVAJO Company. She has written for publications such as The Economic Times and Times of India.

Women in ChargeTurning the tide on a 70 percent decline in women seeking IT careersBy Dee V. Sharma

JuP

iTe

Rim

Ag

eS

.co

m


[ Connecting Parents and

Kid’s Online ]

There are countless destina-

tions on the Web and steering

children toward safe locations

can be a daunting task for

parents. Norton Online Family,

currently in beta, is a unique

Internet safety service designed

for parent-child collaboration.

The easy-to-use service includes

customizable tools to help kids

and parents set “house rules”

for time spent online, and allows

parents to monitor Web surfing,

IM chat, and searches on sites

such as Google, YouTube, and

Wikipedia. Parents can also

confirm the IM friends of their

friends, monitor conversations,

and view the number and type of

social networking accounts they

have. To try the service, visit:

www.onlinefamily.norton.com.

[ Backup Exec 12.5

Recommended by PC Pro ]Leading U.K. publication, PC Pro granted Symantec Backup

Exec 12.5 for Windows Servers

a “Recommended” Award and 5

stars. The publication noted “a

superb range of features at a very

competitive price” as reasons

to consider this latest version

of the backup software. Backup

Exec 12.5 offers protection for

Microsoft and VMware virtual

server environments and includes

Continuous Protection Server

alongside Advanced Open File and

Intelligent Disaster Recovery op-

tions. For more information, visit:

www.symantec.com/backupexec.

>> Available This Summer:

Graduate Student Interns in Cyber Security

TRUST, the Team for Research in Ubiquitous Secure

Technology (www.truststc.org), is working to place

96 masters and doctoral students with expertise in

cyber security into summer internships with leading Silicon

Valley companies.

TRUST is a science and

technology research center that

aims to catalyze collaboration

between computing, legal, and

policy experts, as well as social

scientists, and to develop tech-

nologies to make the country’s

computing and vital infrastruc-

tures more secure.

Based at the University of

California, Berkeley, and funded

by the National Science Foun-

dation, TRUST is a coalition of

academic partners that includes Carnegie Mellon University,

Cornell University, Stanford University, Vanderbilt University,

Mills College, San Jose State University, and Smith College.

Representing TRUST at the Executive Women’s Forum was

Dr. Kristen Gates, the center’s executive director of education.

Addressing the gathering, Gates said, “We’re facing a crisis in

our educational system in the United States. It really is up to

us as professionals and as leaders in our industries to step up

and offer our students the opportunities they need. It is my

mission to increase the number of women in cyber security,

and the way I can do it is through the relationships we forge at

forums such as the EWF.”

> CIO Digest Now Available on the Amazon KindleConsume CIO Digest content at your leisure on your Amazon Kindle. The January and April 2009 issues are now available at go.symantec.com/ cio-digest-kindle.

> CIO Digest Editor-in-Chief BlogGet insights and highlights of new content, and interact with the CIO Digest editorial team. Check out the editor-in-chief blog at go.symantec.com/ cio-digest-blog. > CIO Digest Facebook PageReaders with Facebook accounts can now connect and share ideas with the CIO Digest editorial team, receive notification of each new issue release, and more. Sign up as a Facebook friend of CIO Digest today at go.symantec.com/ciodigest_facebook. > CIO Digest Wikipedia EntryCIO Digest joined “The Wikipedia Revolution” earlier this year. Check us out at http://en.wikipedia.org/wiki/CIO_Digest. > TwitterTweeting on everything from new CIO Digest articles, research reports, podcasts, webcasts, white papers, customer successes, user groups, and more, the Symantec Publishing Twitter keeps Symantec customers and partners up to date. Follow the tweets at http://twitter.com/SymPublishing.

> LinkedlnExchange tips and strategies with peers by joining the CIO Digest group on LinkedIn.com at go.symantec.com/ciodigest_linkedin.

Social NetworkThE CIO DIgEsT

Ric

ha

Rd

Bo

Rg

e


MessageLabs Intelligence reports that social networks are becoming increasingly vulnerable to new, sophisticated phishing techniques.

Cybercriminals are a services-oriented bunch. In a report titled 2009 Security Predictions, MessageLabs Intelligence finds that Malware-as-a-Service (MaaS) is predicted to

flourish on the Web in 2009. Under the MaaS model, automated malware services will serve up the finest malware to online buyers, and even launch it instantaneously at designated targets. This is helping cybercriminals find newer and faster ways to change their malware and avoid detection by newly adopted antivirus systems. As a result, malware is increasingly becoming a disposable product, spawning a vast, revenue-generating market.

The report also finds that social networking sites will be the target of ever more professional phishing—collecting detailed personal information about individuals and their extended social networks. This will make it harder to iden-tify spam flooding inboxes, as it could include proper names and other confidential information. Segmented according to demographic or market data, spam messages will be shorter, with less content to filter, and can even resemble actual news-letters and other legitimate offers.

Few Web sites are immune from being compromised and are used as a host to deliver malware to their unsuspecting visitors. During 2008, Symantec observed more than 18 million drive-by download attacks and more than 23 million misleading application attacks, equating to 808,000 unique domains, many of which are mainstream Web sites.

Malware on the Menu

Spammers Feed on Recession Fears

As the global financial crisis continues, spammers are filling inboxes with “recession spam.” Subject lines such as “Money is tight” and “Get 15% off these” are enticing email users to open malicious

emails. The MessageLabs Intelligence report for February 2009 highlights a dramatic jump in recession-themed spam and the use of search engine links to guide unsuspecting recipients to the spammers’ domains.

By using legitimate search engine links, it makes it more difficult for traditional anti-spam products to identify the message as spam. This type of search-engine redirect spam accounted for 17 percent of spam in January 2008; however, it is diminish-ing as anti-spam technology catches up and the search engine providers make it harder for spammers to take advantage of this feature.

Download the MessageLabs Intelligence: February 2009 report at go.symantec.com/securitypredictions.

Spam Rates by Country

Ed

uca

tio

n

Ch

emic

al &

Ph

arm

aceu

tica

l Sec

tor

Ret

ail

Pu

bli

c S

ecto

r

Fin

ance

67.9%

59.8%63.6% 62.5%

58.9%

Rates by Industry

Source: MessageLabs Intelligence: February 2009

[UPLOAD]


[BOOK REVIEWS]

The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results is a great introduction to a complex subject. The authors

divide the topic into four areas: measuring IT’s contribution to the business, using governance models, measuring IT’s effectiveness, and managing the IT organization. They have a wealth of experience and work to translate IT language into business terminology. They introduce and summarize published literature by thoroughly explaining, examining, and comparing many popular frameworks, a valuable contribution to anyone seeking an overview on the business value of IT.

Although the content is comprehensive, the book does not deliver the unique insights readers anticipate from

these experienced professionals. Despite the inclusion of many examples, they lack detail, and the authors fail to explore key points that are critical to success-fully managing IT for business value in appropriate detail. For example, the authors don’t strongly deliver the message that the value proposition must be defined by the recipients of IT, not the actual pro-viders. The translation from customer value to bottom-line impact is also not given adequate attention.

The Business Value of IT summarizes current issues on the subject but lacks ground-breaking insights on approach-es to implementing a successful business value program. However, it is well written, makes concepts easy to under-stand, and is a great primer on the business value of IT.

David Sward, who has established successful business value programs in various assignments, is the director of User-Centered Design at Symantec, and author of Measuring the Business Value of Information Technology.

Michael D.S. harris, David herron, and Stasia Iwanicki, The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results (Boca Raton, FL: Auerbach Publications, 2008).

ISBN: 978-1-4200-6474-2 Price: $69.95

The sheer amount of data that security professionals are confronted with is increasing at a

staggering rate. At the same time, organizations are threatened with a barrage of ever more complex threats—both external and internal. When we couple these challenges with the need to satisfy compliance-related regulations, the entire picture becomes vastly more complex.

This creates a pressing requirement to develop tech-niques that allow security executives to quickly process the information they receive and to obtain a picture of the cur-rent state of their organization. Applied Security Visualiza-tion by Raffael Marty brings together the field of informa-tion visualization with the practical problem of analyzing security-related information, filling a rather important gap in security literature.

No longer is it sufficient for a picture to be worth merely a thousand words; instead, we must develop visuals that efficiently convey a vast amount of information while also making it easy to identify important patterns. While Marty does a wonderful job of covering the field of information visualization, referencing techniques from luminaries such as Edward Tufte, the book is far from a theoretical treatise.

Rather, Marty gives hands on guidance, includingdescriptions of available resources to perform the tasks.The information security executive will

likely be especially interested in the material related to developing good information dash-

boards and the chapter on compliance. In addi-tion to covering the visualization of perimeter-based

threats (including worms, denial-of-service attacks, and botnets), the book also covers insider threats (such as infor-

mation theft, fraud, and sabotage).Notwithstanding the book’s excellent content, it remains

a starting point, in my opinion, for the field of information security visualization. The diagrams it contains, while far richer in information than what you typically see, still pale in comparison to some of the breathtaking visuals from one of Tufte’s books.

At the same time, this shortcoming should not deter inter-ested readers, as security visualization is a nascent field, and the book provides a solid starting point. In particular, readers will find the companion CD useful, as Marty provides more than mere guidance on the subject. Finally, even if readers do not make full use of all the techniques Marty delineates, the expository material on the theory and practice of visualizing data will likely be more than worth its weight in gold.

Zulfikar Ramzan (Ph.D.) is technical director and architect with Symantec’s Security Technology and Response group and co-author of Crimeware: Understanding New Attacks and Defenses.

Raffael Marty, Applied Security Visualization (Boston: Addison-Wesley Professional, 2008).

ISBN: 978-0-3215-1010-5Price: $49.99

upload - symanteceval.symantec.com/.../b-ciodigest_april09_upload.en-us.pdf[upload] beyond static...

Documents