Symantec flexes its muscles with zero-delay products for an increasingly hostile web

Rethink IT, May, 2004 by Caroline Gabriel

The most recent twice-yearly security report from Symantec revealed how serious the problem of viruses and other threats to the corporate system has become. The only bright spot in the whole document smacked of desperation--in the last six months of 2003, the rare at which internet security holes were discovered levelled off to a mere seven per day, whereas before that, new vulnerabilities had been appearing at a rising rate. But the bad news was that those flaws were being exploited far more quickly than ever before.

Of course, it is in the security vendors' interests to play up the threats and encourage everyone to buy more and more complex protection software. But customers also have to retain their confidence that those vendors can address the rapidly rising tide of security flaws, and with the huge level of viruses, malicious spare and other attacks that we have seen in the past year, the main suppliers are having to make ever greater efforts--in terms of technology and PR--keep the trust of their customers.

In the forefront of the market is Symantec, which has become the most highly recognized brand for enterprise and consumer security and the biggest player in the market. But the company knows that, not only is the wave of security problems attracting new players into the space and increasing competition, but it needs to be increasingly responsive and clever itself to meet the rising challenges and retain its customers' loyalty.

THE SECURITY CONTEXT

"We looked at the lifecycle from vulnerability to attack, and we could see there that the speed is consistently getting faster and faster," said Vincent Weafer, senior director of Symantec Security Response. He pointed our that it rook three weeks for the Blaster worm to emerge last August, but only three days between the recent leak of Microsoft source code onto the Net and an attack based on that code. This shorter window leaves businesses vulnerable because patches can take days or even weeks to deploy. Symantec believes that it is not long before 'zero-day' threats, which attack flaws before they are even detected and patched, emerge into the mainstream.

As well as the increasingly nimble feet of the hackers, the threats themselves are becoming more sophisticated. Blended threats, such as viruses that install backdoors for hackers after a successful infection, are on the rise and now make up 54% of the top 10 malicious code submissions that Symantec received in the second half of 2003.

Of the top 50 malicious code submissions, backdoor-capable code increased by 123%. These backdoors can be used for hackers to steal confidential information or hijack a machine and force it to participate in a denial of service attack or to send spam.

Symantec, which bases its twice-yearly report on input from its customers and its own DeepSight Threat analysis system, says that hackers have an easier time than ever before in exploiting vulnerabilities. In 2003, the number of vulnerabilities classified as 'easily exploited' climbed by about 10% from the year before--the first time that such weaknesses crossed the two-thirds mark, reaching 70%. Symantec says the main reasons are that more flaws, such as those in web services, need very little expertise to exploit, and more hackers are using already published code and tools for their work--for instance, many recent worms have come from the MyDoom and Netsky malware, whose sourcecode has been released.

All this has helped to create a record wave of worms and other problems in the past year, and another worrying trend is that, alongside more easily exploited flaws, security holes are becoming increasingly serious. The rise in numbers may be slowing, but the severity of risk is not, especially with the increasing focus on almost universally used Microsoft products. Internet Explorer saw a 70% jump in disclosed vulnerabilities in the second half of 2003 compared to the first.

SYMANTEC TECHNOLOGY STRATEGIES

In this context, Symantec is facing greater challenges than at any time in its 24-year history, a history marked by steady growth, the establishment of a strong brand, and a string of acquisitions almost worthy of Cisco, averaging more than one a year and over 30 in total, and aiming to ensure that the company responds quickly to new security demands by buying in products to cover all the possible bases.

Symantec has always sought to achieve a broadly based product range and a one-stop shop for customers, often through acquisition, and even when that means launching an application into an overcrowded space. Last year, for example, it brought out a new release of iForce Intrusion Detection Appliance, relying on its brand recognition to make the product a success in a very crowded space.

But now it is having to spread its net more widely than ever and also to integrate its consumer and corporate products more closely. The past six months have seen it moving more aggressively into gaining bigger enterprise contracts and also ensuring that consumer security moves up to the level of robustness of the company's.