Saturday, July 4, 2009

Reputation-Based Security

Zulfikar Ramzan technical director and architect at Symantec recently spoke with CNET where he took the opportunity to outline the company's future plans.

Symantec has what they call the Symantec Community Watch program where customers submit data back to them about security events and related happenings on their system at any given moment in time. The submission of this data is void of human intervention. The program currently has well over 30 million participants.

The company plans to use this data in the next version of its Norton Antivurs 2010 product. Accroding to Ramzan this new approach dubbed reputation based security is really about looking at a much wider spectrum of machines to make a much more informed decision about what one file is doing.

This approach is in stark contrast to to what currently exists where a blacklist or a white list is used. This approach essentially looks for files you are either know are bad as in the case of a blacklist. Or files known to be good as in the case of a whitelist. Both these approaches neglect what happens in the middle. And so reputation based security is geared towards addressing that.

This is an interesting approach. However I am sure the bad guys will find a way around it.
We'll see.

No comments:

Post a Comment