RSS Alerts

Share

More services

Related Links

Related Stories

Top 5 Stories

News

Symantec to unveil data indexing technology

16 February 2010

At the RSA security show next month, Symantec will unveil a data indexing technology designed to identify the owners of files by querying enterprise storage systems. Called Data Insight, the product will have multiple applications, including cost reduction, data leakage prevention, and even IT forensics.

"We're collecting all of this information about who owns files, who's accessing them, and what they can are doing with the information," said Joe Pasqua, senior vice president of research at Symantec. "Now we can use machine learning technology to take all of that information and start asking ourselves if anything weird is going on."

Such techniques can be used to identify insider threats, according to Pasqua, who said that it will be integrated with Symantec's data loss prevention system. It can also find out which files have been 'orphaned', after employees responsible for them have left.

"I can drill down even further with information that's provided to the data loss prevention program by Data Insight, and find out the most active user of this information," Pasqua continued, describing a typical scenario: "The owner of this document isn't used by the company anymore, no-one owns the file anymore, and yet it is being accessed by someone else."

It would then be possible to obtain an overview of how the data is being accessed. "I could say that not only have I identified a sensitive piece of information, but I can see which users are accessing it," he said.

Symantec has already integrated Data Insight with its CommandCentral storage resource management software, which will then enable administrators to link the amount of storage used by departments or employees. The system will also be integrated with Enterprise Vault, allowing administrators to automatically archive data that is owned by a current employee but which hasn't been accessed for a set period.

Pasqua also said that the company would be implementing mobile reputation-based systems, which will be used to help secure applications on mobile devices. Symantec already uses a statistical analysis system running in its own server farm, which analyses files picked up by participating client devices. It employs a range of criteria to give the file a reputation, in a marked departure from traditional signature-based scanning and heuristics.

The reputation system can give a low reputation to a file that has been individually crafted for a user by a polymorphic crimeware kit running on a malicious server, for example. Such a file may not have been seen by anyone before, and would not be picked up by a traditional signature scanner. Nevertheless, the reputation-based system would class it as risky, because it would represent an unknown entity.

The forthcoming application of the file reputation syste to a mobile computing platform such as Google's Android will help to identify risky applications, Pasqua concluded.

This article is featured in:
Application Security • Compliance and Policy  • Data Loss  • Internet and Network Security • IT Forensics • Malware and Hardware Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012