white paper

profileMero1988
SampleBackgrounderSymantecInternetThreat-Meter_Backgrounder.pdf

Product Backgrounder Symantec Internet Threat Meter

The Changing Threat Landscape Over the last few years, Symantec has seen a change in the nature of Internet threats. In the past, viruses and fast moving worms would make their way onto consumers’ computers via e-mail or through the network. Such threats often received widespread attention, making Internet security top-of-mind among consumers and encouraging computer users to ensure their systems were protected against the newest threat. Symantec has seen a decrease in the number of traditional high-profile, fast-spreading threats, thus minimizing the importance of Internet security protection in the minds of consumers. It can be said that this situation is contributing to a mindset of complacency among computer users, giving them a false sense of security. With fewer high-profile threats garnering widespread interest, consumers may think the online world is safer now than it has been in the past – a notion that is not true. In reality, the Internet is now playing host to a new breed of threats and risks. New methods of attacking consumers’ computers are being utilized by cybercriminals. These methods are often smaller in scale and create less of a widespread impact, thus resulting in minimal public attention. However, what’s important for consumers to understand is that online threats still exist and have morphed in nature. Threats are now often launched by criminals with the intent to steal users’ personal data or to take over consumers’ computers to launch targeted attacks that result in financial gain. Such activities, known as cybercrime, take advantage of crimeware – malicious or potentially malicious software that includes programs such as bots, keystroke loggers, spyware, backdoors, and Trojan horses. Symantec Internet Threat Meter In today’s new threat environment, consumers need a source they can turn to that will help them understand the risks associated with the activities they conduct online – whether it be communicating via e-mail, using the Web for transactions or research, reaching out to others via instant messaging, or taking advantage of the convenience of file-sharing programs. Since everyday is different in the online world, this resource must pull from a variety of up-to-date data, providing a real-time forecast of the Internet threat landscape. Symantec Internet Threat Meter is an easy-to-understand resource consumers can turn to for daily accurate, up-to-date information on the risks they may run into when participating in specific online activities – e- mail, Web activities, instant messaging, and file sharing. A fitting real world analogy to the Symantec Internet Threat Meter is the daily surf forecast. Before paddling out in the morning, surfers check the surf forecast to find out how high the surf is, if there is a water safety warning, the direction the wind is blowing, air and water temperature, and high and low tide information. All this data contributes to a knowledgeable surfer. If a large swell is coming in, the surfer can make an educated decision about the risks involved and the precautions he or she needs to make in order to have an enjoyable but safe experience in the water. The Symantec Internet Threat Meter was created to help consumers have a productive and enjoyable online experience while ensuring at the same time they are educated about online risks they may come across in their activities. Each activity is rated on a low, medium, and high scale depending on the threat environment that day.

The Symantec Internet Threat Meter can be found on Symantec’s Home/Home Office page at http://www.symantec.com/home_homeoffice

Product Backgrounder – Symantec Internet Threat Meter Updated February 2006, Page 1 of 3

Product Backgrounder Symantec Internet Threat Meter

Online Activities The Symantec Internet Threat Meter pulls from a variety of industry-leading tools and technologies employed by Symantec Security Response. Based on triggers related to malware, spyware, phishing/online fraud, attacks/vulnerabilities, and spam, the risk meter for each online activity is assigned a low, medium, or high rating:

• Low – Use basic caution • Medium – Use extra caution • High – Use extreme caution

The Symantec Internet Threat Meter encourages consumers to enjoy their regular online activities with varying levels of caution based on the risk level associated with each activity that day. Computer users are also provided with more information on the types of precautions they need to take in order to ensure a safe and productive online experience. Risk Level Triggers Below are examples of possible risk level triggers for each activity. In these examples, we use high risk level triggers.

• E-Mail – This category focuses on activities related to sending and receiving e-mails, as well as downloading attachments and clicking on links sent via e-mail.

High risk level e-mail triggers can include:

o Extremely high volumes of phishing/spam attacks o Category 4+ malware, many category 3+ propagating via e-mail o Critical mail client vulnerability

• Web Activities – This category encompasses Web surfing, e-commerce, online banking, and other

activities that require the use of a Web browser.

High risk level Web activities triggers can include: o Exploit of critical, new browser vulnerability (IE, Firefox) o Extreme increase in web-based attacks (including fraud) o Extreme spike in adware, spyware, or malware installs

• Instant Messaging – Activities related to instant messaging including chatting, downloading files,

and clicking on links via an instant messenger client.

High risk level IM triggers can include: o Extremely high volumes of fraud and spam over IM o Category 4+ malware, many category 3+ propagating via IM o Critical IM client vulnerability

• File Sharing – File sharing consist of downloading and uploading files via a peer-to-peer (P2P)

program.

High risk level file sharing triggers can include: o Category 4+ malware, many category 3+ propagating via P2P o Extreme increase in adware/spyware P2P distribution o Critical P2P client vulnerability

Product Backgrounder – Symantec Internet Threat Meter Updated February 2006, Page 2 of 3

Product Backgrounder Symantec Internet Threat Meter

Symantec Security Response Technology Symantec Security Response is a team of dedicated intrusion experts, security engineers, virus hunters, threat analysts, and global technical support teams that work in tandem to provide extensive coverage for enterprise businesses and consumers. Symantec Security Response provides customers with comprehensive, global, 24x7 Internet security expertise to guard against today’s complex Internet threats. The Symantec Internet Threat Meter draws from Symantec Security Response’s innovative technologies that help protect consumers and corporations against security risks and threats:

• AntiFraud – Symantec’s fraud detection network automatically detects and blocks fraudulent email messages for more than 300 million email users. This system leverages a probe network and decoy email accounts to attract fraudulent email; monitors the Internet for fraud; calls upon Symantec researchers to validate possible fraudulent attacks; and deploys continually updated antifraud filters.

• Symantec Brightmail AntiSpam Filtering Technologies – Symantec Brightmail AntiSpam

incorporates 17 different antispam filtering technologies. Each filtering technique contributes to Symantec’s rigorous accuracy rate—which currently stands at one false positive in 1 million messages, an accuracy rate of 99.9999 percent:

• Cross-Correlation – Symantec’s Global Intelligence Network is a worldwide network composed

of a variety of sensors for capturing and researching threats and security risks. It provides Symantec with an unparalleled, data-driven view of the entire security landscape.

• Histogram-Based Malicious Code Detection – This patented technology accelerates the

detection of complex threats and security risks, including viruses, worms, Trojan horses, blended threats, spyware, and adware. Malicious code typically has one or more behaviors or instructions that identify it as a specific strain of threat. Histogram-based malicious code detection uses a prioritized count of various behaviors and instructions to identify code moving across a system or a network and more quickly determine whether a threat is or is not present.

• Honeypot – Honeypot technology provides a unique approach for identifying and containing

internal and external threats by providing an early warning system that can surface an attack on a decoy system before it hits a real system.

• IMUNE – Symantec’s Intrusion Mitigation Unified Network Engine, or IMUNE, includes a range

of detection technologies to detect both known and unknown threats, including worms, scans, probes, DoS attacks, buffer overflow attacks, and fragmentation attacks.

• Real-Time SOC Technology Platform – This unique technology, used in Symantec Security

Operations Centers (SOCs), provides real-time information protection through around-the-clock monitoring, analysis, and response. Real-Time SOC Technology Platform is capable of processing volumes of network security data to separate security threats from false positives in real-time, with carrier-class scalability.

• Zero-Hour Detection – Based on WholeSecurity’s patent-pending behavioral detection

technology, zero-hour detection technology provides protection against malicious threats such as worms, Trojan horses, keystroke loggers, and phishing attacks.

PR Contact: Cecilia Daclan, Symantec Corp., (310) 449-4381, [email protected]

Product Backgrounder – Symantec Internet Threat Meter Updated February 2006, Page 3 of 3

  • Cross-Correlation – Symantec’s Global Intelligence Network i