Norton Internet Security logo

STAR (Security Technology and Response)

May 6, 2012

Security Technology and Response (STAR) is the Symantec division responsible for the innovation and development of Symantec’s security technologies, which address protection in five areas: file, network, behavior, reputation, and remediation.

Within Symantec, Security Technology and Response (STAR) oversees the research and development efforts for all of Symantec’s malware security technologies. These form the core protection capabilities of Symantec’s corporate and consumer security products.

The Security Technology and Response (STAR) organization, which includes Security Response, is a worldwide team of security engineers, threat analysts and researchers that provide the underlying functionality content and support for all Symantec corporate and consumer security products.

With Response centers located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 240,000 network sensors in more than 200 countries and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection. There are approximately 550 employees in STAR.

Some years ago, traditional antivirus technologies were all that was needed to protect an endpoint from attack. However, with the dramatic shift in the threat landscape over the last few years, it is no longer reasonable to think that antivirus-based technologies alone are sufficient. To address this, STAR has developed a collaborative eco-system of security technologies to protect Symantec’s users from malicious attacks.

Top Threat Vectors these technologies protects against:

  • Drive-by Downloads and Web Attacks
  • Social Engineering Attacks — FakeAV and Fake Codecs
  • Bots and Botnets
  • Non-Process and Injected Threats (NPT)
  • Targeted Attacks including APTs, Trojans and general Malware Zero-day threats
  • Malware as the result of drive-by downloads that bypassed other layers of protection
  • Malware using rootkit techniques to hide

This eco-system is comprised of the following five areas that work in collaboration:
  1. File-Based Protection continues to play a major protection role due to new innovations in static file heuristics.
  2. Network-Based Protection can detect when both known and unknown vulnerabilities are used to enter a user's system.
  3. Behavior-Based Protection looks at the dynamic behavior of malicious activity rather than static characteristics.
  4. Reputation-Based Protection examines the meta information of a file — its age, origin, how it travels, where it exists, etc.
  5. Remediation is a set of technologies that can help clean up an infected system.

By collaborating, each technology is able to operate more efficiently and more effectively to determine whether a given situation is malicious or not. As each technology learns different attributes about a process or a file, it will share what it learns with the other technologies. For example, the network-based protection technologies are able to track where web downloaded files originate and thereby share this information with the other technologies.

0 comments: (+add yours?)

Post a Comment