Zero day exploits becoming a serious threat, says Symantec
- 10 September, 2006 22:00
The risk of zero-day exploits is increasing as cyber-criminals become more sophisticated and better organised, says Robert Pregnell, Symantec’s Asia Pacific regional product marketing manager for endpoint security and compliance solutions.
An exploit targeting a vulnerability is now being written in just six to seven days from the day a vulnerability is announced, says Pregnell, who spoke at the Symantec Vision conference, held in Sydney last week.
“And it will be 40 to 50 days before the vendor has an update available.”
To stay ahead, an intrusion prevention system, like generic exploit blocking, is necessary, says Pregnell. This proactive system blocks exploits by using information about the vulnerability’s specific characteristics. If the characteristics are known researchers can also define the characteristics of potential exploits and block these too, says Pregnell.
However, the complexity of some vulnerabilities makes it difficult to block code written to take advantage of them.
Symantec tries to keep up with cyber criminals’ malicious activities by monitoring email, viruses and vulnerabilities in its correlation centres and research labs across the world.
“Symantec has by far the most extensive access to internet activity in real-time [compared to other security software vendors],” says Pregnell.
He says 15% of the world’s email passes through the company’s research centres, where, for example, it scans spam URLs.
The company runs four security operations centres and eight security response labs spread across the world. There are 40,000 registered sensors, across 180 countries, which are part of a global network that feeds information to Symantec’s early warning system DeepSight. Auckland University is one of these.
At the conference, Symantec announced the availability of Enterprise Vault Discovery Accelerator 6.0, which extends the basic search functionality of the Enterprise Vault email and archiving software. The Enterprise Vault Discovery Accelerator 6.0 aims to help businesses comply with new or potential changes to government or legal regulations, and it is designed to reduce costs around collecting, storing and searching for electronic records, says Bill Robbins, senior vice president of Symantec Asia Pacific and Japan.
“According to IDC research, companies in the Asia Pacific region are investing in security policy auditing and vulnerability assessment,” says Robbins. “This indicates a shift to a risk mitigation approach to enterprise security.”
Hedquist travelled to Sydney as a guest of Symantec