Security Intelligence University/Symantec Research Intelligence

Security Intelligence
University/Symantec Research
Dean Turner
Director – Global Intelligence Network
Symantec Security Technology and Response
Intelligence Behind the Global
Intelligence Network
Gotheburg, Sweden
Aschheim, Germany
Reading, Green Park, GBR Wiesbaden, Germany
Ratingen, Germany
Dublin, Ireland
Warsaw, Poland
Roseville, MN
Shannon, Ireland
Seattle, WA
Bloomfield Hills, MI Toronto, CA
Zaltbommel, NLD
Milan, Italy
Springfield, OR
Brussels, Belgium
Englewood, CO
Newton/Waltham, MA
San Francisco, CA
Herndon, VA
Madrid, Spain
Oak Brook, IL
Mountain View, CA
Alexandria, VA
Orem, UT
Durham, NC
Cupertino, CA
Atlanta, Georgia
Dallas, TX
Santa Monica, CA
Riyadh, Saudi Arabia Dubai, UAE
Heathrow, FL
Houston, TX
San Luis Obispo, CA
Austin Texas
Miami, FL
Culver City, CA
Calgary, Alberta, CA
Mexico City, Mexico
Pune, India
Seoul, South Korea
Beijing, China
Tokyo, Japan
Chengdu, China
Shanghai, China
Mumbai, India Hong Kong, China
Taipei, Taiwan
Chennai, India
Singapore
Brisbane, Aus
Sao Paola, Brazil
Sydney, Aus
Sandton, South Africa
Buenos Aires, Argentina
4 MSS Security
Operations Centers
11 Security
Research Centers
Melbourne, Aus
29 Global Support
Centers
22
1
Knowledge Gathered from the
Symantec Global Intelligence Network
Vulnerability
Database
Honeypot
Network
Fraud: Spam
& Phishing
•  55,000+ technologies
from over 8000 vendors
•  Capturing previously
unseen threats and
attack methods
•  30+ Million Probe
Messages a day
•  Generates statistics on
1+ Billion email
messages a day
•  Geo-location
capabilities on servers
and zombies
Over 100,000 security
alerts generated annually
2 Billion+ events
logged daily
Managed devices in
70+ countries
40,000+ Sensors in
200+ Countries
200,000 daily code
submissions
120 Million Threat/ Virus
Submission Systems
3
Symantec Security Intelligence
Symantec
Vulnerability
Analysts
VDB
Symantec
Malicious
Code
Analysts
MCDB
Symantec
Spyware /
Security Risk
Analysts
Business
Intelligence data
Anti-Fraud
Data
SRDB
Event DB
Malicious Code Alerts
Internet Security
Threat Report
Vulnerability Alerts
Automated Attack
Alerts
Security Intelligence
Reports
Security Risk Alerts
GIN
Malicious
Code
Submission
Data
Honeypots
DeepSight Extractor Installations
Symantec Threat
Analysts
Detailed Analysis
Reports
2
Symantec Research Labs
•  Leading experts in security and availability doing innovative research across
all of Symantec’s businesses
“Our mission is to ensure Symantec’s
long-term leadership by fostering
innovation, generating new ideas, and
developing next-generation technologies
across all of our businesses.”
•  A global organization:
Mountain View, CA
Culver City, CA
Herndon, VA
Waltham, MA
Pune, India
•  Ongoing collaboration with other researchers, government agencies and
universities such as:
… and numerous others
Symantec Research Labs
5
Symantec Research Labs Organization
•  Core Research
–  Short, medium and long-term applied research and tech transfer to product groups
–  Development of new intellectual property in key strategic areas
•  Government Research
–  Longer-term, speculative government-funded research
–  Currently have government-funded efforts both in the US and Europe
•  University Research
–  Support and recruit the best and brightest
–  Fund university research to support Symantec’s needs
–  Advance the state of the art through collaborations
•  Advanced Concepts
–  “Startup-type” group develops lightweight products in emerging areas and ships to pilot
customers
–  Goal is to transfer releases into product group for full commercialization
Symantec Research Labs
6
3
SRL Successful Transfers
2002
  Micro-definitions 2.0 (reduce download size)
2003
  Neural Network Anti-Spam
  Wireless Anti-virus Engine and Live Update
2007
  Auto Inference of Data Center Anomalies
  Browser Defender/ Project Canary
  Identity Defender
  Rootkit Emulator
  Symbian Mobile AV Engine
  Virtual Machine Aware Storage
  XML Ingestion for Enterprise Vault
2004
  Antivirus Engine Speedup (30%)
  Correlation Rules Engine
  Generic Exploit Blocking Engine
2005
  Live Update Bandwidth Analysis Tools
  Packing Language Interpreter
  SymProtect High-Speed Rules Engine
Security
Anti-spam
Algorithm
2006
  Cookie Crawler
  Raw Disk Virus Scan with VxMS
  SCADA Security / ICCP Signatures
  SpySnooper and SpyMatrix
  Symantec Database Security 3100
  Zero-Day Email Worm Blocking
  Network Backup Performance Improvements
… and on track for a record number
of transfers in 2008/09!
Identity
Wireless
Backup
Storage
Compliance
Symantec Research Labs
7
Thank You!
Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the
U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are
disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
4