Symantec Solutions To Counter Advanced Persistent Threats

Threats to information continually evolve, and new security solutions from Symantec help organizations of all sizes identify and combat coordinated, multi-pronged attacks on information which are striking businesses with increasing frequency. Symantec Endpoint Protection 12, now available for public beta and optimized for virtual environments, will offer organizations the vital protection needed to effectively block both known and new cyber threats. Symantec Protection Center 2.0 will draw upon correlated visibility from multiple security products combined with Symantec’s Global Intelligence Network to provide relevant actionable intelligence that reduces risks to enterprise businesses.

The sheer volume of sophisticated attacks targeting organizations of all sizes poses a daunting challenge for traditional signature-based security solutions that can’t keep up. According to Symantec’s Internet Security Threat Report, in 2010, attackers unleashed more than 286 million distinct malicious programs, an average of more than nine new threats every second of every day. These threats impact multiple areas of the IT infrastructure with a 93 percent increase in Web-based attacks, 42 percent more mobile vulnerabilities, and 6,253 new vulnerabilities including 14 zero-day vulnerabilities which played a key role in targeted attacks like Hydraq and Stuxnet. Security solutions that provide central management and security intelligence are required to combat persistent, coordinated assaults on organizations today.

To provide protection against this new threat landscape, Symantec Endpoint Protection 12 is designed to detect and block sophisticated new threats earlier, more accurately, and with greater performance than any other security product. Symantec Endpoint Protection leverages Insight, Symantec’s community and cloud-based reputation technology, to block new and unknown threats missed by other security solutions. By blocking risky files with a poor reputation from entering an organization, Symantec Endpoint Protection provides a vital first line of defense in the battle against advanced persistent threats. Built for speed and effectiveness in virtual environments, internally-conducted testing of the software in heavily consolidated virtual environments shows a 90 percent reduction in disk usage, thus delivering up to a tenfold increase in consolidation density. Symantec continues to work closely with VMware to take full advantage of virtualization awareness and introspection capabilities based on VMware vShield technology, and Symantec Endpoint Protection 12 is the first step along the optimization path for virtual and cloud environments.

Large and small organizations differ vastly in the complexity of environments and the expertise required to deploy and manage protection which is why Symantec provides different offerings based on those organizational needs. For mid- to large-sized organizations, Symantec offers Symantec Endpoint Protection 12 for on-premises deployment. For smaller organizations, Symantec offers both on-premises and cloud-based solutions with Symantec Endpoint Protection Small Business Edition and Symantec Endpoint Protection.cloud, respectively, providing customers with flexibility of choice and freedom of deployment to best meet their business needs.

Effective protection against today’s complex attacks requires correlated visibility into multiple security products along with actionable intelligence to reduce risk and simplify management. Without a way to summarize and prioritize risk factors across products, groups and regions, organizations can easily overlook high-severity threats and compromise their security posture. Symantec Protection Center 2.0 is a centralized security management console that will allow organizations to identify emerging threats, prioritize tasks and accelerate time to protection based on relevant, actionable intelligence.

To identify emerging threats across local and global environments, Symantec Protection Center will offer a centralized view across the Symantec security portfolio and third-party products through three levels of integration – single sign-on, data collection and process automation. Organizations will be able to extract local intelligence from their security solutions to identify trends across areas such as malware, spam and assets. Symantec Protection Center delivers context-aware security management by correlating data from enterprise security products along with early warning alerts from the Symantec’s Global Intelligence Network, one of the world’s leading commercial cyber-intelligence communities. Symantec Protection Center 2.0 is fully integrated with Symantec Endpoint Protection 12 and will be available for existing Symantec customers of integrated products at no additional charge later this year.

Symantec Security Framework

Symantec Endpoint Protection and Symantec Protection Center are part of the Symantec Security Framework, a portfolio of security products and services that enable organizations to counter emerging threats, support new computing models and simplify security management. Symantec’s portfolio of security products and services allow organizations to pursue innovations – such as mobile, cloud and virtual computing models. By providing relevant, actionable security intelligence and simultaneously simplifying security management, businesses can increase both the efficiency and effectiveness of their security posture.

New zero day vulnerability in Adobe

Seems like zero day vulnerabilities in Adobe need to be named as a Monday vulnerability, Tuesday vulnerability etc. Adobe has announced another critical zero day vulnerability in multiple Adobe product that can allow hackers to infect users through microsoft word documents. Already hit by recent zero day vulnerabilities, Epsilon and security firm RSA are still trying to salvage the situation and gain back lost credibility.

According to the company, a critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform.

At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

 

“We are in the process of finalizing a schedule for delivering updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh,” the company stated.

“Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011,” they added.

New Adobe Flash zero day infects through MS Word documents

Today Adobe announced a new 0-day vulnerability (CVE-2011-0611) in Adobe Flash Player and Adobe Acrobat that, similar to the previous 0-day from less than a month ago, was found embedded in a Microsoft Office file. The vulnerability allows an attacker to execute malicious code on a computer and has been spotted in limited targeted attacks.

 

Adobe says in their security advisory that Adobe Acrobat Reader X and its new Sandbox feature prevent the attack from exploiting the system when using PDF files. However, since the vulnerability exists in Flash, a machine can be exploited in other formats and applications that support flash, such as Web pages and Office documents.

The vulnerability has only been seen used in very limited targeted attacks. Here is a VirusTotal report (1/43) of one reported attack file.

Adobe hasn’t announced when they will release a patched version of Adobe Flash and Adobe Reader/Acrobat but they did say that they won’t fix this until June 14 in Adobe Reader X, as the Sandbox feature prevents the attack.