Resurgence of innovation driving glut of new security tools

Security vendors are showing new confidence against malware attackers as they launch new classes of products designed to take the fight back to malware authors that have recently been overwhelming many companies' traditional defences.

The new Advanced Threat Protection (ATP) tool from Symantec, for one, has productised the type of cloud-based file sandboxing environment often used internally by security companies to analyse the behaviour of new malware. It is based on a cloud-based malware analysis engine called Cynic, which uses Symantec's Workplace Virtualisation technology to run suspect attachments within numerous virtual machines based on different versions of Windows.

Cynic works as part of an expanding security-monitoring ecosystem that automatically traces the flow of files between endpoints, enabling systems administrators to retrace the steps of malware that has spread to various endpoints.

The technology complements Symantec's existing Skeptic code-analysis and Sonar behaviour-analysis engines and, reflecting malware's growing ability to detect whether it's running in a sandbox – a capability that Nick Savvides, Symantec Pacific business manager for Cyber Security Services said is now found in 28 percent of malware, up from 18 percent a year ago – the technology includes mechanisms that proactively simulate human behaviour in order to coax malware out of its shell.

“We're dealing with the realisation that some threats will not be blocked and will hit your environment,” Savvides told CSO Australia. “They will hit desktops and pass through email, but we are focused on being able to detect that and respond quickly. By putting this in the cloud, customers don't have to set up hundreds of systems or virtual machines for testing.”

Symantec's new-product ambitions are complemented by recent announcements from numerous other vendors, all hoping to reposition themselves within the ever more-crowded security-tools space.

Dell, for one, recently complemented its Dell Endpoint Security Suite, launched in March, with a number of new security offerings in areas such as identity management, network security, email security, and cloud data protection. The company's Dell SecureWorks subsidiary also deployed an on-demand Emergency Cyber Incident Response capability for Amazon Web Services (AWS) users, and released a security-vulnerability assessment tool called AEGIS to sit within its Managed Security Services portfolio.

Nexon Asia Pacific has built on Palo Alto Networks' Next-Generation Security Platform to deliver a new managed cloud service. Ixia recently released ThreatARMOR, a new security tool for filtering and blocking IP addresses. Fortinet, for its part, released its Software-Defined Network Security (SDNS) framework to close security gaps between the components of hybrid infrastructure.

Startup Lumeta Corporation recently boosted its venture funding to $US13m ($A18m) on the back of situational-awareness tools such as its new Cyber Threat Probe, which picks out threats by applying threat-intelligence data to a constantly updated index of network resources. And LeaseWeb, which was hit by attackers in late 2013, this month turned the incident into a new security product line with the launch of LeaseWeb Application Security – combining a web application firewall, threat intelligence services, application-security specialists, and a 24/7 Security Operation Centre.

Also overhauling its software offerings is Sophos, which has been working on a cloud-based endpoint security roadmap and a revamped firewall operating system known as Project Copernicus; the company also recently complemented the product expansion by extending its partner network – a move recently taken by numerous other vendors in Australia.

These and other nascent security tools reflect a period of innovation that suggests threat analysts are finally getting back on the front foot in dealing with ever more-resourceful malware.

“I've been with the company for nearly 10 years,” says Savvides, “and I really feel like we've got our innovation and our R&D back. It's a very exciting time right now.”

Join the CSO newsletter!

Error: Please check your email address.

Tags innovationDell Endpoint Security Suitemalware attackersAdvanced Threat Protection (ATP)Nick Savvidessecurity toolsVirtualisation technologyCSO AustraliaCyber Incident ResponseResurgencesymantec

More about 24/7AdvancedAmazon Web ServicesATPAWSCSODellFortinetIxiaLumetaNexon Asia PacificPalo Alto NetworksSecureWorksSophosSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts