Symantec's Ubiquity Offers New Approach to Tackling Malware

Community-based reputation technology provides protection, improves performance, reduces false positives

• 10/06/2010

Symantec Corp. announced Ubiquity, its next-generation security technology that is built on community-based reputation to help fight evolving malware. More than four years in development, Ubiquity enables Symantec to harness the anonymous software usage patterns of more than 100 million Symantec customer computers and deliver protection against micro-distributed, mutating threats that would otherwise evade traditional security solutions.

Traditional protection requires security vendors to capture and analyze specific strains of malware before they can protect against them. In 2009 alone, Symantec discovered 240 million unique threat samples. These were discovered on an average of fewer than 20 computers each, and many were seen on just a single computer worldwide. This shift has made it difficult to discover, analyze, and protect against every threat and places a significant burden on traditional approaches to malware detection

Key benefits of Ubiquity

• Detects threats other approaches miss: Ubiquity adds a new layer of protection that amplifies Symantec’s existing defense-in-depth approach, which also includes signature-based protection, intrusion prevention, behavioral, and heuristic detection capabilities. Ubiquity derives a security rating for each file, based on information about the context of the file -- where it came from, how old it is, and its adoption patterns across Symantec’s user population -- in addition to other proprietary calculations. Although attackers can easily mutate a malware file’s contents to make it invisible to traditional signatures, they have far less control over these crowd-based demographics. Ubiquity uses this complementary approach.

• Up to 90 percent faster performance: Ubiquity reduces the impact of antivirus scanning by as much as 90 percent by scanning only those files it has identified as risky. This results in dramatically faster and smarter scans that need to be performed less often.

• Reduces false positives and cuts management overhead: Ubiquity has data on malicious programs as well as ratings for virtually every legitimate application on the Internet, making Ubiquity one of the world’s largest white list of trusted software. Symantec products use this data to make more informed decisions about what files to block, drastically reducing the likelihood of a false alert on a legitimate application.

• Powerful policy-based enterprise protection: The data provided by Ubiquity can be used to enable administrators to control what software enters their users’ environments based on easy-to-understand and easy-to-manage file polices that factor in file safety ratings, prevalence data and discovery dates.

Based on Ubiquity data, Symantec has determined that more than 75 percent of malware affects fewer than 50 Symantec users. This statistic highlights the trend toward high-impact, low-distribution targeted threats and shows the need for reputation technology, like Ubiquity, to protect against such malware.

Ubiquity uses the collective intelligence -- from over 118 million participating customer computers -- and the data from Symantec’s Global Intelligence Network to derive a highly accurate safety rating for virtually every single software file in existence. Ubiquity currently has safety ratings on more than 1.5 billion unique applications. It is adding to this total at the rate of 22 million new files each week. This information is based on the completely automated and anonymous software usage feedback of more than 118 million participating Symantec customer computers.

Ubiquity has been deployed in the Norton 2011 consumer security products and more recently in Symantec Hosted Endpoint Protection. Symantec is readying Ubiquity for rollout across a wide range of enterprise products over the coming year, starting with Symantec Web Gateway.

More information is available at www.symantec.com.