From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Active Testing
1. The Importance of Re-creating In-the-Wild Infection Conditions for Testing Multi-Layered Security Products Mark Kennedy May 15 th , 2007
2. Overview Current Trends 1 Traditional Static Analysis 2 Proactive Static Analysis 3 Dynamic Analysis 4 Lab Bias 5
3.
4.
5.
6.
7.
8.
9.
10.
11. Symantec Client Layered Protection Architecture Page OS & Application Vulnerabilities Targeted Attacks & Insider Threats Malware & Spyware Zero Day Threats My Only Marketing Slide (I promise) Network Filtering “Block threats before they impact the client” Behavior Blocking “Police execution activity” Storage Filtering “Don’t let threats persist!”
21. Scoring Gradient: File Based Threat Never executes Executes but cannot communicate Communicates but is automatically removed Communicates but is removed by definitions Communicates and is never detected / cannot be removed Content never reaches box Never impact Impact, but no damage (bumper) Impact, but no injuries Minor injuries, victims walk away Major injuries, but survive Some Fatalities Fatalities, car explodes, kills bystanders