Symantec Press Release 22 February, 2010: Symantec 2010 State of Enterprise Security Study……
(Time to pump out another piece of marketing to get people thinking about buying Symantec. Here’s the report if you are interested in wasting a few minutes).
Just reading this now…….wooo…..hang on……what I don’t see anywhere in this report is a proud statement that Symantec customers are the lucky few that are safe from malicious attacks that other businesses are facing.
Why is this not in there Symantec? Surely you should be beating your own drums given you so proudly told us all some time ago that your product(s), and I quote; will provide “…proactive protection against unknown and zero-day threats”. It’s the Symantec Guarantee!
As such, surely Symantec customers do not have the same concerns as those poor businesses you mention in your study. Let us know if this was just an error on your part, or Symantec just not wanting to show off here because, surely you would not use bullshit marketing in the past?! 
———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.
Let’s count how many “journalists” republish this garbage as news and out them.
No surprise the “Survey”/Free Marketing Regurgitators at SC Magazine Australia have it up. Would have fallen over had they not!
Leave Symantec Marketing alone. Where does it state you must be truthful in your advertising? Come on, point this out you detractors.
So, how do you protect against zero-day threats.. when you don’t know what they are until your ship is already on fire?
@Amused
Nearly all threats are 0day for a time. (tautology, I know – sorry) and we simply can’t protect ourselves with any form of signature detection as the lag time is too great.
0day protection begins with using quality software that does not contain the vulnerabilities to start with. Vendors are happy to push “Defense in depth” but that also means two things:
1) Your attack footprint is larger. There are more devices for an attacker to potentially compromise.
2) You can’t protect bad code with more bad code. See point above.
There needs to be a shift of thinking away from reacting to problems and toward fixing the root causes – poor security is a software defect that we must not accept. Vendors must be held accountable these defects and organizations must make purchasing decisions with code quality in mind.
@ Declan,
We disagree that the root cause of security problems are software bugs. We go back further and take the view that systems that have a brain aneurysm because of software defects and cough up unathorized privilege escalations are the “root” cause of security problems.
If a technology could be shown to protect systems with identified vulnerabilities, then software bugs would not be the root cause would they?
Hello Rob,
Could you expand on what you mean. Thinking from the perspective of buggy and insecure code itself – regardless of where that code resides. Are you just talking about “code” itself in a “system” – differentiated on a level to software in OS’s and general applications? That being the case, we’re all talking about the same thing? (Vulns based upon poor code at any level).
DD
Hi Drazen,
You know the old adage that systems were never designed to be secure?
We have developed a security sub-system, a control framework that is dropped onto systems and overrides or supercedes all other kernel activity. It was designed to protect the data on systems with vulnerabilities.(systems that were not patched, no patch available, or could not be patched) The control framework will not let threats exploit existing vulnerabilities, but it is not patching technology.
One might consider it an injection of the internal controls on systems that should have been present from the get-go, but were not. The end result is that the system or any network node becomes a kernel level behavior enforcer.
To relate to your question a bit more, this technology can use any and every parameter within the operating system(OS) to specify a rule within its ruleset, but is not limited to the OS parameters. It also has the ability to query sub-applications and external values means that there is virtually no limit to the kinds of rules that can be created for use with, and enforced.
This essentially transforms low assurance commercial systems and networks into much higher assurance ones, and the main requirement is the ability to deny unauthorized privilege escalation in order to further deny unauthorized behaviors within the network.
There is more, but this is what I was referring to in my comment; taking vulnerability-centric defenses out of the equation.
Rob Lewis:
lol. So you’ve made some HIPS and wrapped it up in a bunch of waffle, congrats.
Looking at your company website you seem to specialise in double speak trying to confuse people as to what your products actually do. Also whats with the asian names? Are you actually an asian company?
Anyway, point being is I wouldn’t buy anything from Trustifier.com or trust what they say as they’re obviously not trying to communicate anything in a straight forward manner, but rather talking generically about whatever their software might do with its magic.
Assuming this is not a gee-up……(and if it is, good effort to you):
Feel free to expand as much as you need. At the moment, and looking at the website, it does sound very salesy. Given the amount of rubbish out there, you’d know many in our industry are very strong cynics so you’d need more than just promises to get some interest.
My question focused on how you define what “code” is. (Further to Declan’s post). Your initial response confused me but your follow-up went into trying to sell me on a concept with those high level promises. Code is code.
From your website: “With ry? you don’t have to worry about the robustness of your application. Deploying ry? fills in any security gaps that your application may be vulnerable to.”
Sounds like you’ve solved the application security problems! Surely you aren’t surprised at my cynicism?! Happy to hear more.
DD
Rob,
I’m a little bit intrigued.
Could you please expand the following?
We have developed a security sub-system, a control framework that is dropped onto systems and overrides or supercedes all other kernel activity.
Exactly how is this done? VM? SMM?
It sounds to me as though you’ve built an RBAC system, like selinux, but for windows?
This website looks like a bullshit bingo to me…
Drazen,
The release of ryu is imminent and the finalized content will be added as we go. I would say look to it at that time. I understand any reactions to the stuff that was thrown up on the site in a hurry and I certainly understand the cynicism of the industry, having been spoon fed a steady diet of it for several years.
Ryu will be downloadable to kick the tires, so no one has to take my word for it, and that’s probably the way it should be. I think there are a couple of things that will make it worth your while to take a look though.
I was not trying to sell a product, but a concept, in the discussion. I can send you some info if you ping me off line.
We do have a history though. We are transitioning from R&D lab to commercial product company. The last 3+ years have been involved in defense verticals proving our stuff works.
@ lololol,
Trustifier is not HIPS, but MLS, multi-level integrity, multiple domain separation, caveated access control, protection against the insider threat including admins with passwords, that scales across networks in cross-domain solutions. What do you know about these things to resist things like persistent adversaries, as opposed to the status quo?
ryu is a specific application of Trustifier. Try it if you care to, or not, its up to you. You don’t get the chance to cut us apart if you don’t though.
@bs,
As Guy Kawasaki said,
“Those on the first curve are unable to comprehend, let alone embrace, the second curve”.
Since the only person who can write proper technical content is busy with installation packages and licensing servers right now, you’ll just have to wait.
Hey Rob,
We’ll give it a tyre kick and see how it goes when its ready. Will send you an email.
DD
@ Anonymous,
It is wrapper technology that controls all ingress and egress at the system call gate. The Trustified kernel becomes a self protecting reference monitor. It is the control framework where it takes off though. With Trustifier it is possible to make rules that easily map to the business operations, in fact it uses the business rules to create its rule set. Trustifier will enforce the business rules with an iron fist. If a file is not to leave a user group, no malware can ship it out.
Nothing in user-space (users, applications, code using systems interfaces or libraries etc.) can bypass the resulting behaviour enforcement that results from Trustifier’s rule injection into the OS kernel.
It can work with any OS, but it it not one size fits all. Since we don’t have windows source code, we monitor system status and run a small AI kernel on windows machines, but *nix kernels we can make stronger assurance statements for.
I will say that we have stood up to a leading Red Team in the world with windows systems as part of our cross domain solution and they failed to breach, if that is of interest.
Sooo system call gate, you mean it hooks syscalls? This is pretty much a prime example of you trying to use overly complicated technical descriptions where it would make what you do more accessible to everyone.
But ya don’t, do ya
Also an AI kernel? lawl.
Who was the leading red team? Not sure why you don’t just name names, I mean most companies stand by their work.
@Rob, first you seemed to not be able to understand that ‘code’ is ‘code’ as Draz asked. Code is code so you lost me there from that view from the outset. Declan must have wondered wtf you were talking about in response to his post. As DD then asked again after the marketing speel.
lolololol etc and anon asked honest questions and you answered in tongues. Look, maybe you have that ’substance’ but when you hit me with ‘AI’, it brings out the cynic in me also. If you purely based shit on what you have written here and did not have that website, I may think …. ah….maybe…but probably not but when you add that website with a button to ‘buy now’, you’re gone! Prove me wrong you deliverers of ultimate security.
PS. you could actually be really talented guys but you fucked yourselves with that website that we all are so used to with the old and I hate it, silver bullet description. Seems like Securus Global wants to test your stuff. Can they be the ‘black team’? Let them go for it and if they are happy with it, I may even consider testing it myself. Bet you won’t give it to them! Or it is a joke site?
Arthur Schmartha
http://en.wiktionary.org/wiki/gee_up
Oz style.
It would be nice to see some independent testing results as asked by others. It sounds interesting though.