This year we have some innovative changes that build upon the successful, effective, and efficient SONAR 2 behavioral security engine. For those who are not familiar with SONAR technology, here is a link to an
article that describes it. With SONAR 2, we have a proven track record of being able to convict malware and secure Norton users from malware designed to evade most other security features. In the last nine months alone we prevented upward of 4.2 million infections out of about 140 million incidents that we analyzed for Norton users. Most of these incidents were never-before-seen malware and infection scenarios, thus truly providing "zero-day" protection! The effectiveness of our technology was repeatedly confirmed by external 3rd-party
tests and reviews (specifically behavioral security tests and reviews), where we performed at or near 100% detection rates. Behavioral security is a critical security solution, especially in this era of server-side polymorphic malware where each and every infection can have a unique piece of malware file (unique from the file fingerprint perspective) downloaded on the victim's machine. We are very excited about our next SONAR 3 release outperforming SONAR 2!
What's next?We believe that security is a journey and not a destination. Over the last year, we have taken note of a couple of interesting trends in the malware world, such as a surge in the misleading application threat category and targeted, sophisticated attacks like
Hydraq. It was gratifying to see that
SONAR 2 detected Hydraq without any changes to our classifier. We have further fine-tuned the classifier to deal with these trends. We have also added about 60 new features to our classifier and have seen significant improvement in threat detection rates in our internal lab testing. This brings our set of features to about 400!
This large number of features give us the advantage that, with SONAR tracking and inspecting so many aspects about a file, a process, or its related activity for classification, it becomes that much harder for a malware variant to get past our classification engine or for a clean sample to be misclassified. Of course the challenge is in analyzing all this information almost instantaneously without impacting system performance, while making decisions automatically for the user. And SONAR 3 is proof of how all of this is possible.
Having analyzed more than 140 million incidents for millions of Norton users, in SONAR 3 we have added many more features and provisions for identifying clean samples so that we can specifically focus on suspicious scenarios. This is what enables us to continue to add to our feature set for an even more accurate classifier. The quicker we can ignore a sample and classify it as clean, better the user experience.
In addition to the changes we have made to add many more attributes, the SONAR team has been very busy adapting and creating new classifiers as the world of malware and clean software evolves. The team has been busy updating our classifiers and releasing seven definition updates in the last nine months since shipping SONAR 2. The SONAR team generated and evaluated over 200 different classifiers since we shipped SONAR last year, addressing the feedback we have gotten from our Norton users to convict more malware and reduce the infrequent false-positive incidents that have occurred.
One major threat category that we have focused on with SONAR 3 is misleading applications. This class of threat has gotten much attention and we are glad to be able to provide significant improvements for detecting it in SONAR 3.
We have also made further improvements in the area of behavioral signatures, where we can quickly react to new and upcoming threats by writing behavioral signatures that leverage specific features. While our classifier has been quite successful at detecting new and emerging threats and their variants, we believe in a layered security model. In some specific threat scenarios it is more effective and worthwhile to target the threat with its specific characteristics than to leave it to a classifier.
As has been detailed in the
SONAR 2 posts, SONAR aggregates and correlates information from a number of engines within the product like the Firewall, AV Engine, Intrusion Prevention Engine, etc. All this information is then used by the classifier to improve efficacy. We feel this is a big differentiator for Norton over other vendors. Most other security products simply don’t have this depth and breadth of information to make a good classifier. In SONAR 3 we have further enhanced our integration with the network component in order to classify, convict, and remediate malware on the basis of its malicious network activity. With this feature in place, we will continue to block and remove many new variants of malware that leave their network footprint unchanged.
With these and all the improvements we are continuing to work on, we believe we are taking behavioral security to a whole new level. We hope that these new improvements will prove to be invaluable in dealing with the fast-evolving threat landscape and in keeping you safe. We cannot wait to ship SONAR 3 out to millions of Norton users. All the Norton 2010 and N360v4 users will also benefit from these advances, thanks to the ability to use Live Update for SONAR enhancements that we adopted with SONAR 2.
So that’s what we are up to! Let us know what you think--the SONAR team values your feedback and we hope you see all the improvements in the public Beta. Your feedback helps us know where we need to improve and we take your comments and suggestions as our most important barometer of success!
今年,我们有一些建立在成功的,有效的,创新的变化
有效的声纳2行为的安全引擎。对于那些谁不熟悉的声纳
技术,这里是一个以一篇文章,介绍了它的链接。随着声纳2,我们有一个行之有效的轨道
记录能够定罪从旨在逃避防恶意软件和安全的诺顿用户
大多数其他的安全功能。在过去9个月里,我们无法向上的420万
出约140万起,我们为诺顿用户分析感染。其中大多数
事件是以前从未见过的恶意软件和病毒感染情况,从而提供真正的“零天”
保护!我们的技术的有效性再三确认由外部的第三方
测试和评价(具体行为安全测试和评价),我们在那里时或完成
检出率接近100%。行为安全是一个关键的安全解决方案,尤其在
这种服务器端多态性恶意软件感染每一个地方可以有一个独特的时代
件的恶意软件文件(从文件指纹的独特视角)下载到受害者的
机器。我们非常兴奋,我们的下一个超越声纳声纳3 2发布!
接下来是什么?
我们认为,安全是一个旅程,而非终点。在过去的一年,我们已采取
一个有趣的世界中的恶意软件发展趋势,夫妇注意,如在激增的误导
申请类别和有针对性的威胁,如Hydraq复杂的攻击。这是令人欣慰
看到2声纳发现没有任何的改变Hydraq分类。我们进一步细
调整了分类处理这些趋势。我们还增加了大约60至我们的新功能
分类,并在出现重大的威胁在我们的内部实验室检测率提高
测试。这使我们的功能集,以约400!
这大量的功能给我们的优势,随着声纳跟踪和检查等
有关文件,进程,或分类及其相关活动的许多方面,则变成
很多变种的恶意软件更难了过去我们的分类引擎或一个干净的样本
被错误分类。当然,挑战是在分析这些信息,几乎所有
瞬间,而不会影响系统性能,同时使自动决定
用户。和声纳三是如何让这一切是可能的证明。
在分析了超过140万起数百万用户的诺顿在声纳3,我们有
增加了更多的功能和确定样品的清洁,使我们可以规定具体
重点可疑情况。这是使我们能够继续加入到我们的功能集为
更准确的分类。越快我们可以忽略一个样本,列为清洁,
更好的用户体验。
除了我们所作出的改变,添加更多的属性,声纳团队一直非常
繁忙的适应和创造的世界和恶意软件清理软件进化的新分类。
该小组一直忙于更新我们的分类和释放在7定义更新
过去9个月以来航运声纳2。该声纳团队产生200多评价
不同的分类,因为我们发布声纳去年,我们已经得到了解决意见
从我们的诺顿用户定罪更频繁的恶意软件和减少假阳性事件
已经发生的。
一个主要的威胁类别,我们的重点是与声纳3误导应用。这
威胁阶层得到重视,我们很高兴能够提供重要的
改进的声纳探测3它。
我们还取得的,行为方面的进一步改进的签名,我们可以迅速
应对新的和即将到来的威胁,通过编写,利用特定的行为特征
功能。虽然我们的分类已经相当成功地检测新出现的威胁
及其变种,我们相信在一个分层安全模型。在某些特定情况下它的威胁
更为有效和有价值的目标与比其具体特点的威胁
给它一个分类器。
由于已经有详细的声纳2个员额,声纳从总量和关联信息
在发动机号码,如防火墙,杀毒引擎,入侵防御引擎的产品,
等所有这些信息,然后利用该分类器,以改善效能。我们觉得这是一个
最大的不同为诺顿超过了其他厂商。大多数其他安全产品根本就没有
这个深度和广度的信息,使一个很好的分类。在声纳3,我们会进一步
加强与网络组件的整合,以便分类,定罪和补救
恶意软件在其恶意网络活动的基础。随着这一功能,我们将
继续阻止和删除的恶意软件许多新变种离开他们的网络足迹
不变。
所有这些和我们正在继续改进工作,我们相信我们正在采取
行为安全到一个全新水平。我们希望这些新的改进将被证明是
无价与快速变化的威胁环境处理和保持你的安全。我们不能
等待船舶声纳3至诺顿百万用户。所有的诺顿用户将2010年和N360v4
也得益于这些进展,以能力增强使用声纳实时更新的感谢
我们采用了声纳2。
所以这是我们所到!让我们知道您的想法 - 你的团队价值观的声纳和反馈
我们希望你看到所有的改进在公开测试版。您的反馈可以帮助我们知道我们
我们需要改进和采取您的意见和我们最重要的晴雨表的建议
成功!
发表于 2010-6-19 20:09:12
发表于 2010-6-19 20:16:42
楼主