Symantec Secures Its Future

Symantec's acquisitions of WholeSecurity and Sygate were seen as complementary purchases for the security giant, but Symantec has ambitious plans for the companies' technologies that could begin an overhaul of its core product lines.

Symantec Corp.s recent acquisitions of WholeSecurity Inc. and Sygate Inc. were seen as nice, complementary purchases for the security giant, but Symantec has ambitious plans for the companies technologies that could begin an overhaul of its core product lines.

In the coming months, Symantec plans to integrate behavior-based malicious-code detection from WholeSecurity and endpoint compliance technology from Sygate into the Symantec anti-virus engine. The company also plans to replace its enterprise firewall with Sygates technology, a move that could cause a strategic shift between Symantecs consumer and enterprise technologies, said Brian Foster, senior director of product management in Symantecs Enterprise Desktop and Server Antivirus and Security Solutions group, in Cupertino, Calif.

Symantec is moving quickly to add new features in an effort to stay one step ahead of competitors, including Microsoft Corp., which will soon offer its own consumer and enterprise anti-virus and anti-spyware technology, said David Friedlander, an analyst for Forrester Research Inc., in Amsterdam, Netherlands.

Symantec Antivirus Corporate Edition Version 11, due next year, will be bundled with Sygates security compliance agent, a software program that protects systems from unknown threats and attacks and monitors compliance with enterprise security policies, Foster said.

The firewall change will also happen next year.

"Sygate has better [firewall] technology, and were going to use that going forward," he said.

It is still not clear whether that change will also be carried through to future versions of the Norton line of consumer products.

WholeSecurity was much smaller than Sygate, but the startups technology is just as important to Symantecs future plans, plugging a critical hole in Symantecs protection against unknown threats.

/zimages/6/28571.gifJuniper heats up access control race. Click here to read more.

WholeSecuritys behavior-blocking engine will become a core component of Symantecs anti-virus engine. The technology can scan applications that are running on a system and rate them as high or low risk, depending on their behavior, rather than relying on a specific attack signature, Foster said.

Symantec will use the new technology in both its consumer and enterprise products. WholeSecuritys Confidence Online client will be integrated into Symantecs anti-virus engine within the first half of next year. The companys Confidence Online for Web Applications thin-client technology will be rolled together with Sygates On-Demand client, replacing nascent IPS (intrusion prevention system) technology that Sygate had developed with WholeSecuritys mature behavior-based IPS, Foster said.

For Symantec customers such as Kevin Ladd, the zero-day protection offered by WholeSecuritys technology is sorely needed.

"Our patching isnt always up-to-date. With the last few worms that came out, we were able to stop them manually, but we had to wait 3 hours before a [Symantec anti-virus] signature came out," said Ladd, who is director of infrastructure at Direct Media Inc., in Greenwich, Conn.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.