Gartner released their annual report on endpoint security (see: Magic Quadrant for Endpoint Protection Platforms, Gartner)
The reports starts with an indictment, "Malware effectiveness continues to accelerate, while vendors are busy polishing increasingly ineffective solutions and doing little to fundamentally reduce the attack surface and protect users."
Gartner goes on to state, "Signature-based malware detection has been limping along on life support for years, yet vendors
seem unwilling to aggressively invest in more-effective solutions, preferring to "tweak" the existing paradigm."
I couldn't agree more. Last year Symantec encountered more than 240 million unique malware samples. True, these were mostly minor variants of a far smaller number of malware families. Also true, most of these variants could be detected through signature scans. But the point remains that "most" is not good enough. Malware writers are flooding the internet with automatically generated malware. Signature scanning isn't dead, it is gravely wounded. Heuristic/behavioral approaches can help, but results are often inconclusive. These approaches lack context and history.
Symantec recognized this as far back as 2006 when we started designing Insight (sometimes called Ubiquity), an innovative approach that analyzes files in context, using the age, frequency and source along with other security metrics to expose threats others miss. Insight won't replace signature or heuristic analysis, but it does make those approaches far faster and more effective. Insight seperates files at risk from those known safe, dramatically reducing the number of files to scan. It provides a safety rating for each file based on the file's context - allowing heuristics to indict or release files with confidence. Finally, it gives users confidence as well - confidence that the video codec they downloaded or the free disk utility really is safe.
Our Norton product line, powered by Insight, have dominated the most widely accepted 3rd party detection tests - those from av-comparatives.org and av-test.org. Recognition of this approach played a big part in Gartner's ranking of Symantec. Insight will be a cornerstone of all our malware detection products. Look for it in the next version of SEP.