Modernizing Authentication — What It Takes to Transform Secure Access
MOUNTAIN VIEW, Calif.Symantec showed off a new approach to mobile security here at company headquarters during a media event this week. Symantec Mobile Reputation Security (SMRS) is a prototype for what the company calls a next-generation solution to mobile security developed by its research labs.
John Kelly, Symantec's (NASDAQ: SYMC) senior director of technology and business development, said mobile security requires a unique approach that both preserves open access to applications and provides assurance that those applications are safe to run.
"Symantec believes the future of mobile operating systems is openness and open APIs," he said. "Today, the applications are pre-vetted by companies like Apple (NASDAQ: AAPL) for the iPhone, but in the future that will change with Android and others."
Specifically, the rise of Web-based applications and others that tap more open mobile operating systems present a potential, Symantec would say inevitable, problem for carriers. Openness creates an opportunity for malware creators and even so-called "badware" applications that are poorly designed and can actually impact network performance.
"On a PC, an application that hogs bandwidth only affects you, but on mobile it can affect everyone else," said Symantec's CTO Mark Bregman.
Rather than an antivirus solution that runs in the mobile device, SMRS is designed to help the carrier protect its network even if the user is on a different network, for example a Wi-Fi hotspot.
"With SMRS, we're taking the perspective that what's good for the carrier flows down to the end-user," said Kelly. The cloud-based system scans any application the user attempts to download and automatically compares it to a list of known threats and sources. The carrier can then decide via preset criteria, if it's an app that should be allowed to run. Symantec said all this is designed to happen on-the-fly without noticeable delay to the mobile user.
A page rank system of security threats
Symantec said it's already had discussions with carriers to get their feedback on what the system should include, but the system probably won't roll out commercially until later this year or early 2011 at the earliest. Part of the reason for that is that Symantec has to build out what's effectively a database, like the page rank systems used by search engines, of security threats.
"The bigger the database gets, the more effective it is," said Kelly.
Carriers would then be able to maintain the list of blacklist (bad apps) and whitelist (apps and vendors they want to allow). "They can set the risk level, so you can say, 'I don't want that application regardless of what Symantec or others says about it' if you have reason not to trust it or want it on the network," said Kelly.
SMRS builds on a reputation security system Symantec released for PC users last year. "It's a technology for proactively understanding the safety of a file before we've ever seen it by sending it to the cloud system for evaluation," said Kelly.
Symantec sees SMRS as a way to give carriers more control over mobile devices to ensure security without adversely affecting the user experience.
"Today's tools don't allow the carrier to do much more than shut the device off," said Kelly. "We want to give them something that lets them be more precise, so they can delete bad apps, prevent them from being downloaded to the device or just send a message to the consumer that what they want to run is dangerous."