Security Intelligence
Symantec has established some of the most comprehensive sources of Internet threat data in the world. The Symantec Global Intelligence Network encompasses worldwide security intelligence data gathered from a wide range of sources, including more than 40,000 sensors monitoring networks in more than 180 countries through Symantec products and services such as Symantec DeepSight™ Threat Management System and Symantec Managed Security Services, and from other third-party sources.
Symantec gathers malicious code reports from more than 120 million client, server, and gateway systems that have deployed its antivirus product, and also maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 25,000 recorded vulnerabilities (spanning more than two decades) affecting more than 55,000 technologies from more than 8,000 vendors. Symantec also operates the BugTraq mailing list, one of the most popular forums for the disclosure and discussion of vulnerabilities on the Internet, which has approximately 50,000 direct subscribers who contribute, receive, and discuss vulnerability research on a daily basis.
As well, the Symantec Probe Network, a system of more than 2 million decoy accounts in more than 30 countries, attracts email from around the world to gauge global spam and phishing activity. Symantec also gathers phishing information through the Symantec Phish Report Network, an extensive antifraud community of enterprises and consumers whose members contribute and receive fraudulent Web site addresses for alerting and filtering across a broad range of solutions.
These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam.
Industry Standards
As an industry leader in providing platform-agnostic software solutions, Symantec is critically dependent on highly functional, open, and interoperable industry standards. These same standards simultaneously ensure that our customers realize maximum vendor selection flexibility, ever increasing security, and streamlined efficiency in managing computing solutions.Symantec has founded and now leads many industry standards efforts, and most Symantec products are based on standards. A few examples of the standards that Symantec integrates in its products include SCSI, iSCSI, SNMP, Fibre Channel, the HBI-API, Ethernet, and SMI-S.
Symantec Involvement in Standards Organizations (partial list):
- Data Management Forum (Leader)
- Service Availability Forum (Member)
- Internet Engineering Task Force (Sponsor)
- Java Community Process (Member)
- Storage Management Forum, part of SNIA (Founder)
- OASIS (Member)
- Storage Networking Industry Association (Founder)
- Distributed Management Task Force (Leader)
- SCSI Committee ANSI T.10 (Member)
- Fibre Channel Committee ANSI T.11.5 (Leader)
- IPV6 Forum (Member)
- IPV6 Forum North America Task Force (Member)
- Moon IPV6 Lab (Member)
- ITISAC (Leader)
- Research and Technology Executive Council (Leader)
- Pegasus Steering Committee (Member)
- Open Mobil Alliance (Member)
- Blade Systems Alliance (Member)
- Trusted Computing Group (Leader)
- Global Grid Forum (Sponsor)
- Information Security Forum (Member)
- Partner Development Process (Founder)
- Storage Performance Council (Founder)
- Storage Security Industry Forum (Member)
- CDM Forum (Member)
- DMTF Interoperability Committee (Founder)
For detailed information on industry standards at Symantec, email standards@symantec.com.
Product Certifications
As standards mature and evolve, our customers need assurance that the products they purchase comply with these standards. Certification programs emerge to validate vendor claims that their products comply with the standards often times utilizing independent, third-party evaluation labs. Symantec is involved in a number of certification programs.Common Criteria is an internationally-recognized standard (ISO 15408) to assess the security of IT products. The US Department of Defense requires that information assurance products are certified under this program. Symantec has demonstrated commitment to meeting this rigorous testing standard for our international public sector customers. Symantec is strongly committed to this effort as it represents the universal security standard. Symantec has been a leader in this effort by initiating the Common Criteria Vendors’ Forum and participating in the International Common Criteria Conferences. Common Criteria Portal URL: http://www.commoncriteriaportal.org/
FIPS-140 (US Federal Information Processing Standard) is a cryptographic standard. The Cryptographic Module Validation Program (CMVP) was established by the US National Institute of Standards and Technology (NIST) and the Canadian Communications Security Establishment (CSE) in July 1995. All of the tests under the CMVP are handled by third-party laboratories that are accredited as Cryptographic Module Testing (CMT) laboratories by the National Voluntary Laboratory Accreditation Program (NVLAP). This standard is in place to ensure consistent standards for encryption strength and implementation correctness. FIPS 140 URL: http://csrc.nist.gov/cryptval/
ICSA Labs The goal for ICSA Labs Certification is to enhance and improve security implementations of network and Internet computing, which will improve commercial security and its use of appropriate security products. Certification promotes user acceptance of increased security while improving the ease of use and seamless integration of security technology in everyday computing. ICSA Labs Certification criteria are public, objective and credible criteria that yield a pass-fail result. This certification is widely recognized by large enterprise customers. Symantec has been submitting its anti-virus products for ICSA testing for many years. ICSA Labs URL: https://www.icsalabs.com/icsa/icsahome.php
Symantec Research Labs
As Symantec's research organization, Symantec Research Labs ensures the company's long-term leadership through innovation, generation of new ideas, and development of next-generation technologies. Projects include both long-term investigations and shorter term innovations that provide immediate benefit to customers across all of Symantec’s businesses.Past commercialized technologies from Symantec Research Labs include the company's first antispam technology, generic exploit blocking technology to proactively stop fast-spreading network threats, technology to improve the performance of our backup products, and technology to help protect our nation’s critical infrastructure.
Symantec Research Labs also works on projects in collaboration with external organizations, including customers, government agencies, and universities.
University Research
The University Research Program connects Symantec to the latest research in software development, and to leading professors and students at U.S. universities. The group’s goals include helping to recruit top PhD students to the company to cultivate the next generation of technical leadership, bringing researchers to Symantec to talk about their work to inspire technological innovation, and encouraging and funding university research in areas of Symantec's interest for longer-term commercialization.
Today, the University Research Program funds research centers at Carnegie Mellon, George Mason, Georgia Tech, Purdue, Stanford, University of California at Santa Cruz, University of California at Los Angeles (UCLA) and University of Minnesota. These funding efforts support technology research across a number of key areas for the company, including security, storage, and even consumer software user interface design. We also award annual fellowships and internships to the most promising student researchers.
Click here for information about the Labs' Graduate Fellowships.
Advanced Concepts
The Advanced Concepts group is a startup-type organization within Symantec Research Labs focused on building new products in emerging areas for release directly to a set of pilot customers. The goal is to eventually commercialize Advanced Concepts releases for all Symantec customers, creating entirely new businesses for the company.
Consumer Products
Our Consumer Products segment focuses on delivering our Internet security, PC tuneup, and backup products to individual users and home offices.
Security and Compliance
Our Security and Compliance segment focuses on providing large, medium, and small-sized business with solutions for compliance and security management, endpoint security, messaging management, and data protection management software solutions that allow our customers to secure, provision, backup, and remotely access their laptops, PCs, mobile devices, and servers.
Storage and Availability Management
Our Storage and Server Management segment focuses on providing enterprise and large enterprise customers with storage and server management, data protection, and application performance management solutions across heterogeneous storage and server platforms.
Services
Our Services segment provides customers with leading IT risk management services and solutions to manage security, availability, performance and compliance risks across multi-vendor environments. In addition, our services including managed security services, consulting, education, and threat and early warning systems, help customers optimize and maximize their Symantec technology investments.
