http://www.theregister.co.uk/2015/09/08/dell_secureworks_malwareless/ By Darren Pauli The Register 8 Sep 2015 Half of all breaches Dell’s SecureWorks outfit has responded to over the last year have been a result of attackers using legitimate admin tools and stolen credentials. Dell’s threat research unit says the “living off the land” hack tactic makes security controls that seek malware and hacking infrastructure redundant, especially when command and control infrastructure are not used or run only briefly. Researchers cited three recent investigations where companies had been popped using administrator credentials. In one case, attackers stole the network credentials a manufacturing company staffer which were then used to log into the corporate Citrix platform and tap internal corporate resources. Those crims also used the unnamed client’s Altiris software distribution platform to pivot laterally through the company’s network and yank intellectual property. […]
As many security professionals know, Symantec in the last couple of years seemed to have stumbled a bit. The merger with Veritas which left IT professionals scratching their heads and lead many to feel they were losing their focus. Later they acquired Altiris and everyone said “ho hum” to that and struck it up as just another crazy purchase. The interesting thing is how this seems to be all coming together in 2010…
McAfee on the other hand was still recovering from their stock option scandal, brought in a completely new management team in with a billion dollars in the bank. At the same time, Sophos, Kaspersky and other anti-virus companies were pounding the pavement as well. This created a hyper competitive marketplace for Symantec’s leadership. Then last year, McAfee announced their “Security Innovation Alliance” which basically allowed them to bring smaller vendors in and integrate functionality into their ePO console providing McAfee a better integration story against Symantec.
So where’s the “Trump card”?
The real trump card for Symantec against McAfee and others in the security industry is the Altiris management console. The key benefit for Symantec is the framework that Altiris provides to the multi-faceted agent based technologies that Symantec has acquired over the years. Altiris is very well known for their asset management technology and the ease of management of agent based technologies. This combo will provide Symantec a significant advantage against McAfee mostly in the ease of adding new integrated agents. I feel the Altiris integration framework is superior to that of McAfee’s ePO so if Symantec is successful in making this their main console to manage their endpoint protection products this could be a game changer and bring much greater competitiveness to Symantec’s story. Stay tuned….