At Symantec Research Labs, Symantec's internal research and development arm, there are a number of projects underway which are likely to emerge as products and services within the next 18 months. Sanjay Sawhney, the senior director of research, product development, recently showed off three projects the company is developing.
Social Network Analysis for Permissions
In this project, the goal is to be able to provide recommendations to network managers about how network users could best be categorized in "roles" for what's known as role-based access control (RBAC) so that groups of users can be assigned similar appropriate network and application permissions. RBAC, however, can be hard to figure out in large organizations. Symantec is testing how components in its data-loss prevention (DLP) tool can be put to use to mine user activity to discover collaboration between informal groups, look at events and input from file systems, SharePoint, configuration and Microsoft Active Directory, for example, to derive a sense of the "internal social network" of the organization. "In a period of activity, you can build a social-network graphic," says Sawhney. This visual display, along with RBAC recommendations, should be able to help network managers make RBAC-related decisions -- and identity the users that are simply "anomalous cases" that don't easily fit into an RBAC scheme.
Mobile Application Risk Scoring
Symantec is coming up with tools for evaluating whether apps are malicious or simply not to be trusted because what they actually do is completely different from what they declare that they do. At this point, "this project is mainly about Android and HTML5," says Sawhney, because Apple iOS presents certain technical challenges due to Apple's tight control. The cloud-based app analysis is becoming available to consumers via Norton Security for Android, and the idea is to expand this for enterprise use, perhaps tying it to an enterprise app store. The project seeks to do run-time analysis of apps in an emulator to check not only for vulnerabilities or malware but also the "gray area" where apps behave in what might be an undesirable way, such as tracking the user or other invasive behaviors -- the "creepiness thing," as Sawhney puts it. "You could shut them out if you wanted."
Personal Cloud Search
It's typical these days to have myriad social-networking and public email accounts, and with Personal Cloud Search Symantec is coming up with a search-engine service that lets users retrieve content and contact information across all their accounts though one personal-information management portal. For it to work, the user would need to share passwords for these social networking and email accounts to be searched, says Sawhney. "It is based on the user being able to trust us," he acknowledges, since Symantec's search capability would be doing the work on the back end. The idea is that "personal cloud search" would be an encrypted search in which Symantec would not be able to know what was being searched for, and the personal-information search information wouldn't be mined for content -- unlike what Google admits are its commercial practices today. Sawhney says Symantec's personal cloud search may first debut in the context of Norton online backup in the future.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.