Reputation-based anti-virus is the best way to protect against targeted and custom attacks.
Francis deSouza, group president of enterprise products and services at Symantec, told SC Magazine: “We are in a unique position with 200 million endpoints protected globally, and if we see a new file then we can determine if it is good or not. If it appears on a machine that has never been compromised before then it is likely to be good, but if it appears on a machine that has been compromised in the past, then it is likely to be bad.
“We have a database of three billion files that we know are clean, so we can compare against those and hackers are now forced to write custom malware every time, but with reputation-based detection it will be caught.”
On signature-based technology, deSouza said it is "a powerful approach" as signatures are created and sent from the cloud and downloaded to the endpoint.
Speaking at the company's Vision conference in Barcelona, Symantec president and CEO Enrique Salem agreed that signature-based protection is insufficient and too slow when it comes to protecting against targeted attacks, zero-day threats and custom-made attacks.
He said: “In security, you have to drive efficiency without creating a false positive, as that is worse than the initial problem. We used to use IP address-based detection to block spam, but threats are now application-based."
He also claimed that whitelisting is a burden for IT as it is "unmanageable", while reputation-based detection can be run easily.