Symantec protects hundreds of millions of users (consumer and enterprise) and their online interactions. We leverage massive amounts of anonymously collected data such as application behaviors, application stability and performance details, URL/web page characteristics, file information, process information, network information, security events (e.g., malware detections, firewall and IPS events, etc.) to understand patterns of system activities in order to create new and innovative security applications that deliver best in class security. Many machine learning approaches are employed to create predictive models that are applied in a variety of contexts both on the client and in the cloud to make real-time security decisions. This approach allows us to be extremely nimble, adaptive, and effective against the massive growth in malware as well as in combating increasingly sophisticated and targeted threats. This talk will discuss the machine learning applications and engines that Symantec successfully developed and deployed, and the challenges Symantec faced applying them to practical scenarios.
Sourabh Satish is a Distinguished Engineer in the Security Technology and Response group in Symantec’s Office of the CTO, where he leads research and development of security engines and technologies. As lead engineer and chief architect for Symantec’s Insight technology, Mr. Satish applies machine learning to targeted threat and general security problems. Mr. Satish has been at Symantec for more than 12 years. He is a prolific innovator with 90 issued patents. In the last 18 years, since earning his Bachelor’s Degree in Computer Science and Engineering from India, Mr. Satish worked as an engineer and technical lead on many security technologies such as network IDS, firewall, policy compliance, host IDS, server security, VOIP security, OS and application security, behavioral security, and personal information protection. These technologies ship in both consumer and enterprise products protecting millions of users.