New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
Matthew Williamson, Providing instant, constant protection against known and zero-day malware attacks
Current Scenario: The security landscape is changing quite dramatically, continuously shifting and becoming increasingly blurred with the influx of unknown malicious software (or malware) attacks. Malware is an increasing problem for enterprises and end-users. The once efficient signature-based solutions, that were created more then 17 years ago when data protection was not top of mind, are proving to be ineffective in protecting against previously unidentified threats. Traditional security solutions have been limited or restricted to relying on outside resources for protection. The most obvious example of this is the use of signatures and scanning that either specifically map to an already identified threat – signatures created specifically to match the code of a threat – or scanning, which requires an administrator or other outside resource to run a scan. The major problem is that the solutions are reactive, making it almost impossible to detect unknown attacks, such as Trojans, Rootkits, keyloggers, Spyware, adware and phishing attacks – which are typically created to evade detection mechanisms. These information-stealing threats are growing in popularity and organizations are falling victim to exploits of sensitive data. According to a recent Morgan Keagan report, “Today’s average outbreak-to-vaccine time is about 16 hours (source:AVllabs.org), leaving millions of PCs vulnerable for hours or days whenever a new threat breaks out.” Clearly the threat matrix is changing, and security solutions need to meet hacker’s strategies with equal vigor—especially with the introduction of socially engineered attacks. In recent years the motivations for writers of such code have shifted from amateurs writing for hobby or notoriety, to professionals writing code for monetary gain, usually by stealing private financial information. The growing complexities in security threats have profound consequences for the incumbent technologies used to combat malicious code. Traditional methods to protect systems from malicious software rely on signatures (a unique identifier for a particular program) to identify malware, and then use a removal script (a list of files to remove, registration entries to reverse etc.) to clean the infected machine. The longer malware remains on a machine, the more effective it is in stealing personal information and compromising financial data. To ensure a more effective strategy for stealing information, malware writers have developed code that evades traditional detection by continuously mutating so that signatures are outdated, and then breaking into multiple pieces—making removal scripts hard to maintain, to actively resist removal. Over time, this increase in speed, severity and the polymorphic nature of malicious software has decreased the effectiveness of legacy reactive solutions that require signature updates and scanning. Users find themselves vulnerable to consequences such as identity theft, corruption of file systems and breaches in confidential data. In order to successfully defend their PCs, enterprises, small businesses and consumers need comprehensive security solutions that protect against a broad spectrum of attack classes.
Current Scenario: The security landscape is changing quite dramatically, continuously shifting and becoming increasingly blurred with the influx of unknown malicious software (or malware) attacks. Malware is an increasing problem for enterprises and end-users. The once efficient signature-based solutions, that were created more then 17 years ago when data protection was not top of mind, are proving to be ineffective in protecting against previously unidentified threats. Traditional security solutions have been limited or restricted to relying on outside resources for protection. The most obvious example of this is the use of signatures and scanning that either specifically map to an already identified threat – signatures created specifically to match the code of a threat – or scanning, which requires an administrator or other outside resource to run a scan. The major problem is that the solutions are reactive, making it almost impossible to detect unknown attacks, such as Trojans, Rootkits, keyloggers, Spyware, adware and phishing attacks – which are typically created to evade detection mechanisms. These information-stealing threats are growing in popularity and organizations are falling victim to exploits of sensitive data. According to a recent Morgan Keagan report, “Today’s average outbreak-to-vaccine time is about 16 hours (source:AVllabs.org), leaving millions of PCs vulnerable for hours or days whenever a new threat breaks out.”
Clearly the threat matrix is changing, and security solutions need to meet hacker’s strategies with equal vigor—especially with the introduction of socially engineered attacks. In recent years the motivations for writers of such code have shifted from amateurs writing for hobby or notoriety, to professionals writing code for monetary gain, usually by stealing private financial information. The growing complexities in security threats have profound consequences for the incumbent technologies used to combat malicious code. Traditional methods to protect systems from malicious software rely on signatures (a unique identifier for a particular program) to identify malware, and then use a removal script (a list of files to remove, registration entries to reverse etc.) to clean the infected machine. The longer malware remains on a machine, the more effective it is in stealing personal information and compromising financial data. To ensure a more effective strategy for stealing information, malware writers have developed code that evades traditional detection by continuously mutating so that signatures are outdated, and then breaking into multiple pieces—making removal scripts hard to maintain, to actively resist removal.
Over time, this increase in speed, severity and the polymorphic nature of malicious software has decreased the effectiveness of legacy reactive solutions that require signature updates and scanning. Users find themselves vulnerable to consequences such as identity theft, corruption of file systems and breaches in confidential data. In order to successfully defend their PCs, enterprises, small businesses and consumers need comprehensive security solutions that protect against a broad spectrum of attack classes.
Name: Matthew Williamson Title: Principal Scientist Likes to be called : Matt Company: Sana Security
As both an innovator and inventor, Matthew Williamson spent much of his relatively young career developing concepts to address today’s pain points and then driving those theories to market. His radical new approach to detecting and removing malicious code on infected computers is arguably his most noteworthy contribution to the technology community, not to mention Sana Security. Matthew, along with his team at Sana Labs, pushed the envelope of traditional security methods with the introduction of Active Malware Defense Technology v2 (Active MDT) and incorporating that technology into Primary Response SafeConnect, Sana Security’s award-winning anti-malware product. To tackle the shortcomings of traditional security models, Matthew Williamson invented two key technologies that look at behavior rather than the code of existing or known signatures. His first innovation was a technology that has the ability to detect even the stealthiest threats that are created to evade signature models. And, this technology doesn’t rely on outside sources, such as scanning, to stay current. Williamson continued to grow this concept with his second innovation, a removal technology to accurately remove malware without a script. The detection technology works by looking at what programs do. Every program is monitored to determine what actions it performs, and these actions are combined to create a prediction of the maliciousness of the program. Because the design strategies of malware are quite different from legitimate programs (they need to be stealthy, steal information etc.), it is possible to detect malicious programs in this way. Detecting malware using a behavior-based approach is inherently stronger than a signature-based approach. To evade a behavior-based technology, the attacker would need to change the behavior of the program, but that behavior is constrained by what the attacker wants to do, as well as the functionality offered by the operating system. By contrast, an attacker can evade a signature approach simply by encrypting or “packing” an existing executable in a slightly different way. Behavior-based detection also has the large advantage that it can detect new variants, which are impossible to detect using traditional signature-based approaches. The second technology that Matthew Williamson has developed addresses the removal problems associated with removal scripts. The key insight in this work is to track the relationships between the various components of the malware. A set of simple rules operating on the resulting data structure can remove arbitrarily complex pieces of malware. The technology naturally prevents re-installation by observing malware attempting to resist removal, and dynamically countering the malware. Unlike a signature-based removal script, this removal engine is precisely tailored to the infected machine, and is specifically designed to handle malware split into multiple components, and malware evading removal. Sana Labs examined business critical applications and discovered numerous deficiencies within existing security models: inability to remediate infected machines without extensive outside assistance, driving up costs and impacting productivity; no capabilities to safeguard against unknown attacks, causing a vulnerability gap waiting for signature and O/S patch updates; end-user resistance to scanning and signature solutions that are disruptive, time consuming and often ineffective; no methods for securing unmanaged endpoints that fall beyond the scope of corporate control. The basis for Sana’s anti-malware product began to take shape when Matthew departed from signature models and explored a multi-behavioral approach that examined how malware pieces worked in concert with each other, rather than pre-defined code (signatures). What he and his team ended up with was a technology that could detect and completely remove malicious software, in real time, without requiring scanning or signature updates. The technology was built into Sana’s anti-malware software, Primary Response SafeConnect (PRSC). Sana Security Primary Response SafeConnect takes a proactive approach that both detects stealthy malware threats AND removes the executables, making it impossible for existing code to morph into different variants. Malware attacks that rely on Rootkit technology are preeminent threats that cripple business continuity and exploit online identities. Malware has innate characteristics of how it behaves, allowing it to infiltrate machines via: Stealth – the ability to hide from the end user or security tools to avoid detection Survival - the ability to survive system reboots and continue operating Mission - action to perform an intended goal Primary Response SafeConnect is the first commercially available anti-malware solution to detect and remove malware, surpassing the limitations of scanning and signature-based security solutions by actively detecting, quarantining and removing malicious software, such as Spyware, Rootkits, Trojans and adware. With a real time, event-based solution capturing variants and zero day attacks, machines are protected even before a signature becomes available. This not only protects organizations, but also individuals who are working outside of their corporate firewall, including connected and occasionally connected users. It protects users instantly and constantly, providing security for unmanaged endpoints while still allowing flexibility and not impacting productivity. Home users and remote users are protected from web sites containing malicious software, including Rootkits, by the solution’s detection and removal capabilities. Active malware is removed from the user’s PC, making it safe to use the Internet. Even previously infected PCs can be cleaned by the software. Key technology advantages include: Real-time detection and removal of malware through behavioral heuristics instead of relying on signatures Detection and removal of difficult-to-remove kernel level Rootkits Protection against known and unknown threats without requiring signature updates Comprehensive protection that eliminates the need for multiple security products Complete removal of all traces of malicious software without requiring the user to scan the PC Protection for mobile and remote users The detection and removal capabilities are a result of Matthew and Sana Security’s Active Malware Detection Technology v2 (Active MDT). Active MDT allows Primary Response SafeConnect to deliver comprehensive, user-oriented threat protection to safeguard against many different attacks in a single solution. It examines the combination of potential malware behaviors to identify malicious threats. Most behavioral security products examine each behavior individually, however this will not sufficiently determine if a program is malicious since malware is not a single behavior or process. The only effective way to classify malware is to analyze the combination of behaviors, which can be accomplished through Active MDT. By looking at what the code does rather than what the code is, and with the knowledge base of known good and bad, Matthew Williamson and Sana have delivered a robust security offering for enterprises, small businesses and consumers.The revolutionary technology has numerous built-in detection mechanisms enabling it to determine if a program is truly malware, including stealth detection to identify hidden files and processes; survival detection, including multiple generic and advanced methods, for detecting programs that start automatically; and payload analysis, which detects key loggers, unusual network activity and unusual system activity. The removal process starts immediately when an attack is detected, working to completely remove malicious software components from the file system and quarantine them so that they can be eliminated without leaving a trace. In addition, all related components are removed to prevent malicious software from being allowed to proliferate, installing additional components that become exceptionally difficult to get rid of. On March 20, 2006, Matthew Williamson and Sana proved the abilities of their dynamic anti-malware software in protecting against complex attacks, involving compromised data and potential identity theft. Sana Labs discovered an in-the-wild Rootkit and Trojan that had been actively infecting machines since at least the 16th of March. Running on a customer machine, the installer component was detected and removed from the customer’s machine before the Rootkit could be deployed. Sana Labs brought the malware in house, reran the installer, and captured the full Rootkit for research. The resulting analysis revealed a threat with alarming capabilities: This malware, dubbed “rootkit.hearse,” was composed of a stealthy Trojan hidden through Rootkit technology and could survive reboot, meaning it had the ability to remain on the machine indefinitely. It had the ability to discover passwords used previously on a machine, so it did not need to log keystrokes—in particular, it drew information from the Internet Explorer autocomplete feature. The types of information easiest to procure were pulled from transaction that requires an account: banking, online auctions, insurance, airlines reservations, etc. Also, since the Trojan was hidden by the Rootkit, end users could not see the Trojan on their disk. The Trojan and Rootkit were found during the investigation of an in-the-wild worm, named Win32.Alcra, which had been stopped by Primary Response SafeConnect. This worm, if not prevented, attempted to contact various websites and download additional payloads. On one of these websites was the installer for this Rootkit and Trojan. Once these components were silently installed on a machine, the Trojan invisibly began communicating to yet another web server located in Russia. This web server acted as the repository for the stolen usernames and passwords. Once Matthew and Sana Labs determined that rootkit.hearse had been active since March 16th, according to dates on the web server where data is collected, they were able to arrive at approximate numbers of affected users. The logs contained almost 40,000 records of user account information, spanning 6,500 sites. Actual numbers of affected users are difficult to estimate as there are many duplicate records, and multiple accounts per user. Sana Labs estimates the number of unique accounts at 20,000. While many thousands of individuals found their sensitive personal data compromised, those with Primary Response SafeConnect were completely protected—the Active MDT in the product detected and removed the installer program for this malware, preventing it from installing on a PC. Matthew and his colleagues on the Sana Labs team were heralded by numerous respected and widely-read publications, including BusinessWeek, Network World, InfoWorld, SC Magazine, Computerworld and PC World—even “BusinessWeek Weekend,” the magazine’s weekly television program. Matthew Williamson’s recent focus has led him to researching socially engineered attacks. Clearly the threat matrix is changing, and security solutions need to meet hacker’s strategies with equal vigor—especially with the verticalization of malware and the introduction of these socially engineered attacks. In recent years the motivations for writers of such code have shifted from amateurs writing for hobby or notoriety, to professionals writing code for monetary gain, usually by stealing private financial information. The growing complexities in security threats have profound consequences for the incumbent technologies used to combat malicious code. Traditional methods to protect systems from malicious software rely on signatures (a unique identifier for a particular program) to identify malware, and then use a removal script (a list of files to remove, registration entries to reverse, etc.) to clean the infected machine. The longer malware remains on a machine, the more effective it is in stealing personal information and compromising financial data. To ensure a more effective strategy for stealing information, malware writers have developed code that evades traditional detection by continuously mutating so that signatures are outdated, and then breaking into multiple pieces—making removal scripts hard to maintain—to actively resist removal. In recognizing these attack trends, Matthew continues to enable Sana Security to stay ahead of the curve with technology innovations and forward thinking in the security space. The increasingly sophisticated nature of attacks is a result of malicious software that is faster, increasingly stealthy and significantly more complex in comparison to previous threats. Malware writers have adopted a variety of strategies to prevent their software from being removed by security software. By continuously trying to place himself in the mindset of a hacker, Matthew can better understand their motivations and the trends of stealth, evasion and removal resistance they build into the malicious software they create. In the face of countless known and unknown threats, individuals are beginning to grasp the severity of malware attacks and the importance of a defense-in-depth strategy for their security architecture. The superior anti-malware capabilities of Primary Response SafeConnect have led to broad adoption—Sana has shipped an impressive figure of over 50,000 copies of PRSC since its General Availability (GA) release in March 2006. Matthew’s dedication to information security and ability to approach the topic with a fresh and inventive perspective has been a key driver behind Sana Security’s success. A new and growing movement beyond simple anti-virus protection has begun, and Matthew Williamson sits at the helm.
As both an innovator and inventor, Matthew Williamson spent much of his relatively young career developing concepts to address today’s pain points and then driving those theories to market. His radical new approach to detecting and removing malicious code on infected computers is arguably his most noteworthy contribution to the technology community, not to mention Sana Security. Matthew, along with his team at Sana Labs, pushed the envelope of traditional security methods with the introduction of Active Malware Defense Technology v2 (Active MDT) and incorporating that technology into Primary Response SafeConnect, Sana Security’s award-winning anti-malware product.
To tackle the shortcomings of traditional security models, Matthew Williamson invented two key technologies that look at behavior rather than the code of existing or known signatures. His first innovation was a technology that has the ability to detect even the stealthiest threats that are created to evade signature models. And, this technology doesn’t rely on outside sources, such as scanning, to stay current. Williamson continued to grow this concept with his second innovation, a removal technology to accurately remove malware without a script.
The detection technology works by looking at what programs do. Every program is monitored to determine what actions it performs, and these actions are combined to create a prediction of the maliciousness of the program. Because the design strategies of malware are quite different from legitimate programs (they need to be stealthy, steal information etc.), it is possible to detect malicious programs in this way.
Detecting malware using a behavior-based approach is inherently stronger than a signature-based approach. To evade a behavior-based technology, the attacker would need to change the behavior of the program, but that behavior is constrained by what the attacker wants to do, as well as the functionality offered by the operating system. By contrast, an attacker can evade a signature approach simply by encrypting or “packing” an existing executable in a slightly different way. Behavior-based detection also has the large advantage that it can detect new variants, which are impossible to detect using traditional signature-based approaches.
The second technology that Matthew Williamson has developed addresses the removal problems associated with removal scripts. The key insight in this work is to track the relationships between the various components of the malware. A set of simple rules operating on the resulting data structure can remove arbitrarily complex pieces of malware. The technology naturally prevents re-installation by observing malware attempting to resist removal, and dynamically countering the malware. Unlike a signature-based removal script, this removal engine is precisely tailored to the infected machine, and is specifically designed to handle malware split into multiple components, and malware evading removal.
Sana Labs examined business critical applications and discovered numerous deficiencies within existing security models: inability to remediate infected machines without extensive outside assistance, driving up costs and impacting productivity; no capabilities to safeguard against unknown attacks, causing a vulnerability gap waiting for signature and O/S patch updates; end-user resistance to scanning and signature solutions that are disruptive, time consuming and often ineffective; no methods for securing unmanaged endpoints that fall beyond the scope of corporate control. The basis for Sana’s anti-malware product began to take shape when Matthew departed from signature models and explored a multi-behavioral approach that examined how malware pieces worked in concert with each other, rather than pre-defined code (signatures). What he and his team ended up with was a technology that could detect and completely remove malicious software, in real time, without requiring scanning or signature updates. The technology was built into Sana’s anti-malware software, Primary Response SafeConnect (PRSC). Sana Security Primary Response SafeConnect takes a proactive approach that both detects stealthy malware threats AND removes the executables, making it impossible for existing code to morph into different variants. Malware attacks that rely on Rootkit technology are preeminent threats that cripple business continuity and exploit online identities. Malware has innate characteristics of how it behaves, allowing it to infiltrate machines via:
Stealth – the ability to hide from the end user or security tools to avoid detection
Survival - the ability to survive system reboots and continue operating
Mission - action to perform an intended goal
Primary Response SafeConnect is the first commercially available anti-malware solution to detect and remove malware, surpassing the limitations of scanning and signature-based security solutions by actively detecting, quarantining and removing malicious software, such as Spyware, Rootkits, Trojans and adware. With a real time, event-based solution capturing variants and zero day attacks, machines are protected even before a signature becomes available. This not only protects organizations, but also individuals who are working outside of their corporate firewall, including connected and occasionally connected users. It protects users instantly and constantly, providing security for unmanaged endpoints while still allowing flexibility and not impacting productivity. Home users and remote users are protected from web sites containing malicious software, including Rootkits, by the solution’s detection and removal capabilities. Active malware is removed from the user’s PC, making it safe to use the Internet. Even previously infected PCs can be cleaned by the software. Key technology advantages include:
Real-time detection and removal of malware through behavioral heuristics instead of relying on signatures
Detection and removal of difficult-to-remove kernel level Rootkits
Protection against known and unknown threats without requiring signature updates
Comprehensive protection that eliminates the need for multiple security products
Complete removal of all traces of malicious software without requiring the user to scan the PC
Protection for mobile and remote users
The detection and removal capabilities are a result of Matthew and Sana Security’s Active Malware Detection Technology v2 (Active MDT). Active MDT allows Primary Response SafeConnect to deliver comprehensive, user-oriented threat protection to safeguard against many different attacks in a single solution. It examines the combination of potential malware behaviors to identify malicious threats. Most behavioral security products examine each behavior individually, however this will not sufficiently determine if a program is malicious since malware is not a single behavior or process. The only effective way to classify malware is to analyze the combination of behaviors, which can be accomplished through Active MDT. By looking at what the code does rather than what the code is, and with the knowledge base of known good and bad, Matthew Williamson and Sana have delivered a robust security offering for enterprises, small businesses and consumers.The revolutionary technology has numerous built-in detection mechanisms enabling it to determine if a program is truly malware, including stealth detection to identify hidden files and processes; survival detection, including multiple generic and advanced methods, for detecting programs that start automatically; and payload analysis, which detects key loggers, unusual network activity and unusual system activity.
The removal process starts immediately when an attack is detected, working to completely remove malicious software components from the file system and quarantine them so that they can be eliminated without leaving a trace. In addition, all related components are removed to prevent malicious software from being allowed to proliferate, installing additional components that become exceptionally difficult to get rid of.
On March 20, 2006, Matthew Williamson and Sana proved the abilities of their dynamic anti-malware software in protecting against complex attacks, involving compromised data and potential identity theft. Sana Labs discovered an in-the-wild Rootkit and Trojan that had been actively infecting machines since at least the 16th of March. Running on a customer machine, the installer component was detected and removed from the customer’s machine before the Rootkit could be deployed. Sana Labs brought the malware in house, reran the installer, and captured the full Rootkit for research.
The resulting analysis revealed a threat with alarming capabilities: This malware, dubbed “rootkit.hearse,” was composed of a stealthy Trojan hidden through Rootkit technology and could survive reboot, meaning it had the ability to remain on the machine indefinitely. It had the ability to discover passwords used previously on a machine, so it did not need to log keystrokes—in particular, it drew information from the Internet Explorer autocomplete feature. The types of information easiest to procure were pulled from transaction that requires an account: banking, online auctions, insurance, airlines reservations, etc. Also, since the Trojan was hidden by the Rootkit, end users could not see the Trojan on their disk.
The Trojan and Rootkit were found during the investigation of an in-the-wild worm, named Win32.Alcra, which had been stopped by Primary Response SafeConnect. This worm, if not prevented, attempted to contact various websites and download additional payloads. On one of these websites was the installer for this Rootkit and Trojan. Once these components were silently installed on a machine, the Trojan invisibly began communicating to yet another web server located in Russia. This web server acted as the repository for the stolen usernames and passwords.
Once Matthew and Sana Labs determined that rootkit.hearse had been active since March 16th, according to dates on the web server where data is collected, they were able to arrive at approximate numbers of affected users. The logs contained almost 40,000 records of user account information, spanning 6,500 sites. Actual numbers of affected users are difficult to estimate as there are many duplicate records, and multiple accounts per user. Sana Labs estimates the number of unique accounts at 20,000. While many thousands of individuals found their sensitive personal data compromised, those with Primary Response SafeConnect were completely protected—the Active MDT in the product detected and removed the installer program for this malware, preventing it from installing on a PC. Matthew and his colleagues on the Sana Labs team were heralded by numerous respected and widely-read publications, including BusinessWeek, Network World, InfoWorld, SC Magazine, Computerworld and PC World—even “BusinessWeek Weekend,” the magazine’s weekly television program.
Matthew Williamson’s recent focus has led him to researching socially engineered attacks. Clearly the threat matrix is changing, and security solutions need to meet hacker’s strategies with equal vigor—especially with the verticalization of malware and the introduction of these socially engineered attacks. In recent years the motivations for writers of such code have shifted from amateurs writing for hobby or notoriety, to professionals writing code for monetary gain, usually by stealing private financial information. The growing complexities in security threats have profound consequences for the incumbent technologies used to combat malicious code. Traditional methods to protect systems from malicious software rely on signatures (a unique identifier for a particular program) to identify malware, and then use a removal script (a list of files to remove, registration entries to reverse, etc.) to clean the infected machine. The longer malware remains on a machine, the more effective it is in stealing personal information and compromising financial data. To ensure a more effective strategy for stealing information, malware writers have developed code that evades traditional detection by continuously mutating so that signatures are outdated, and then breaking into multiple pieces—making removal scripts hard to maintain—to actively resist removal.
In recognizing these attack trends, Matthew continues to enable Sana Security to stay ahead of the curve with technology innovations and forward thinking in the security space. The increasingly sophisticated nature of attacks is a result of malicious software that is faster, increasingly stealthy and significantly more complex in comparison to previous threats. Malware writers have adopted a variety of strategies to prevent their software from being removed by security software.
By continuously trying to place himself in the mindset of a hacker, Matthew can better understand their motivations and the trends of stealth, evasion and removal resistance they build into the malicious software they create.
In the face of countless known and unknown threats, individuals are beginning to grasp the severity of malware attacks and the importance of a defense-in-depth strategy for their security architecture. The superior anti-malware capabilities of Primary Response SafeConnect have led to broad adoption—Sana has shipped an impressive figure of over 50,000 copies of PRSC since its General Availability (GA) release in March 2006. Matthew’s dedication to information security and ability to approach the topic with a fresh and inventive perspective has been a key driver behind Sana Security’s success. A new and growing movement beyond simple anti-virus protection has begun, and Matthew Williamson sits at the helm.
Matthew Williamson’s flair for innovative solutions, as well as his commitment to carrying these through to products, has yielded significant technology advances to address security complications provoked by malicious code threatening computer users worldwide. These technologies have had a tremendous effect on Sana Security’s bottom line and position in the marketplace—in fact, Sana was recently honored with the 2006 Info Security Products Guide Product Excellence Award for “Excellence in Rootkit Removal.” Williamson’s innovations have enabled the company to cross into two new and lucrative market segments. When Williamson joined Sana Security, all the company’s products were dedicated to protecting servers, using a technology called Sana Adaptive Profiling Technology (SanAPT). Williamson’s innovations have allowed Sana to sell products to protect desktop computers, and with the removal technology to move from HIPS into the larger and more lucrative anti-spyware market. These transitions have had a significant impact on the health of Sana Security’s business. In the midst of a crowded space, Matthew Williamson has helped to elevate his company above traditional and common practices to address security issues for today, while projecting future threats. The evolving nature of hacker’s strategies and consequently of information-stealing threats stretch far beyond what traditional security solutions can address today. Williamson has been an integral part in Sana’s mission to provide the most comprehensive anti-malware software, which often requires him to step outside of common and comfortable practices. He is diligent in studying and exploring the many malware components that exist in the wild, and he often takes risks with new and unknown threats in order to better understand all of its components to achieve an equally evolving security suit. He works hand in hand with his team at Sana Labs, sharing ideas, welcoming new, innovative approaches and collectively designing technology that can sustain the many changes that exist in the security space. An innovator is an inventor who puts his or her ideas into practice. Matthew’s invention at Sana Security has been turned into commercial grade, award-winning products. Components of the detection and removal technologies exist in the centrally-managed server product, Primary Response, as well as the stand-alone desktop solution, Primary Response SafeConnect. Together these products are protecting over 200,000 enterprise, small business and consumer machines worldwide and affording customers end to end, instant and constant protection—reducing the attack risk by providing immunity against both known and unknown threats that cripple business continuity and exploit online identities and information, including keyloggers, Rootkits, Spyware, adware and phishing attacks.
Matthew Williamson’s flair for innovative solutions, as well as his commitment to carrying these through to products, has yielded significant technology advances to address security complications provoked by malicious code threatening computer users worldwide. These technologies have had a tremendous effect on Sana Security’s bottom line and position in the marketplace—in fact, Sana was recently honored with the 2006 Info Security Products Guide Product Excellence Award for “Excellence in Rootkit Removal.” Williamson’s innovations have enabled the company to cross into two new and lucrative market segments. When Williamson joined Sana Security, all the company’s products were dedicated to protecting servers, using a technology called Sana Adaptive Profiling Technology (SanAPT). Williamson’s innovations have allowed Sana to sell products to protect desktop computers, and with the removal technology to move from HIPS into the larger and more lucrative anti-spyware market. These transitions have had a significant impact on the health of Sana Security’s business.
In the midst of a crowded space, Matthew Williamson has helped to elevate his company above traditional and common practices to address security issues for today, while projecting future threats. The evolving nature of hacker’s strategies and consequently of information-stealing threats stretch far beyond what traditional security solutions can address today. Williamson has been an integral part in Sana’s mission to provide the most comprehensive anti-malware software, which often requires him to step outside of common and comfortable practices. He is diligent in studying and exploring the many malware components that exist in the wild, and he often takes risks with new and unknown threats in order to better understand all of its components to achieve an equally evolving security suit. He works hand in hand with his team at Sana Labs, sharing ideas, welcoming new, innovative approaches and collectively designing technology that can sustain the many changes that exist in the security space.
An innovator is an inventor who puts his or her ideas into practice. Matthew’s invention at Sana Security has been turned into commercial grade, award-winning products. Components of the detection and removal technologies exist in the centrally-managed server product, Primary Response, as well as the stand-alone desktop solution, Primary Response SafeConnect. Together these products are protecting over 200,000 enterprise, small business and consumer machines worldwide and affording customers end to end, instant and constant protection—reducing the attack risk by providing immunity against both known and unknown threats that cripple business continuity and exploit online identities and information, including keyloggers, Rootkits, Spyware, adware and phishing attacks.
Matthew Williamson received his PhD in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology in 1999. After finishing his PhD he worked for Hewlett Packard Labs in Bristol UK conducting research on various aspects of computer security, with most work on an anti-virus technique called virus throttling. It should be noted that with these education and work experiences, Williamson established a track record in innovation prior to joining Sana Security. For his Masters thesis at MIT, he designed robotic actuators that are commonly used in research robots today. They were recently described by Brian Wilcox, head of the Sojourner robot’s development at NASA, as being the most important development in robot mechanisms in many years. His PhD thesis work on robot arm control is widely cited in academic circles, and his research work on computer virus containment while at Hewlett-Packard Labs is currently being offered by two HP divisions. He has filed over 24 patent applications, and holds 4 patents. Matthew left his position with HP to explore new opportunities in research development with regard to security. He joined Sana Security as Senior Research Scientist in 2004, where he invented and integrated new technology into Sana's product lines as the primary inventor of Active Malware Defense Technology (Active MDT). Active MDT is an innovative approach that uses behavioral heuristics to detect malicious software, before it can harm PCs. Recently, his Active Malware Defense Technology v.2 was incorporated into Sana Security’s newest product, Primary Response SafeConnect—adding the capability for removal, so that the revolutionary anti-malware software can instantly detect malicious software and remove all traces by identifying and analyzing a combination of behaviors. In addition, Matthew Williamson has represented Sana in the press through interviews, webcasts, conferences, and a number of bylined articles published in the trade press. He is currently an advisory board member for the Adaptive Profiling Forum and contributes insight and research to the development and adoption of self-learning, autonomous applications that will change the way technology is employed across many industries and disciplines. Matthew also represents Sana Security on the Anti-Spyware Coalition, a group composed of prominent companies that design or distribute anti-spyware technologies, and public interest groups. Members devote their efforts to building a consensus around defining and best practices in spyware and other potentially unwanted technologies. Matthew’s presence illustrates Sana’s commitment to combating the growing spyware problem by helping the organization to deliver innovative defense techniques to a broad audience of consumers and enterprises.
Matthew Williamson received his PhD in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology in 1999. After finishing his PhD he worked for Hewlett Packard Labs in Bristol UK conducting research on various aspects of computer security, with most work on an anti-virus technique called virus throttling. It should be noted that with these education and work experiences, Williamson established a track record in innovation prior to joining Sana Security. For his Masters thesis at MIT, he designed robotic actuators that are commonly used in research robots today. They were recently described by Brian Wilcox, head of the Sojourner robot’s development at NASA, as being the most important development in robot mechanisms in many years. His PhD thesis work on robot arm control is widely cited in academic circles, and his research work on computer virus containment while at Hewlett-Packard Labs is currently being offered by two HP divisions. He has filed over 24 patent applications, and holds 4 patents.
Matthew left his position with HP to explore new opportunities in research development with regard to security. He joined Sana Security as Senior Research Scientist in 2004, where he invented and integrated new technology into Sana's product lines as the primary inventor of Active Malware Defense Technology (Active MDT). Active MDT is an innovative approach that uses behavioral heuristics to detect malicious software, before it can harm PCs. Recently, his Active Malware Defense Technology v.2 was incorporated into Sana Security’s newest product, Primary Response SafeConnect—adding the capability for removal, so that the revolutionary anti-malware software can instantly detect malicious software and remove all traces by identifying and analyzing a combination of behaviors.
In addition, Matthew Williamson has represented Sana in the press through interviews, webcasts, conferences, and a number of bylined articles published in the trade press. He is currently an advisory board member for the Adaptive Profiling Forum and contributes insight and research to the development and adoption of self-learning, autonomous applications that will change the way technology is employed across many industries and disciplines. Matthew also represents Sana Security on the Anti-Spyware Coalition, a group composed of prominent companies that design or distribute anti-spyware technologies, and public interest groups. Members devote their efforts to building a consensus around defining and best practices in spyware and other potentially unwanted technologies. Matthew’s presence illustrates Sana’s commitment to combating the growing spyware problem by helping the organization to deliver innovative defense techniques to a broad audience of consumers and enterprises.
Sana Security 2121 S. El Camino Real, Suite 700 San Mateo, CA 94403 USA Tel: 1-650-292-7000
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
