Enterprise security is important for Symantec, accounting for roughly half its business, and as a growing number of companies switch to cloud-based services, cloud security is high on Symantec’s agenda.
“We have been moving very aggressively towards cloud, not only in the delivery of our products, but it is also the biggest problem facing our customers,” Symantec’s chief technology officer (CTO), Hugh Thompson, told Computer Weekly.
“Most companies are switching to cloud after they realise that software as service [SaaS] makes far more business sense than renewing traditional software licences.”
“And once they put their email and collaboration tools in the cloud, they started thinking about moving internal apps into the cloud too. There was no longer a psychological barrier to taking advantage of the economic benefits of the cloud,” he said.
As a result, Thompson said a lot of Symantec’s customers were in the process of moving applications to the cloud and embracing cloud-based services and infrastructure more than ever before.
“But many organisations are mindful of the security implications and the fact that while none of the old challenges go away by moving to the cloud, there are now some new ones, mainly relating to configuring cloud-based services and storage to ensure only authorised users are able to gain access.”
The challenge that many organisations are grappling with, said Thompson, is how to ensure correct and appropriate governance across their cloud-based services and infrastructure.
“So in the past few years, we have invested in tools that enable organisations to manage cloud applications that are pure SaaS and put rules and governance around them,” he said, adding that these tools – known as cloud access security broker (Casb) technology – have enabled organisations to re-educate themselves about what it means to be secure, now that they have moved into the cloud era.
The security basics around data, identity and policy continue to be extremely important, said Thompson. “But now there are different controls that also need to be in place, and Casb technology – which was initially popular in the US – is now recognised around the world as being very useful in this regard because most SaaS companies have not provided a consistent way to apply policies across all the apps that are used within the business, and this a big problem for organisations around the world.”
As a result of its aggressive acquisition strategy, Thompson said Symantec had moved on from where it was 10 years ago and was now in a position to cater to companies that are looking for best-of-breed products, as well as those looking for a suite of integrated products that can be easily and consistently managed, including best-of-breed endpoint protection, email security, cloud security and network security.
“Symantec has a long heritage in security endpoints and we have invested heavily in that space. Email is another critical attack vector and our email security business is now second only to Proofpoint. In addition to our network and web security products, we have one of the leading Casb products, and so you can have best of breed with best of suite at the same time, without compromising,” he said.
Openness and interoperability
Symantec’s new philosophy is to be “completely” open, said Thompson, and by publishing all the application programming interfaces (APIs) the company uses, it has ensured interoperability not only with all other Symantec products, but also with products from competitors.
This approach of “proactive” integration, he said, was a big cultural change for Symantec – especially in research and development – but it means it is easy for organisations to add best-of-breed products and for other tech developers to develop on top of Symantec technology to enable integrated cyber defence. “It also means that Symantec’s tech will work with, and even potentially improve the effectiveness of, other existing tech investments.”
Symantec’s open philosophy has led to the establishment of its 125-member Technology Integration Partner Program (Tipp) to ensure interoperability with products developed by startups and competitors alike. “This is how the security industry needs to be in the longer term,” said Thompson.
“Attackers can pivot on a dime, so why not have an environment where you can allow people to bring innovation, no matter where it comes from, and then provide the opportunity for engineers from all parties to work together on enabling APIs to work well together,” he said.
Alongside the Tipp, Symantec has launched a venture capital fund to enable Symantec to foster innovation in the very early stages of development and develop close working relationships with startups and help fast-track innovation by providing a basic technology stack on which they can build.
Security technology, said Thompson, has evolved from static rule-based and signature-based policies used to govern the business in a defined perimeter.
“Next we moved into the epoch we are still in – the epoch of analytics and machine learning or trained models, that are aimed at predicting the future and then trying to prevent things, but I believe that the next epoch has to be around human psychology,” he said.
Psychology and anthropology
As a result, Thompson said a growing proportion of people working in Symantec’s Horizon3 labs looking at technology developments in the next three to five years were being drawn from the fields of psychology and anthropology.
“Some of the PhDs we are hiring have zero background in technology because we are seeing incredibly sophisticated attacks against people who are employees of targeted companies, and there is no clear understanding of how to defend against these types of attacks that are exploiting zero-day [vulnerabilities] in people that are actually unfixable,” he said.
People have long exploited these human vulnerabilities on a personal level, said Thompson, but in a digital era, this can now be done remotely and at scale because just about everyone is now knowable from a distance through the data, video and audio available online.
“Already we are seeing highly sophisticated attacks that manipulate employees into transferring company funds into criminal accounts using a phone call that sounds like it is from the company CEO because criminals are using AI [artificial intelligence] to create deep fakes of executives’ voices to issue instructions and respond to questions.”
According to Thompson, attackers only need about 15 minutes of recordings of someone’s voice to be able to create one of these deep fakes. “These recordings can be fairly easily sourced from media interviews and the like, and few people are likely to query an instruction that sounds like it is coming from their CEO or someone else they know and trust,” he said.
Threats like these, he said, require a new type of approach, and Symantec is already researching ways of analysing audio on devices to give call recipients an indication of how likely it is that the caller on the line is human or generated using an AI model.
“We have to empower people, but I am jaded about trying to do it through education because it is too complicated and very few people care, so the goal has to be finding technological ways of getting people to be more attentive and to make better choices by signalling that they may be at heightened risk of manipulation or attack,” said Thompson.
He said the security industry needed to consolidate and that psychology and anthropology would be “critical” to the future of digital safety.
Read more about cloud access security brokers
- A series of acquisitions have drastically reduced the number of stand-alone cloud access security brokers and reshaped the CASB market for years to come.
- Cloud and distributed apps create complex security challenges. CASBs aim to resolve these issues with features for threat protection, data loss prevention and more.
- Cloud access security brokers offer CISOs a way to set policy and gain better understanding of cloud services and data in use across the enterprise.