Andrea Danti - Fotolia
Symantec is betting on making life simpler for information security professionals and embracing mobile and cloud in the company’s post-storage era.
Nine months after announcing plans to spin off its storage business that came with the acquisition of Veritas in 2005, Symantec is putting finishing touches to a strategy for its security products.
The strategy is based on a review of Symantec’s technology in light of the fact that attackers are becoming increasingly sophisticated, a proliferation of security tools is overwhelming information security professionals, and most companies are embracing mobile and cloud computing.
“Attackers are overtaking the capacity and ability of the average private and public sector security teams to keep up,” said Amit Jasuja, senior vice-president of products and enterprise security at Symantec.
At the same time, the average chief information security officer (CISO) is being overwhelmed by the number of technologies they have, he told Computer Weekly.
A recent survey of CISOs by The Research Board revealed the average number of security tools used by medium-sized and large companies is 70, with the largest companies reporting 100 tools or more.
“A lot of our customers are looking to simplify their lives. They do not want any more tools because they do not have the capacity to look at the alerts it would generate,” said Jasuja.
The third major trend affecting information security, he said, is that most organisations are already using mobile computing devices and cloud computing services.
“Traditional security technologies such as virtual private networks (VPNs), firewalls and other perimeter-based defences do not apply very much any more, as companies move their servers and software applications into the cloud,” said Jasuja.
Simple yet sophisticated security
Symantec is gearing to address these three major trends by grouping its products to focus on threat protection, information protection and security analytics, over-arched by its cyber security services.
The threat protection products are aimed at addressing the increased sophistication of threats driven by state sponsors and organised crime groups.
Symantec hopes to reduce the complexity of multiple dashboards and multiple agents on servers and mobile devices by using a single agent across the whole IT estate, which is managed using a single console.
“We have opted for a cloud-based management console and a single agent configurable to do what the organisation requires and is easily updated and managed from the cloud,” said Jasuja.
With a single agent across its servers, point of sales systems, mobile computing devices and smartphones that has been extended to do more, he said Symantec aims to provide comprehensive threat protection and enable organisations to get a view of everything that is happening.
“The same agent that has been doing anti-virus, intrusion prevention and intrusion detection on more than 175 million endpoints around the world is being extended to do things like detection and response,” said Jasuja.
This means organisations will be able to query their entire network to find out if particular threats exist anywhere on that network and take the appropriate actions to remove any instances that are found.
“We want to deliver the power for organisations to see alerts and the evolution of a threat and carry out remedial actions – all from a single screen on a single console,” said Jasuja. This means organisations could consolidate from five or six tools down to one.
Securing mobile and cloud environments
Symantec’s information protection products are aimed at enabling organisations to use mobile and cloud computing securely by using biometrics to stop the abuse of credentials and by protecting data directly. This is done through encryption and data loss prevention (DLP) working together to prevent exfiltration.
“DLP and encryption are fairly well established in the enterprise, but we are looking to extend that to mobile and cloud computing environments, with the latest version of our DLP product enabling scanning and DLP policy enforcement for all data in Microsoft Office 365 and Box,” said Jasuja.
The security analytics group of products are supported by telemetry and threat data received from the 175 million endpoints worldwide under Symantec’s protection.
“The huge amount of data we have about what is happening around the world and the database we have built of more than four trillion threats enables us to find problems faster and make our products more effective by building analytic and heuristic capabilities on top,” said Jasuja.
“In our strategy we are exposing that security analytics platform, which can deliver a verdict on suspected malware in minutes, directly to customers. This means it is no longer necessary to have a Symantec product to be able to make use of that intelligence network,” he said.
Symantec claims its global intelligence network (GIN) is the largest civilian intelligence network, surpassed only by five government intelligence networks.
“By getting direct access to our GIN, organisations will be able to answer questions such as what malware they are most likely to encounter, how they compare with their peers in terms of cyber hygiene and what level of hygiene exists among their customers,” said Jasuja.
Security expertise on tap
The fourth component of Symantec’s new strategy is its cyber security services (CSS), which are designed to enable organisations to tap into security specialists as and when they are needed.
“We can go and work with organisations to provide security expertise, including responding to incidents, providing security training and even conducting attack simulations and red team exercises,” said Jasuja
As part of Symantec’s strategy to simplify security and help organisations cope better with demands on their security teams, he said that regardless of an organisation’s security technologies, CSS will monitor, repond and provide forensics and insight as required.
In terms of achieving this strategy, Jasuja said biometric authentication, data protection in Microsoft Office and Box, the cyber security services and the security analytics platform are already in place.
Still under development, he said, is the ability to deliver results instantaneously on telemetry data, the multi-control point detection and forensics capability, and cloud-based encryption and DLP.
In the meantime, Jasuja said Symantec is helping existing customers to get their tools to work together, working with third-party suppliers where necessary, as Symantec products are all brought under a single console and a single set of policies.
“The advantage for exiting customers is that there is a path forward for all of the products. As new capabilities are added, they will just have to update the existing client without having to deploy new software,” he said.
According to Jasuja, although fees will be payable for new capabilities, Symantec expects customers to see a return on investment through no longer needing five other tools from five other suppliers with associated licensing fees and integration costs.
All the products and services underpinning the strategy are scheduled for completion by the end of 2016, but most will be done within 12 months, said Jasuja.
“A good chunk of it will become available in the last three months of 2015, with more coming in the early part of 2016,” he added.
In the new era, Jasuja said Symantec is not trying to be all things to all people, but instead is focusing on threats and protecting information in the mobile and cloud environments.
“We also want to be the people organisations call when they have a problem because we have a tremendous amount of research and research capabilities to be able to dissect threats and provide insights into the actors behind the threats,” he said.
Read more about threat intelligence
- Sharing information to detect threats is great, but getting the security posture properly designed is the better option, says Tenable founder.
- Acquiring access to threat intelligence services is a relatively easy way to improve the quality of attack detection throughout the network security infrastructure of your enterprise.
- New threat intelligence tools aim to improve data security and even standardise threat intelligence across the industry.