Symantec draws new security picture

With a background that started at computer store back in the 1990's, Symantec's COO Stephen Gillett has climbed the corporate ladder rapidly. After being spotted by the Chairman of the largest hospital chain in the Pacific northwest of the USA while working at Office Depot, he was appointed as the IT manager of a new hospital. After moving from that to his own start up, he became the CIO of Starbucks at the age of 31. He's now the COO of Symantec.

Over that time, Gillett has seen a huge shift in the way IT security is managed.

"Having grown up in IT, a lot of the security used to be that there was a perimeter and we had to defend it and we had a lot of investment going into edge devices. Once the bad guy, the bad actor, got in, it was kind of a scramble to deal with that," Gillett said.

Today's world is far more complex with threats coming from multiple angles.

"It used to be that people would hack in. A script kiddie would get online and get access to something. Then you have digital arms for organised crime that are going after identities. Now we have nation states, which are much bigger. They're not after monetary gain or notoriety. They have much more dark arts in mind. They're going after intellectual property and state secrets. You see the Snowden work being pulled into that".

At the same time the needs of users when it comes to security have changed. They no longer want to survive in a locked-down environment. They want ways to navigate that world so that their identity and information is protected no matter where they are in that world.

Gillett told us that Symantec took a new approach to looking at the market that they were operating in.

"Symantec took the approach of trying to better understand the entire environment that their customers operate within. One approach was to use an artist in meetings to illustrate the complex interactions customers had with their local applications, online services, mobile devices and other tools. What they discovered was far more complex environment than expected".

Customers were no longer looking at purely perimeter-based solutions. Instead, they wanted the benefits of all the new services and technology that are now available and management of security rather than simple blocking. And it's likely that a successful security strategy would not be a set of point solutions. It will take a more cohesive and coordinated multi-factorial response.

Read more: Navigating the balancing act: how to support user privacy whilst maintaining control of corporate-owned data

"It's not just BYOD anymore – it's BYO Everything. It used to be about trying to keep the bad guy out of that world. Now the bad guys are in that world with them. No one single defence is going to work. It's going to take an industry and ecosystem working together from the hardware level to the network to the end point to the application working together to orchestrate and end-to-end view to protect users".

One of the challenges faced by consumers, businesses and governments is that cyber criminals are very organised. Beyond simply having markets where zero-day threats, identities and other information is exchanged – for a fee – there are even defined career paths for professional malware developers and distributors.

"When I talk about thought leadership, it's not about 'here's our advanced APT discussion and it's better than yours', it's how do we collectively say that the way security is consumed and deployed is done in a way that creates a mesh network or a stronger framework for us to protect the things we need to protect".

For CISOs and CSOs – the path ahead will require planning for multiple threat vectors and working under the assumption that your systems will be compromised to some degree. That means having systems in place that protect the perimeter  -that requirement is not going away – but also having systems and processes in place to deal with threats through the entire fabric of IT operations.



This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags perimeterBYO EverythinghacksecuritySnowdenSymanetccybercrimeBYODStephen Gillett

More about APTCSOEnex TestLabOffice DepotStarbucksSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place