​RSA Conference: Symantec hones focus following Veritas separation

Following their formal separation from Veritas, Symantec is now focussing on the four pillars of their business.

Symantec’s Senior Vice President for product Development Amit Jasuja, during an exclusive interview given during last week’s RSA conference, told us that when the separation began some 14 months ago, Symantec’s management team looked at what they needed to do.

“We decided we needed to create more focus and teams that would align better with what enterprise buying centres want. So we’ve created these four pillars,” he says.

The first of the four pillars of Symantec’s business is analytics and technology. This is where there’s a strong focus on threat research and advanced machine learning. According to Jasuja, that team is looking at over a million threats each day using telemetry from end points and other sources.

Threat protection remains an important pillar of the business for Symantec. This covers all sorts of end points including mobile, desktops, gateways and servers. This isn’t limited to just blocking but also covers detection and remediation.

Information protection, covering access control, the use of multi-factor authentication, DLP and encryption for the third pillar of Symantec’s strategy.

“As people move to the cloud,” says Jasuja, “the concern is are people using sanctioned systems for sharing information? Are they violating company information policies?’.

Cybersecurity services focusses on the delivery of positive security outcomes. Rather than being about specific products, this pillar is about delivering a holistic solution that brings together prevention, monitoring, detection and response so problems are remediated and proactively guiding people on staying ahead of threat actors.

A big part of the changing environment isn’t just the increased number of threats but the growing threat surface created by the proliferation of the Internet of Things, or IoT. This has driven a re-architecture of Symantec’s systems as they shift from dealing with millions of end-points to billions.

“People are also looking more and more for behaviour and machine learning and anomaly based problems that aren’t always, necessarily, malware. They’re looking for protection for users that have been compromised, or disgruntled employees or user errors. Our customers are starting to ask those questions,” says Jasuja.

This thirst for information by customers is driving the re-architecture says Jasuja. This one of the drivers behind the relaunch of Symantec’s Security Operations Centre in Singapore last November.

IoT is going to be a significant driver for change in the security architecture for many organisations. Jasuja says there are three specific points of presence in an IoT ecosystem. There are the specific sensors which typically run on batteries with some sort pf wireless capability such as Bluetooth LE, in the case of consumer devices, or other radios such as Zigbee. Then there is a gateway where the data coming from sensors is aggregated which connects to the third point, a backend system that does something useful with the data.

Symantec is of the view that it’s possible to collect data from all of these points in order to understand what is happening in the system in order to detect and remediate security issues.

They are also working with gateway manufacturers to embed their security offerings.

“We’ve taken our data centre hardening product and created a stripped down version that has been optimised for lightweight, real-time operating systems,” says Jasuja.

They can also do hardening on IoT sensors and do code signing through the Symantec SSL (formerly VeriSign) products to ensure only approved code is installed onto devices.

Given the increasing number and sophistication of recent mega-breaches, and the apparent inability of the security at large to prevent these incidents, I asked Jasuja what Symantec is doing that is different.

Read more: ​Can fiction inform reality – a look into CSI:Cyber

“One of the things people are realising is that if they have 90 different technologies, I am not sleeping any more soundly. The problem is people have tried to build so many different solutions for every air-gap they have found that, if effect, what they’ve done is created information overload for their SOCs and analysts so people are missing things”.

Jasuja says people are now looking for ways to “rationalise the mess’. Part of this is the establishment of a reference architecture that simplifies security infrastructure.

“People have one prevent solution, one detect solution and one remediate solution. And that is for each control point. They have that on the ned point. But for email they have a completely different solution. And something else for the network”.

Something I’ve noticed over recent years, and highlighted by Jasuja, is that the information security industry is strongly driven by fear. With so many high profile targets breached, many vendors are bypassing CISOs and CIOs and talking directly to other parts of the business and using fear to drive sales. As result, people are sometimes “jamming technology in there”, says Jasuja.

The need to consolidate those to a smaller set of tools with a single management console is a significant challenge that CISO’s are trying to overcome. This will allow threats to be prioritised and managed accordingly.

Anthony Caruana attended RSA Conference as a guest of RSA

Join the CSO newsletter!

Error: Please check your email address.

Tags ​SymanteccybersecurityRSACRSA Conference 2016CSO Australia

More about DLPRSASymantecVeritas

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place