Following their formal separation from Veritas, Symantec is now focussing on the four pillars of their business.
Symantec’s Senior Vice President for product Development Amit Jasuja, during an exclusive interview given during last week’s RSA conference, told us that when the separation began some 14 months ago, Symantec’s management team looked at what they needed to do.
“We decided we needed to create more focus and teams that would align better with what enterprise buying centres want. So we’ve created these four pillars,” he says.
The first of the four pillars of Symantec’s business is analytics and technology. This is where there’s a strong focus on threat research and advanced machine learning. According to Jasuja, that team is looking at over a million threats each day using telemetry from end points and other sources.
Threat protection remains an important pillar of the business for Symantec. This covers all sorts of end points including mobile, desktops, gateways and servers. This isn’t limited to just blocking but also covers detection and remediation.
Information protection, covering access control, the use of multi-factor authentication, DLP and encryption for the third pillar of Symantec’s strategy.
“As people move to the cloud,” says Jasuja, “the concern is are people using sanctioned systems for sharing information? Are they violating company information policies?’.
Cybersecurity services focusses on the delivery of positive security outcomes. Rather than being about specific products, this pillar is about delivering a holistic solution that brings together prevention, monitoring, detection and response so problems are remediated and proactively guiding people on staying ahead of threat actors.
A big part of the changing environment isn’t just the increased number of threats but the growing threat surface created by the proliferation of the Internet of Things, or IoT. This has driven a re-architecture of Symantec’s systems as they shift from dealing with millions of end-points to billions.
“People are also looking more and more for behaviour and machine learning and anomaly based problems that aren’t always, necessarily, malware. They’re looking for protection for users that have been compromised, or disgruntled employees or user errors. Our customers are starting to ask those questions,” says Jasuja.
This thirst for information by customers is driving the re-architecture says Jasuja. This one of the drivers behind the relaunch of Symantec’s Security Operations Centre in Singapore last November.
IoT is going to be a significant driver for change in the security architecture for many organisations. Jasuja says there are three specific points of presence in an IoT ecosystem. There are the specific sensors which typically run on batteries with some sort pf wireless capability such as Bluetooth LE, in the case of consumer devices, or other radios such as Zigbee. Then there is a gateway where the data coming from sensors is aggregated which connects to the third point, a backend system that does something useful with the data.
Symantec is of the view that it’s possible to collect data from all of these points in order to understand what is happening in the system in order to detect and remediate security issues.
They are also working with gateway manufacturers to embed their security offerings.
“We’ve taken our data centre hardening product and created a stripped down version that has been optimised for lightweight, real-time operating systems,” says Jasuja.
They can also do hardening on IoT sensors and do code signing through the Symantec SSL (formerly VeriSign) products to ensure only approved code is installed onto devices.
Given the increasing number and sophistication of recent mega-breaches, and the apparent inability of the security at large to prevent these incidents, I asked Jasuja what Symantec is doing that is different.
“One of the things people are realising is that if they have 90 different technologies, I am not sleeping any more soundly. The problem is people have tried to build so many different solutions for every air-gap they have found that, if effect, what they’ve done is created information overload for their SOCs and analysts so people are missing things”.
Jasuja says people are now looking for ways to “rationalise the mess’. Part of this is the establishment of a reference architecture that simplifies security infrastructure.
“People have one prevent solution, one detect solution and one remediate solution. And that is for each control point. They have that on the ned point. But for email they have a completely different solution. And something else for the network”.
Something I’ve noticed over recent years, and highlighted by Jasuja, is that the information security industry is strongly driven by fear. With so many high profile targets breached, many vendors are bypassing CISOs and CIOs and talking directly to other parts of the business and using fear to drive sales. As result, people are sometimes “jamming technology in there”, says Jasuja.
The need to consolidate those to a smaller set of tools with a single management console is a significant challenge that CISO’s are trying to overcome. This will allow threats to be prioritised and managed accordingly.
Anthony Caruana attended RSA Conference as a guest of RSA