/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_attachments/b08993edb8edbbc63e860cabfe59fa1356ca652d406af00141e486e8cdd58e2b.jpg "publive-image")
Bjorn Engelhardt, VP of Symantec Hosted Services, APJ, is confident when he shrugs off the pall of security concerns that shrouds clouds. And the same confidence oozes forth as he talks about combating next generation of threats, be it rogue software, IT security spends, or the new genre of single point attacks. Excerpts from an interview.
What has changed inside the hacker’s mind in the recent months, when it comes to enterprise security attacks?
Smartness, and single approach to attacks as against the earlier approach of mass ambush, is clearly a turning point. Today hackers are able and active on collecting information from a FB or Linkedin account, or send a friendly looking email with a compromised PDF file, or use apparently low-key ways of access. Single attacks have taken over, whether it’s through messages, web or email. They know that their target’s online and social life has turned a new wave and that’s what they are emulating. There’s a definite change in their style and approach.
Rogue software is the latest threat form haunting users. How disturbing is it when you hear about this new twist of social engineering, more so with pop-ups having malicious software posing as anti-virus software?
It is always disturbing. It has happened in the case of phishing earlier. The whole concept is an upsetting trend. When someone is able to masquerade as someone else and dupe a user into a threat trap, it disturbs. That’s where individual Vs systematic approach to security and threats works and helps. In fact in one of our presentations, we go to the point of saying it tongue-in-cheek that security is no more your business. The whole point is letting threats be dealt as systematically and with as much expertise as the way they come from the other side.
What’s happening on the catching-up front when it comes to increasing sophistication of threats?
Our roadmap for next quarters is very exciting. From hosted endpoint security, hybrid model of DLP, online backup storage etc, we are expanding in a number of areas.
Talking of the market excitement around cloud platforms, there is this hard-to-ignore torrent of skepticism which has security as its fountainhead. In that backdrop, how ironical do you find offering security in a cloud model?
It’s actually easy. As customers are concerned about security, we can offer them the encryption and security levels required. Our job is to make the user more secure in whatever the customer is looking at. The shift to hosted versions is increasingly rapidly. In fact, we want SaaS to be 15 per cent of our revenues in the next five years. Adoption has picked up from on-premise to hosted environments.
Is their a comforting up tick in the security side of IT spends?
There is always a large spend in this area. Specially when we are moving from a capital model to an expenditure model. The per month or per user pricing approach is getting good response, when coupled with satisfactory service levels.
Any other swings in threat landscape, specially for India?
India is consistently in top-10 spot for spam-sent. India’s spam is coming from many regions like Brazil (14.3 per cent), US (12.3 per cent) and India (10 per cent).
Globally, in terms of proportion of spam sent (which is also a measure of how many bot infections there are), a small group of countries are consistently in the top 10. In no particular order, Brazil, USA, Turkey, India, China, Poland, Russia, United Kingdom, Germany, and Republic of Korea almost always occupy a top-10 spot, but the particular position from hour to hour and day to day changes.
India is also a major global sender, always in the top10, frequently in the top five. India has a relatively high locally sent element - like Singapore.
What’s the next level?
As per the MessageLabs Annual Report on security trends in 2009, it is predicted that in 2010 botnets will become autonomous and migrate to a design based on "inbuilt self-sufficient code", able to adapt to anti-botnet activities and so improve their survival chances. The company has detected five million PCs that are now working on behalf of the botnets. The ten major heavyweight botnets of 2009 include Cutwail, Rustock and Mega-D, now controlling at least five million compromised computers. Another point worth mentioning is that in 2009, 90.6 per cent of spam contained a URL.
Spam had themes in 2009 including St. Valentine’s Day, the H1N1 flu pandemic and the deaths of celebrities including singer Michael Jackson and actor Patrick Swayze. CAPTCHAs (Completely Automated Public Turing test to tell Computer and Humans Apart), came under increased scrutiny in 2009 as CAPTCHA-breaking tools have been readily traded in the underground economy.