Advertisment

Symantec offers advanced threat protection and layered security

security, advanced threat protection, Symantec

author-image
Pradeep Chakraborty
Updated On
New Update
tarun kaura

BANGALORE, INDIA: Symantec's end-to-end approach to security promises to deliver an integrated advanced threat protection across the endpoints, email and gateway, to provide customers with critical detection and response capabilities at each respective control point. Excerpts from an interview with Tarun Kaura, director – Technology Sales, India, Symantec.

Advertisment

CIOL: How has the security landscape evolved over the last few years? And what are the key challenges faced by Indian security industry?

Tarun Kaura: In the past couple of years the threat landscape in India has seen a significant overhaul as cyber attacks have become more sophisticated.

With IT infrastructure becoming more complex and information getting dispersed across devices, apps and locations: physical, virtual and cloud; attackers have found new avenues and gaps to exploit. The emerging technologies such as Cloud, Mobility, Virtualization, Big Data, Social Media to name a few, are disruptive forces that are radically changing enterprise security today.

Advertisment

Symantec’s latest Internet Security Threat Report (Vol 19) revealed that 69 percent of targeted attacks in India were aimed towards large enterprises. In addition to this, a considerable shift has also been noticed amongst cybercriminals who are willing to wait for the perfect timing and larger returns.

Indicating that targeted attacks are on the rise and advanced persistent threats (APTs), while very focused in whom they target, are a real threat for organizations; capable of stealing financial/customer data and intellectual property, by compromising critical information assets.

According to Lloyd’s Risk Index 2013, cyber risk, in the span of two years, has become the #1 technological risk and #3 business risk globally, surpassing other business risks such as inflation and rapid technological changes.

Advertisment

To counter attack situations like these, it is imperative that organizations exercise unified security coverage as adversaries are targeting all control points. Tools used to secure organizations a decade ago will prove to be of limited use as organizations need security beyond just endpoints.

CIOL: You mentioned about Advanced Persistent Threats. Can you explain how these threats work and has Symantec identified any such threat in the recent past?

TK: An Advanced Persistent Threat (APT) is a type of a targeted attack, however, it uses multiple phases to break into a network, attempts to avoid detection, and also harvests valuable information over the long term.

Advertisment

They are usually carried out in multiple phases where the cybercriminal invests sufficient time in researching the target organization and their internal and external stakeholders - often aimed at stealing intellectual property. Concurrently, they also develop malware that could take advantage of the known vulnerabilities on various websites that the employee visit, mostly through a phishing email.

Recently, a similar approach was identified by Symantec, devised by a hacker group called ‘Dragonfly’ that targeted enterprises in the energy sector in the west. This group initially began sending malware in phishing emails to personnel in target firms.

Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.

Advertisment

Advanced Persistent Threats: How They Work Advanced Persistent Threats: How They Work

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

CIOL: As a leader in the security space, what innovation has Symantec made to stay protected against the advanced threats and security issues we have seen in recent months?

Advertisment

TK: Currently, many businesses lack holistic IT security practices and technologies to deal with the new set of challenges posed by the advanced threats we’re seeing today. The days of AV-only are behind us. We have to approach security differently: if it’s connected it must be protected, regardless of platform or device.

At Symantec, we offer advanced threat protection and layered security. We have rich technologies designed to support and protect every facet of digital information.

What organizations need is security across all control points working together, with incident response capabilities and global information intelligence, to beat the bad guys. With Advanced Threat Protection (ATP), we’re bringing that powerful arsenal to the market.

Advertisment

With this entirely new approach to ATP, where we are unveiling a roadmap of integrated solutions that demonstrates the security innovation power that only Symantec can deliver to really address the multitude of enterprise cybersecurity requirements of today. Symantec’s ATP approach also embraces Symantec Managed Security Services - Advanced Threat Protection (MSS-ATP), that significantly reduces the time it takes to detect, prioritize and respond to security incidents by producing integration between its endpoint security and third-party network security vendors’ products.

This data enables customers to rapidly and effectively contain, investigate and remediate unknown and zero day attacks that evade traditional security solutions. By prioritizing real threats, IT organizations can reduce false positives and operating costs and ensure that they are protecting against the most significant vulnerabilities.

CIOL: What are the new initiatives Symantec has undertaken to spread awareness about the new age cyber-attacks?

TK: Symantec being the leader in the information security and management space, has taken strategic steps towards education organizations about the new challenges and situations evolving in the threat landscape. In an endeavor to apprise businesses of their security readiness,

Symantec recently hosted the Cyber Readiness Challenge or CRC - an immersive, interactive ‘capture the flag’ competition that models scenarios based on the current threat landscape using realistic IT infrastructure for the first time in India.

A first-of-its-kind initiative undertaken by a security vendor, the CRC and has been designed for security experts in organizations to experience new attack methods powered with latest technologies. It puts participants in the hacker's shoes to better understand their targets, technology and thought processes so they can ultimately better protect their organization and themselves.

Symantec also undertakes various reports, such as the Symantec Internet Security Threat Report and other activities to stay connected with customers and partners and to discuss the current threat landscape, create awareness and readiness on the new-age attacks.

CIOL: What are new opportunities security industry needs to explore? Can you share more details on Advanced Threat Protection offered by Symantec?

TK: According to the Symantec ISTR, in 2013, globally, there was a 62 percent increase in the number of data breaches from the previous year. The size and scope of breaches is exploding, putting the trust and reputation of businesses at risk.

With adversaries targeting all control points from the gateway to email to the endpoint, organizations now need to move from keeping malware out to finding the malware their network, and responding to it quickly and efficiently.

Symantec’s Advanced Threat Protection solutions are specifically designed to improve the organizations’ capabilities from just “Protect” to “Protect, detect and respond”. This end-to-end approach will deliver integrated advanced threat protection across the endpoints, email and gateway to provide customers with critical detection and response capabilities at each respective control point.

The uniqueness of this product comes with advanced technologies like Symantec’s Dynamic Malware Analysis Service, a cloud-based sandbox environment where behavioral analysis of active content can be used to quickly maximize threat identification; and Synapse, which enables smooth communication between the endpoint, email and gateway to facilitate improved response.