Advertisment

When it comes to security, responsibility is the most fractured decision

Enterprise security: Interview with Tarun Kaura, Director, Solutions Product Management, APJ, Symantec

author-image
Sonal Desai
New Update
tarun kaura

Sonal Desai

Advertisment

Tarun Kaura, Director, Solutions Product Management, APJ, Symantec, discusses the shifts in the security landscape and new trends like advanced persistent threats (APT).

Why is Symantec betting big on APT?

APT is the third or fourth new product that we launched in the last couple of months. We look at it differently.

Firstly, you correlate few control points: you may have on a network all you see are email and HTTP graphic, but you don’t see what’s happening at the endpoint.

Advertisment

Let me give a simple use case. Let’s say I am a user in enterprise who has access to their email and the Web. I get out of the enterprise with my laptop, and log on their wireless which is not secure and I download a malware.  It’s never going to be captured by these devices because I am outside the enterprise network. So, email is your vehicle or a carrier but the road is your network, but what gets infected is the endpoint. And that’s why with our advanced threat protection (ATP), we are going to have three control points unified to the customer from a data perspective where he looks at email, Web and endpoint.

Secondly, a lot of technologies in ATP are doing sand-boxing at the customer premises; here they call it local.  But the fact is people have moved to cloud. So, if you bring sand-boxing locally, that’s a great technology though, but we have also seen that there are millions of malware which is written on daily basis, almost a million per day by hackers to exploit and go after the enterprises; around 28 percent of which are dormant in a VM and other virtual environments. Even if a customer has sand-boxing environment, one in a three malware is a miss.

What’s the process?

For this we first look at the file repetition on virtual machines or cloud, because we have been having this file reputation technology on endpoint for years.

Advertisment

We also study the correlation back home with global intelligence in the cloud and VMs because we collect lot of telemetry data which is updated every minute on our big data platform.  We have millions of sensors across 157 countries.

For instance, if it’s a bank and we saw a Trojan or a malware in a global setup in a bank, we study the trend, where it may attack, immediate campaign on you so and what steps you need to take to remediate—and this is based on correlation.

What are the trends worrying the CIOs and CISOs where enterprise security is concerned?

Enterprises have moved to the path of digital. Therefore, the business is going to put pressure back to IT saying that I need effectiveness in my channel of working. I need business to be more optimized. I want the cost per transaction to go down.

Advertisment

Secondly, Internet of Things (IoT) has evolved as the new endpoint, and we are already protecting a billion IoT devices. So, we had critical system protection which a customer used for data center protection. We actually brought it down and migrated the system from signature-based to digital trust certificates, code signing and critical systems protection to help customers on the IoT framework.

Look at banking, telecom, cellular service—they are using lot of things to interact with customers. And if you look from that perspective, the biggest issue is that when customers take this journey how do they actually look at security. Is it a catch-up game or is it inherent within the architecture?

I think that’s where enterprises today have to really go in deep because information security has become very critical for any enterprise who is actually taking the journey of it, and who’s not taking the journey of digitization.

Advertisment

To be very frank you will see large amount of point products bought from different vendors. The other interesting thing about the security vertical is that I would have not seen this kind of exchange of hands happening with product lines. In the last two weeks, we read about HP giving TippingPoint away to Trend Micro and McAfee just got out of their firewall and giving it to Raytheon.

So when you look at it, how do you do it?  You end up buying a solution for everything. That’s like throwing technology. We have seen average enterprises having at least 70 different technology vendors of security that they have bought. That’s big.

In this case, who is primarily responsible for enterprise security?

When it comes to security, the responsibility is the most fractured decision that happens in any of the enterprises.

Advertisment

You have people who manage network, but you still have people who manage endpoints and data. What about an organization when you’ve deployed DLP? It is a given that very sensitive information is moving, but nobody seems to have a clue as to who tagged it being sensitive.

If you look at it, there is no one from information technology group who gets it.  I am still okay at the network layer discussions, but believe me that question you should think and look at it from more detailed perspective that enterprises actually forget—ATP, you know when they look at any incident, the responsibility is so much, you know, finger pointing rather than owning it up to solve it, and it’s because they see information in a very fragmented manner.

So it’s very critical to look at email and network because that’s the transient zone, that’s where the things come in from or go out from.  So, I would say that every enterprise typically has a security analyst and if he is able to narrow down, I think whether its network or endpoint, I think he is the main person who owns up.

Advertisment

But today what happens to him is he is getting such a lot of information, he is overwhelmed with what he is getting. Maybe he misses an incident because there are so many red lights and amber lights blinking in front of him. But if he is able to narrow down on an incident and remediate it faster, I think that’s where the power of being an analyst and protecting your enterprise will come in.

These developments cause a great deal of apprehensions among customer environments...

Yes, these are the things that a customer who has invested in a lot of technology is worrying about because he has so many product lines and doesn’t know that he is just fixing up the entire castle from not being attacked, but does not realize that what he has fixed has got a hole in itself. That’s more on the technology investment.

Which brings me to the point, whether enterprises should invest in a SoC

Outsourced SOC gives a very easy path for a customer to give lot of things to experts like us, essentially because we see the global data and a big data platform. In India, we have a SOC at Chennai where we have the entire cyber security services framework, and it definitely brings your cost down because it’s about the cost of an incident rather than cost of spending on cyber-security.

So, I would say that when you compare NOC-SOC cost, I would have them look from the cost of an incident that will happen.  How much will you pay for your reputation going off? It’s a very open-ended question, and it’s an open-ended answer but if you look from a pure technology investment, still we believe that outsourcing your security operation services to experts like us who have been skilling people to protect and 24/7 monitoring because incident is not going to happen when you are not going to look at it, it can happen any time.  I think that customers have to realize that it’s, it’s tough for them not to set up all this and protect themselves because it’s getting darker and everything cannot be fixed by throwing just a technology in and not skilling your people.

cloud tech-news symantec cio-insights must-read