The threat landscape has changed considerably. In the connected era, everything can get hacked – from a PC to a car to a power utility. To understand more about the changing threat landscape, Dataquest caught up with Amit Jasuja, Senior Vice President, Enterprise Security Products at Symantec
Some edited excerpts:
What is your view on the threat landscape today, and how is Symantec preparing itself?
If you go by just sheer size, Symantec operates as the number one civilian Global Threat Intelligence network (GIN). We have 175 million endpoints that are using Symantec technology, with 57 million sensors in 157 countries. 30% of the world’s email, is actually going through our email security cloud. We are filtering it for spam, we are filtering it for malware, phishing attacks. We do billions of authentications in a week.
There are only five governments that have more threat intelligence than us. 3.7 trillion rows of telemetry, with 100 billion added each month — those are the kind of numbers we are talking about. With 57.6 million attack sensors, we record thousands of events per second. That is kind of a scale that we are doing and evaluating and giving our customers the better security. An average company now is subscribing to at least 1, in some cases, it may be at least in 3 to 4 threat intelligence fields.
If an enterprise has Symantec endpoint technology, our network security technology, our email technology, we will be able to see threats across all our environments, we will be able to give you in a single pane of glass all of the things that are happening, prioritized. This is more important because this can impact multiple components of your system. We are using tons of analytics behind the scenes to recognize indicators of compromise, and prioritize the threats accordingly. We are using cloud for detecting zero day threats.
Many CEOs today are losing their jobs because of security breaches. Has security now become a boardroom agenda?
Enterprise security has become a boardroom agenda. A C-level person in the board has now become a security expert. Do you know how many security companies are getting funded per month globally. It is close to more than 20 companies per month. When I talk to a CXO, he or she says that I am getting 10 emails from security companies that want to sell me the next coolest thing on how they want to help me; how they want to save my job and my company. So what they are looking at and what they are saying is that they have so much noise regarding the solutions. But it’s just noise; they don’t know how to distinguish between a real incident and a false positive. So what are the things that we are doing, is we are investing in not just the product side, but also the services side.
So for us, we actually have a large Security Operations Center (SOC). One of them is in Chennai, and we use that to monitor and actually help from an instant response stand point to hundreds and hundreds of customers in the region. They kind of bounce between our Washington DC and India’s SOC by 24/7 coverage. The big reason for this is because in the end what people want is the outcome. The outcome is – Are you monitoring my environment for threats as opposed to I have got a firewall and a web application and a VPN. This does not help. So what we are doing is taking more of an outcome based approach, which is just not the technology but we take the technology and help you the risk based architecture for your applications, for your users, for your partners, for your customers. For example, in many of the breached companies, if it was not their employees, it was their partner who came to do their maintenance work and left vulnerabilities.
How do you think the combination of Big Data and cloud can change enterprise security?
Today, telecom companies are using our APIs to access our data. By analyzing this data, we are quickly and efficiently able to decide and blacklist websites if they have traces of malware. Greyware, Malware, bad PDFs, Executable files, emails, spams — all of that that is part of what we provide and then that’s just on what is already known as malware. We also have a similar kind of API access where you can look at Zero Day vulnerabilities. Those that has not been seen by anybody. How do you quickly determine if this is bad or good? We provide API access to that also, as it is a cloud environment.
How do you make IoT devices secure?
We have taken our normal endpoint technology and tried to make it lighter in weight because these devices are running with something like 64kb of memory. It’s not like your 8 GB laptop. You have got to bring this thing down and it’s not necessarily Windows or MAC. We also have to tie it to the right drivers and give you the white listing, application control or sandboxing.