Symantec CEO preaches new security model |
 |
By Marcia Savage, Features Editor, Information Security magazine
21 Apr 2009 | SearchSecurity.com |
|
|
SAN FRANCISCO -- With the job of protecting enterprise information becoming harder every day, Symantec Corp. President and CEO Enrique Salem said organizations must shift from a fragmented approach to security to a model that automates many tasks and improves security responsiveness.
"The current security model isn't working. It's time for us to change the way we approach security," Salem said in a keynote Tuesday at the 2009 RSA Conference. The answer, he said, is to "operationalize security."
Salem took over as the Cupertino, Calif.-based security giant's top executive following the April 4 retirement of long-time CEO John Thompson.
Attackers, Salem said, are shifting from mass distribution to micro distribution of targeted attacks designed to steal confidential information. Combined with the onslaught of malware, organizations are at risk of employees misusing or abusing sensitive data, and workers are increasing that risk by bringing their own computer devices into the office.
Salem said organizations often take a piece-meal approach to security: point products, fragmented email, backup and server security policies, and siloed desktop, security and storage operations. The result, he said, is that companies end up with a lot of manual processes and a poor view of their security postures.
"If we're going to improve security, we need to make a bridge between security, storage and systems management," Salem said. That way, repetitive tasks can be automated and an organization can have a better view of its security across its entire environment, he added. He described the model as "risk-based, information-centric, responsive and workflow-driven."
For example, he said if an organization has a policy that customer credit card information can't be stored on a USB device and uses a data loss protection (DLP) tool that is content aware, the tool could trigger an alert of a policy violation, which would set a workflow process into motion and subsequently notify the appropriate personnel.
|
| SearchSecurity.com: |
| To get security news and tips delivered to your inbox, click here to sign up for our free newsletter. |
|
|
|
|
In the future, Salem said blacklisting and whitelisting of programs will still play a role in security, but won't be sufficient. Symantec has been working for three years on new technology that automatically determines the reputation of software based on a variety of factors, including its origin, prevalence and age. He said this type of reputation-based security allows an administrator to configure protection based on an organization's own risk tolerance.
"You're in control," he told the audience. "You decide what risks you're willing to take."
In a Q&A with reporters after his keynote, Salem said Symantec integrated the reputation-based security technology into its consumer products and will also integrate it into its enterprise endpoint protection product portfolio.
Portions of Salem's keynote hit home with RSA Conference attendee Tom McGinley, technical security manager at a healthcare organization.
"He had some interesting points about silos of security," McGinley said. "Part of what I have to do is bring silos together. I'm always looking for something to help me with that."
Too many point products -- antivirus, antispyware, antispam -- make managing security difficult, McGinley said, but some vendors are coming out with technologies that help.
|
|
|
|
