Joining the Dots to Solve the Security Puzzle

Symantec recently teamed up with CyberSecurity Malaysia to commission a survey with Malaysian IT professionals. Our aim was to get targeted insights into how well Malaysian IT professionals understand the cyber security threats in Malaysia. Two of the major findings that this survey uncovered were that IT professionals in Malaysia may be slightly overconfident about how prepared they are to handle advanced threats, and that security solutions are still implemented in silos. You can view the detailed survey results here.

Dato’ Dr. Haji Amirudin Bin Abdul Wahab - CEO of CyberSecurity Malaysia Article Co-Author	David Rajoo - Director, Systems Engineering, Symantec Article Co-Author

These two findings go hand in hand. In the recent past, combining point solutions was more than adequate to cover different types of security threats. It was possible to build a robust security environment by piecing together discrete point solutions, possibly even from different vendors for aspects such as end point, network, applications and web access.

Unfortunately, this is no longer the case. The problem we face is that the threats now move much faster than ever before. Modern day threats are developed to avoid detection, leverage our connectivity to spread quickly and look for vulnerabilities at multiple levels of our IT stack.

Our own systems are “joined up” and cyber criminals tend to take advantage of this. Our security defenses also need to join up if they are to remain truly effective against the evolving threat.

It is important to consider the ways in which the threat is evolving, such as:

• The perimeter is no longer fixed. As the use of SaaS applications and public clouds continue to gain traction, it is no longer possible to know where the perimeter is.

• The number and variety of devices we use is increasing exponentially. We have far less control of which devices are used to access corporate assets with personal devices and home computers accessing business systems.

• Data is constantly in transit between company locations, across geographical borders, transported via email or web and through multiple clouds.

• Single applications often run on premise and in cloud, making it difficult to deliver consistent protection for applications across every platform.

The task is complex and security solutions that don’t “talk” to each other are getting increasingly stretched. When we stretch things too far, gaps begin to appear. New security threats have intelligence built in, they move between our systems gathering intelligence as they do so. The irony of siloed security solutions is that they do not share intelligence. Information about a threat that’s discovered on premise is not rolled out to the isolated protection on your cloud. This means one threat in your organisation may hit you via multiple vulnerabilities.

Symantec have been working hard to “join the dots”, by which we refer to Symantec’s integrated cyber defense platform. Symantec’s solutions work together across platforms. As an example, we integrated our leading Data Loss Prevention (DLP) with our Web Security Service (WSS) technology to ensure corporate data receives consistent levels of protection as it moves from corporate network across public clouds.

CSM is supportive of evangelising this collaborative and integrated approach to security. At the same time, in order to build an integrated security system, it’s very important that our IT professionals have a solid foundational understanding of the core concepts that need to be integrated. We offer a range of educational programs that can help build this base knowledge through our CyberGuru training courses which have been designed to bolster people’s knowledge in critical areas.

Our survey revealed a certain amount of overconfidence amongst Malaysian IT professionals regarding their level of cyber security defense. This is not surprising. It’s a very tough job and reasonable for them to assume the money they’ve spent in the recent past on point solutions should continue to serve them well today. Unfortunately, the challenges are continuing to evolve, and it’s important that every IT department starts to join the dots of their own security defense and build their own integrated cyber security platform.

You can view the survey referenced above in full by clicking here 
 
Article co-authored by
Dato’ Dr. Haji Amirudin Bin Abdul Wahab - CEO of CyberSecurity Malaysia
&
David Rajoo - Director, Systems Engineering, Symantec