Nick Savvides, Security Evangelist, Symantec
DataStorage&Asean: Has the rise in cloud adoption affect the way people (vendors and users) approach security?
Nick: Yes, cloud adoption has caused a shift in the way security is approached. The traditional controls don’t translate well into cloud services and new offerings that are cloud native have been developed by vendors like Symantec.
For example in the popular file-sync-and-share category of cloud services, one of the main issues that we continue to see is oversharing of files. Here users unknowingly configure access permissions incorrectly that instead of sharing documents with their colleagues they shared to the Internet, allowing anyone to access the sensitive information stored.
Other common issues faced are things like poor authentication control. Cloud services by their nature are accessible everywhere, and if the users are required to have yet another login account into the services, they are likely to reuse passwords. This means that passwords leaked or phished from other services can be used in attacks against the users cloud service account. Furthermore, many organisations are failing to implement multifactor authentication in their cloud services, not because they don’t want to but because they service either don’t offer them, or they have incompatible systems. This further amplifies the problem.
We don’t believe that the cloud in its current form is inherently less safe than any enterprise data centre environment, but its complexity may lead to an increased risk to data if it is not well managed. Symantec is making cloud adoption easier for customers with a range of existing cloud-aware and cloud-based security solutions. From protecting cloud service users with strong multifactor authentication like Symantec VIP to extending traditional data protections like Symantec DLP into cloud applications, Symantec is working help customers ensure that only the right users, are using the right service, in the right way, without leaking or losing information. In addition, access management, behaviour analytics, cloud proxies and cloud platform hardening have all been areas that Symantec invested in to deliver true security from the cloud, for the cloud.
Data&StorageAsean: Do XaaS providers do a good job of securing your data?
Nick: This is a fairly broad question and needs to broken into two parts. Firstly, Infrastructure-As-A-Service (IaaS) provider has matured and consolidated and it generally does a reasonable job of securing their platforms but that’s where it stops. Most if not all, IaaS providers explicitly say that data and application security is the responsibility of the user, this has caused a range of new cloud native security offerings, such as Symantec Data Centre Security (DCS) cloud technology, to be developed to help bridge the security gap.
In terms of Software-As-A-Service (SaaS), it is much more fragmented. Many SaaS offerings lack security controls, or even the Application Programming Interface (API) to allow third party security controls to be integrated. Some don’t implement encryption at rest. Others though are far more mature offering, APIs for third party security tools, such as Symantec’s Elastica User Behaviour Analytics (UBA), or even content inspection APIs that allow tools like Symantec’s Data Loss Prevention to inspect and classify content. Users of SaaS services not only need to understand comprehensively the security controls used by their SaaS vendors, but also their management controls and the ability to integrate third party security controls like, DLP, encryption, UBA and event monitoring.
Data&StorageAsean: Security used to be about virus protection and access control how has that changed?
Nick: If there is one thing that can be said about the threat landscape, and Internet security as a whole, it is that the only constant is change. This can clearly be seen in 2015: a new zero-day vulnerability was discovered an average each week, half a billion personal records were stolen or lost, spear phishing and ransomware continue to rise.
Targeted attacks steal invaluable intellectual property from businesses, and a data breach can shred an organization’s reputation―even threatening its survival. Cyber insurance claims are growing in number and cost, pushing premiums even higher. In the broadest sense, cybersecurity problems threaten national security and economic growth, which ultimately affects us all. For consumers, email remains a significant attack vector for cybercriminals, but there is a clear movement toward social media platforms. Malaysia ranks 6th in Asia Pacific and Japan in terms of social media scams, with 26,783 of social media scams in 2015.
Security is no longer just about virus protection or access control. For businesses, approaching the security fight with the same tools isn’t a sustainable model. Threats will continue to go deeper into industries and use more sophisticated methods. The leading factors distinguishing the security companies that will defend tomorrow’s threats are two-fold: people and data. Symantec is moving beyond traditional software to help customers protect against a wider range of threats. We’re moving from being an arms dealer to being an actual army. Instead of just providing products to customers to fight adversaries, we are joining our customers in battle to resolve their biggest security challenges with a combination of preparation, detection and response services.
Data&StorageAsean: Can a company protect themselves 100% from Data Security Threats?
Nick: The threat landscape is continually evolving, and with the emergence of cheaper and readily available technologies and communication channels, it naturally attracts malicious activity of all sorts. The shift from desktop PCs to mobile devices as primary computing devices is a perfect example of this. As more users rely on their mobile devices, more spam, scams, and threats are tailored to these devices.
For enterprises, almost no company, whether large or small, is immune and it’s the same situation for individuals, especially for a connected nation like Malaysia. According to the latest Symantec Internet Security Threat Report (ISTR) Volume 21, the services industry faces the most spear-phishing/targeted attacks in Malaysia, making up 72.4% of attacks.
For individuals and companies, Internet security is going to be much more like ‘wellness’ and ‘hygiene’ than ‘medicine,’ and focused on the routine of prevention rather than looking for a panacea or cure. We all need to stay digitally healthy and digitally clean, and habits of security will need to be relearned, over and over again.
Similarly, IT departments need to be proactive in reducing the risk from persistent intrusions and malware, and identify breaches quickly. Unfortunately, discovering attacks quickly requires constant, active vigilance. Information security can’t wait for support tickets to open or for a favoured security tool to identify an issue conclusively. Security needs to start digging through the data proactively during non-breach response time.
As a starting point, Symantec recommends the following best practices for organisations:
o Don’t get caught flat-footed: Use advanced threat and adversary intelligence solutions to help you find indicators of compromise and respond faster to incidents.
o Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
o Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
o Provide ongoing education and training: Establish simulation-based training for all employees as well guidelines and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investigation teams—and run practice drills—to ensure you have the skills necessary to effectively combat cyber threats.
Data&StorageAsean: Are you seeing big data or machine learning being used in data security - on either side of the fence (hackers and/or vendors)?
Nick: At Symantec, we see over 10 trillion security events per year – more than one million pieces of malicious code per day – focused against consumers and the businesses and institutions that serve them. Since we don’t have one million cybersecurity experts to apply to that code, it has to be done by machines – machines that learn from experience.
As more businesses embrace digitization, the way we protect ourselves must also evolve and there is a critical need to stay “proactive” against threats, instead of reacting to them. With the convergence of machine learning and big data, we may just be able to stay one step ahead of cybercriminals. Security solutions imbued with machine learning can detect anomalies and outsmart intelligent threats, protecting us in instances where we are more susceptible.
Machine learning has made good strides in recent years, with organizations seeking ways to incorporate them into their operational needs. By employing technology that has the capability to detect patterns and malicious threats in cyber security solutions, we can build intelligence security systems that can learn faster than threats can present themselves.
While the idea of machine intelligence is ancient, its real implementation is recent. As compute power has dramatically increased while shrinking in size, increased memory and the quantity of data available, AI and machine learning are growing exponentially. Every time we buy something online, make a deposit or take out money from an ATM, glance at an ad, or turn on the faucet, intelligent machines are protecting us. It may not be as great a story as machines ruling the world – but it helps us all sleep better.
Data&StorageAsean: What’s unique about your own offerings and product strategy?
Nick: Symantec is the only vendor that delivers a comprehensive portfolio of integrated products to deliver true security to the cloud generation. The strategy is not just about bringing existing technologies to the cloud, but creating new cloud native protections for the unique problems cloud present. Only Symantec with its depth of product maturity, and breadth of product reach can achieve this.
Symantec’s Advanced Threat Protection (ATP), the first solution that can remediate advanced threats across all control points, from a single console with just a click, all with no new endpoint agents to deploy. We combine local intelligence with everything Symantec sees from the largest global intelligence network, to uncover threats across the entire organisation.
Symantec’s Global Intelligence Network (GIN) is a massive archive of security data where we monitor, analyse and process more than 10 trillion security events per year worldwide. We collect big data that comes from various streams and finding the common threads that connect them that comprise an attack.
We’re now ready to introduce a new approach to security that leverages our scope and scale. Last December, Symantec unveiled its Security Operations Centre (SOC) in Singapore fuelling an increase of Symantec’s Cyber Security Service expertise in the Asia-Pacific region by more than 40 percent. Symantec’s SOC analyses 30 billion logs worldwide each day to provide enterprise-wide protection to help organizations strengthen their defences and respond to new threats as they emerge 24 hours a day, 7 days a week, 365 days a year. The new SOC will also enable businesses to shorten the time between detection and response, reduce operational costs and proactively counter emerging threats.