Photo - Avinash Lotke, Business Development Director - Threat Protection, APJ Symantec
Computerworld Malaysia recently asked Avinash Lotke, who is business development director for Symantec APJ's Threat Protection portfolio and Simon Piff, associate vice-president of enterprise infrastructure, IDC Asia Pacific, for their take on what Asia-based infosecurity solutions and strategies will be needed in 2016. Their comments have been presented in the Q&A format below.
A companion interview 2016 roundup article (in three parts) offers additional wide perspectives into business and IT expectations in Malaysia and Asia for the year ahead.
Another feature, 'ICT industry comments on Malaysia Budget 2016' led by national ICT agency Multimedia Development Corporation, MDeC, also includes forecasts for 2016 from many other industry leaders and commentators.
Photo - Simon Piff, Associate Vice-President of Enterprise Infrastructure , IDC Asia Pacific
Why are current solutions and approaches failing in today's threat environment?
IT professionals are facing growing pressures as cybercriminals become increasingly crafty. New attack vectors are emerging, budgets are tight, skills are at a premium, security policies are either incomplete or disregarded, and many security solutions are proving too complex to manage or too basic to be useful against a professional adversary.
Companies are managing up to 75 point products, resulting in too many alerts and false positives to deal with. With security pros facing a rapidly changing threat environment, it's hard to keep up and be constantly ahead.
In 2014, more than 317 million new pieces of malware created last year, and five out of six large companies were attacked.
Another trend observed this year was the increase in security threats in small and medium-sized organisations. About 60 percent of all targeted attacks struck small and medium sized organisations globally, since these organizations often have fewer resources to invest in security.
Many are still not adopting basic best practices like blocking executable files and screensaver email attachments.
In addition, with the rise on advanced threats, security professionals can no longer rely on using individual point products at each control point to stop them.
With no external input on what is happening across the threat landscape to lend perspective, as well as new devices (or endpoints) like non-approved smart devices in the company, it is also hard for these security pros to know what to focus on first.
Is the IT security skills gap comparatively bigger in Asia and what needs to be done to address this?
There are a number of variables that will impact the IT security skills gap, the most obvious one relating directly to the risk profile of the organisation concerned.
Industries such as financial services, ecommerce and communications have had extensive online exposure to IT security challenges and tend to have a relatively more mature approach to IT security than other industries.
However recent attacks have exposed the challenges faced by many in industries such as healthcare, retail and manufacturing, which typically had been able to avoid targeted attacks. Industry is by no means the only factor; within industry the level of risk appetite, IT maturity and understanding of IT security varies hugely.
Perhaps a more impactful issue is that the IT security industry is beginning to see a change in the types of technology being used. No longer is endpoint security the main focus, but a shift to more monitoring and remediation is challenging the existing skillsets.
Someone honed in firewall and endpoint management is does not have the same skills as someone writing queries to a Hadoop cluster for Big Data analytics. This is the a very real concern for the AP markets where, even if such skills did exist, they would be applied to topline revenue generation activities long before they would be used for IT security.
As we look to the future, IT security skills will need to include the ability to identify and manage suitable service providers that can complement the existing and mission critical security skills inside the organisations. This is a very different role to what many existing security professionals have been trained for.
How does the new ATP approach fill many of the challenges faced by Malaysian and Asian organisations?
Organisation leaders today are now increasingly taking note of cybersecurity issues and are placing extra importance for to ensure their data is protected and secure.
According to IDC, 50 percent of Malaysian companies see building a secure ICT environment at the top of their ICT priorities.
More local companies are placing cybersecurity higher than improving or simplifying their ICT infrastructure, or in building better management tools.
However, execution still remains an issue because companies have yet to integrate all three control points: endpoint, network, email. And here is where Symantec's Advanced Threat Protection (ATP) comes into the picture.
ATP allows customers to uncover, prioritise and remediate advanced threats and zero day attacks fast, all with no new agents. We combine local intelligence with everything Symantec sees from the largest global intelligence network, to uncover threats across the entire organization.
Our technology correlates suspicious activity across all control points, and prioritises those events that pose the most risk to an organisation - all in a single console. Customers can click once, remediate everywhere, across all three control points.
Symantec has also built new technology from the ground up to power ATP. The new Synapse cross-control point correlation capability and our new Cynic cloud-based sandboxing service will help customers "zero in" on specific security events that pose the greatest risk. Symantec's ATP is able to point out the top three problems and then provide the right solutions and advice.
In this new era of protection, what factors still need to be addressed (of especial interest are areas that technology tools can help fill e.g. human error, people behaviour)?
Having the right people, process and technology are the keys to having a secure ICT environment. With the scarcity of manpower and the enormous amount of security alerts generated, it is almost impossible to physically track and take action on the critical threats affecting the organization. Having technology such as Symantec ATP will take out the tedious effort needed to uncover, prioritize in a single console and allows for remediation without leaving your seat. This allows the IT staff to be more productive and focus on the core business.
As well as remedial tactic, what proactive strategies can Symantec help security managers with?
Symantec recently unveiled its Security Operations Center (SOC) in Singapore fuelling an increase of Symantec's Cyber Security Service expertise in the Asia-Pacific region by more than 40 percent.
Organisations today require a deeper security understanding and strong proactive security measures to gain the upper hand on adversaries. Symantec's SOCs analyse 30 billion logs worldwide each day to provide enterprise-wide protection to help organizations strengthen their defences and respond to new threats as they emerge 24 hours a day, 7 days a week, 365 days a year.
With the launch of the SOC in Singapore, businesses will have access to a breadth of data, accurate threat detection and proactive notification of emerging threats to ensure their most sensitive data is protected. The new SOC will also enable businesses to shorten the time between detection and response, reduce operational costs and proactively counter emerging threats.
Additionally, Symantec's Global Intelligence Network (GIN) is a massive archive of security data where we monitor, analyse and process more than 10 trillion security events per year worldwide. We collect big data that comes from various streams and finding the common threads that connect them that comprise an attack.
The best way to protect your network from threats is to understand what and who is likely to attack you, and also to learn what newly identified vulnerabilities may be exploited to attack your network. Although effective, traditional security solutions can only identify threats as they hit the enterprise. Adding visibility into the global threat landscape can enable a more proactive security policy to be implemented.
DeepSight Intelligence is one of Symantec's many proactive strategies. It collects, analyses and delivers cyber threat information collected by the Symantec Global Intelligence Network (GIN), enabling proactive defensive and improved incident response. The Symantec GIN has global visibility into the threat landscape including big data from:
More than 41.5 million attack sensors in 157 countries
An extensive anti-fraud community of enterprises, security vendors and more than 50 million end users
More than 8 billion emails per month from 5 million decoy accounts with more than 13 billion web requests a day.
What are the key messages that Symantec wants Malaysian and Asian security professionals to take away - especially with coping in the coming year?
In a nutshell, cyber-attacks are becoming more stealthy and persistent. Bearing this in mind, focusing only on the preventive aspect of cybersecurity is not enough.
Prevention helps you protect against the known, but you need to have something that gives you the capability to detect and respond in a manner that allows you to prioritise and focus on the key things you want to protect.
Security systems should not only protect the perimeter and uncover attacks, it should also remedy the situation. Lastly, companies need to look at cybersecurity more than just investing in antiviruses on their office computers.
Sign up for CIO Asia eNewsletters.