"If you go back in time five years and you look at what was terrifying people in security, it was that data had a transfer price," says Brian Dye, senior vice president of Symantec Information Security. "Organized crime had a reason to go after that data."
And it did, in a big way, building out a whole black hat ecosystem dedicated to extracting data and getting it into the hands of buyers, with specialized skill sets and a training path for gifted individuals.
"If you understand what the bad guys are going after, you can do things totally differently." — Brian Dye, Symantec Information Security
"What scares me now is that five years later, those organizations are going concerns," Dye says. "An attacking organization today can have as many as 100 to 150 people. They have a career advancement path. How many legitimate businesses in the world have more than 100 people in security? I would say less than 100."
Defending your data against determined attackers with such resources at their disposal requires a whole new approach to security, Dye says. He points to one organization, a typical one, he says, that experienced 256 billion events last year, resulting in 215,000 incidents and 3,000 security incidents.
The Focus Must Be Detection and Response, Not Prevention
"To successfully defend against the types of targeted attacks we're seeing today, you need to expand the focus from prevention to detection and response," Dye says.
"Network security alone isn't going to solve the problem. Adversaries are targeting all control points from the gateway to email to the endpoint," Dye says. "Organizations need security across these control points working together, with incident response capabilities and global information intelligence to beat the bad guys."
Symantec is approaching this problem in a multifaceted way with a range of services and solutions.
Next month, Symantec will make available its new Symantec Managed Security Service — Advanced Threat Protection (MSS-ATP), a managed service that Dye says significantly reduces the time it takes to detect, prioritize and respond to security incidents. It's based on deep integration between Symantec's endpoint security offering and third-party network security products from partners including Check Point, Cisco Sourcefire and Palo Alto Networks.
Symantec calls this ecosystem of network security partners the Advanced Threat Protection Alliance, and Dye says it enables the detection and correlation of malicious network and endpoint activity to substantially reduce false alerts by pinpointing the important incidents.
"What does detection mean?" Dye asks. "Detection means you get a bunch of 'maybes.' That's good because you've detected an event, but it's bad because chasing down a maybe represents a bunch of OpEx."
MSS-ATP seeks to cut down the effort required to chase down those 'maybes' by correlating events and only surfacing those events that aren't blocked at the endpoint, email or gateway.
Sign up for CIO Asia eNewsletters.