Last week we looked at the dangerous new threats to sensitive data that are evolving. This week we look at the strategy Symantec has built to help its customers fend off the new kinds of attacks that require many layers of detection and protection to prevent.
In last week's newsletter, I provided insight from the Symantec Global Internet Security Threat Report: Trends for 2009. . Through its extensive research, Symantec has observed that data security threats are becoming very targeted to specific companies, and even to specific people and information within those companies. Thieves want (and have the ability) to get at sensitive data that they can monetize quickly. Hackers are changing their techniques, using malware software that is as sophisticated as commercial software.
When I attended Symantec's annual user conference in April, I spoke with Francis deSouza, senior vice president of Symantec's Enterprise Security Group. He lamented, "When it comes to preventing cyberattacks and intellectual property theft, the game has completely changed." He says that companies have to get ahead of the threats by reducing their overall IT security risk, and "not just stopping the latest malware attack."
Data breach costs top $200 per customer record
It's hard to see the problems associated with compliance, information protection, systems management and the network infrastructure at the same time and at a relevant enough level to effectuate appropriate and timely remediation -- in other words, to prevent a breach. So, the challenge is how to increase visibility into all of the network and supporting activities, and at the same time reduce the time from breach detection to mitigation, with the emphasis being on risk management and mitigation.
Over the past few years, Symantec has realigned its security technologies to manage these four problem areas. Symantec has four suites of tools that, taken together, help assure organizations can rapidly respond to the threats they encounter today and into the future. With this integration of point solutions, Symantec now can cover the control spectrum of a data center by unifying policy management on the front end through to unifying event management and auditing on the back end. Here's a look at the newly integrated suites:
Control and Compliance Suite -- CCS was enhanced in many ways to better enable organizations to develop and enforce IT policies, and give IT managers and security experts greater insight into a company's IT and compliance risks at a lower cost. In this latest release, Symantec added a few new significant bells and whistles:
* CCS now integrates with Symantec's Data Loss Prevention (DLP) suite to provide a clear view into where information resides within a company's data stores and who is accessing this data, therein further clarifying the risk posture of sensitive data.
* Vulnerability Manager is a new component to CCS that checks for more than 54,000 known vulnerabilities across the network devices, operating system, database and Web layers of a network. This tool will provide organizations with additional visibility into vulnerabilities across their networks to proactively prevent threats to critical assets by identifying vulnerabilities in an organization's most sensitive servers and Web-based applications.
*CCS now collects data from third-party tools and applications such as logs and SIEM systems to provide a centralized pool of forensic support for individual controls. This helps to provide a more holistic and comprehensive picture of a organization's risk posture.
Symantec Protection Center and Symantec Protection Suites -- Symantec has taken its first step to unify the architecture for its point product offerings with its Symantec Protection Center. This tool is a common portal providing single sign-on to the Symantec point products that are proxied through it, and is the unifying foundation for the Symantec Protection Suites. The Symantec Protection Center also integrates all of Symantec's partner point security solutions, therein allowing organizations to manage not only their Symantec products, but also the rest of their security infrastructure. This integration provides visibility across point solution silos to assess what is happening within the overall infrastructure.
The Protection Suites are three new products which provide in-depth protection for the endpoint, gateway and server functions.
* Symantec Protection Suite Enterprise Edition for Endpoints is designed for the specific needs of desktop administrators, providing asset inventory management, endpoint security, data confidentiality, DLP, software patch management and incident response automation.
* Symantec Protection Suite Enterprise Edition for Gateway helps improve network operations and perimeter security by combining DLP, messaging security and defense against browser-based attacks.
* Symantec Protection Suite Enterprise Edition for Servers employs multiple protection technologies to secure a wide range of servers, including virtualized, Windows, Linux and Unix platforms.
Symantec DLP Suite has been updated to protect the use of sensitive information is social media, protect data in private clouds, and help organizations take ownership of unstructured data such as documents, spreadsheets and e-mail. For example, DLP now extends to Facebook, Twitter, YouTube, MySpace and Linked-In. The idea is prevent users from transmitting sensitive data via their postings. It's not a totally foolproof system as IT doesn't control all of the access points, and some conversations simply can't be monitored, but the product is among the first to consider how to prevent data loss through social media.
Altiris IT Management Suite, formerly known as Altiris Total Management Suite 6.5, integrates Altiris Client Management Suite, Altiris Server Management Suite, Altiris Asset Management Suite, Symantec ServiceDesk, Symantec Workflow and Wise Package Studio Suite into one service offering.
Part of a good security strategy is to do systems management well. The integration of the many Altiris and Symantec IT management solutions into one complete integrated solution enhances an IT organization's effectiveness through complete visibility into assets.
For years Symantec has been organically developing its own security tools as well as acquiring tools from the outside. Now it appears that the tools have been well integrated and well organized to help prevent the new kinds of threats that require many layers of detection and protection to prevent.