InformationWeek – Archive > “We not only detect and rectify threats but also ensure that it doesn’t hinder user’s performance”

Welcome Guest | |

Home
Global CIO 2010
Case Studies
Special Features
Interviews
Top News
Section
Vertical
- BFSI
- IT/ITES
- Government
- FMCG
- Telecom
- Manufacturing
- Pharma
- Services
Special Property
Editor Zone
Analytics & Reports
International News

| | | | | | | | | | |

Archive

“We not only detect and rectify threats but also ensure that it doesn’t hinder user’s performance”
A fair share of Symantec’s R&D is done in the country. With over 80% of email being spam, Shantanu Ghosh, Vice President, India Product Operations, Symantec talks on Data Leakage Prevention, their R&D efforts and the SMB focus, with Megha Banduni Rai, Sr. Correspondent, Network Computing. By Shantanu Ghosh, NWC, September 01, 2008

The latest trend shows that email security has become the key concern area amongst all companies. Why is email becoming favorite target for attackers?
Email is the killer application in today’s world. It is the most powerful business application. Hence securing email has become very important. According to IDC, over 6.62 trillion business emails will be exchanged in 2008.
The ease and power of email and instant messages have caused a number of risks and challenges to arise. IM is increasingly the target for attackers to propagate IM-borne viruses, worms, spim (spam over IM), malware, and phishing attacks.
According to July 2008 Symantec State of Spam Report, 80% of all email was spam.
Every year millions of users are going online. There is a wide spread access to Internet. Even people from one generation early who never used Internet are now using it to keep in touch with their children staying abroad. Attackers have identified this as a big area and now they want to maximize their criminal motive.

What are the various types of risks associated with email or web?
There are two types of mail security risk. One is mail coming into your inbox and other is outbound emails. The first one brings in the risk of spam. At a higher level it is threat to your computer and server. Most recently, we have seen infected emails infecting the whole system and stealing critical information.
Risk through outbound email is increasing day by day. Employees within the company are emailing critical and confidential information outside through his personal email account. This is where the concept of Data Leakage Prevention (DLP) has emerged. And is becoming buzz word in today’s world.

Data leakage prevention is a top priority for CIOs today? What solution does Symantec offer to ensure DLP?
Protection against leakage and loss of data is critical. As it involves the organization’s critical information assets, data loss is not just an IT problem but a business issue and a top priority for corporate executives and boards. Data Loss Prevention (DLP) is the combination of people, processes and technology focused on preventing confidential information or other sensitive data from leaving an organization. DLP products and technology were first deployed on the network, enabling organizations to establish data security policies, monitor email traffic and accurately detect policy violations.
Today, DLP capabilities extend to the endpoint to prevent confidential data from being copied to removable devices or downloaded from servers in violation of policy. Symantec offers an integrated suite to prevent the loss of confidential data wherever it is stored or used - across endpoint, network, and storage systems.
The solution reduce risk of inadvertent and malicious data loss incidents, demonstrates compliance with internal and government regulations, protect brand and reputation to maintain competitive advantage and automate policy enforcement including remediation, notification, and prevention.

What role does Symantec’s R&D segment plays in detecting and preventing security threats? How does your R&D team function?
Symantec invests 15% of its global revenue in R&D each year. We have R&D team in Chennai and Pune and also have research labs where our team looks at various security trends in future and bring out solutions to fight any new threat.
Our Pune Centre of Innovation houses a Security Response Lab that provides comprehensive, global, 24x7 multi-lingual security threat expertise to protect customers worldwide against a wide variety of security threats.
We also have a Global Intelligence Network that captures data on malicious behavior such as spyware and adware, transmitting it back to Symantec Security Response centers for analysis. Data is gathered from more than 2 million decoy email addresses, 150 million desktop antivirus sensors and 45,000 intrusion-detection and firewall sensors worldwide. Other threat vectors are social networking portals and instant messaging platforms.

What are the key technologies explored by Symantec’s R&D centre?
We have developed few techniques. One such is Anamoly detection technique, where we have software that looks at email content and quickly detect it if infected or not. Another such technique is Reputation based technique, where the software identifies the user as good or bad depending on his history of sending mails. For example, if a user has sent some spams or junks in the past, we can identify him as bad or unsafe and avoid his mails or block them. Similarly, user who has been sending always safe mails will be identified him as safe user.
At the same time we ensure that we should not have false positives for any user, which means to ensure that we don’t identify safe user or mail as unsafe and vice versa. Hence, our anti spam product ensures 99.999% accuracy to avoid false positives.

Which areas pose the most challenges in terms of further research?
At Symantec’s R&D center in Pune, we continuously challenge ourselves to come up with innovative solutions that enable customers to have confidence in their connected experiences. However, innovation is an ongoing and collaborative process and has its own challenges.
We work on several projects for mail and messaging security; which look at patterns to find anomalies, thereby stemming the flow and also notifying management. We have technology that works with both email and webmail for content analysis. There are scores of email providers and the popular ones keep changing features and delivery formats.

Should SMBs look at security solutions in a different way from large enterprises? How does Symantec's solutions help SMBs get better return on their security investments?
SMBs have relatively lower spending power and lesser capacity to maintain their IT infrastructure, in comparison to larger enterprises with more resources. SMBs face two major obstacles in the way of storage and security. One is that they do not have the budgets to maintain large servers for the volume of data they have and secondly, they do not have the bandwidth to own and maintain data centers/large servers. Given this, a small business might focus on blocking viruses and setting basic disaster recovery plans, while a growing company may soon find other challenges that prevent email from running at peak performance.

What security threats you foresee emerging in near future?
One more application commonly used today is social networking sites like facebook. Threats are emerging here too. Second trend that we foresee is consumerisation of IT. People working in a company are employees but at same time consumers also using PDA, blackberry, ipod laptops. Though these gadgets might have been given to you by company for official purpose, but we end up using them for personal use as well. Hence the security threat also comes in. Symantec is working on a technology, where the software can automatically identify what is personal and what is official. This will help organizations protected from security threats.

blog comments powered by Disqus