Data Defenders Should Share Resources, Says Symantec Expert
Companies concerned about data security
must cease operating as "islands" and share resources to ward off the rising threat
criminals. That's the message that Stephen Trilling, senior vice president of Security Intelligence and Technology at Symantec Corp., had for attendees at last week's RSA Conference.
Addressing some of the 25,000 people at the Moscone Center in San Francisco -- record attendance for the annual security event -- Trilling said the future of data security will see every failed log-in, malware download and infiltration shared in a database to help companies and their experts identify common threats.
"What we need is a system with a worldview," he said.
In the address, The Future of Security, which was recorded last Wednesday and posted on the RSA Web site, Trilling noted that the fight against hackers is an "asymmetric" battle because the bad guys are able to methodically purchase the same security products used by their intended victims and search for weaknesses.
"Today's targeted attackers have the persistence and patience to execute plans over months and years and they are capable of changing their campaigns as needed to meet their targets," Trilling said. "What about defenders?"
The problem for companies, which often deal with threats inside their systems rather than keeping them out in the first place, is that they mostly do not interact with each other, and often their own system administrators do not have time to keep up with the latest information about threats.
A security product may detect a failed login, but will have no idea that the same computer just connected to a suspicious Web site 10 minutes earlier. While companies may want to help each other, there is currently "no easy way to leverage that."
"Managing security and keeping up with the latest changes in the threat landscape is expensive," Trilling said, and integrating security protocols is a complex effort. Meanwhile, targeted attacks may go undetected for months or longer.
In the security landscape of the future, Trilling said, security will be managed by providers who will "leverage great economies of scale," providing services that are not only less expensive but can also raise the protection capability, because they can tap into a vast database of information from a large customer base.
How Do We Get There?
A unified threat identification system will make enterprises' defenses stronger than the sum of their parts, Trilling said, by keeping a history of every connection and every executable file made from a particular machine, while collecting data not only from on-premise systems but from cloud, remote and mobile systems in a secure, multi-tenant database. (continued...)