"India lacks even the most routine security tools"
Dec 07, 2007 1613 hrs IST

Vishal Dhupar, managing director of Symantec India, leads the marketing operations for Symantec in India and the SAARC regions. In a brief interview with Jatinder Singh, he discusses the changing landscape of security threats in India and Symantec's strategy to outclass them

How do you rate the security scenario in India? What are the significant issues concerning enterprise security in India? In India, there's an absence of even the most routine security tools (patch management, content filters, and access control software) and policies (secure disposal of hardware, business continuity plans, and setting security baselines for outside business partners). In 2006, extortion, fraud, and intellectual property theft occurred at one in every 5-6 Indian companies. This is four times more than the rest of the world. In the current scenario, usually IT department at a typical enterprise finds itself fighting some pretty fierce fires like: * Endpoint management costs are increasing. * Complexity is increasing as well. * Growing number of new known and unknown threats. A critical and challenging component in enterprise security is the management of the dynamics of the endpoint infrastructure. Endpoint systems have always been the weakest link in the chain. Organizations now face a threat landscape that involves stealthy, targeted, and financially motivated attacks. These attacks exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation. What kinds of security threats pose challenges in Indian organizations? The current Internet threat environment is characterized by an increase in data theft, data leakage, etc. Malicious codes are created to steal confidential information for financial benefits. Cyber criminals continue to refine their attack methods, in an attempt to remain undetected and to create global, cooperative networks to support the ongoing growth of criminal activity. Organizations now face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation. How can one mitigate these challenges? Enterprises require a solution that provides multi-layered, end-to-end security. It should be capable of assessing threats, monitoring controls, "shielding" individual applications, and protecting desktops. In short, enterprises require protection at all layers of the organization -- from gateway to client to internal network. Also, traditionally, administrators have made sure that each endpoint has antivirus, antispyware, desktop firewall, intrusion prevention, and device control technologies installed on it. But deploying these security products individually on each endpoint not only consumes time, but also increases IT complexity and costs. Organizations now need to provide management, training, and support for a variety of different endpoint security solutions. How has the IT threat landscape changed over the last 2 years? How will it continue to change in the next few years? We have observed a fundamental change in the threat landscape. Attackers have moved from nuisance and destructive attacks to activity that's motivated by financial gain. Today's attackers adopt methods that are similar to traditional software development and business practices. As security measures are developed and implemented to protect the computers of end users and organizations, attackers are rapidly adapting new techniques and strategies to circumvent them. Some of the current and future trends include: * Increased professionalization and commercialization of malicious activities: To meet the needs of what has become a multi-billion dollar criminal industry, malicious activities are much professionalized and commercialized now. * Threats are increasingly targeted at specific regions: While there have always been attacks that are regional in nature, recent analysis indicates that attackers are currently focusing more on targets that share a common language, infrastructure, or online activity. Where earlier threat activity was predominantly global in nature, the expansion of broadband Internet into areas -- that have traditionally not been served by high-speed connectivity -- has given attackers new targets. * Increasing numbers of multi-staged attacks: Recently, Symantec has seen considerable attack activity that incorporates multi-staged attacks. These are attacks in which an initial, low-profile compromise is used to establish a beachhead. And from there subsequent attacks are launched. * Attackers target victims by first exploiting trusted entities: Over the last few years, we have observed that attackers instead of trying to break into the computers of targeted users are now compromising trusted sites and/or applications. When an end user visits that site or uses that application, the attacker is able to compromise the user's computer -- often by directing the user to a malicious Web site or by downloading a Trojan onto the user's computer. This trend has been made possible by the increased deployment of Web applications and Web 2.0 technologies. How does Symantec plan to increase its security portfolio? In response to this new security environment, Symantec has developed solutions that provide organizations with the ability to proactively block known, unknown, internal, and external threats at all layers of the IT environment -- while still providing employees necessary access to their data. We have already announced the launch of the product Symantec Endpoint Protection 11.0 and Symantec Network Access Control 11.0. Symantec Endpoint Protection combines Symantec AntiVirus with advance threat prevention in a single agent delivering unmatched defense against malware for laptops, desktops, and servers. Network Access Control 11.0, an optional module tightly integrated with Symantec Endpoint Protection, help users discover and evaluate the status of endpoints, provision the appropriate network access, and provide remedial capabilities to ensure security policies and standards are met. By integrating Network Access Control and security into a single endpoint agent, Symantec enables users to quickly and easily deploy Symantec Network Access Control, and provides significant operational efficiencies -- such as single software and policy updates, unified reporting, and unified licensing and maintenance. In response to this new security environment, we have developed Comprehensive Threat Management solution that's proactive and capable of providing multi-tiered coverage of the computing environment, as opposed to just focusing on the Internet boundary.