"Security has now become a business issue"
Feb 1, 2008

Shamshad Ahmed, regional director (India and SAARC) of Lumension Security in an e-mail interview with Aarti Shah shares his views on how enterprises can defend themselves against wide spread malware and spyware

What are Lumension Security's priorities in the Indian and global market?

The security landscape is exceptionally dynamic - globally, the types of threats have gone from viruses and worms to 'forprofit' cyber crimes targeting data and specific organizations. Security is no longer an IT concern but a business issue, forcing organizations and their IT departments to re-examine how they manage IT and ensure corporate governance.

The business landscape in India is also undergoing rapid changes and the security market is crowded with stand-alone point solutions. Lumension Security is shifting the paradigm from a reactive to a proactive approach by unifying best-of-breed, enterprise-class solutions that enforce and maintain security policies, reduce overall complexity and costs, and ultimately accelerate business results.

There are vendors and there are strategic partners. How successful has your company been in transitioning from being a vendor to a strategic partner of major corporations?

Earlier under the "PatchLink" banner, the company had only one flagship product (Patch Management), and had just been a vendor, however with a series of well thought acquisitions the company "Lumension" has emerged as a dominant player within the security arena. Lumension today has successfully transitioned from being a vendor and to a strategic partner to many corporations by providing unified protection and control.

Lumension Security provides Sanctuary Application Control solution against malware and spware. How is this solution useful?

The security landscape is shifting from large, widespread malware outbreaks to targeted, focused threats. Traditional solutions cannot possibly defend against these types of attacks as evidenced by the fact that of the 99% of enterprises that have antivirus solutions, 62% suffered an infection in 2005 (Yankee group security leaders and laggards survey 2005). Endpoints are the likeliest entry points for malware and the threat is proliferating, with more and more end users installing non-business related programmes and an increased number of threats. As a result 85% of corporate machines need to be re-built every year. This results in huge loss of resource and money.

Lumension's Sanctuary Application Control provides security against malware & spyware. It provides policy - based enforcement of application to use the secure end points from Malware, Spyware, zero day threats and unwanted or unlicensensed software by employing a white list approach. It enables only authorized application to execute on a network, server, terminal services server, thin clients, laptops or desktops, unauthorized applications are prohibited from executing.

Malware is virtually eliminated and control is given to administrators over unwanted and unauthorized applications including bandwidth stealing P2P Applications.

Space Applications Centre (SAC) enables administrators to rapidly identify applications and to assign permissions for applications to users, user groups or a particular computer.

Enterprises today are constantly challenged by data leakage caused by removable media and the resulting regulatory compliance issues which dominate enterprise IT's "Top ten concerns" list. According to a study, 75% of fortune 1000 companies feel victim to accidental and/or malicious data leakage (2006 CSI/FBI computer crime and security survey) with the average cost of recovering lost/stolen corporate data at US $5Million, a 30% increase since 2005 (ponemon Institute's 2006 cost of data breach study).

Unmanaged removable media can easily open the floodgates for data to escape into the wrong hands, whether intentionally or accidentally, furthermore regulations governing privacy and internal controls require the control of inbound and outbound data flow.

Sanctuary Device Control provides the necessary controls to manage the data flowing to and from the network endpoints and audits the use of devices to improve compliance with internal policies or government regulations.

What are challenges faced by the enterprise in the current threat landscape?

The threat landscape has been changing rapidly and is ever evolving, new ways of attacks have been witnessed, and threats exist internally more than externally in the network, hence organizations are constantly trying to secure their environment by deploying security solutions to protect themselves against these threats.

Looking at the current scenario, there are some things that an enterprise should keep in mind while deploying IT solutions.

They need not look at applications or IT solutions in isolation. It is important for them to consider how it would fit with the other stack of solution in their environment and need to ensure that it fits or integrates well with the other solution.

Quick, easy deployment and manageability should be emphasized. From a security perspective they should put more emphasis on having integrated solutions wherever possible to eliminate the risk of agent pollution. The goal should be to achieve the highest security posture for their network minimally by adopting a positive security model.

What are the trends as regards to the demand for security solutions in India?

Yes, the demand for these solutions is on the rise, global awareness and certain domestic incidents have caught the attention of enterprises, and they have already started creating/allocating budgets to deploy these software in their environment.

What according to you are the key strengths of your company?

I believe the key strength of Lumension Security stems from the ability to think and think ahead.

The people behind have been visionaries, starting their early concentration on Patch Management solution and believing that it is going to be an integral part required by any organization and through constant research and development they carved themselves an expert within that area.

To sum it simply Lumension Security's strength's are:

* Great Visionary
* High Quality Engineering and Research & development
* Excellent Customer Support and Services

What is Lumension Security currently offering to Indian IT sector?

Lumension Security has announced plans to launch an integrated security architecture that will empower enterprises to deploy and centrally manage its proactive, unified protection, and control suite of products.

The company will deliver an endpoint security platform with a single, policy-based web interface for unified administration, management and compliance reporting across Lumension Security's product portfolio(Patch & Vulnerability Management Solutions + End Point Security Solutions). This new security model represents the next generation in security - enabling customers to centrally control and administer security policies across their entire enterprise by coupling feature rich, best-of-breed technologies into a single binary.

Customers can cost effectively manage their entire security management lifecycle by using a single, web-based user interface for a unified view of their risk profile, as well as for unified administration, management and compliance reporting across their entire product portfolio.

Tell us a bit about the competition faced by the company.

There are a couple of players competing within the same space; providing stand alone solutions within each area however the strength of Lumension Security is that it offers a best-of-breed solution integrated well with each other over a single binary, hence apart from providing robust and granular feature its easy to manage the solution from a single management console, that being the reason we tend to stand edge over the competition, and have more corporates deploying Lumension solution.

Can you share with us the company's future plans?

Lumension Security will continue to develop solutions that ensure the corporate IT environments are more secure from external and internal threats, through integrated solutions that lower the total cost of ownership (TCO) for customers. Lumension solutions will continue to evolve through internal development as well as strategic acquisitions. Much development continues to go into advancement of "positive security models" by which corporations can focus on the "known good" rather than traditional, outdated, and ineffective "known bad" or "black list" approaches to security.