Symantec and Sophos ANZ square off

John Donovan, Symantec managing director for the Pacific region, and Rob Forsyth, managing director at Sophos ANZ, check each other's defences.
Forsyth: What, if anything, really frustrates you about the computer security industry?
Donovan: Overall, working in the computer security industry is an enjoyable and often rewarding experience. What is most frustrating about the computer security industry is the alarming number of companies who are unaware of how to fully protect their systems with an integrated security approach.

While many companies are aware of the need for antivirus solutions, they remain vulnerable to hackers and other malicious activity because they are not aware of, or have not addressed other areas such as vulnerabilities in their operating system or their employees' usage of the Internet. Companies require blended defences, a combination of traditional antivirus, intrusion detection, firewall, and even vulnerability assessment products -- far more sophisticated tools than have been required in the past.

Donovan: Will your alliance with Microsoft extend further than the Microsoft virus alliance? Is Sophos aiming to position itself alongside Microsoft?

Forsyth: During the last 20 years, Sophos has provided value to our customers through product focus. One way in which this has occurred is through a cooperative approach with colleague organisations. However, this does not mean we aspire to enter their areas of expertise. We will continue to work with "fellow travelers" such as Microsoft, to provide security solutions for customers.

Forsyth: What major changes do you see in this industry in the next two to three years?

About Symantec Symantec specialises in content and network security software and appliance solutions to individuals, enterprises, and service providers. The company provides client, gateway, and server security solutions for virus protection, firewalls, virtual private networks, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies, and security services.

Donovan: From a security perspective, peer-to-peer networking, wireless applications, and a tiered approach to security are some of the changes we can expect in the next few years. Enterprise IT and security managers can expect to encounter more sophisticated Internet security threats such as "Warhol" attacks, which can spread around the world in 15 minutes.

Another new type of attack will be in the form of flash threats, which take hold within 30 seconds, much like a flash flood. Also, day-zero threats will exploit previously unknown and unprotected vulnerabilities on corporate networks.

The best way to protect a network from the myriad attacks is to address security at multiple levels in an organisation. Because about 70 percent of attacks happen inside the firewall, security managers need to proactively secure the application servers, databases, and host servers within an organisation.

Donovan: Some sceptics say unpatched versions of the Sophos software will prove a liability rather than offer any sort of protection. These sceptics say that virus writers will quickly latch onto the patch idea and say that the software itself can be used to bring down computers. Do you think this is the case?

Forsyth: With the growing complexity of security software, staying up to date is vital. Once set by the administrator, both Sophos Enterprise Manager and Sophos Remote Update, allow customers' computers throughout their network, to be automatically updated as often as required without further intervention.

This covers both product updates and protection against new viruses. Given the speed of infection with viruses now being delivered via spam, rapid and automatic deployment is required. The connection to the Sophos dedicated Web site is highly secure and encrypted, making it inaccessible to virus writers.

About Sophos Founded in 1985, Sophos is a privately owned company based in Abingdon, close to Oxford, in the UK. It has subsidiaries and branch offices in the US, Australia, Canada, France, Germany, Italy, Japan, and Singapore. Sophos protects businesses against viruses and spam, with over 25 million users from organisations of all sizes currently using Sophos software and 24x7 support.

Forsyth: What are your views on new and emerging anti-spam legislation, here and overseas?

Donovan: Legislation that is well intended and ensures users are more confident and comfortable with the way in which they deal with spam, is reasonable. While Australia has taken a step in the right direction, not all countries have enforced anti-spam legislation and, as such, organisations and computer users cannot solely rely on government legislation to ensure they do not receive unsolicited e-mails. There is still a large onus for organisations and users to avoid spam by using various software technologies such as deploying spam filters.

Donovan: How important is the Australian division of Sophos in relation to the APAC region? Is the Australian market a major focus for Sophos at this stage?

Forsyth: As in the some 150 countries where Sophos is now sold, very important. During the last three years, we have grown market share in Australia at greater than three times the industry rate -- and are closing on second spot. Rapid growth is also occurring overseas, however Australia continues to be a very important market.

Sophos has made a significant investment in its Australian operation, locating one of its four global research and development labs in Sydney to provide customer support, virus analysis, and product development.

Asian growth has been achieved through our offices in South Asia and Japan.

Forsyth: What do you think of Bill Gates' claim that he can eradicate spam altogether, and why?

Donovan: In the past, several companies have attempted to eradicate technological challenges but to date no company has succeeded. To eliminate spam and malicious code, dedicated teams are required to deliver best-of-breed technologies and they need the support and cooperation of governments and organisations worldwide.

Symantec is the global leader in Internet security. We provide Microsoft users worldwide with the premium-quality security solutions and resources they need to protect themselves from Internet threats. We continue to support Microsoft in its efforts to raise user awareness of Internet security risks, hacking dangers, and privacy threats. Together we offer a variety of educational and promotional programs that inform users of the simple measures they can take to safeguard their computing experience.

Donovan: What is your strategy for training and certification after the acquisition of another company's product, such as PureMessage?

Forsyth: I'm sure we both agree that training and certification of security products is critical for the channel. We provide certifiable training across all product offerings. With the acquisition of PureMessage, their pre-existing training fitted scalably into our existing program.

Forsyth: Symantec's business has a very broad product range, do you see this scope increasing?

Donovan: Currently we offer Internet security solutions for large organisations, SMBs, and home users. These solutions include antivirus, firewall, and intrusion-detection technologies. We also offer our customers managed security services. For example, we provide detailed intelligence on real-time security incidents gathered from more than 20,000 sensors in more than 180 countries. With this information we can develop mitigation strategies to help organisations prevent an attack against your network.

Symantec's acquisitions have assisted the company in expanding its offering into new markets. For instance, the recent acquisition of PowerQuest has strengthened Symantec's offering for both enterprises and individuals, bringing together market-leading deployment, provisioning, storage management, and disaster recovery technologies.

Donovan: What is your response to critics of antivirus companies who claim that companies such as yours are the main culprits in the increase in virus attacks?

Forsyth: Most anti-virus companies work very hard, spend a lot of money on research and education, and employ the best programmers to protect their customers from virus attacks.

Occasionally, someone will imply that anti-virus companies also write the viruses. Most often this is a weak attempt at humour -- a bit tongue in cheek. Sophos would find offence in this sort of challenge.

Sophos does not employ virus writers; nor would we condone the teaching of virus writing, as some educational institutions have proposed in the past.

Forsyth: What is your position on learning institutions that teach virus writing?

Donovan: Given the increase in the number of security threats and the availability of online tools, Symantec believes that the industry should focus on training and educating today's youth about the ethics of computer crime and its affects and the detrimental impact on victims.

Donovan: Do you think that Australian companies and managers are becoming more savvy about the importance of Internet security through all levels of the organisation?

Forsyth: Yes. One of the central themes that we have been communicating for years, is that software alone is not a complete answer. Customer education is critical. Through our initiatives such as "Computer Viruses Demystified" (available free from our Web site), seminars and media articles such as this one, we have been part of that communication process. The whole security industry needs to provide rational, accurate, and timely information.

Forsyth: How has Symantec dealt with integrating the different cultures and technologies following its many acquisitions?

Donovan: Symantec is a company built on acquisitions. Through its acquisitions, Symantec has grown from strength to strength by enhancing its offering worldwide and penetrating new markets. Symantec has dedicated transition teams who ensure that when Symantec acquires a company, there is a smooth integration of cultures and technologies. We also have integration teams who are engaged in evaluating all technologies involved in the acquisition and establishing a roadmap for Symantec's combined offering moving forward.

Donovan: Integrated security from top to bottom is said to be the way of the future for Internet security companies. How does Sophos plan to protect companies with this integrated security concept?

Forsyth: The single vendor versus best of breed debate has ebbed and flowed in both directions for some time. If there was a single product that was perfect -- top to bottom -- there would be only one product; however we see a multitude of offerings being successfully deployed by customers. Sophos' role is to provide robust products that have excellent customer support, combined with flexible licensing. Whether it be with ISPs, at gateways, or with servers and PC networks, our products effectively protect more than 26 million users from malicious attack.

Forsyth: Do you think that the issues arising post-September 11 have impacted on electronic security and if so how?

Donovan: I don't think September 11 created new vulnerabilities or greatly impacted electronic security. What September 11 did was raise awareness around the world that security infrastructure is interlaced, that you can't separate the cyber-infrastructure from the electricity grid. Furthermore, in the cyber arena right after September 11, specifically on September 18, the Internet world had a watershed event around the world -- the attack of the Nimda worm. That created a broader level of awareness that many individuals and small businesses were awakened to. Then came the computer virus attacks of August 2003. Never before had we seen four broad-based attacks in a span of 10 days or less. Those events raised awareness of the need for people to secure their environments. It's also been a catalyst for growth for many of the companies that play in this sector.

Donovan: If there was only one product you could sell to your customers which one would it be and why?

Forsyth: The last line of defence must be the desktop. With encrypted files, they can only be checked at the desktop as that is the point of encrypting them in the first place. In addition, recent viruses have spread in ways other than e-mail, such as IM, P2P, and file sharing. If a customer was to have only one point of protection, my vote would be Sophos Anti-Virus, for the desktop.

Forsyth: Sophos sponsors the Manly Marlins Rugby Club, supporting the team and, through its juniors program, both the local community and the future of the game. Does Symantec have any local sponsorships?

Donovan: While Symantec does not sponsor local rugby clubs, we do support a number of local charities including the Starlight Foundation. In addition, Symantec matches dollar for dollar any donation that a Symantec employee makes to a charity. This local initiative is one of many initiatives around the world that Symantec endorses.

Donovan: What is your favourite Olympic sport and why?

Forsyth: Spending five years with the Sydney Olympics Organising Committee in planning and operational management roles, I had an opportunity to work with all Olympic sports. I suppose I could answer rugby (as it is my personal sport) but as it was last in the Olympics in 1924 and Australia's only Gold medal in rugby was in 1908, that would be drawing a long bow. In terms of Sydney's Games, I actually enjoyed the Paralympics more than the Olympics. Great people performing spectacular achievements with huge community support. I am pleased to have been able to have been part of Sydney's history.

This article was first published in Technology & Business magazine.
Click here for subscription information.