Symantec's vision of enterprise security rests upon collaboration, sharing data

Summary:Symantec's chief of security intelligence suggests an approach that could reveal and fix more blind spots in enterprise IT worldwide.

snooping-keyhole-spy-surveillance-eye

SAN FRANCISCO---One might assume that with the abundance of security startups and cutting edge technology available, enterprises would be able to keep attackers out.

But that's not the reality -- not even close -- as told by Stephen Trilling, senior vice president of security intelligence and technology at Symantec.

"We're fighting an asymmetric battle," warned Trilling while speaking at the 2014 RSA Conference in San Francisco on Wednesday afternoon.

While acknowledging that some "best-of-breed solutions" do block many cyberattacks, Trilling pointed out that cybercriminals can buy the same products as easy as any IT department.

Additionally, Trilling argued that today's targeted attackers have the resources -- as well as patience -- to plan and adjust attacks for years.

Finally, managing security is expensive -- not to mention a complex, manual effort, Trilling observed.

Certainly, Trilling relented, companies will need to continue to deploy endpoint security products, firewalls, email filtering systems, and more.

"We need a system with a worldview, not a limited company-centric view," Trilling posited.

But the problem with the current model, according to Trilling, is that each of these products "is an island" with their own consoles and detections based on limited views -- none of which interact with each other.

So what needs to change?

Trilling outlined Symantec's big picture for the future of security, which starts with having security managed by providers that leverage economies of scale. Security will also be automatically integrated -- not one-time integrations, but at the data level in order to yield insights.

Furthermore, security solutions won't float around like islands, but rather form a community to share wisdom in an effort to better protect networks. In terms of results, attacks should be detected within minutes.

"Today's attack indicators hardly ever fit into windows like seconds, minutes, or hours. It's more like weeks, months, or years," Trilling lamented.

Naturally, this vision is all based on the value of data.

Trilling concluded that this model should include data shared by millions of companies that span industries and economic sectors to generate attack indicators. He reasoned that these attacks can often only be traced when analyzing data shared among many companies, industries, and countries -- not just a single source in any of these categories.

"We need a system with a worldview, not a limited company-centric view," Trilling posited.

Trilling hypothesized that this model will result in less time on connecting the dots and managing security, instead rededicating that time to fulfilling their missions.

Topics: Security, Big Data, Data Management, Enterprise 2.0, Privacy

About

Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider, FastCompany.com, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for MainStreet.com, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.