Symantec stretches Web 2.0 definition, invents Security 2.0

Symantec stretches Web 2.0 definition, invents Security 2.0

Summary: Like most companies today, Symantec is figuring out how become a Web 2.0 company.

SHARE:
TOPICS: Symantec
3

bregman.jpgLike most companies today, Symantec is figuring out how become a Web 2.0 company. No company wants to be left out of the parade, so the definition of Web 2.0 is stretching as marketing strategists apply their skills. Speaking at Software 2006, Mark Bregman, CTO of Symantec, described how Symantec moved from protecting things (PCs, servers, storage, etc.) to protecting information in the Internet era (Web 1.0) and now is moving to a "new Web 2.0 paradigm," protecting interactions and relationships between entities. He dubbed this twist on Web 2.0, Security 2.0. Why not Security 3.0 and try to appear like you are ahead of the curve? Nothing trying to associate Symantec itself with a high concept like Security 2.0, but Bregman's presentation lacked any substance other than the notion of changing paradigms and creating a new ecosystem, more buzzwords.

Bregman said that some customers want Symantec to support the "old paradigm view of the world," which I assume means not getting involved in protecting relationships, which goes deeply into the areas like identity management and Web services security. Symantec appears to be crossing a chasm and, as Bregman said, is scouting and scanning new companies, talking to potential customers, building a new ecosystem of partners, thinking about how get people within the company thinking in "Security 2.0" ways, which he associated with making ebusiness and online collaboration more secure. Without a new ecosystem and partnerships, Bregman said there could be a deceleration in economic growth driven by lack of confidence in the network interactions. Bregman's message: Symantec to the rescue...

Topic: Symantec

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Before they do 'Web 2.0', I just wished

    That they would stop their Client Side Javascript hi-jacking practices out of the box by asking their customers during installations to enter in a list of commonly trusted site or perform a Pop up of Do you want to block Javascript from this site. Just blindly blocking every client side Javascript is just very annoying. Also, not willing to work with web site operators who asked them for information so that they can help their customers better use Symantec's products are also BAD. We now have to blindly just told customers who doesn't know how to use Symantec's products to just switch to someone else's products.
    JJ_z
  • my view of "security 2.0"

    i have a different view of "security 2.0". see my post at http://hi2005.wordpress.com

    When I try to dig "Security 2.0" via Google, only one noticeable hit was found from CSOonline by Sarah. Sarah summarized the convergence at security area, and regarded "Security 2.0" as integration, convergence, holistic security and so on. Sarah reported a case study from Constellation Energy Group on convergence of physical security and IT security, where they assigned a new role named Chief Risk Officer, directly under CEO, who is responsible for control of what ever risks which might hurt the enterprise to an acceptable level. That's very interesting and with deep insight. However, my vision of "Security 2.0" is somewhat different.

    At least in China, based on the about ten years of security practice, I would like to define the following two stages of security management and technology we are living with so far.

    Security 0.1: security came from anti-virus capability
    Security 1.0: security is PDR (Protection -> Detection -> Response), where in most cases at China, PDR was explained as firewall (protection), IDS (detection) and security emergency response services (Response)
    But I begin to feel the emerging of a new pulse and inspiration at the industry, which I didn't hasitate to call it "Security 2.0", where I hope to borrow some concepts and feelings from Web2.0. The representative and definitive features of "Security 2.0" include:

    Security 2.0.1: focus changed to internal control and security protection of applications and data, rather than simple virus/intrusion detection and attacks.
    Security 2.0.2: "holistic security" synergizing the AAAA(Account, Authentication, Authorization, and Audit), from just stack/heap of firewalls, IDSs and other single point stuff.
    Security 2.0.3: emphasizing the perception and experience of those security managers and administrators, ie. the real effectiveness and efficiency. along with the implementation of technologies of data mining and correlation.
    The key difference between Security 2.0 and previous stages lies at that the later focuses on the security information production and corresponding accuracy from those single point security elements, while the former turns to effective and efficient usage of those information to direct the real operations. Security 2.0 just develops itself on the shoulder of Security 1.0, instead of replacing them.
    hi2005
  • my view of security 2.0

    i have a different view of "security 2.0". see my post at: http://hi2005.wordpress.com

    When I try to dig "Security 2.0" via Google, only one noticeable hit was found from CSOonline by Sarah. Sarah summarized the convergence at security area, and regarded "Security 2.0" as integration, convergence, holistic security and so on. Sarah reported a case study from Constellation Energy Group on convergence of physical security and IT security, where they assigned a new role named Chief Risk Officer, directly under CEO, who is responsible for control of what ever risks which might hurt the enterprise to an acceptable level. That's very interesting and with deep insight. However, my vision of "Security 2.0" is somewhat different.

    At least in China, based on the about ten years of security practice, I would like to define the following two stages of security management and technology we are living with so far.

    Security 0.1: security came from anti-virus capability
    Security 1.0: security is PDR (Protection -> Detection -> Response), where in most cases at China, PDR was explained as firewall (protection), IDS (detection) and security emergency response services (Response)
    But I begin to feel the emerging of a new pulse and inspiration at the industry, which I didn't hasitate to call it "Security 2.0", where I hope to borrow some concepts and feelings from Web2.0. The representative and definitive features of "Security 2.0" include:

    Security 2.0.1: focus changed to internal control and security protection of applications and data, rather than simple virus/intrusion detection and attacks.
    Security 2.0.2: "holistic security" synergizing the AAAA(Account, Authentication, Authorization, and Audit), from just stack/heap of firewalls, IDSs and other single point stuff.
    Security 2.0.3: emphasizing the perception and experience of those security managers and administrators, ie. the real effectiveness and efficiency. along with the implementation of technologies of data mining and correlation.
    The key difference between Security 2.0 and previous stages lies at that the later focuses on the security information production and corresponding accuracy from those single point security elements, while the former turns to effective and efficient usage of those information to direct the real operations. Security 2.0 just develops itself on the shoulder of Security 1.0, instead of replacing them.
    hi2005