Symantec's vision of enterprise security rests upon collaboration, sharing data

Symantec's chief of security intelligence suggests an approach that could reveal and fix more blind spots in enterprise IT worldwide.
Written by Rachel King, Contributor

SAN FRANCISCO---One might assume that with the abundance of security startups and cutting edge technology available, enterprises would be able to keep attackers out.

But that's not the reality -- not even close -- as told by Stephen Trilling, senior vice president of security intelligence and technology at Symantec.

"We're fighting an asymmetric battle," warned Trilling while speaking at the 2014 RSA Conference in San Francisco on Wednesday afternoon.

While acknowledging that some "best-of-breed solutions" do block many cyberattacks, Trilling pointed out that cybercriminals can buy the same products as easy as any IT department.

Additionally, Trilling argued that today's targeted attackers have the resources -- as well as patience -- to plan and adjust attacks for years.

Finally, managing security is expensive -- not to mention a complex, manual effort, Trilling observed.

Certainly, Trilling relented, companies will need to continue to deploy endpoint security products, firewalls, email filtering systems, and more.

"We need a system with a worldview, not a limited company-centric view," Trilling posited.

But the problem with the current model, according to Trilling, is that each of these products "is an island" with their own consoles and detections based on limited views -- none of which interact with each other.

So what needs to change?

Trilling outlined Symantec's big picture for the future of security, which starts with having security managed by providers that leverage economies of scale. Security will also be automatically integrated -- not one-time integrations, but at the data level in order to yield insights.

Furthermore, security solutions won't float around like islands, but rather form a community to share wisdom in an effort to better protect networks. In terms of results, attacks should be detected within minutes.

"Today's attack indicators hardly ever fit into windows like seconds, minutes, or hours. It's more like weeks, months, or years," Trilling lamented.

Naturally, this vision is all based on the value of data.

Trilling concluded that this model should include data shared by millions of companies that span industries and economic sectors to generate attack indicators. He reasoned that these attacks can often only be traced when analyzing data shared among many companies, industries, and countries -- not just a single source in any of these categories.

"We need a system with a worldview, not a limited company-centric view," Trilling posited.

Trilling hypothesized that this model will result in less time on connecting the dots and managing security, instead rededicating that time to fulfilling their missions.

Editorial standards