Symantec CEO At RSA: Emerging Technologies Demand More Holistic Security Strategy
Companies have expanded beyond their four walls with technology, and the security industry needs to follow suit if it hopes to design a successful security operations center for the future, according to Symantec CEO Michael Brown.
"The hyper-connected world changes the way we work, live and play," Brown said in his keynote address Thursday at the 2016 RSA Conference in San Francisco. "If we can create a more secure world at the same time, then that world has the potential to be truly amazing."
With the advent of cloud, the Internet of Things and a growing supply chain, Brown said, the traditional protection perimeter of the past is "melting." With that comes a vastly expanded attack surface, he said, one that calls for a new approach to security in the future.
[Related: 30 Cool New Security Products And Solutions Launched At RSA 2016]
"I think this requires a completely new approach to security, where we will have to take a more holistic view and think about the entire ecosystem and how we do a better job at protecting that," Brown said.
For the Internet of Things, holistic approach means both driving more threat intelligence information sharing and visibility into the number, purpose and type of devices on the network, an onstage panel with Brown agreed.
The cloud also causes challenges to the traditional security approach, Brown said, namely in that perimeter protections no longer apply and in lost visibility. Samir Kapuria, senior vice president and general manager of Symantec's Cyber Security Services, said the cloud in particular has also changed how security is orchestrated, giving security operations professionals an edge to change functions faster than ever before.
Third-party supply chain vendors have also proven a challenge to perimeter technologies, Brown said. This has already been seen in the JPMorgan Chase and Target breaches, he said, which were caused by hackers that came in through third-party vendors associated with the companies.
"This vulnerability, as we need to understand our suppliers and customer networks, is with us already today, and will only get more so in the next five years," Brown said. The onstage panel agreed that analytics and risk scoring will prove key in solving the security challenges that third-party vendors pose.
However, a more holistic approach to emerging technologies does not mean more security solutions are needed for each new offering, Brown said. Customers are "at their breaking points" when it comes to security complexity, spending more time trying to integrate and manage the solutions than actually securing their environments.
Instead, Brown said, by using a unified security approach that incorporates threat intelligence data, security analytics and expert security services, a company can bring the advantage back to the businesses instead of the hackers. Symantec's Kapuria agreed, urging for the same unified approach.
"We have an attacker ecosystem. … I think the role of the security operations center of 2020 is the intersection between the business ecosystem and the security ecosystem," Kapuria said.