Adaptive security the way to go in current APT landscape: Symantec

Security vendor sheds light on the role of its managed security services division

The threat landscape is the most challenging it has ever been, according to Symantec managed security services (MSS) director, Peter Sparkes.

More sophisticated external attacks as well as targeted malware attacks like Stuxnet have contributed to the increasing threat concerns, according to him.

“People also have to contend with malicious insiders, WikiLeaks being the famous example, and well meaning insiders,” Sparkes said. “There is also increasing financial brand risk associated with security threats.”

He also highlights how the drive to Cloud-based infrastructure and services is complicating things for some along with the adoption of virtual infrastructure.

Round the clock

According to Sparkes, Symantec addresses these challenges by providing threat visibility round the clock.

“Other [challenging] factors include geopolitics as motivation, leveraging of social media, well funded initiative, and cyber criminals being patient,” Sparkes said.

He adds that adaptive security is the way to combat these threats, with a focus on intelligence, context, and visibility. Symantec MSS provides enterprise-wide support of devices and technologies, pricing and business models.

“Multiple, different partners can resell our services,” Sparkes said.

Candid camera

One case that MSS had been involved with was an infected CCTV system that belonged to a client.

“MSS detected an outbound connection attept to known phone home IP address via a limited number of firewall “accept” logs,” Sparkes said.

When the customer investigation was carried out, the customer initially insisted the infection was not possible, as the hosts were isolated with no inbound access and no web surfing/email allowed.

“However, the systems were identified as Windows 2003 Servers that were infrequently patched, due to concerns with interoperability of the CCTV camera software running,” Sparkes said.

MSS analysts eventually convinced the customer to host a conference call and determined the infection vector was a USB drive.

“The vendor had performed a software update on the day the activity was first observed,” Sparkes said.

Comments

Comments are now closed

NRMA accelerates startups with Jumpstart

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]