Adaptive security the way to go in current APT landscape: Symantec

Security vendor sheds light on the role of its managed security services division

The threat landscape is the most challenging it has ever been, according to Symantec managed security services (MSS) director, Peter Sparkes.

More sophisticated external attacks as well as targeted malware attacks like Stuxnet have contributed to the increasing threat concerns, according to him.

“People also have to contend with malicious insiders, WikiLeaks being the famous example, and well meaning insiders,” Sparkes said. “There is also increasing financial brand risk associated with security threats.”

He also highlights how the drive to Cloud-based infrastructure and services is complicating things for some along with the adoption of virtual infrastructure.

Round the clock

According to Sparkes, Symantec addresses these challenges by providing threat visibility round the clock.

“Other [challenging] factors include geopolitics as motivation, leveraging of social media, well funded initiative, and cyber criminals being patient,” Sparkes said.

He adds that adaptive security is the way to combat these threats, with a focus on intelligence, context, and visibility. Symantec MSS provides enterprise-wide support of devices and technologies, pricing and business models.

“Multiple, different partners can resell our services,” Sparkes said.

Candid camera

One case that MSS had been involved with was an infected CCTV system that belonged to a client.

“MSS detected an outbound connection attept to known phone home IP address via a limited number of firewall “accept” logs,” Sparkes said.

When the customer investigation was carried out, the customer initially insisted the infection was not possible, as the hosts were isolated with no inbound access and no web surfing/email allowed.

“However, the systems were identified as Windows 2003 Servers that were infrequently patched, due to concerns with interoperability of the CCTV camera software running,” Sparkes said.

MSS analysts eventually convinced the customer to host a conference call and determined the infection vector was a USB drive.

“The vendor had performed a software update on the day the activity was first observed,” Sparkes said.

Recommended

  1. NSW Police issues warning on 3D printed guns

  2. BT Financial embraces BI to better understand customers

  3. Tapping into social experience: Tourism Australia

    CMO

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/22/cdex/

CDex

CDex can extract the data directly (digital) from an Audio CD, which is generally called a CD Ripper or a CDDA utility.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia