IN THE BOARDROOM™ with...
Mr. Enrique T. Salem
Senior Vice President Security Products and Solutions
Symantec (NYSE: SYMC)
SecuritySolutionsWatch.com:
Thanks for joining us today, Enrique. Please give our audience an
overview of your background and your role at Symantec.
Enrique Salem: As the senior vice president of Security
Products and Solutions at Symantec, I lead the overall enterprise
and consumer security business strategy, guiding the team in
identifying and developing Symantec's industry-leading security
solutions. Prior to that, I was president and CEO of Brightmail,
the leading anti-spam software that was successfully acquired by
Symantec in 2004 and is now a key technology offered in
Symantec’s Messaging and Web Security solutions.
SecuritySolutionsWatch.com: We can’t argue with this premise
from Symantec’s profile: “Information is the currency of
today's global economy. Individuals and enterprises rely on the
global distribution and storage of information to govern nations,
conduct business transactions, and make personal decisions.”
Without divulging any confidential or sensitive information, is
there a recent Symantec project with Homeland Security or in the
U.S. Government sector that you can tell us about?
Enrique Salem: Very recently, through its Science and
Technology Directorate, the U.S. Department of Homeland Security
granted $1.24 million in funding to Symantec, Stanford University
and Coverity, to be paid out over a three-year period. Symantec is
receiving $100,000 of those funds to provide security
intelligence, as well as test the source code analysis tool in our
proprietary software environment, to help Stanford and Coverity
target their research and development to best help commercial
software developers.
In addition, Symantec has teamed with Komoku Inc., a small
start-up founded by University of Maryland computer science
professor Bill Arbaugh, for a project funded by the Homeland
Security Advanced Research Projects Agency to develop a tool that
finds and eliminates rootkits. A rootkit buries itself in the
operating system, modifying the kernel to hide its presence and
protect itself in order to keep the infected PC vulnerable to the
attacker. Once a rootkit is detected, cleaning up an infected
computer remains difficult. It has to be shut down and reformatted
or restored from a back-up disk. Symantec is going to help
automate the process by incorporating our Symantec LiveState
family of restoration products into the tool. Symantec LiveState
Recovery returns a computer to a trusted state, and Symantec
LiveState Delivery can centralize provisioning, configuration and
updating of workstations.
SecuritySolutionsWatch.com: We understand that Symantec has
become increasingly active in the Power & Energy sector.
Please give us an overview about Symantec’s enterprise solution
for this market? Any examples?
Enrique Salem: Symantec believes that utility organizations
can improve their security posture and safeguard this critical
energy infrastructure using a four-step security process:
assessment, policy creation and enforcement, security measure
deployment, and security monitoring management.
For assessment, Symantec offers SCADA and DCS security and risk
assessment services, corporate network vulnerability assessments,
incident forensics, and penetration testing to help utility
customers develop more robust information security
infrastructures, processes and programs.
Policy creation and enforcement are critical, and Symantec
believes the foundation of an effective security practice is a
comprehensive, well-conceived security policy. For the control
systems used by oil and gas pipeline and power and energy plant
operators, security policies must control authorization rights to
access critical information, who is authorized to perform what
functions, as well as procedures required to ensure effective
security. To assist with policy creation and enforcement, Symantec
offers two solutions – Symantec Managed Security Services, so
that organizations can leverage the expert assistance of
Symantec’s security professionals to help create a security
policy and deliver training to personnel; and Symantec Enterprise
Security Manager, which provides comprehensive, policy-based
security assessment and enforcement to management and measure
adherence to established security standards.
Security measure deployment is also an important part of the
solution, given that today’s security threat landscape is
continually changing with new blended threats that leverage
different types of malicious code (such as viruses, worms, and
Trojan horse programs). Therefore, Symantec recommends protection
at the gateway between the Internet and SCADA/DCS network, at the
network level and desktop client security to protect against
day-zero attacks. Symantec offers award-winning products for each
of these tiers: Symantec Gateway Security includes integrated
full-inspection firewall technology, protocol anomaly-based
intrusion prevention and intrusion detection engines,
award-winning virus protection, URL-based content filtering, anti-spam
technology, and IPSec-compliant virtual private networking
technology with hardware-assisted high-speed encryption; Symantec
Network Security 7100 Series IPS appliances leverage an innovative
Intrusion Mitigation Unified Network Engine (IMUNE™) that
combines protocol anomaly, signature, statistical and
vulnerability attack interception techniques (including attacks
against ICCP and MODBUS protocols) to accurately identify and
block known and unknown day-zero attacks, and worms from spreading
throughout corporate and control system networks; and Symantec
Client Security provides threat protection through integrated
antivirus, firewall, and intrusion detection for remote, mobile,
and networked client systems.
The final piece of the solution is security monitoring management.
Implementing “technology-only” solutions without close
monitoring and management actually undermines the effectiveness of
security devices. While hiring experienced IT security
professionals to monitor network security devices can help to
mitigate risk, this option is cost-prohibitive for most utility
companies. Therefore, Symantec Managed Security Services provide
24/7 centralized management and monitoring of protection
technologies along with early warnings, incident response, and
decision support. These services ensure that all security devices
are configured properly and fully patched, while security experts
monitor the actual activity on each device to detect malicious
activity in real time.
SecuritySolutionsWatch.com: How about the Healthcare, Financial
Services, and Telecommunications verticals? Any recent success
stories you care to mention?
Enrique Salem: Symantec offers a range of solutions for
managing, measuring and reporting on compliance, defending against
attacks, and educating end users about how to reduce security
risks.
Symantec recently announced the availability of Symantec IP-ATM
Security, the industry’s first complete real-time endpoint
compliance solution to implement fully protected Internet Protocol
(IP) Automated Teller Machines (ATMs). Symantec IP-ATM Security
includes antivirus, host intrusion prevention, device control,
policy enforcement, remediation, and control over managed and
unmanaged endpoints to provide banks a secure and manageable ATM
infrastructure. Using our solution, banks and financial
institutions can mitigate the risk from malicious attacks, viruses
and hacking attempts to provide a safe banking experience for
their end customers.
SecuritySolutionsWatch.com: Symantec recently announced that it
has added new protection features to its consumer and enterprise
antivirus solutions. May we have an overview?
Enrique Salem: In order for Internet security solutions to
be effective, they must keep pace with the rapidly evolving threat
environment. Therefore Symantec delivered product technology
updates to our consumer and enterprise antivirus solutions to help
ensure users have expanded protection against stealth computer
threats.
The updated antivirus scanning engine removes many of today’s
most stubborn threats from home and enterprise computer systems
through its new driver technology. The engine works before the
operating system loads - in kernel mode - and protects users
against malicious code that attempts to hide from current scanning
methods. By operating in the kernel mode, the engine can open
locked files, bypass programs running in the computer's user mode,
and initiate repairs during the system boot cycle. So much like an
airport x-ray machine can look inside luggage and identify items
that security guards are unable to see, the new antivirus scanning
engine can look deep inside a computer system to handle malicious
code, adware, and spyware that are hidden from users by stealth
technology.
SecuritySolutionsWatch.com: “Phishing” threats are becoming
more prevalent and sophisticated and identity theft is on the rise
but many end-users still do not understand the term “Phishing”.
Please give our audience an overview of “Phishing”. What can
enterprises do to prevent these attacks from happening and what
can individuals do to protect themselves?
Enrique Salem: Phishing is an online scam where fraudsters
send millions of e-mails to random accounts. The e-mails appear to
come from popular Web sites or from the consumer’s bank, credit
card company, e-mail provider, or Internet service provider. The
e-mails often inform consumers that the company needs personal
information, such as their credit card number or password, to
update their account. Many times, the e-mails include a URL link
that takes consumers to what appears to be a legitimate Web site.
However, the site is actually a fake or “spoofed” Web site.
Once consumers are on this spoofed site, they are asked to enter
personal information that is transmitted to the phisher.
To protect themselves from phishing scams and other forms of
online fraud, consumers should use an up-to-date Internet security
solution that provides virus protection, spam filtering and
privacy controls, such as Norton Internet Security. Computer users
should also refrain from providing personal information to
suspicious e-mails and Web sites, thoroughly read End User License
Agreements (EULA) when downloading programs or purchasing items
online, and they should also create secure, complex passwords that
are changed frequently.
However, phishing is an issue that also affects enterprises.
Companies should be concerned about phishing because scammers
could compromise their customers’ accounts. Not only can this
cause financial harm to consumers, but it also hurts their
business. The use of a company’s name in a phishing scam can
weaken the company’s credibility and diminish the value of its
brand. Phishing e-mails are also making their way into enterprise
desktops, which not only makes employees’ personal information
vulnerable to fraudsters, but it also opens up the possibility of
confidential corporate data from being shared with phishers.
Enterprises can take proactive steps to protect their company and
the consumers who trust their brand. First, they should define
consistent policies for contacting customers via e-mail. These
policies should be clearly communicated to employees and
customers. Enterprises should also set up a contact point, whether
it be an e-mail address, Web page or phone number, where customers
can report fraud. If a Web site is involved, they should request
that the host ISP remove the site. Enterprises in the U.S. can
contact their local FBI office and the FBI Internet Fraud
Complaint Center at www.ifccfbi.gov
and the Federal Trade Commission. Companies in other countries can
contact the national law enforcement agency that manages consumer
fraud. Financial institutions can also look to solutions like the
Symantec Online Fraud Management Solution, which protects
companies and their customers by blocking fraudulent e-mails from
reaching consumers and alerting companies when their customers are
under attack. The Symantec Online Fraud Management Solution also
provides customer education, customer desktop security assessment
and customer protection technologies that guard consumers as well
as the company’s network.
SecuritySolutionsWatch.com: What type of recent virus threat
information is posted on Symantec.com?
Enrique Salem: Symantec’s Web site, Symantec.com provides
a synopsis of the latest virus-related threats discovered by
Symantec Security Response, including information on the
threat’s risk through our Category Rating, the name of the
threat, the day on which the threat was identified, and the day on
which a virus definition was added to protect against the threat.
It also provides customers with removal instructions and security
best practices to protect against the threat.
SecuritySolutionsWatch.com: What resources; such as webinars,
case studies, and white papers, are available at www.symantec.com
for end-users?
Enrique Salem: In addition to information on the latest
threats, Symantec.com also offers advisories on major security
developments; in-depth introductions to the new breed of threats
such as phishing and pharming, spyware, bots and Trojans and how
users can protect themselves; as well as information on our
industry-leading security and availability solutions. End users
can also view webcasts and featured articles, and find a variety
of downloads, such as virus removal tools, product updates and
manuals, white papers and trialware.
SecuritySolutionsWatch.com: Several Government mandates have
been enacted recently to improve the security of public and
private sector networks. Please give us an overview of FISMA,
HIPAA, FFIEC, Gramm Leach Bliley Act and Sarbanes-Oxley.
Enrique Salem: I’ll start with the Federal Information
Security Management Act. The goal of FISMA is to develop a
comprehensive framework to protect the government’s information,
operations and assets by providing adequate security for the
Federal government’s investment in information technology. FIMA
requires the implementation of policies and procedures to
cost-effectively reduce information technology security risks.
The Health Insurance Portability and Accountability Act is an
important law designed to improve the efficiency and effectiveness
of the health care system, help providers access patients’
health care information, standardize the way information is
handled, and ensure that patient health information remains
strictly confidential. The Administrative Simplification aspect of
HIPAA developed standards and requirements for protecting the
privacy of patients and information security.
The Federal Financial Institution Examiners Council provides
direction to regulatory examiners and auditors in assessing the
quantity of risk and the effectiveness of the institutions’ risk
management processes, and to determine the institutions’
compliance with specified technology-related regulations.
Specifically, its guidelines address security measures that should
be considered by financial institutions to ensure system
reliability, confidentiality, integrity and availability.
The Gramm-Leach-Bliley Financial Services Modernization Act
requires that financial institutions ensure the security and
confidentiality of customers’ personal information against
“reasonably foreseeable” internal or external threats.
And the Sarbanes-Oxley Act is a critical piece of legislation that
affects corporate governance, financial disclosure and the
practice of public accounting. It mandates that organizations
ensure the accuracy of financial information and the reliability
of systems that generate it.
SecuritySolutionsWatch.com: Symantec Vision 2006 is coming up
May 8-11 2006 in San Francisco. How about an overview of the
Conference?
Enrique Salem: Symantec Vision 2006 provides a unique
opportunity for participants to evaluate the latest tools,
technologies and techniques in security and storage to improve the
way they work and do business. The conference is designed to offer
insightful keynote sessions with the latest news on where the IT
industry is heading, educational breakout sessions to keep
customers up to speed with real world techniques, product demos
from exhibitors for a sneak-peak at cutting-edge IT solutions, as
well as extensive tutorials and hands-on labs for in-depth
knowledge.
Please
read our Terms of Use and Disclaimer.
Investment
Guide To 350+ Security Stocks©.
|