Interview: Advanced Threat Protection has potential to change Symantec's enterprise security play
With the ATP launch, the company hopes to disrup the advanced persistent threat market which is already ruled by companies like FireEye and Trend Micro; and begin a new journey as a 'fully security company.'
Security giant Symantec has finally unveiled its ambitious product -- Advanced Threat Protection (ATP). With the ATP launch, the company hopes to disrupt the advanced persistent threat market which already sees companies like FireEye and Trend Micro; and begin a new journey as a "full security company." In an exclusive chat with Firstpost, Tarun Kaura, director-solutions product management, APJ, Symantec, talks about the major launch, and the new strategy post Veritas split.
Symantec is launching Advanced Threat Protection -- which is seen as a big product announcement and the start of a whole "new Symantec." So to start with, can you tell us about the change you are witnessing in the threat landscape; and why this product can prove as a disruptor in the market?
Tarun: Today, large as well as small and medium enterprises all are going through the wave of digitization. They have a lot of information that’s becoming digital. Few years back, attackers used to actually do a spray and pray kind of thing, they used to just go after one vulnerability across all enterprises or just have an e-mail campaign which was run across enterprises, and not have any specific targets. But lately, we’ve been seeing that the attacks have been more targeted towards specific enterprise or towards specific verticals. This is what we call "targeted attack." Now, the hackers know the vulnerabilities that exist in that particular vertical which they can exploit. We also saw the number of spams were reducing but the number of campaigns were increasing. The duration of the campaign had been increasing which basically means that the hackers are lying low -- they are already in the enterprises but they are lying low and they’re spreading across the entire attack from a duration perspective which is going undetected in an enterprise. Thirdly, we saw that there were around a million of variants of malware written in a day which means that there are around 300 million plus malwares, which is what the attackers are using to either get into through an e-mail or through an HTTP traffic which is the web traffic to basically infect the endpoint. Around five out of six enterprises worldwide were targeted by advanced threat attacks.
If you look from that perspective, the quantum of the problem is that there are lot of security products, there are lot of endpoint products, but when they have to consolidate all the events, all the problems, they have to put in a considerable amount of manual effort. By the time they actually get to know where to re-mediate, the damage in an enterprise has already been done. So, this is where the industry’s biggest gap is. Symantec Advanced Threat Protection is one of the first solution that can detect and re-mediate advanced threat through across all the control points -- web, e-mail, and endpoint. It helps customer to uncover a full range of threat like APT, Zero Day vulnerabilities. Also we help customers to prioritize to work on what’s more important by correlating their incidence with the global threat intelligence. We are excited because Symantec Advanced Threat Protection is the first solution which covers all the three control points. We will have two technologies on Advanced Threat Protection that customers can leverage -- Symantec Cynic and Symantec Synapse. Symantec Cynic is our sandboxing environment where apart from the virtual sandboxing, we also do bare metal, which means that once you have 28 percent of the malware which actually go undetected in a virtual environment can be detected in a bare metal -- in a cloud that we are running. Because bare metal is tough -- it’s impractical to bring it on a customer premises, you can’t have a bare metal environment on the customer premises. So, that’s the advantage that we bring in. On the other hand, Synapse is our correlation. Symantec has been in the security domain for many years now and it collects lot of information through sensors across 157 countries. We have a lot of e-mail and web traffic that we monitor. The entire global intelligence is going to be on Synapse. So, if there is a problem at the customer place, we can co-relate it so that we can help customer to prioritize and tell that this is a high critical malware that needs to be worked upon first.
What exactly sets Symantec’s new product apart from other advanced persistent threat offerings that are available from rivals like FireEye and Trend Micro which are also established players in this space?
Tarun: If you look at endpoint products the companies are looking at one or two of the control points, but not putting all the three control points. Either they are good at network and e-mail. So, if there is something malicious that's got into an enterprise, these security companies will be able to tell the customer that these are the endpoints that are affected but at that time a customer doesn’t know how to work on it because they don’t have the remediation solution along with the endpoints into their stack. Here, you detect the problem but don't exactly know how to work on it. Symantec's Advanced Threat Protection helps detail it, correlate it to a level where the customer can prioritize and also re-mediate. Secondly, since our sandboxing is on the cloud, we do the entire malware analysis on virtual environment as well as bare metal. We’ve seen that customers have been able to detect in Advanced Threat Protection 30% faster than other products which are available. With Advanced Threat Protection, you’re able to correlate, sandbox, and run across multiple VMs at a much faster rate.
Most of the enterprises have invested in lot of security technologies already. What is going to be Symantec’s strategy to convince these customers to invest in one more technology?
Tarun: We’ve been the largest endpoint protection and what we gave the existing Symantec customer is the same Symantec endpoint protection agent that would be used for Advance Threat Protection. In that case, customers don’t have to re-deploy any second agent. They can activate features by buying the licenses and become ATP ready. From a scale perspective, I think we already have a base of customers who can be ATP ready -- including our existing customers and enterprises who have invested in certain technologies can definitely co-exist with the kind of technologies that we are bringing in. Our strategy will be to make the whole architecture more comprehensive for customer to look at Symantec.
How cost effective this product would be; and are there variants for large enterprises and SMBs?
Tarun: The product is going to be available by December 2015 at an MSRP of $35 per user annually for single control point; $55 per user for two control points; and and $65 per user for taking all three control points.
What are the changes Symantec is bringing to the enterprise security after Veritas split?
Tarun: After deciding to sell off Veritas, Symantec is entirely a security company. We believe that the way the whole world is evolving towards cyber security, this is the best time to refocus on whole security space and that's what we’ve done by launching Advance Threat Protection. We’ve divided ourselves -- not by product line but more on strategy point of view. Our focus will be divided on both threat protection and information protection.
Advanced Threat Protection is going to be our threat protection pillar where we have solutions like anti-spam services, threat protection services, and data centre security products. From an information protection perspective, we have been number one in cloud services and data loss prevention for years; and we are doing extremely well in the global and Indian market for DLP. We brought in new products few months back called Symantec Access Manager. We changed the whole game by killing the password by having digital certificates, two-factor authentication together for customers to bring up the productivity of remote access of employees.
Almost a month back, we came out with the whole IoT protection where we said that we are already protecting a billion of IoT devices through the Symantec Critical System Protection. Threat protection and information protection are two big pillars where the entire product line is.
What kind of market do you expect in India with your upcoming product?
Tarun: India is going through a major digitization through government, BFSI, and telecom. Every vertical is getting digitized which means they are up for vulnerabilities. We’re not going specifically after verticals but we are very clear that this solution is going to help large enterprises as well as SMBs to protect themselves and get more visibility of the malicious data.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.
The charters and the early arrivals are all part of Tennis Australia's attempt to have the tournament happen despite a ban on international arrivals into the country.
Tennis Australia said in a statement the tournament build-up had been revamped after "extensive consultation" to help give the 72 affected players "the best possible preparation and training opportunities".
Thiem's father told Austrian media that he would train with Dominic and fellow Austrian Dennis Novak.