Let's Get Connected!

"There is intense pressure on security software to be more intelligent" PDF Print E-mail
User Rating: / 0
PoorBest 
Technology
Written by Vandana Sharma   
Monday, 13 April 2009 22:26


Shantanu_Ghosh.Vice_PresidentIndia_Product_OperationsSymantec
Symantec Corp likes to stay a step ahead in the market on the merit of its focused innovative strategies.
Shantanu Ghosh, vice president-India Product Operations, Symantec Corp, in conversation with Vandana Sharma of itmagz.com, shares details on the practices that have helped Symantec evolve as one of the leaders in the security and storage software domain.

What kind of innovation strategy is practised at Symantec?
We have a very healthy innovation strategy that mainly stands on three pillars, 'build, buy and partner', by which we partner in the eco-system as well as continue developing innovative solutions.

Since our customers view us as a one-stop shop, we plug every hole to provide the best of solutions to them through research, partnership and our strategic acquisitions. There are a number of examples of our research labs generating cutting-edge technologies that have gone on to become competitive products. But we also possess a meticulously laid out acquisition strategy. We believe in being pragmatic and also look outside to see if there are other products that benefit our customers; and we pick those as well.

What kind of R&D base does Symantec have in India?
As a company policy, Symantec invests around 15 per cent of its annual revenue into research. Of the 500 US patents that Symantec has, incidentally, a third of these come from India. We have a very large R&D set-up in Pune and Chennai. These innovation centres are the largest outside the US and have existed for over 15 years now, much earlier than those of a number of our competitors.

Currently, we have 2,700 people in India. Moreover, the value of what we do in India is very high in terms of the hard-core R&D and product development. The process also involves an analysis of the markets, meeting with customers and understanding their requirements.

On another note, however, at Symantec, what we do together as a team is more important than glorifying individual achievements. We want to be seen as a global company with a global presence.

Do these R&D centres concentrate on local R&D projects or is the nature of research and product development happening here global in nature?
Because we are in this region, if some specific requirements come up, these are often addressed by the India centres. For instance, requirements specific not only to India but to countries like Japan that are in this region, are addressed by us. When we develop products that work in the scenarios that exist in these countries, we undertake the process of product development as well.

What kind of research is carried out at the Symantec labs?
At Symantec, we have the world's largest global intelligence network, with 24x7 operations, dealing with issues such as anti-fraud, anti-phishing, etc, that puts us in a very competitive position. Through this, on a daily basis, we analyse over two billion events or incidents and hundreds of security alerts are generated on the basis of these observations. We also have a network of honey pots, spread globally. The new threats are looked into by our researchers and then we generate patches/updates.

Which is the key trend, according to Symantec, that will determine how security is looked at in the future?
As per our observations and analysis, one big trend that will change the way software is written is the widespread use of gadgets driven by technology. If you observe, the new generation is virtually born with desktops, mobiles phones, laptops, etc. As professionals, they have begun to bring more and more gadgets into the office environment.

The consumer and enterprise world are colliding. Any employee can bring an infected pen drive and slip it into the office environment. Or, for that matter, take away a confidential document from the office.
Instinctively, the security person may say, "We will not allow any employee to bring a personal pen drive to the office." But considering today's requirements, that is not the solution... because that particular employee may have been trying to do something productive.

Technology is proliferating in the work place, and outside, because of its productivity; therefore security should not act as an inhibitor for people trying to complete tasks or who use different gadgets. Considering this need, as we move forward, there will be intense pressure on security software to be intelligent enough to focus 'only' on protecting information residing on computers/gadgets belonging to an enterprise.

Considering the criticality of protecting data, what kind of security applications should be developed?
As discussed earlier, security will need to move closer to the information it is trying to protect, rather than trying to protect everything around it. Sometimes when we take all precautions to be very secure, we can hardly get any work done. The security software keeps issuing warnings to users. So software acts more like a prison guard. But now the time has come to make it more intelligent so that it doesn't come in the way of users at every step, yet intelligently protects data.

For example, it should allow users to use a chat program but in case they try and send a company's confidential file, it should then stop them, rather than not allow users to open that program at all.
Security software also needs to be more like a tool guide where it allows you the flexibility to do your own thing, but also tells you about the risks of doing so.

Has Symantec developed any such software that is less interfering from the standpoint of a user, and is fool-proof too?
We have developed a technology named ‘VIBES' (virtualisation-based endpoint security) -- new innovation developed by our research labs' core research group. VIBES leverages virtualisation technology to protect end users by preventing sensitive data entered in online transactions from being stolen. It also mitigates the risks associated with executing malicious content downloaded from the Internet. By transparently setting up multiple isolated virtual execution environments, each with its own level of trust, this new approach significantly improves browser security by enabling users to seamlessly use different virtual execution environments to carry out different Web transactions.

The three virtual execution environments in the current VIBES prototype include: the ‘user' virtual machine-where normal day-to-day activities are performed; the ‘trusted' virtual machine-where trusted operations such as entering sensitive credential information are conducted; and the ‘playground' virtual machine-where more adventurous or untrusted activities, such as visiting unknown websites or downloading unknown applications, are carried out.

< Prev   Next >
 
+/-
Write comment
Name:
Email:
 
Website:
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
 
:angry::0:confused::cheer:B):evil::silly::dry::lol::kiss:
:D:pinch::(:shock::X:side::):P:unsure::woohoo:
:huh::whistle:;):s:!::?::idea::arrow:
 
Please input the anti-spam code that you can read in the image.
+/- Comments
Add New Search RSS

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."