Managed security services are coming, Symantec CEO says

Outsourced managed security service contracts are the wave of the future for government networks, but the market is still nascent, John W. Thompson, the chairman and chief executive officer of Symantec Corp. of Cupertino, Calif., said yesterday in an interview.

To date, there's been 'so little focus on information security across government,' Thompson said. 'But absolutely agencies will buy more managed services.' He added that Symantec plans to offer managed security as a component to agencywide services contracts, such as that held by Unisys Corp. for the Transportation Security Administration.

Symantec has enterprise site licenses for its antivirus and network detection products at several departments, including Agriculture and Health and Human Services. In recent months it has acquired several companies to augment its offerings in what Thompson described as the four components of network and data asset protection'intrusion alerts, protection, response to damaging attacks and management of the network environment. The more data gathered about forms and sources of attacks, the greater the ability of an organization to predict what will happen next, he said.

Thompson said that monitoring services it performs for agencies and in the private sector show that 'the complexity and frequency of cyberattacks will continue to grow,' as they have for the past seven or eight years. Yet for all the progress in detection and remediation technology, Thompson said, for the most part large enterprises are unable to fend off attacks in real time. Instead, they are often a half-step behind those launching the attacks.

'The question is whether [enterprises] have the tools to evaluate their own environments. Too few do. If so, the problem is one of response.' In large networks with thousands of servers, 'response and remediation can be an enormously complex task.'

The techniques of data mining, in which large masses of data are probed for patterns after the fact, will be inadequate in protecting cyberspace. Instead, tools will be needed to let agencies answer the question, 'What does this suggest I should do right now?' Thompson said.

Government is a favorite target of mischief-makers, he said, but not necessarily because its networks are more vulnerable than those of the private sector, said Thompson, a member of President Bush's National Infrastructure Advisory Council.

'The issue is the degree to which exploitation has the potential to devastate major portions of the economy.' Thus the financial industry also faces unrelenting attacks.

Thompson also discounted the notion that Microsoft Corp. products are necessarily more vulnerable than those of other vendors. 'They have the most copies of the most stuff deployed," he said. 'Their programming techniques aren't any worse than anyone else's.'


Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected