Power v Responsibility

John Thompson believes his company is making the world safe for technology. DUSTIN GOOT reports on the Symantec CEO’s keynote address at the Comdex expo in Las Vegas.

“George Bailey didn’t have to surround himself with firewalls,”” Symantec chairman and CEO John Thompson said, alluding to the simple but likable protagonist in “”It’s a Wonderful Life””.

That’s not to say Thompson yearns for the good ol’ days ‚Äî in fact, he spent most of the intro to his Wednesday morning COMDEX keynote rapping enthusiastically about the different ways that wired and wireless technologies are changing our lives.

This transformation should be greeted with zeal and optimism, he said, “”but it has also created risk.””

Coming from a leading vendor of security software and services, the “”but”” was inevitable, and Thompson followed it up with another: “”But new threats are emerging in this world in which we live.””

More than 100 new viruses and 60 software vulnerabilities are identified by Symantec each week, he continued. There was a 19 percent increase in attack activity in the first half of 2003, and blended threats pose ever more complex problems for network security.

Given these dangers, Thompson said that the only hope for a happy digital future lies in matching the ongoing expansion in connectivity with an equivalent growth in the sophistication of and commitment to security technology.

Or, to borrow again from Hollywood, Thompson’s message could have been, “”With great (computing) power comes great responsibility.””

The CEO said that any effective security system can be broken down into four essential components: an alert system for monitoring threats, protection for critical applications, a response plan in case of attack, and an ongoing process for managing the system based on new security intelligence.

Symantec’s goal, Thompson said, is to act like a “”national weather service”” for security threats across companies’ global networks and then sell a layered collection of security technologies that protect multiple enterprise systems.

“”No single technology can adequately protect against today’s blended threats,”” he said. “”It’s just not possible.””

Furthermore, Thompson named several emerging types of security threats that will require greater vigilance in the future. These include “”Warhol threats,”” (attacks that spread to all vulnerable systems in less than 15 minutes), “”flash threats”” (attacks that spread in less than 30 seconds), and “”day-zero threats”” (attacks that exploit vulnerabilities discovered that same day).

The only way to defeat these increasingly sophisticated viruses and worms, according to Thompson, is by turning to more proactive security measures. Continuing to simply shore up networks with lots of patches will be insufficient and potentially disastrous, he said.

“”These threats (Warhol, etc.) are fundamentally unstoppable by today’s reactive technologies,”” Thompson declared.

He then elaborated on a few proactive techniques that Symantec is developing to keep ahead of new and complex threats. For example, host-based intrusion detection — also called behavior blocking — monitors network hosts and issues alerts whenever they start exhibiting abnormal tendencies.

Another approach, called protocol anomaly protection, watches the network traffic that passes through a computer and screens out anything that doesn’t meet pre-set security policies. Also discussed was a fingerprint technology that would secure an entire computing environment following just the first hints of penetration.

Thompson closed his speech with a call to the IT industry, and society in general, to raise the awareness of security’s importance to continued innovation. “”We must cultivate an attitude and culture of security,”” he said.

Specifically, the executive warned of a projected shortfall of “”tens of thousands”” of security professionals in the United States. He said there must be investment from the public and private sectors to bolster university programs in security research and education, and he cited a Purdue University fellowship program that Symantec sponsors as a starting point.

Symantec is also helping fund a “”national cyber-awareness”” advertising campaign administered by the National Cybersecurity Alliance.

We hire law enforcement to patrol the streets, Thompson said. We lock our homes and cars and buy alarms for them. He urged the audience not to give the cyberworld anything less.

* Dustin Goot is an associate editor of the Comdex magazine, The Preview. He can be contacted on dustin.goot@medialiveintl.com

email this to a friend tt tt printer friendly version

“”,””body-href””:””””}]”