With organizations across the spectrum moving towards digitization, what once used to be a cybersecurity problem has evolved into a digital security problem today. Hence, what they are looking for is an answer to the end-to-end digital risk their businesses are facing as opposed to a piecemeal approach. Yet, at the same time, the newer emerging threats demand specialized and niche solutions built on innovation. This shifting market dynamics means that traditional security vendors such as Symantec need to fight a tough battle on two fronts – the traditional large platform players and the new kids on the block with point solutions.
Shipra Malhotra, Executive Editor, dynamicCISO caught up with Gaurav Agarwal, MD, India & SAARC, Symantec to understand how one of the leading security vendors is upping its ante on both the fronts. He dabbles into a range of issues ranging from the company’s strategy around building a strong defense for the Digital Inc. and its pitch for securing the ever-widening and increasingly complex threat landscape to whether there is any credibility in the perception that Symantec is a legacy brand out of place in the modern market.
Shipra Malhotra: More digital autonomy, more automation naturally translates into increasing complexity for CISOs already challenged with a wider attack surface. Are defenders still playing a catch-up game or do they have an edge over attackers?
Gaurav Agarwal: A defender by definition is a defender and not an attacker. So, a defender has to make sure that an attacker finds it difficult to breach, and therefore, chooses to not focus on him/her and rather focuses elsewhere where he/she can be successful in breaching. The reality of today’s environment of attack surface being fairly large with journey to the cloud and mobile devices becoming the preferred modern endpoint device for all enterprise work, is making the job of the CISOs a lot more difficult as the perimeter has expanded so much in terms of where the data lies and where its accessed from. The challenge is not only to protect information from getting in the wrong hands but also to prevent threat vectors from coming in. As long as the CISOs can figure out the right visibility in terms of where the attack vector can come from, they can create an environment where the defense can be fairly strong, and therefore, the attacker may be dissuaded from pursuing them and forced to look some place else.
SM: What used to be known as a cybersecurity problem a few years back has now evolved into a digital security problem. Does Symantec have a unified strategy to provide a solid defense to businesses against this end-to-end digital risk?
GA: While Symantec had been strong on the end-point, email, data loss prevention and protection side, the acquisition of Blue Coat two years back helped bring along market leadership capabilities in the areas of cloud and web traffic protection. The first thing that we did post the acquisition of Blue Coat was to integrate the data lake for both the companies’ set of products so that we became the world’s largest threat network in the private space globally. Thus, broadening our products and solutions and enabling us to effectively address the end-to-end digital risk that organizations face today as they move forward in their digital transformation journey.
The telemetry that we see is really immense. In fact, we use ArtificiaI Intelligence (AI) and Machine Learning (ML) to feed all our products through the same data lake and the same telemetry that we see. Therefore, automatically, what you see on endpoint becomes protected on the web and vice versa. And, you can apply the policy once and the same policy can make sure that the blind spots get eliminated. We have been working on our Integrated Cyber Defence Exchange Platform for two years now and the integration that exists among our products makes it very valuable for our customers to make sure that there are no blind spots and they get the advantage of a platform, wherein the platform sees the threat and risks as they are arriving.
SM: With the threat landscape changing dynamically, the traditional vendor approach to sell security solutions on behest of fear will not really work going forward. What is the new pitch?
GA: Thanks to the media being very vigilant there is no dearth of stories, right from really small to really big companies coming under attack. And, all smart boards and CEOs understand this. So, when we go and talk to the clients we don’t really talk about what breach happened where, etc. We focus on how we can give them a better visibility of what they need to protect. You identify what you need to protect and then make sure that you have the right protection for that in an integrated manner with the cost of capital Return on Investment kind of a model. The question is how do you really sell the value of integration. Traditionally, the security industry has got so many heterogeneous products, and clients in the past have tended to buy only best of breed vs. seeing the value of integration. But, I think, now more and more large customers especially are saying that we need to consolidate to 2-3 vendors rather than 15 vendors giving us security solutions and then see how do we inter-operate that to get better visibility across the organization. So, the pitch is now more about not only best of breed but also how the best of breed can integrate.
Symantec is in a great position from the best of breed perspective with five of its product categories being in Gartner’s leadership quadrant for multiple years. That gives us the best of breed plus the integration advantage that is needed for clients to really get value out of what they deploy from us.
SM: How will your recently launched SOC in Chennai, which is also the largest for the company so far, help you offer the full suite of Symantec Cyber Security Services (CSS)?
GA: The unique thing about the India SOC is that it also acts as a backup SOC to the rest of our operations globally. It offers different language and time zone support to other countries. Therefore, its uniquely positioned for us in India to help us sell services in India as well. Until now we were not that focused on selling our services from our SOC in India. We were more into selling products and associate services. But, we have changed gears this year and have got some really good marque wins as well in this space already. An example of that is Maruti Suzuki, which is one of our clients for this SOC.
The services from our SOC are relevant for any kind of organization. For instance, for a mature organization that already has an in-house SOC, we can complement that with threat intel, intelligence feeds, incident response, dark web monitoring and other the advanced services. For an organization that doesn’t have anything, we can offer the very basic vanilla managed security services capability as well. The SOC can offer services to an organization depending on where it is on the maturity scale. Broadly, I see us focusing more on and trying to give protection to clients that cannot afford from a skills and investments standpoint to have a mature SOC themselves and to offer it like a service that they can really start with and start getting value. I see lot of potential and value of our SOC’s services offerings across all industries, especially within the automobile, insurance, manufacturing and services industries.
SM: What is the India SOC’s key value proposition?
GA: The biggest value statement for our SOC is that we can really get our customers up and running in less than 30 days as a service, which means in less than 30 days they will have a secure environment with us telling them what incidents they need to act on. Backed by the same telemetry our SOC processes something like 150 billion logs a day and that scale nobody else as a customer has. We then analyze using AI/ML and the capabilities that we have, determining what incidents need action and advising the clients on areas they need to look at and act upon based on what we see both globally and in their own environments. Thereby, remedying any potential risk.
SM: Recently Ian McShane, a Gartner research director and analyst has been quoted as saying – “Symantec has to battle perceptions of being a legacy brand out of place in the modern market”. Do you agree with that perception and how do you see competition from smaller security vendors with specialized and niche offerings?
GA: I don’t see that perception problem in India. It may exist. But, our engagement with enterprise clients is fairly strong and as long as we keep talking to them about the value of our integrated defense platform, I’m not losing sleep. In fact, the traditional players are giving us a tougher battle in the real accounts sets than the new kids on the block with point solutions. The context in U.S. might be a little different, but in the Indian context I don’t think they have the fire power and muscle power to really give us sleepless nights right now. The enterprise accounts that we talk to, for lack of better words, are maybe wanting to flirt with some of them but are very happily married to us and we are good with that. Also, in my mind, most of them are looking to get bought at some point of time with a valuation because the investment and the cash flows needed to stay in the market are not insignificant. But being in the tech world you need to keep watching out and make sure that you are able to compete with the fastest and the newest competitor kid on the block. All our training material, etc. is available for our reps to compete with them effectively and we are happy to do a feeds and speeds comparison across any new kid on the block on the offerings that we compete with them in.
The other competition that exists in our industry is the platform players such as the large companies that compete from a platform perspective. But then, they don’t have the best of breed. So honestly, we are in a unique position where we have the best of breed plus we have the cash strength and the bench strength to really sustain, develop and continue on that path. So, I’m not overly worried. We are very well positioned as a company. Our Blue Coat integration was very successful considering the integration that we have been able to achieve and clients clearly see that value in our offerings and the capability of our combined organization, the patents that we have and the investments that we are doing. Its about how quickly can we get that message across in a mass scale manner. We are cloud first now, for example. Most of our products are coming as cloud first. ML and AI is something that we have been working on for more than a decade. We don’t talk about it because it comes naturally to us. But now because some of these new age kids are talking about this so we have also started talking about it. But, this was something that was there in the products 10 years back when they were designed.