It’s an exciting time at Symantec. Like the start of a new baseball season, we’re entering the RSA Conference 2015 with a fresh lineup of upcoming offerings that further advance our Unified Security vision: SymGauge and Quantitative Security (aka Moneyball for Security)
And we believe they’re Home Runs for the whole industry.
SymGauge and Quantitative Security are each being built on top of our Unified Security intelligence platform, which aggregates security-relevant intelligence from Symantec-protected devices, networks, and clouds from around the world. And by intelligence, we don’t simply mean traditional security alerts, but rich telemetry such as user, system and network behaviors, data access patterns, and so on. These two upcoming offerings, described below, are the first of a new class of Security Analytics Applications that will transform the industry and future horizons.
Think of it like a MLB manager trying to squeeze another strikeout from a pitcher in the 9th inning. With the right intelligence (data) on the opposing team’s batter, you can make informed decisions on when to switch pitches (strategies) to protect your lead. At Symantec, with our innovative Unified Security approach, we use data to gain an advantage over the adversary (attackers/threats).
Let me explain how SymGauge and Quantitative Security (aka Moneyball for Security) each work and support our Unified Security vision.
SymGauge
The current security industry landscape shows traditional security risk assessments are often process-oriented, manual and take several weeks of effort. SymGauge aims to change up the current game. With its data-driven and analytical approach, SymGauge wants to disrupt the security market in the same way that Zillow did to the real-estate market. With SymGauge, enterprise customers will have a comprehensive and fine-grained understanding of their security risks and be able benchmark their security performance against peers.
SymGauge is powered by Symantec’s deep visibility into the enterprise IT environment, our global threat intelligence and deep understanding of how threats work, and our understanding of security risks facing consumers. As a leader in global threat intelligence and actionable cybersecurity, we’re uniquely positioned to utilize our insights into our Unified Security approach. SymGauge is non-intrusive and requires no installs – it simply leverages our already vast enterprise and consumer install base.
Quantitative Security (aka Moneyball for Security)
In his book “Moneyball: The Art of Winning an Unfair Game,” author Michael Lewis wrote how the General Manager of the Oakland A’s applied data analytics on a wide array of attributes to quantitatively determine the best team for a given budget. Despite consistently having one of the smallest budgets in baseball, the A’s have made the playoffs eight times in the past 15 years. As many of you also know, they made a film based on the book.
Let’s apply “Moneyball” to the current cybersecurity industry.
Today, enterprises leverage entirely qualitative techniques when purchasing, deploying and configuring their security products and services. But then questions arise:
- Should I use white-listing or sandboxing to defend my servers?
- What sensitivity setting should I use for my behavioral protection?
- What is the impact of running Adobe Acrobat v9 in my enterprise vs. the latest version?
These questions are currently determined in a qualitative fashion, based on anecdotal evidence, marketing pitches, and guesswork. It’s a lot like old baseball teams selecting their players based on a small number of metrics, and a lot of gut instinct.
But with our new Quantitative Security approach, we’re going to change that. Here’s how:
- Symantec will first use our products and services to gather telemetry that enables us to measure key security outcomes for each enterprise; for example, the number of infections per thousand machines per month, or the number of console-hours per security analyst per month.
- We will then gather actual product deployment and configuration details from each enterprise; for example, what security products/versions each customer has deployed and the configuration settings for those products.
- Armed with both classes of telemetry, Symantec can derive correlations between different product deployment scenarios and various outcomes across our customer base.
In the future, as an example, we’ll be able to tell a customer: “Changing from behavior blocking sensitivity level 6 to 7 will results in 22% fewer infections per thousand machines per month, which will likely translate to 200 fewer person-hours per month on remediation time.”
Moreover, we will similarly be able to estimate the negative impact to each enterprise based on historical data; for example, “Switching to sensitivity level 7 will result in 3% more false alarms, which will likely translate to 5 more person-hours of investigation per month.”
And this won’t just apply to optimizing settings – we will now be able to quantitatively help each enterprise decide how to best spend their limited security budget based on their unique circumstances, which vulnerabilities to patch first, and so on, enabling them to optimize for their most important outcomes.
We believe that this will transform the way enterprises buy, deploy and configure security software. It’ll turn protection into a science rather than an art.
See you at RSA Conference 2015
