Michael Brown, President and Chief Executive Officer of Symantec, was on-hand at this year’s RSA conference with a bit of a surprise. His talk, Peek Into the Future: The Security Operations Center of 2020, laid out how today’s threat vectors will evolve, and how IT thinkers will need to extend their plans beyond four walls, addressing the risks across supply chains, eco-systems, and customer touchpoints. But rather than giving a traditional overview, he opted for a different approach in his keynote presentation by inviting Daniel Conroy, CISO at Synchrony Financial, Troels Oerting, CISO at Barclays, and Samir Kapuria, Senior Vice President and GM, Symantec Cyber Security Services,who were sitting in the audience, to help create a broader perspective on the Security Operations Center (SOC) of 2020.
Brown’s choice for collaborators in the discussion was well-founded. Conroy has been focused on information security for several years, having worked at Citigroup as the global Head of Strategy, Planning and Governance, and the CISO for The Bank of New York Mellon. Oerting’s security expertise includes heading up the European Cybercrime Center, and prior to that, acting as Head of Europol's Counter Terrorism and Financial Intelligence Center. Kapuria is Symantec’s point man on six global Security Operations Centers, as well as Symantec’s Global Intelligence Network—one of the largest cyber intelligence threat networks in the world.
Brown kicked-off by providing a basic metaphor for one of the major problems impacting the security industry today: fragmentated security solutions. In essence, the security industry has introduced a solution for every part of the IT architecture and for every productivity-enhancing technology, leavingcustomers with a proliferation of products, endpoint, agents, and network boxes—a massive Do-It-Yourself kit. Customers are now spending as much time integrating technology as they are protecting their environment, bringing many to a breaking point and prompting more companies to search for a different approach.
Brown made a clear case for change when he stated that we are no longer protecting an enterprise contained within four walls, as companies are adapting to new technology trends to improve productivity, like the cloud and increased integration with the supply chain. Moreover, as the traditional perimeter melts away and the attack surface expands, a layered defense at the perimeter becomes less relevant. Meaning? We need a completely new approach to security, with a more holistic view of the ecosystem.
Which trends are driving change? Brown and his guests addressed the changing attack surface and its impact on the design of future Security Operations Centers. Among their main points, Internet of Things (IoT)as a game-changer brings us to their remote and nefarious control as connectivity surges. "This is a very important and critical area for us to understand, especially in a world of IoT, where we're going to see an explosion from 5 billion connected devices today to 50 billion over the next 5 years," said Brown. "We need to start rethinking security and preparing for that future today." With growing cyber connections to our critical infrastructure—where systems within each sector are automated and interlinked—one catastrophic failure could have the potential to bring down multiple systems.
When Stuxnet arrived in July 2010, damaging the physical assets of the Iranian nuclear program at Natanz, everyone began to take notice. Closer to home, cell phones, thermostats, and energy meters are starting to create even more interest. "By 2020, we will need visibility across different industries and the power of predictive analytics to protect our connected devices,”said Brown.
In addition, the rapid adoption of the cloud and increased integration with the supply chain are introducing new security risks. Companies are losing visibility to information in the cloud—which apps are accessed and what data is downloaded. Likewise, connecting networks to suppliers or customers exposes companies to serious risk. Attackers often prey on the "weakest link" in the supply chain to infiltrate an organization.
The bad news? What we know is not enough and it will never be. The solution? We need to create a team of SOCs which will allow us to share information freely and in real-time.
How does this growing space change the way you plan for the SOC of 2020?
Conclusion: We need to set new standards for information sharing by building a super information highway where instead of hiding, we share information openly. As Brown stated, "There's no doubt that the hyper-connected world of 2020 is going to change the way we work, the way we live, and way we play. And if we create a more secure world at the same time, then that world has the potential to be truly amazing."
To learn more about Symantec's telemetry, be sure to check out our Next Generation Threat Protection Solution Brief. To watch a replay of Michael Brown's Keynote speech at RSA 2016, click here.