All the latest UK technology news, reviews and analysis


Symantec to create cross-industry big data cloud hub to fight targeted attacks

30 Oct 2013
Cloud Computing Security

AMSTERDAM: Symantec has pledged to create a centralised information-sharing big data hub to help customers spot and pre-empt top-shelf custom-built malware.

Symantec chief technology officer Stephen Trilling said the company hopes the centre will collect and analyse data from a variety of sources, including customers and competing companies' systems, at a press keynote attended by V3.

"Targeted attackers are very persistent: they take months or years and will find gaps in any security system. Our vision is to help counter this, and that over time all data on these threats will be shared," he said.

"This can be done by storing it in local data stores, but in a perfect world it will be a giant central big data store. This is because the more we can correlate the data, the more we can find attacks we otherwise wouldn't. It's all about scale. The bigger the better."

Trilling argued that the strategy is an essential step as current isolated systems are ill equipped to deal with targeted attacks. "What drove us to this was that we realised the old model was going to fail," he said.

"Recently we found the average breach is discovered after 243 days. That's two thirds of a year. These targeted attack campaigns are not quick. Targeted attacks are about getting in the servers.

"The point of these campaigns is that they're not volume based, they're going for the crown jewels of a specific company. The crown jewels are different things for different companies, but they're usually proprietary, core intellectual property. This is the area of attack that appears to be growing the fastest."

The Symantec chief said the company has already begun working on the project and that many governments and enterprise businesses have expressed an interest.

"It will collect metadata such as an email address, a file hash, URLs or a list of attempted logins. It's all metadata, nothing confidential," he said. "Governments and enterprises are both interested in this because our ability to spot threats will be greater than ever."

Symantec is one of many firms to tote the benefits of a cloud-based security solution when combating advanced threats. HP announced similar plans to create an open attack data-sharing service earlier in the year. The plans have been met with mixed reactions, with many European commentators pointing out the dangers of handing over data to US-based companies in a post-PRISM world.

The NSA PRISM campaign was revealed earlier in the year when whistleblower Edward Snowden leaked documents proving that the agency was using companies such as Facebook, Google and Microsoft to monitor web users.

Trilling moved to counter these concerns, promising that any data used would be anonymised so it would be useless if stolen or siphoned by a hostile intelligence agency. "We don't need to collect any confidential corporate data, we're only collecting technical data about files," he said

"We don't need to collect the content of the email, we just need the information relevant to a targeted attack. We are also looking at ways to provide on-premise databases for companies that may not want to send all the data to a central data store," he said.

Trilling also downplayed concerns that competing vendors would be hesitant to share their data, arguing that many already are actively sharing information.

"For them the benefit is they get to be part of this ecosystem and better protect their customers. It sounds idealistic but there is already a surprising amount of collaboration with competitors to achieve the greater good. A lot of people working in this industry are invested in finding ways to do a better job protecting the cyber ecosystem," he said.

Increasing the sharing of attack data has been a central goal of many governments. Within the UK it has been a key part of the government's ongoing Cyber Security Strategy. The strategy has seen the launch of several data-sharing initiatives, such as the Cyber Security Information Sharing Partnership (CISP), since launching in 2011.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
9%
3%
63%
15%

Popular Threads

Powered by Disqus
Galaxy S5 vs Galaxy Note 3 video review

Galaxy S5 vs Note 3 video review

We see how Samsung's latest flagship compares to its premier phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Systems Engineer - Tatical Data Links, iSmart, eSmart

Systems Engineer - Tactical Data Links, iSMART, eSMART...

Communications Manager - Business Change

Communications Manager - Business Change You will be...

Contract Informatica developer London

Contract Informatica developer London We require an...

Mobile Web Developer - HTML5 - CSS3 - OOJavaScript - Responsive

Mobile Web Developer : Start ASAP : C. London : 3 Months...
To send to more than one email address, simply separate each address with a comma.