All the latest UK technology news, reviews and analysis

Symantec to create cross-industry big data cloud hub to fight targeted attacks

30 Oct 2013
SAP and Birst collaborate to offer cloud-based analytics on HANA

AMSTERDAM: Symantec has pledged to create a centralised information-sharing big data hub to help customers spot and pre-empt top-shelf custom-built malware.

Symantec chief technology officer Stephen Trilling said the company hopes the centre will collect and analyse data from a variety of sources, including customers and competing companies' systems, at a press keynote attended by V3.

"Targeted attackers are very persistent: they take months or years and will find gaps in any security system. Our vision is to help counter this, and that over time all data on these threats will be shared," he said.

"This can be done by storing it in local data stores, but in a perfect world it will be a giant central big data store. This is because the more we can correlate the data, the more we can find attacks we otherwise wouldn't. It's all about scale. The bigger the better."

Trilling argued that the strategy is an essential step as current isolated systems are ill equipped to deal with targeted attacks. "What drove us to this was that we realised the old model was going to fail," he said.

"Recently we found the average breach is discovered after 243 days. That's two thirds of a year. These targeted attack campaigns are not quick. Targeted attacks are about getting in the servers.

"The point of these campaigns is that they're not volume based, they're going for the crown jewels of a specific company. The crown jewels are different things for different companies, but they're usually proprietary, core intellectual property. This is the area of attack that appears to be growing the fastest."

The Symantec chief said the company has already begun working on the project and that many governments and enterprise businesses have expressed an interest.

"It will collect metadata such as an email address, a file hash, URLs or a list of attempted logins. It's all metadata, nothing confidential," he said. "Governments and enterprises are both interested in this because our ability to spot threats will be greater than ever."

Symantec is one of many firms to tote the benefits of a cloud-based security solution when combating advanced threats. HP announced similar plans to create an open attack data-sharing service earlier in the year. The plans have been met with mixed reactions, with many European commentators pointing out the dangers of handing over data to US-based companies in a post-PRISM world.

The NSA PRISM campaign was revealed earlier in the year when whistleblower Edward Snowden leaked documents proving that the agency was using companies such as Facebook, Google and Microsoft to monitor web users.

Trilling moved to counter these concerns, promising that any data used would be anonymised so it would be useless if stolen or siphoned by a hostile intelligence agency. "We don't need to collect any confidential corporate data, we're only collecting technical data about files," he said

"We don't need to collect the content of the email, we just need the information relevant to a targeted attack. We are also looking at ways to provide on-premise databases for companies that may not want to send all the data to a central data store," he said.

Trilling also downplayed concerns that competing vendors would be hesitant to share their data, arguing that many already are actively sharing information.

"For them the benefit is they get to be part of this ecosystem and better protect their customers. It sounds idealistic but there is already a surprising amount of collaboration with competitors to achieve the greater good. A lot of people working in this industry are invested in finding ways to do a better job protecting the cyber ecosystem," he said.

Increasing the sharing of attack data has been a central goal of many governments. Within the UK it has been a key part of the government's ongoing Cyber Security Strategy. The strategy has seen the launch of several data-sharing initiatives, such as the Cyber Security Information Sharing Partnership (CISP), since launching in 2011.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

HTML Email Developer

At the University of Derby, people are at the heart of...

Business Intelligence Analyst

Citywire is a global publishing company with offices...

CRM System Support & Development Manager

At the University of Derby, people are at the heart of...

CRM System Officers

At the University of Derby, people are at the heart of...
To send to more than one email address, simply separate each address with a comma.