Kapuria is senior vice-president and general manager at Symantec’s Cyber Security Services. In an interview with iTWire, he explained how cyber-crime has moved on from its “start-up phase” to a growth business. “Now best described as a growth business, these (cyber criminals) have figured out how to make money.”
He said that you had to look at cyber-crime as a business and measure it by its achievements. “One way one could measure the growth is based on the data stolen – 429 million identities stolen, and 431 million new forms of malware. If you look at it from an efficiency viewpoint, the attackers have evolved with technology like ransomware extortion growing by 35% – more than 1000 per day. Then if we look at their channel sources, 76% of websites are reported to have vulnerabilities. Clearly, the attack actors have been growing fast.”
We covered a broad range of security issues including how Symantec finds, trains and retains cyber-warriors.
The World’s largest GIN
iTWire: Last year you invested $50 million in a new SOC (Security Operations Centre) in Singapore, beefed up the one in Sydney, added 200 new employees to the Chennai SOC and took the number to six worldwide. Now you have combined Blue Coat’s intelligence centres to create the world's largest global intelligence network (GIN) Can you tell me more?
Samir Kapuria: The GIN is the nucleus of what we do. It monitors more than nine trillion elements of security data, providing unparalleled visibility and protection for Symantec customers across their entire environments. Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million Web proxy users, and processes nearly eight billion security requests across these products every day.
We do it on a global scale because we need it to stay ahead of the spectrum of attack groups. It enables us to cover the globe, to use machine learning and analytics to identify unknown behaviour, to identify “Patient Zero” (the medical term describing the start of a contagion) and to feed real-time threat information to those 700 cyber-warriors I mentioned.
The key to the success of the SOC is to maximise the output from a dearth of talent out there. Our priority focus is looking at what can be automated, what can be put into big data analytics, and what can be predicted, so our people resources will be focused on interpreting, rather than collecting.
But more than that – it gives us end-to-end visibility from workstation to cloud, to the server, to the app, to the network and more and that it where Symantec leap-frogs the threat actors.
Finding, training and retaining a cyber-warrior
iTWire: You came to Symantec in 2004 through the acquisition of @stake. That is 12 years ago. What is it about Symantec that keeps you there and how do you find, train and retain those cyber-warriors?
Samir Kapuria: There are lots of reasons I am energised about Symantec and why we have a strong workforce. Perhaps the greatest is Symantec’s clearly stated mission and values.
Symantec’s mission is to make the world a safer place by delivering unmatched visibility and insights to customers and partners, and by adopting a holistic (end-to-end) approach to security. Our leading technologies, Global Intelligence Network and cyber threat experts are here to help build custom security solutions – on-premise, in the cloud, and everywhere data travels.
Our values make this a great place to work. It’s what drives us daily to make a real difference.
- Do the right thing.
- Set a high bar and seize opportunities to improve.
- Have the courage to take smart risks.
- Commit and deliver.
- Value individual differences.
- Own our collective success and failure.
Can I add that I think the spirit of innovation underpins everything – we aim to change the balance of attackers verse defenders, enabling organizations to focus on their core priorities and goals.
Our cyber-warriors come from a diverse range of backgrounds. Without putting too fine a point on it, we need to run the SOCs with military precision, laser focused goals, discipline, and always remember it is war – don’t let the bad guys win.
We train and train these people including staging Symantec’s now famous annual Cyber War Games. It has been said that to fight a cyber-criminal you need to think like one and that is what the annual games do – transforms our people into bad guys. We set up a “real hospital” with hospital equipment or a bank or oil/gas, and they break it.
Last year there were 54 zero-day discoveries – 20 of those were discovered at the Cyber War Games. It is one of the most powerful things we do, and it helps channel the passion and cultivate a culture of innovation.
iTWire: What are the three messages you want iTWire readers to understand?
Samir Kapuria: The future of cyber security is all about innovation to stay ahead of the bad guys. The sheer velocity of threats demands an end-to-end, pure play cyber security company and we by far are the largest.
The next generation of threats come from the blended environment – on-premises, cloud, IoT, and rapid change. Security will go from protection to an enabler, not only to use these technologies but for growth.
The risk landscape changes by the nano-second. Sorry to restate the first point but it requires the vigilance of a military like structure so that business and consumers can go about their business free from the worries of fighting a very well equipped and well-financed adversary. Symantec helps them have peace of mind and concentrate on what they do best – enable the jobs of its customers.