Video Screencast Help
Security Community Blog

The people are the perimeter.

Created: 16 Oct 2007 • Updated: 15 Apr 2009
BFoster's picture
0 0 Votes
Login to vote

Before I dig into the topic for this blog entry, let me recap a couple recent and important events. As the reader should already know, Symantec Endpoint Protection 11.0 has shipped. The final bits were delivered to manufacturing on September 12th. That started a process of publishing the software online (Sept 19th) as well as on physical media (Sept 27th.) We have already won some large deals (competitive;) and we are seeing a big positive impact on our customer’s satisfaction.

Also, as I mentioned in my last blog, I spent last week meeting with Altiris customers at the Altiris customer event called Manage Fusion. The event took place in Orlando the same time as Gartner’s ITExpo. Therefore, I also took a chance to visit a couple sessions at the Gartner show (and sip a few drinks swinging in a hammock at the Swan during the breaks. ;)

Let’s not get side tracked though, back on Manage Fusion. As one might imagine, I heard resounding support and encouragement to further the integration work between the Altiris management framework and the SEP 11.0 agent. I had the privilege to address Altiris’s technical advisory board and we had a good discussion around how we can do this. I will save some of the technical details for a later blog but suffice to say, I think we can deliver some real value to joint SEP 11.0 and Altiris customers. In fact, sometime in the future, I can see our management systems completely converged. Thereby, continuing to deliver lower costs and complexity in endpoint management and endpoint security.

Finally, the main topic I want to cover in this blog entry: people are the perimeter now. By extending business process and sensitive information to employees, customers, partners and investors, to the computers they use where they happen to be, enterprises have reduced cost, enabled new market access and achieved other valuable business goals. Employees can check their 401K accounts at coffee shops. Customers can pay for goods with cell phones. Partners can leverage global economics. Investors obtain value from these relationships. Woo hoo!

The Internet and Personal Computing have changed business models for good and business now depends on these benefits. Expectations have been set about the value of these relationships. There’s no going back. The challenge is that business process has been extended to people beyond the range of protection offered by most enterprises today. Relationships, information, not just devices, must be protected from misuse, mistakes, malicious access, and misfortune.

Cybercrimals understand that enterprise process is exposed. They’ve responded by creating a new level of malicious access with a new level of business consequence. Hackers created business disruption. Cybercriminals can create brand damage. Today 80 percent of attacks on business are financially motivated – up from 50% in 2004. (Source: Symantec ISTR). Cybercriminals, with a deep knowledge of business process are coordinating hackers thieves and spies like modules, to find exposures in business process, to gather the pieces of interactions creating new fraudulent ones.

One of the ways cybercriminals take financial advantage here is to target the data or information. A great website to see this happening almost real-time is You can find an up to date listing of personal data breaches since 2005. At the time of this writing, there are over 167m disclosures of personal information due to one of the reasons I specified above: misuse, mistakes, malicious access, and misfortune.

If the reader reads the different disclosures, you should definitely get the idea that the person is the critical exposure. The person and their endpoint is where the data resides, either in email, structured databases or just documents in the file system. That data is what the cybercriminalist is after. Making this easy for the bad guy, we estimate that as much as 20% of the endpoints that show up on our networks are unmanaged. Guests, personal data devices (iPods), Kiosks, and even corporate computer are often outside the ability of the enterprise to manage. Yet they have to be included in new business process, protected and compliant with policy agreed upon.

Cybercriminals find exposures because business interactions and data are extended over networks to endpoints whose integrity is often unmanaged. To solve this problem, we must eliminate the gap between business process and the ability (technology and process) to protect it from malware and compromised endpoints. To solve this problem, we need to be sure we can keep the bad stuff out and the good stuff in, no matter if the endpoint is one we own or an unknown device. If we cannot be sure the endpoint is safe, we should not give it access to our data.

From a technology perspective, we clearly need solid malicious code protection. I talked about Symantec Endpoint Protection 11.0 in an earlier blog. It provides top notch protection here. We also need data leakage protection. This capability is important at the gateway (as data leaves and enters an organization.) It will also become increasingly important on the endpoint (refer back to the disclosure list at In addition, as more and more data gets encrypted (i.e. by default in ipv6), less and less content inspection can take place at the gateway. Another important form of data leakage prevention is full disk encryption. FD encryption is key. It will not prevent the accidental loss of a laptop but it will prevent any customer records disclosure from that laptop.

Finally, some elements of network access control are key to being up to trust your partners and their relationships. The network access control solution needs to be flexible and powerful. It should not lock a customer into a certain platform of operating system or network. The network access control solution needs to work for both managed endpoints as well as unmanaged endpoint (remember those guests.) Symantec Network Access Control 11.0 meets all of these requirements.

Along with Symantec Endpoint Protection 11.0, we also released Symantec Network Access Control 11.0. SNAC 11.0 leverages the same management system and agent architecture as SEP 11.0. Therefore, SEP 11.0 customers will find it very easy to deploy SNAC 11.0. I will not go into any more details here. If the reader wants a really good head to head review of NAC alternatives, Network World recently ran a good comparative review of 13 different NAC solutions. Can you guess who came in on top? Yes, SNAC 11.0.

Well, this blog entry has gone on long enough. In summary, business relationships and initiatives drive innovation and technology adoption. Business relationships are extended to people beyond the range of today’s protection. Cybercriminals understand this. Protection must be extended through improved Endpoint Security, multi-tier data leakage protection, and flexible network access control. Symantec has solutions in these areas in the market today. Give us a call!

Comments? Thoughts? Questions?