NEW YORK — Symantec Corp. promises a more unified approach to enterprise security with an architecture built on open standards designed to interact with competing products.
Symantec Enterprise Security Architecture (SESA), introduced
Tuesday by chairman and CEO John Thompson, is the foundation upon which the Cupertino, Calif., company has built a suite of interactive products which will be introduced over the coming months.
“Our industry looked at security as isolated products. This view must change,” said Thompson. Perimeter security like firewalls are no longer sufficient to prevent external threats and the abundance of wireless devices in the enterprise and in the hands of customers only increases that threat, he said.
Don Haile, president of Fidelity Investments Systems Company, a division of Fidelity Investments, spoke at Tuesday’s Symantec Vision360 conference. He pointed to the abundance of data that is becoming more widespread and less centralized in corporate networks. “Control of that data is not as good as it should be,” he said. The trading company conducted 857 million customer interactions last year — 87 per cent of which were done electronically.
Haile said his focus has shifted from perimeter security measures to the applications themselves.
“When a hacker thinks of us, they think of how much money we hold,” said Haile, which is an estimated US$1.5 trillion in customer holdings. “The hackers know where the data is. The road to the data leads through your applications.”
Haile called for security vendors to simplify their products and adhere to industry standards. There are still no real standards for security product interoperability in North America, he said, and pointed to a European standard called BS7799 as an indicator of what could be happening here.
Concerns such as these prompted Symantec to look beyond its key firewall and anti-virus markets and take on a more integrated approach to enterprise security, said Thompson.
SESA is not a product, but a platform to build integrated products that will be known as the Symantec Security Management System, said executive vice-president Gail Hamilton. “Think of it more as rules of engagement,” she said.
Products under SESA include Symantec ESM, a policy manager designed to communicate with Symantec tools and other security products in the network. ESM is customizable and will be available in different configurations for health care, finance and other vertical markets. Other SESA products will include Symantec Event Manager for Anti-Virus and Symantec Incident Manager, both available later this month.
“In 2002, Symantec has grown itself up into a contender for the enterprise security space,” said Pete Lindstrom, industry analyst with the Spire Group in Malvern, PA. “You can’t have all these different gears running and not have a machine. SESA is the machine. All the vendors are going to go in this direction.”
As part of SESA, Symantec has developed an integration program designed to allow hardware manufacturers like Sun Microsystems, services companies like Deloitte & Touche, and ISVs to go to market with integrated solutions. ISVs Entercept Security Technologies and TippingPoint Technologies, for example, acted as beta testers for SESA products and both will be integrating their own respective intrusion prevention solutions with SESA.
Symantec has also broadened its portfolio in recent months with the acquisition of early warning system provider SecurityFocus and managed security services provider Riptech Inc.