“Stuxnet and whatever else is next are out there and they are waiting for us all”, he warned. “Threats will become more targeted still, and the most dangerous are targeting the critical security infrastructure.”
“Walls of the data centre are breaking down, we are moving so quickly to the cloud, and devices are replacing PCs.” Rather than being overwhelmed by these changes, Salem argued that it is the industry’s responsibility to “embrace change and think of new solutions. Any approach must address security, policy, governance and auditing.”
Salem announced the introduction of ‘Symantec O3’. The concept is based on the three aforementioned necessities crucial to combating the newest and most dangerous threats: Monitoring, protection and policy. “This is our approach”, Salem confirmed, “but we think it should be everybody’s”.
Stuxnet, he argued, was the attack that “moved the game from espionage to sabotage”. Designed for physical destruction, stuxnet is sophisticated and elaborate, and the industry has, said Salem, been expecting it for a number of years. “Now we have seen it, and there are profound implications”, he said.
Stuxnet was the first, but it won’t be the last, said Salem. “Others will follow and targeted attacks are just one of the many trends that security professionals have to deal with everyday”.
Salem listed consumerization, virtualization, and cloud computing as other trends keeping security professionals awake at night. “With consumerization, this is just the crest of a tsunami that will descend on us all”, he insisted.
“[Security professions] are all in this together”, he said. “We need a new approach to gain control. Rules and policies are not enough. We need visibility. You need governance, protection and visibility to get control, confidence and trust.”