Salem’s primary message to his audience was that of automation and risk-based, information-centric security. “The current security model isn’t working - it’s time for us to operationalise security, it puts you in control” said Salem. “Information protection is the most important lesson for organisations”, he continued.
“Security practitioners are tired of working with different point products – they want to be able to respond and remediate threats very quickly through automation, which many don’t have today” said Salem. “We have to bridge the gap between security and everyday IT operations. Security needs to be more pro-active and more measurable”.
Symantec’s Salem spoke about the cat and mouse game that the vendors are playing with the hackers. “In 2008 we saw 1.6 million new signatures being created. This pales in comparison to the amount of threats we’re seeing every day...Attackers are shifting their attacks – using micro-distribution to target individuals to steal their information”.
“Protecting information becomes harder as the environment becomes more complex. Employees are also starting to bring their own devices into their work environment. How can you virtualise the environment while driving security?” continued Salem.
Salem said that IT teams must apply a risk-based, information-centric, responsive and workflow-driven approach to security; even more essential considering that many computing environments are moving to the cloud. “Measuring risk before automatically applying the appropriate policies and processes to deal with them will save companies money, and thus become more effective”, advised Symantec’s Salem.
“Companies shouldn’t have to choose between productivity or security – it shouldn’t be an either/or situation” said Salem.
Salem suggested that Symantec and other vendors should work together to develop standards and share best practices surrounding risk management. This echoed head of RSA, Art Coviello’s sentiments as expressed in his opening keynote.
Symantec’s CEO also suggested that government adhere to this change. “We need our new administration to operationalise security at the federal level. We need a cybersecurity person in charge of cyber security reporting in to the president”.
“You can absolutely operationalise security – you need to create a culture of confidence and allow your business to grow and thrive. Put the right policies in place to work for you and be in control. We have to operationalise security”, Salem concluded.
Salem took over for former Symantec chief executive John Thompson on April 4.