The benefits of integrating network security products

Regarding the recent trend of cyber security threats, Takeshi Teshigawara (Chief of the Security Research Center, Networks Company) of Macnica Corporation gives examples of frequent attacks exploiting vulnerabilities published on the Internet. For example, vulnerabilities in VPN (Virtual Private Network) products and remote access products are being exploited. There have also been a series of attacks using methods to circumvent SWG, a component of the zero trust security model. Attacks have also been reported to have been made to infiltrate SaaS, which are popular business applications, such as the office suite "Microsoft 365" and its file sharing service "Sharepoint Online," to steal data. Another notable attack method is "AiTM phishing," which skillfully circumvents the multi-factor authentication that companies have implemented to strengthen user authentication.

To deal with these cyber attacks that skillfully evade existing security measures, it is necessary to introduce a wide range of network security products. However, introducing network security products such as SWG, CASB, and ZTNA one after another will cause other problems. "When products from different vendors are introduced, each operates independently and it is not possible to unify them under a consistent security policy, which leads to a decline in security posture," explains Teshigawara. As a result, there are cases where operational costs for tasks such as investigating alerts increase.

Against this backdrop, there is an accelerating trend to provide a variety of network security products through a single vendor's cloud services. In particular, security architectures such as "SSE" (Security Service Edge) and "XDR" (Extended Detection and Response) are attracting attention. SSE is an approach to security in network functions, and is a general term for next-generation network security related to the cloud, including network security products such as SWG, CASB, and ZTNA. XDR refers to an approach that centralizes the management of endpoint security products and network security to streamline the detection and response of typical incidents.

Introduce SSE-related services in stages as required

However, Teshigawara points out that "SSE and XDR are by no means omnipotent." If you try to implement SSE by introducing all network security products at once, it may become difficult to operate.

To avoid these problems, it is effective to gradually introduce products with higher priority according to the needs and circumstances of each company, and eventually arrive at SSE. However, if the costs and effort increase every time you introduce a product that constitutes SSE, the benefits of SSE will be diminished in the first place.

Macnica recommends the SSE service "Symantec Enterprise Cloud" as a security measure that can efficiently implement SSE while overcoming the various challenges associated with SSE implementation.

Dori Barras, product manager for network security, points out that one of the Symantec brand's SSE-related services, including Symantec Enterprise Cloud, is that "all security functions can be used with a single agent." This means that once an agent (agent software) is installed on an endpoint, you can choose which of SSE's various network security functions you want to use by simply enabling/disabling the functions you want to use (Figure 1). By purchasing licenses and enabling functions according to your company's needs and circumstances, you can introduce network security products in the order and timing of your choice, while reducing hassle and costs.

Figure 1. Overview of 　Symantec products (Source: Macnica materials)

All products share the same threat intelligence

All Symantec brand SSE-related services (Figure 2) are operated on Google Cloud Platform (GCP). "There are various advantages to having the infrastructure for all services be a common cloud service," says Barras. The first advantage is that by operating all cloud services on GCP, it is easy to apply the same security policies both inside and outside the company, and it is possible to efficiently operate a hybrid cloud that combines on-premise systems and cloud services.

Figure 2 Coverage areas of Symantec's on-premise products and cloud services (Source: Macnica materials)

The second benefit is for vendors. "Because we can leave a significant portion of the infrastructure construction and operation to GCP, we can allocate more resources, such as personnel and budgets, to product development," he said.

Symantec accumulates threat information in its threat intelligence service "GIN" (Global Intelligence Network) (Figure 3). By sharing threat data collected from Symantec products/services operating around the world between the products/services, it becomes possible to automatically apply the same level of security policies across network security products such as SWG, CASB, and ZTNA. The collected data is analyzed daily by the company's analysts and researchers, and the results are reflected in each product/service.

Figure 3 Global Intelligence Network (Source: Macnica materials)

Symantec is a well-known brand not only in network security but also in the field of endpoint security. In the field of endpoint security, Symantec is also consolidating Symantec services as a component of XDR. XDR-related services are also operated on GCP, so they can work closely together while sharing the same threat intelligence as SSE-related services.

Going forward, we will focus on improving UX

Symantec's agents are common to both network security products and endpoint security products, so companies that already use Symantec's endpoint security products can easily install SSE without having to install additional agents.

One company that uses Symantec's endpoint products added new cloud services such as SWG, cloud firewall, and DNS proxy while leaving the agents installed on client devices in place, which enabled them to achieve SSE with minimal effort and cost.

Another customer had already implemented Symantec's SWG service, and then added Symantec's ZTNA service without making any changes to its agency. In this way, the company is gradually expanding its SSE.

Symantec is unique in that it not only offers the products necessary to realize SSE, but also provides the means to efficiently introduce and operate them. In addition to these strengths in terms of products and functions, Barras is enthusiastic about the future, saying, "We want to improve convenience and ease of use for user companies by strengthening the UX (user experience)." Specifically, the company will focus on improving the design of the UI (user interface) to make it easier to use, and on introducing generative AI (artificial intelligence technology that automatically generates text, images, etc.) to further enhance convenience. It also plans to put in place a customer support system. "We want to improve UX from every perspective while increasing our credibility as a vendor," Barras said.

Source: TechTarget Japan
Reprinted from an article published in TechTarget Japan on November 14, 2023
This article is published with permission from TechTarget Japan.
https://techtarget.itmedia.co.jp/tt/news/2311/14/news05.html