John Thompson tells government IT executives that Microsoft's security efforts won't help in heterogeneous computing environments.
Symantec Corp. took its offensive against Microsoft to government technology executives on Monday. The security company's CEO, John Thompson, complimented Microsoft on efforts to secure the Windows environment, but characterized the work as incomplete for many technology managers.
Speaking at the Information Processing Interagency Conference in Orlando, Fla., Thompson said Microsoft's move to secure Windows and its applications from hackers and other threats won't help government IT managers because few agencies rely exclusively on Microsoft software. Microsoft's approach doesn't help those who employ other operating systems, such as Linux, Thompson says.
Thompson's remarks echo those he made a fortnight ago at the RSA Conference, shortly after Microsoft announced plans to acquire antivirus software vendor Sybari Software Inc., a field Symantec dominates.
Microsoft's acquisition of Sybari, along with Symantec's intent to purchase storage vendor Veritas Software and its takeover of backup-and-recovery software vendor PowerQuest, demonstrate how software vendors are expanding to offer broader product lines. IT managers, whether in government or business, need to seamlessly bridge the divide between devices, systems, and network management in heterogeneous environments, Thompson says.
"Security, as traditionally defined, isn't enough," he says. Besides providing patches to fill security holes, IT managers must be more proactive in preventing them because the time between exposure to a vulnerability and the damage it could cause has shrunk from months to days. "That suggests we have to shift the game to offense from defense, to protect critical infrastructure by taking a more holistic, proactive approach before information is stolen or misused," Thompson said.
Thompson outlined a more holistic approach to cybersecurity, in which an external alert triggers an internal assessment of an enterprise's IT environment, identifying systems vulnerable to attack. The process could automatically update patches in unprotected systems, and information garnered about potential attacks could automatically prompt more frequent backups, from desktop PCs to corporate data centers. These actions could produce an automated audit trail that could help companies meet regulatory compliance.
Symantec, Thompson said, needs to strengthen its portfolio to include areas such as asset management and tracking, and tie those into early-warning intelligence to help customers keep their IT systems operating regardless of what happens. "It's time," he said, "to do more than raise red flags and block threats."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.