Symantec CEO says managed security services are coming

Outsourced managed security service contracts are the wave of the future for government networks, but the market is still nascent, John W. Thompson, the chairman and chief executive officer of Symantec Corp. of Cupertino, Calif., said yesterday in an interview.

To date, there's been "so little focus on information security across government," Thompson said. "But absolutely agencies will buy more managed services." He added that Symantec plans to offer managed security as a component to agencywide services contracts, such as that held by Unisys Corp. for the Transportation Security Administration.

Symantec has enterprise site licenses for its antivirus and network detection products at several departments, including Agriculture and Health and Human Services. In recent months it has acquired several companies to augment its offerings in what Thompson described as the four components of network and data asset protection?intrusion alerts, protection, response to damaging attacks and management of the network environment. The more data gathered about forms and sources of attacks, the greater the ability of an organization to predict what will happen next, he said.

Thompson said that monitoring services it performs for agencies and in the private sector show that "the complexity and frequency of cyberattacks will continue to grow," as they have for the past seven or eight years. Yet for all the progress in detection and remediation technology, Thompson said, for the most part large enterprises are unable to fend off attacks in real time. Instead, they are often a half-step behind those launching the attacks.

"The question is whether [enterprises] have the tools to evaluate their own environments. Too few do. If so, the problem is one of response." In large networks with thousands of servers, "response and remediation can be an enormously complex task."

The techniques of data mining, in which large masses of data are probed for patterns after the fact, will be inadequate in protecting cyberspace. Instead, tools will be needed to let agencies answer the question, "What does this suggest I should do right now?" Thompson said.

Government is a favorite target of mischief-makers, he said, but not necessarily because its networks are more vulnerable than those of the private sector, Thompson said.

"The issue is the degree to which exploitation has the potential to devastate major portions of the economy." Thus the financial industry also faces unrelenting attacks.

Thompson also discounted the notion that Microsoft Corp. products are necessarily more vulnerable than those of other vendors. "They have the most copies of the most stuff deployed," he said. "Their programming techniques aren't any worse than anyone else's."

Thompson is a member of President Bush's National Infrastructure Advisory Council.