Traditional security software vendors are encountering a serious challenge from a new breed of companies like Zscaler, which offer security as a service, delivered exclusively from the cloud. In response many of the best known security software vendors are complementing their offerings with cloud-based security components as well.
This is exactly the strategy that’s being pursued by Symantec. The California-based security company continues to be happy to sell you its enterprise-based products, while also offering Symantec.cloud, a portfolio of about 16 “pre-integrated” security services which run in Symantec data centers and which you can pick and choose from on a subscription basis. Symantec would doubtless be delighted to replace all your existing on-premises security software with its cloud services in one go, but Paul Wood, a Symantec senior analyst, says that many customers interested in cloud-based security only want to move some of their security into the cloud. “Many companies won’t want to throw away their investment in all their existing security products straight away, and for compliance reasons they may be obliged to keep some security functions in-house permanently,” he explains.
So what exactly is Symantec.cloud? At its core are three key services:
- Symantec MessageLabs Email Security.cloud
- Symantec MessageLabs Web Security.cloud
- Symantec Endpoint Protection.cloud
Symantec.cloud also includes a number of other modules including ones for email encryption, instant messaging security and email continuity and archiving. 42 percent of the company’s .cloud customers subscribe to four or more of these modules, Woods says.
Symantec Email Security.cloud
Email Security.cloud is a pure cloud-based service which includes email anti-virus, anti-spam, image control and content filtering. You can implement it fairly simply by setting your organization’s MX records to point to Symantec’s cloud security infrastructure, so all incoming and outgoing email messages (and attachments) pass through it before going to their intended destination. Incoming messages originating from known spam or malware sources are rejected, and those that pass this initial security stage are then scanned for known malware by both Symantec’s anti-virus engine and a second one supplied by Finland-based security company F-Secure.
After this, each incoming message is passed to Symantec’s heuristic system, called Skeptic, which is designed to detect new malware and spam which originates from previously unknown sources. Symantec’s “link following” system then checks links in emails to ensure they don’t link to malware, or known malicious sites.
Emails containing viruses are blocked and quarantined, and the recipient is automatically notified. “That means you can still get a vital email if you need to, even if it has a virus,” says Woods. This could be done by downloading the email to a device such as a mobile phone which is not susceptible to Windows viruses. Email containing spam can be blocked, deleted, quarantined or delivered with a tagged subject line or appended header.
Finally, emails and attachments are also scanned for specific content (for example documents marked “confidential”) to provide an element of data loss protection, and for “inappropriate” images including pornography.
Symantec Endpoint Protection.cloud
In contrast to Symantec’s Email Security.cloud, Endpoint Protection.cloud is scarcely a cloud-based security product at all. To use it is necessary to install a so-called security agent — a piece of client software that provides Symantec’s standard antivirus, anti-spyware, intrusion prevention and firewall functionality – on to all your servers, desktops and laptops. The only cloud element of any note is a Web-based management console that you can use to set custom policies and send them to your endpoints, and for various other administrative tasks such as deploying new endpoints or checking the security status of your existing ones.
Symantec Web Security.cloud
That leaves Web Security.cloud. You can set this up by forwarding Web traffic from your corporate Web proxy to Symantec’s cloud platform, or by installing agents on your laptops which configures them to use the cloud platform as a proxy. Unlike some other cloud security systems, it is necessary to manually configure this agent to connect to the most appropriate Symantec data center (the company operates 14 data centers in four continents) as you travel around the world.
Once implemented, the cloud service checks every Web request made by users against policies which you can configure from Symantec’s cloud portal. You can set up policies to block specific URLs or URL categories, or to prevent excessive usage or restrict Web use at specific times — and if no policy rule is triggered the request passes on to the Internet. If the request does trigger a policy rule then access to the Web page can be denied, or the request can simply be logged. Incoming Web pages are scanned for malware and blocked if malware is detected. When it comes to reports, you can examine logs for all Web users from a central cloud-based reporting interface.
A cloud-based service is only useful if it does what it promises, and Symantec has gone to great lengths to help reassure customers by backing up its .cloud platform with a surprisingly ambitious service level agreement (SLA) with financial compensation if any service levels are not met. “SLAs are absolutely key for potential customers,” Woods says. Individual service level commitments include:
- Anti-virus effectiveness – 100 percent protection against known and unknown email viruses
- Anti-virus accuracy – no more than 0.0001 percent false positives
- Anti-spam effectiveness – 99 percent spam capture (95 percent for email with Asian characters)
- Anti-spam accuracy – no more than 0.0003 percent false positives
- Email delivery – 100 percent email delivery
- Latency – average email scanning time within 60 seconds
- Availability – 100 percent service uptime
- Anti-virus – 100 percent protection against known Web viruses
- Latency – average Web content scanning time within 100 milliseconds
- Availability – 100 percent service uptime
Symantec.cloud is charged on a per service per user basis, but the company declined to provide any indication of actual pricing.