40 year old golf loving Vishal Dhupar is the Managing Director at Symantec India and leads the sales and marketing operations in India and SAARC countries barring Pakistan. Vishal is responsible for development and execution of regions strategic plans and champions the need for information security and availability.

Where does India stand as far as an internet security threat emerging from here is concerned?

It's nothing to do with India in specific or any specific country. In the new knowledge world, everything is so flat that you cross boundaries very easily. With the acceptance of internet for doing business we have moved towards the knowledge economy which is distinctly different form the industrial economy that we have had. The industrial age was about control, about rules, about accounting. The knowledge economy is about release, sharing and information. Information can reside anywhere and you can do business based on that. This no more a world of hackers, this is an age of people wanting to make a fortune. They are not there to make a brand name for themselves or headlines in the press, they only want to make fortunes for themselves, hence the whole threat landscape is changing from hacking to exploiting.

The command and control can be in the US or India or in any part of the world, but most are in the US, because the broad band penetration there is the highest.

What of home PCs' in India?

The owner does not spend enough knowledge or money to protect his PCs', thinking that he is so innocuous and no one will come to him. Recently there are two or three trends that are happening in India. The broadband penetration is increasing, we already have about 50 million broadband users. Everybody anticipates that just like the mobile and computers got accepted, broadband is going to be the way of life. The home PC user has to be made aware that there is a need to secure your system well so that you also take care of others and yourself.

How does he secure his system?

Always make sure that the PC has a basic anti-virus, a  basic firewall. A firewall is like the guard standing outside your house or apartment to make sure that at least he's able to glean out the guys who look reasonable. If he finds someone behaving suspiciously, he'll never let that person in. It's the first line of defense. Intrusion detection software makes sure that the traffic or the malicious code that is walking is the right one or the wrong one. Even if there is slippage after that, the anti-virus part can take care of the problem.

But the costs? India is a very price sensitive market... you have open source and you have free solutions too..

Norton is very cost effective. The reason why 70% of the market uses Norton is because it is able to offer both the quality and price. The pricing in India is all localized so that the affordability is higher and we ensure that with the increase in awareness and volumes, the right pricing is there.

What is Symantec/Norton's reaction time to a new threat? Or a perceived threat?  How soon do you have a solution in place to a new virus or code?

The threat part works in two folds. One is the codes which are malicious and there are chances that you know about the pattern of the code, so already  you have a definition and signature built for that and you protect it in the active way. If anything is suspicious it is blocked immediately There are chances that you have threats that are zero day threats. Which means that is has been introduced and created havoc even before you have even captured it. First you have to anticipate it then capture it and then develop an antidote. But, if the technology can take care of it, then we'd like to depend upon that. That's why we talk of defense in depth. All the technologies that people now use are reactive technologies, we need to move towards the proactive. This is from the consumer perspective.

From the enterprise perspective, things become more complex. There are people in enterprises who are moving in and out, there are visitors, there are people of all kinds who are working there. How do you ensure that the information that you have still continues to remain with you. Today, 54% of data loss is  happening  from the inside.

You have these 2 GB flash drives, takes you a minute to download data and put it in your pocket, mobile phones have cameras, you have blue tooth available, there are all kinds of wireless devices. How do you ensure that your environment is protected. That's the next level that enterprises are doing, what Symantec  calls Security 2.0. It's not about only securing your infrastructure or PC or the server, its also the information that resides there as well as the interactions within that information..

People go and buy these mammoth applications like SAP to do an HR part and each month you have your salaries being processed on the SAP HR model. There are people who are involved say between 27th and 30th of the month to churn out salaries. But if some person is playing around with salary on the 5th or the 6th, can somebody anticipate why he is doing it and at least go and alarm the person in charge that so and so is doing something which is against his behavior? That's Security 2.0.

While we are encouraging the consumers to have a comprehensive outlook at their base assets, we are also working with the enterprises to make them look at security holistically - where do you stand against the threat landscape? Our whole purpose  is to build confidence in the connected world.

What about India? Do you have any statistics on India?

India has already emerged about the top countries for phishing sites, both hosted and exploited here. Now if 70% plus of your mail in India is junk mail, that means your very valuable asset which is your broadband is being consumed by something that you don't need. 70% is much higher than the world average of 59%, that has gone up from 52 to 59%. Now spam is very interesting, what is spam to you, may not be spam to me. Spam can have a malicious intent, it can have a good intent, or it could have a disturbing impact.

Do you also work with Microsoft, Linux and others that design these OS, software?

We work with all of them. Many people think that Linux is not susceptible to attack. Anything that's popular gets exploited. At one time people were absolutely sure that Apple does not attract attackers, but as the popularity of Macs is going up, people have started exploiting that. Mozilla, the open source browser has a lot of people who are passionate about protecting it,  but was also exploited. Because IE is the most popular browser, it is exploited the most. Symantec has a list of over 7,500 vendors across the world where we have pointed over 40,000 vulnerabilities in operating systems, in application systems, software, etc. Depending upon the value of your assets you can built a number of fortresses around them, but if somebody is determined to break in, he will figure out how to break in.

What about working with service providers to limit or stop a threat?

We are working with quite a few of the larger service providers on this, their own gateways, their own broadband are all protected. But on internet you get connected from this end to the other end also. You have children who are coming with CDs', people come in with USB drives, people doing peer-to-peer talking, these are not going through the service providers. It's not only about the service providers doing it, it's also important that you take care from
your end.

What of information leakage and frauds through social networking?

Well that's been around for a long time now, both in the physical and the digital world. Spam, phishing are a kind of social engineering activities. One thing is very certain, you will prosper in the good world and the evil world will also prosper, at most times the evil world will have an edge over you, you have to be smart enough to anticipate that and be disciplined enough not to get attacked. You may have a very sophisticated security system at home, but if someone leaves the door open anyone can/will exploit that.

Tarachand Wanvari is a consulting correspondent for Business Gyan & www.businessgyan.com. Feedback at tarachand@ businessgyan.com 

Issue BG75 June07

Related Items:

---

Be first to comment this article

Only registered users can write comments.
Please login or register.