R & D Focal Point of IT Security

The role of R& D is immense. And when it comes to security solutions, the role of R& D is immense. The security companies can soft-pedal this only at their own peril. It is, therefore, incumbent on them to pursue cutting-edge R&D in IT security. 

Security is becoming complex with the each passing day. A decade earlier businesses were happy by giving their employees logins to the networks and asking them not to divulge their passwords to anyone. That was the end of security advice. Needless to say, the security scene is far more complex and IT managers are under pressure to secure the company’s digital assets and network. 

With the cloud computing becoming preferred choice of the business more so in uncertain economic landscape, these are hey-days for the cyber villains who find cloud as greener pastures for making money by hacking cloud infrastructure. 

Vishak Raman, Senior Regional Director, India & SAARC, Fortinet, says, “Over the last 10 to 15 years, threats have transformed from connection-based to content-based. Traditional security technologies have not kept up with this evolution and are no longer able to differentiate between malicious and legitimate content.”

“Current threats such as viruses, worms, Trojans & phishing have posed as major threats to the normal functioning of computers and to the information stored in them.  These kinds of threats are constantly evolving, thus challenging the current security standards laid by security products,” Govind Rammurthy, MD & CEO, eScan. According to a general study done by security experts, more than 65,000 malware strains are being detected on a daily basis.

As the incidence of security breaches grows, it is resulting in the increasing adoption of the latest security solutions even further. This drives the demand for right technology investment so that it may be possible to swiftly discover and blunt the catastrophic effects of a breach before loss of critical data becomes a reality. Here comes the role of an innovative framework of security controls. R&D plays an important role in the innovation process which is increasingly vital for the organization to position their product as the most trusted. A quality investment in R & D activities results in the advent of innovative technology that propels new products and services to the market place which all set to rule the roost. 

Absolute Must for Robust Security

The realisation for investing in R & D has downed on the vendors. They are leveraging the increasing demand for the latest security products, solutions and platforms. Vishak Raman, Senior Regional Director, India & SAARC, Fortinet, says, “Fortinet’s products are regularly setting the norm in terms of cost/performance ratio and reliability. Our technology has been developed fully in-house by our R&D team from Day 1 and we have total control over the design of our products, making no compromises on quality, performance and reliability.”

He adds, “Technological innovation through R&D is at the heart of Fortinet’s strategy to address the stringent security requirements of its customers. Fortinet’s solutions are continuously enhanced with the latest innovations and technologies to remain at the forefront of performance in the industry.”

Vishak Raman Senior Regional Director, Fortinet India & SAARC, Fortinet	Sunil Sharma VP Sales, India & SAARC Cyberoam	Shantanu Ghosh VP and MD, India Product Operations, Symantec	Govind Rammurthy MD & CEO eScan

Fortinet has been awarded more than 80 patents, with 115 patents pending, and has more product certifications than any other security appliance company. Vishak says, “Fortinet is the only vendor to have earned certifications across all core security technologies. These independent certifications demonstrate the company’s ability to consolidate multiple security technologies into a single device while still meeting the highest standards of performance and accuracy. We have multiple ICSA Labs, NSS Labs, BreakingPoint, IPv6 and EAL4+ certifications.”

Underscoring the need of R&D, Sunil Sharma - VP Sales, India & SAARC at Cyberoam, says,  “Innovation is a part of Cyberoam’s DNA. Hence, Cyberoam attributes its proactive product development to its ability to innovate by understanding market needs. Cyberoam ensures that required infrastructure for research, analysis and re-creating or simulating the needed scenario is available. Cyberoam’s R&D process enables us to deliver a product of global quality that helps us address our customers’ needs and challenges efficiently and pro-actively.

Cyberoam’s R&D process involves a process comprising of 4 stages, namely Requirements Gathering, Evaluation, Planning and Development Cycle.

Govind Rammurthy, MD & CEO, eScan, “With the growing amount of malware in-the-wild, we realized it would be practically impossible to secure our clients using the traditional approach of detecting and preventing new threats.”

India is a key market for Symantec as the country’s role in research and development for the security giant is large. With more than 163 patents to date, Symantec India employs more than 4000 engineers at the centers of innovation in Pune, Chennai and Bangalore comprising 35% of the global workforce. “Our employees work across software engineering, quality assurance, security threat analysis, technical support and testing functions,” says Shantanu Ghosh, VP and MD, India Product Operations, Symantec .  Shantanu adds, “With creativity deeply woven into our culture Symantec engineers contribute to sophisticated technology and business innovations in security, storage and systems management space. With almost every product in Symantec’s portfolio represented in India, key areas of technology development include Endpoint Security, Information Security and Management, and Storage & Availability Management. Approximately 13 percent of Symantec’s global revenue is invested in R&D.”

Fortinet’s FortiGuard Labs' global team of threat researchers continuously monitors the ev olving threat landscape. The team, composed by over 200 security threats researchers, engineers and forensic specialists, provides around the clock and around the globe coverage to ensure our customers' networks stays protected. 

Operating in Canada, China, France, Japan, Malaysia and the United States, the FortiGuard team assures some of the fastest response times in the industry to new viruses, vulnerabilities, attacks, and malicious threats. They collaborate with the world’s leading threat monitoring organizations to advise and learn on new and emerging threats. Additionally, they contribute to the overall security industry by identifying and responsibly reporting vulnerabilities directly to vendors of hardware, operating systems and applications. 

The FortiGuard Labs’ research forms the basis of the FortiGuard Security Subscription Services, which provide continuous and automated updates for antivirus, intrusion prevention, Web filtering, antispam, vulnerability and compliance management, application control, and database security services.

During a typical week, FortiGuard Labs add or update approximately 100,000 antivirus signatures, 34 intrusion prevention (IPS) signatures, 500,000 URLs ratings for Web filtering with more than 65 languages supported, and 30 million antispam signatures. 

Making Security Solutions Smarter

According to Vishak, Fortinet delivers complete content protection for today’s evolving networks. The company enables its customers to implement a robust and comprehensive security strategy that allows them to protect their IT infrastructure optimizing performance, improving business processes, reducing threats, simplifying management and reducing costs. 

Cyberoam protects against all kind of network and application-level attacks, securing organizations against intrusion attempts, malware, Trojans, DoS and DDoS attacks, malicious code transmission, backdoor activity and blended threats. Sunil assures, “Cyberoam assures business benefit, ROI and surpasses/meets budgetary expectations of organizations, using a whole set of unique and effective features. Let’s have a look at a few of them.”

Rammurthy says, “eScan Security Network is a state-of-the-art technology implemented in the latest versions of eScan SOHO products. When it comes to detecting new malware, ESN ensures a prompt response and an advanced level of detection that provides superior protection.  eScan Security Network is not only capable of detecting and blocking unknown threats, but can also locate and prevent zero-day threats and phishing attempts.”

One of the key innovations that Symantec has developed to protect information is Insight, which is an important part of the company’s latest Symantec Endpoint Protection 12. Insight, Symantec’s community and cloud-based reputation technology, detects and blocks new threats earlier and more accurately than any other security product. Shantanu says, “Symantec Endpoint Protection 12 also leverages Insight to reduce the overhead of virus scanning by as much as 70 percent by automatically identifying and whitelisting Symantec-trusted high-reputation files, eliminating significant scanning activity from each endpoint.” He adds, “This also has significant benefits in virtual environments, since SEP 12 reduces scanning overhead rather than taking the security out of the instance.” For instance, SEP 12 comes with virtual image exception that whitelists files from the standard virtual machine image to optimize scanning; resource leveling that randomizes scans and updates schedules to prevent resource utilization spikes; and shared Insight cache, which shares Insight cloud lookups locally or redirects to a local server to reduce bandwidth and latency. 

Zero Threats

A zero-day attack/threat is an attack that exploits a previously unknown vulnerability. From an attackers point of view there are many benefits behind carrying out these kinds of attacks, like Zero day threats are sold under ground and often used as organized crime. Such attack styles can be used to launch targeted attack against an organization including governments, corporate and other industries, causing more harm, posing high stakes. Since these are Zero day attacks, the signature based solutions are insufficient, due to lack of signatures. We need to protect against these just like the other online threats out there, as an attack could bring the corporate network down and compromise business operations and information. 

Cyberoam prevents sophisticated forms of zero-hour threats and blended attacks involving spam, botnets, phishing, spyware and more. Cyberoam provides virus outbreak detection technology (VOD) against new email-borne virus outbreaks, hours before the signatures are released.  

The Road Ahead

Nowadays, we can’t rely only on Anti-virus, you need to have multi-layered protection system in order to combat Zero-Day threats. Traditional AV combined with a Firewall, Web Protection, Malware URL Filter, Proactive Malware Filter and Cloud-based malware detection helps keep 0-day threats at bay from your digital world. 

for more contact :
edit@varindia.com