Traditional security software vendors are encountering a serious challenge from a new breed of companies like Zscaler, which offer security as a service, delivered exclusively from the cloud. In response many of the best known security software vendors are complementing their offerings with cloud-based security components as well.
This is exactly the strategy that's being pursued by Symantec. The California-based security company continues to be happy to sell you its enterprise-based products, while also offering Symantec.cloud, a portfolio of about 16 "pre-integrated" security services which run in Symantec data centers and which you can pick and choose from on a subscription basis. Symantec would doubtless be delighted to replace all your existing on-premises security software with its cloud services in one go, but Paul Wood, a Symantec senior analyst, says that many customers interested in cloud-based security only want to move some of their security into the cloud. "Many companies won't want to throw away their investment in all their existing security products straight away, and for compliance reasons they may be obliged to keep some security functions in-house permanently," he explains.
So what exactly is Symantec.cloud? At its core are three key services:
- Symantec MessageLabs Email Security.cloud
- Symantec MessageLabs Web Security.cloud
- Symantec Endpoint Protection.cloud
Symantec.cloud also includes a number of other modules including ones for email encryption, instant messaging security and email continuity and archiving. 42 percent of the company's .cloud customers subscribe to four or more of these modules, Woods says.
Symantec Email Security.cloud
Email Security.cloud is a pure cloud-based service which includes email anti-virus, anti-spam, image control and content filtering. You can implement it fairly simply by setting your organization's MX records to point to Symantec's cloud security infrastructure, so all incoming and outgoing email messages (and attachments) pass through it before going to their intended destination. Incoming messages originating from known spam or malware sources are rejected, and those that pass this initial security stage are then scanned for known malware by both Symantec's anti-virus engine and a second one supplied by Finland-based security company F-Secure.
After this, each incoming message is passed to Symantec's heuristic system, called Skeptic, which is designed to detect new malware and spam which originates from previously unknown sources. Symantec's "link following" system then checks links in emails to ensure they don't link to malware, or known malicious sites.
Emails containing viruses are blocked and quarantined, and the recipient is automatically notified. "That means you can still get a vital email if you need to, even if it has a virus," says Woods. This could be done by downloading the email to a device such as a mobile phone which is not susceptible to Windows viruses. Email containing spam can be blocked, deleted, quarantined or delivered with a tagged subject line or appended header.
Finally, emails and attachments are also scanned for specific content (for example documents marked "confidential") to provide an element of data loss protection, and for "inappropriate" images including pornography.