‘Organizations Want Better Visibility from Security Products’

by | Oct 9, 2017

Bill McGee_Trend MicroBill McGee joined Trend Micro through its acquisition of Third Brigade, where he was co-founder and VP of Products and Technology. He is now the SVP & General Manager Cloud and Data Centre Security at Trend Micro. Prior to co-founding Third Brigade, Mr. McGee was SVP of Product Development at Entrust, where he was also a member of the founding team that formed Entrust from within Nortel Networks. As a member of the cryptographic systems group at Nortel Networks, he conducted pioneering work applying public-key technologies to multiple communication systems.

Q. Gartner says security cannot be static and there is a need to adapt security infrastructure on a continual basis. Can you explain how Trend Micro is responding?

Bill McGee: There are well developed aspects of security policy and security defense which we put in the white and black category of protection. White is defining what is allowed on systems, whether it is a firewall policy or what applications can run. Black is malicious. Gartner is saying that it is not sufficient, because there is a set of grey out there too; sometimes it is unclear whether it is bad or good. Sometimes the targeted attacks fall in the grey category.

Organizations are requesting for our products to provide better visibility into potential issues. They can then make risk-based assumptions on whether they should be investigating further or not. These new methods can have a higher false positive rate because they are not blocking technologies; it is not certain whether it is a security incident or not. However, this can be confirmed once they see the issue on multiple systems. And then they can investigate further.

We are making changes to our products to provide this additional visibility, with the ability to do incident investigation better.

Q. Enterprise IT infrastructure is becoming more hybrid. Users are asking for simplicity and automation to manage this infrastructure. Does the security threat vector change in hybrid and cloud environments?

Bill McGee: Threats on the hybrid cloud have not changed significantly yet. The same methods that are used to attack on-premise datacenters are used to attack clouds. Our customers who use our solutions for protection feel better protected on the cloud. It’s not really the nature of the cloud; they have simplified their architecture, modernized their security defenses and automated a lot.

Q. What should an organization keep in mind when selecting a security product or going with a vendor?

Bill McGee: The threat landscape is not static. The product itself is changing and so is the threat. So, one needs to have an information relationship. Good trusted interaction with the vendor is key.

Another key criterion is the openness of the technology, so that I can bring the additional insights the customer has and use those in the product. Or is it a closed system where the customer is completely dependent on the vendor? This about customization and the ability to use APIs for integration with other applications that a customer uses. It is also about additional threat feeds. Trend Micro has massive amounts of information that we provide to our customers. Some of our customers have their own threat information. Our products accept that information and deploy it so that our customers can get additional insights.

DevSecOps1

Q. How can a DevSecOps culture help in strengthening security?

Bill McGee: DevSecOps is something on the horizon and very few organizations are there today. Many organizations have a strong DevOps culture in place, and they need to learn how to do security on top of this. The security group must be involved in the CICD (Continuous Integration Continuous Delivery) pipeline or application development pipeline. Historically, security has been involved after product development, on top of production environments – without much insight into all the steps that led to the occurrence. Now we recognize that security can work better when you go back earlier into the development pipeline.

We are really figuring out how our products need to change to allow the security sponsor in the organization to intersect successfully with that DevOps cycle.

 

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The Rise of AI Agents in Business

AI agents are revolutionizing how businesses operate, innovate, and engage with customers while reshaping workforce dynamics and decision-making processes.

The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles