Symantec-Broadcom: Should I Stay or Should I Go? It’s Time to Move on From Legacy Secure Web Gateway
Broadcom, who acquired Symantec for $10.7 billion earlier this year, stated they would make immediate cost-cutting within the Symantec enterprise business, prioritising endpoint, web and DLP (not cloud security products). Although a favourable deal for Symantec investors, Forrester claim Broadcom is “wading into the tricky waters of a hardware company buying a cyber security software company”. Forrester warns CISOs to be cautious as customers express concern on responsiveness to issue resolution, back-line engineering support and continued innovation.
Why Not Symantec?
As organisations continue to transform their business and information security practices with a cloud-first objective, they look to invest in solutions that provide them with the breadth and depth necessary to best enable their business to grow, manage risk, and protect their data.
Symantec customers are moving to the cloud faster than they expected and they have been unable to provide adequate coverage using their legacy portfolio and disjointed products. Quite frankly, Symantec has not been the best choice for customers time and time again due to their operational complexity, burden and long time to value.
The reality is that the integration of legacy Symantec and Blue Coat products, and their CASB acquisitions have resulted in a complex Symantec solution that is still lacking significant capabilities. With Symantec, the solution most times consists of “multiple” admin consoles, appliances, clouds and agents, again not matching the level of functionality as other software companies.
Top 5 Concerns with Symantec Secure Web Gateway Security
Check out our top five concerns with Symantec’s secure web gateway security for remote offices and users.
Out with the Old in with the New
When over 83% of web traffic is encrypted creating new blind spots for data leakage and threat entry for managed and unmanaged apps, cloud services, and web traffic, it’s clear it’s time to move on from legacy web security.
Most organisations use more than 1,295 apps and cloud services where over 95% of these are unmanaged with no IT administration rights. To understand and protect content and context, secure web gateways must progress beyond traditional URL filtering of web requests to decoding app API traffic for thousands of apps and cloud services.
And with business transactions moving to cloud-based apps and data, its vital web security solutions evolve with it and reduce latency and inefficiencies. Providing a cloud based secure web gateway with secure access to the standard internet is not sufficient for current and future business transactions. Security and speed are required for low latency, high capacity access to cloud-based apps and services.
Your current web security gateway may have one or more of the issues below:
1. Appliance Limitations: Limited compute capacity for inspecting encrypted traffic, hosting advance threat defences, and storing logs and metadata. Appliances are also often last in line for updates after cloud service.
2. Bypassing Threat Defences: Good reputation web and app traffic bypasses inline threat defences, including sandboxing and script analysis.
3. Legacy Allow/Deny Policy Controls: Basic risk ratings with no visibility into thousands of apps for users, content and activity for contextual policy controls.
4. Limited Integration: Your current web security vendor has acquired a confusing array of security solutions with limited integration.
5. Unmanaged App Visibility: The reality is less than 5% of apps and cloud services have IT administration rights, the rest are unmanaged in business units open to exposing data or introducing threats.
Speaking on behalf of Netskope, Jonathan Mepsted, Regional Director UKI and SA, added: “With the disruption that will stem from Broadcom’s acquisition of Symantec and the market moving away from old fashioned web gateway appliances, this is the perfect time for Blue Coat customers to update their estate and transform their security with next generation secure web gateway services.
“Netskope provides better visibility of all SSL traffic, better ability to protect remote users and generally significantly less complexity as Netskope consolidates SWG + CASB + DLP all on one console. Legacy SWG solutions are a bit like using a damp match in a pitch-black room, hoping to see something, anything.
“Over 85% of the Web is SSL encrypted, and we’ve seen users and data go significantly to SaaS apps, especially when remote and going direct to net. Which let’s be honest is the vast majority of the time.”
So, if you are using Symantec, Forcepoint, Cisco or another legacy web gateway there’s no better time to modernise your web security.
Latest Security News
Last month we had the opportunity to be a part of Securing the Law Firm 2019 with an Education Seminar centred around best-practice for constructing SOC-as-a-Service (SOCaaS), so you know you can get value; here’s the low-down.
Secrutiny is hosting an intimate breakfast briefing for cyber security leaders in London on Thursday, 28th November. Join us to discover how, with a bit of extension and instrumentation, the ecosystem of controls that you already have can form the basis of an evidential, prioritised cyber risk management programme. Learn more and register…
Managing security risks and responding to incidents are significant operational tasks, and the speed at which you react is crucial. Take a look at how to regain control in our latest blog post which highlights the importance of Context, Visibility and Control.