Insider Threat Management

Why Broadcom’s Symantec Acquisition Won’t Solve their Insider Threat Problems

Share with your network!

Broadcom has closed their acquisition of the Symantec enterprise security portfolio and the Symantec brand on Nov 5, 2019. As details about their combined future have emerged, several major proposed changes could hurt their customers’ Insider Threat management posture, including the following:

  • They will eliminate over $1 Billion in spending across R&D (40% cut) and Sales (82% cut)
  • They will only focus on the Global 2000 customer base and essentially let the commercial accounts churn out of their business

As with recent Broadcom acquisitions (Brocade & CA Technologies), drastically cutting costs and selling to only the largest clients is the preferred playbook to be followed with Symantec as well. This strategy has left many customers with diminished support, end-of-life products, and technology that will either be retired or no longer receive investments in either R&D or support.

Such an approach doesn’t lend well to tackling the changing face of data loss. Insider Threats are the primary face of data loss and leakage for mid-market to very large enterprises. Traditional endpoint Data Loss Prevention (DLP) solutions have failed to provide an adequate detection and response value to this significant enterprise challenge. Instead, endpoint DLP solutions are often left within enterprises to tick a compliance checkbox. Here’s why we believe Broadcom/Symantec Enterprise Security approach is not the right way forward.

People-Centric Insider Threat Management

Today’s more digital, diverse, and remote workforce has made both intentional and malicious data loss more common. It is now both easier and more profitable than ever for hackers to steal sensitive data and maliciously sell corporate intellectual property (IP). Just in the last week, Twitter, GitLab, and Trend Micro have publicly grappled with the Insider Threat challenge.

Continuous monitoring of user and data activity across all channels, including the cloud, web, desktop, server, removable media, and email, is critical to protect against Insider Threats and data loss.

How Does this Acquisition Impact Symantec Customers?

The world of data loss is becoming more people-centric, as they are working with sensitive data. At least 50% of data breaches involve an insider, according to a McKinsey Insider Threat study in 2018. Even when detected, adequate response can take months, if not years. This is true for 70% of the organisations who have experience insider-related security incidents, according to the latest Verizon Insider Threat Report.

Traditional endpoint DLP solutions have not stood up to this challenge. With continued focus on cutting costs & focusing on fewer customers, the following common issues with Symantec DLP will fester as technology advances:

  • Frequent endpoint crashes as evidenced by customer complaints of blue screens with the recent Symantec Endpoint Protection (SEP) release in September
  • Lack of user context around DLP alerts and rules
  • Difficulty in building and sharing evidence of wrongdoing that is easily understood
  • Inability to provide real-time user education and awareness to deter accidental or negligent behaviour

How to Better Protect Your Organisation from Insider Threats?

If you use Symantec currently, we recommend evaluating your endpoint DLP module in these three areas:

  • How many user complaints have you received regarding endpoint slowdowns and crashes?
  • How often are users thwarting Symantec blocking capabilities?
  • How long does it take to investigate data leakage incidents on average?

A Better Approach to Insider related Data Leakage

If those questions create a stir, you should check out how the Proofpoint ITM platform can be deployed in under an hour and provide visibility into risky data movement by insiders in real-time.

Learn more about our people-centric approach to data loss here.