Get Your Global Excellence Awards Entry Kit Now
Join the Cyber Security Worldwide Community on LinkedIn
 Home Executive Briefings Security Predictions Entry Kit Global Excellence Volunteer as Judge Register Awards About
What CSOs need to know about cloud security

Total Defense is a global leader in malware detection and anti-crimeware solutions. Over 50,000 businesses across a wide spectrum of industries have deployed the Company's solutions, including some of the most sophisticated buyers of security technology worldwide, and over four million consumers worldwide use Total Defense's products.

The Company's solutions include anti-malware, anti-virus, parental controls, intrusion prevention, mobile security, online back-up and PC optimization. Total Defense is a former business of CA Technologies, one of the largest software companies in the world, and has operations in New York, California, Europe and Asia.

Info Security PG: What are the incentives for enterprises to migrate to a cloud-based security solution? And how can you police your data if you don’t know where it’s stored?

Bradley Anstis: There are many reasons that organizations should consider moving to cloud-based security solutions, here we will consider three. The first is a security best practice, detect the incoming threat as early as possible, in this case up in the cloud before it gets even to your network perimeter, and doing this with Web traffic (responsible for over 90% of all malware infections) as well as Email covers the vast majority of inbound threats.  The next consideration is a straight TCO calculation where cloud-based security services are easily demonstrating 30-50% TCO savings, not only upfront but also over an extended period of time, coupled with superior ROI savings these equate well into any budget.  Finally we have the advantage of a cloud based platform being able to offer fully consolidated sets of security solutions, in the case of Total Defense for Business, we offer Web, Email and Endpoint security through a single platform, single console, single policy engine, single reporting engine.  The coverage of these three services covers all the threat vectors capable of being used to infect an organization with malware.  Offering these three together in the same platform eliminates the security gaps between point products that attackers routinely use, also dramatically reduces administration time and sets the organization up for a future correlated security strategy.

In terms of policing your data and the concerns around data security, the cloud security providers are well experienced at not only being highly secure but also allowing for different organizations policy and regional legislation requirements, this is typically the biggest concern of organizations.

Info Security PG: Why are traditional approaches to security no longer adequate for organizations?

Bradley Anstis: The traditional approach to security was architected around defending the perimeter where all your users and data to be protected where within the corporate network, which you then defended at the perimeter from external attack.  Today with the growth and adoption of cloud computing that results in more and more corporate data living outside the organization as well as the growing mobility of the work force is causing network de-perimeterization where initially the on-premise gateway controls are complimented but eventually replaced by cloud-based solutions that are able to provide every user 100% of the protection no matter their location. 

The traditional malware detection methods are also sorely lacking in todays Internet Threat Landscape, with a combination of AV signatures, URL Filtering and IP Reputation detecting less than 40% of attacks in the wild.  These reactive technologies are designed for the threat landscape of years past, and while do still offer value and performance they need to be complimented today with the newer proactive technologies such as HIPS, Heuristics, Behavioral Analysis and so on.

Info Security PG: Why has it taken the industry so long to create a solution that integrates endpoint, web and email security?

Bradley Anstis: This is a good question, and in our case it was the merging of a cloud-based Web & Email service with an Endpoint AV company that triggered this new product development.  There are other Vendors offering all three services but they are still essentially completely separate point solutions and so miss out on all the security and TCO advantages of a fully integrated platform.

The combination of these three do cover off all the possible vectors an attacker could use to infect an organization, but we are not stopping here, we have plans to extend the Total Defense for Business platform to support other security services, currently being offered by other vendors as point security solutions, but we will provide them fully integrated into our security service platform.

Info Security PG: How can CSOs overcome the security concerns around adopting cloud computing?

Bradley Anstis: CSO’s should very carefully consider the security concerns when looking to adopt cloud based computing in any form not just cloud-based security services.  With security services, especially Web & Email services you are relying on those service to provide a clean feed of web & email traffic, stopping all the attacks in the cloud before they get to your perimeter.  But to function those services will need corporate information around users and the groups they belong to, they will hold usage or logging data from which they will create reports, retain quarantined email for a period of time and also possibly store email for longer periods of time in an email archive.

CSO’s need to fully understand the extent of the data being stored, how it is being stored and the controls put in place to secure that data.  They then need to consider how valuable that data is and what is the risk to the organization should that data be compromised in some way.  For organizations operating in more than one legal jurisdiction you could also have the added complication of meeting the different legal requirements each jurisdiction requires, not only for data storage but also possibly the processing of data, for example some countries mandate that email needs to be scanning and processed within country.

Company: Total Defense
555 Twin Dolphin Plaza, Redwood City, CA 94065 U.S.A.

Founded in: 2011
CEO: Paul Lipman
Public or Private: Private
Head Office in Country: United States
Products: Internet Security, Endpoint Malware & Security, Email Security & Web Security products and cloud services for business and consumers.
Company's Goals: To be the leading provider of cloud based security services and solutions.