Please join us for our Tech Tuesday chat on Layered Security and Security Services. Our guest speakers will be Kathy Hale, Gautam Vij, and Joe Santandrea.

Technical Community - Background Reading

Layered Security Solutions

Dell PowerConnect J-SRX Demonstration

Video: Today's Blended Threats and Dell's Approach to Multilayered Security

Video: Biggest Security Threats

Video: Total Business Security

Video: The Right Security Strategy

Video: Best Products for Smart Security

Chat Transcript

Dell-DennisS Today’s chat will be on layered security and security services.
Dell-DennisS Our guest moderators for today will be Gautam from product technology, Kathy from services marketing and Joe from security marketing.
Dell-DennisS I'll hand it over to Joe for an introduction.
Dell-JoeS Welcome to this Tuesday afternoon chat on security for the small- and medium-sized organizations.
Dell-JoeS We have Gautam Vij who heads up our technology strategy in this space.
Dell-JoeS He will go over some of the primary issues concerning organizations.
Dell-JoeS Kathy Hale will help us understand how security services can play a big part in planning for your organization.
Dell-JoeS We also want to hear from you and what areas you are most concerned with related to security.
Dell-JoeS What parts of your security strategy are working and what areas need the most help?
Dell-JoeS So, I'll let Gautam start. Gautam, what are the areas today that are top of mind from a security perspective for small and medium businesses (SMBs)?
dell_Gautam Sure, Joe.
dell_Gautam Security is a top pain point for most of our SMB customers of all sizes and whatever vertical they happen to be.
dell_Gautam Security breaches can pose a crippling financial burden on midsize organizations and midmarket CIOs. Count intrusion prevention, patch management and data loss prevention are the top three security priorities.
dell_Gautam We are also seeing insider attacks on the rise. Insider attacks can have many roots of cause, but are fundamentally different from the other traditional threats where hackers are breaking in from outside of the enterprise.
dell_Gautam Most of traditional security solutions provided limited coverage from these and more emerging threats.
dell_Gautam On the other hand, we are also seeing compliance as a major concern for many of our SMB customers.
Dell-JoeS What areas of security does compliance have rules about?
Dell-JoeS What I mean is, what are the technologies that need to be managed to comply with the rules?
Dell-JoeS Are there rules about data storage, network access, authentication, hardware, etc.?
dell_Gautam There are numerous compliance laws. Depending on your type of business, which vertical you are and what your core business is, there will be one or more compliance rules that will apply. Most common ones are PCI, HIPPA, SOX, GLBA, but there are literally hundreds of different ITGRC or government regulatory compliance laws.
Dell-JoeS How does an organization know which regulations apply to them?
KathyH_Dell_SMB (Shameless plug). You can go to (recent Dell acquisition) and hit the compliance tab at the top.
KathyH_Dell_SMB There will be a drop-down of some of the major compliance regulations. Choose one and they have good info on what applies and what you should be looking for.
Dell-JoeS Does anyone check an organization for compliance or does it only become an issue when something goes wrong?
dell_Gautam It depends on a case-by-case basis, however, for most of the SMB customers there are planned or unplanned audits to check how much due diligence the customer is doing to comply with the appropriate regulation.
dell_Gautam For example, if you are a retailer and doing business involving customer credit card data, the auditors would expect you to put enough security around the customer information.
Dell-JoeS So any organization that processes credit cards must comply with PCI?
dell_Gautam Protect the data while in rest (in storage), protect it while in motion (on network) and protect it while in use.
KathyH_Dell_SMB Joe, to answer your question, yes, anyone who processes credit cards must comply.
KathyH_Dell_SMB However, the level of measures that must be in place varies by the total volume of credit card transactions in a year.
dell_Gautam Yes, for most parts, organizations need to show due diligence by having the right solutions, processes, controls and auditing all data. So, data is fully protected, audited, monitored and the company is doing their best to preserve the confidentiality of the data.
Dell-JoeS I know Dell has our layered security page here:
Dell-JoeS Putting together a comprehensive security strategy can be a challenge.
Dell-JoeS Kathy, why did Dell acquire SecureWorks?
KathyH_Dell_SMB Let me count the ways. ;-)
KathyH_Dell_SMB As we've mentioned, security is becoming more and more complex. The security issues are the same for large companies as they are for SMBs. The difference is the access to resources to provide the necessary expertise.
KathyH_Dell_SMB That’s where SecureWorks comes in. They can provide that level of expertise at the fraction of the cost of internal resources, and they're at the top of their game in the managed security services industry. So, it was a perfect fit to enable us to better help our customers in this arena.
Dell-JoeS But they are not consultants that come to your office, right?
KathyH_Dell_SMB True. While they do have consultancy services, their core business is remote monitoring/management of network security appliances.
KathyH_Dell_SMB That's part of what enables the cost efficiency, along with their Sherlock Security Platform.
Dell-JoeS Is that software?
KathyH_Dell_SMB Sherlock is the first-line "brains" that helps to quickly identify the white noise from true security events.
KathyH_Dell_SMB Those real events are then passed to their security analysts for eyes/hands-on.
KathyH_Dell_SMB This allows SecureWorks to see something like 13B events/day, quickly getting to the real events, yet congregating everything they're seeing for analysis, to the benefit of all their customers.
Dell-JoeS So what sized organizations can benefit most from a remote managed service?
KathyH_Dell_SMB All sizes. One firewall, up to hundreds of firewalls, IDs/IPs, etc.
KathyH_Dell_SMB Let me answer your question a different way.
Dell-JoeS Anyone on the chat: we'd love to hear about what you are doing for security in your organization.
KathyH_Dell_SMB The companies that benefit are those that either cannot, or don't want to, staff internal security resources.
Dell-JoeS So Gautam, what do you see as the most significant security threat six months to a year from now?
Dell-JoeS For example, I know a big challenge for organizations is all the mobile devices employees want to use for work.
Dell-JoeS Mobile devices are part of our lives now and they hold all of our secrets!
dell_Gautam As we mentioned, security is ever-evolving. As we see new innovation take place, hackers are finding new ways to compromise that technology. The funny part is, it’s not a matter of what the latest and greatest threat is, but what is that one weakest link in your paradigm that a hacker with a vested interest can compromise for a tangible monetary benefit?
dell_Gautam So, you have to identify what the crown jewels of your enterprise are and what paths lead to that data.
dell_Gautam Having said that, the latest emerging technologies are like you said—mobile is a big threat, since mobile phones today are almost a replacement to laptops.
dell_Gautam We are also seeing emergence of virtualization threats and threat to cloud infrastructure providers or applications provided via cloud.
dell_Gautam To be honest, there is no single solution or attack that a company should focus on. They should look at it more holistically and then work with an expert to decide what’s most important to adequately protect them from both hackers and insiders with a malicious intent.
Dell-JoeS I know that cloud technology is appealing for organizations.
Dell-JoeS I hear security described as a balance of risk versus level of protection.
dell_Gautam That's right. Security is always a balance of security and availability. We want the data to be highly available, yet secure. And that's why there is no silver bullet to solve all the security issues. However, the approach we are following at Dell is that of a layered security approach.
dell_Gautam Our goal is to provide as integrated security a solution with turnkey technology in a box or virtualized appliance.
dell_Gautam We are building on that solution layer with input from our customers.
Dell-JoeS Security will only be as strong as the weakest link.
dell_Gautam We'd love to hear from our customers—their pain points and what they'd like to see from Dell—and then we can architect the best value solution that addresses the most common needs.
Dell-JoeS Gautam, what do you typically see as the layer of security that is most neglected?
Dell-JoeS Is it passwords?
dell_Gautam Very good question. Again, depending upon the enterprise and what kind of infrastructure they have, the answer would change. Having said that, the most common attacks in terms of number or volume are either from people trying to break into your enterprise via your website or sending a lot of dirty traffic to your e-mail systems (spam). Or, viruses that replicate and propagate themselves into billions of clones and/or taking various forms to steal information, etc.
KathyH_Dell_SMB That said, you would be surprised at how many administrators leave the password on their hardware (firewalls, etc.) as the manufacturer's default.
Dell-JoeS I'm glad we offer UTM (Unified Threat Management) products.
Dell-JoeS Well, it looks like an hour has passed already.
Dell-JoeS Thanks, Gautam and Kathy, for chatting about security with me.
Dell-JoeS Thanks, Dennis for organizing!
Dell-DennisS Yes, thanks to Kathy and Gautam for sharing their thoughts on security.
Dell-DennisS We will have the transcript of the chat posted in a couple of days.
Dell-DennisS Also, thanks to Joe for the help in moderating.
KathyH_Dell_SMB Peace and security for all!
Dell-DennisS See everyone next week for our chat on EqualLogic HIT for Linux.