Click here to view his profile.
Anil Chakravarthy (CSE 1989) is the Vice President of India Technical Operations, Symantec Corporation, based in Pune. Prior to this role, he led Symantec's Business Critical and Education Services businesses. He joined Symantec from VeriSign where he served as director of product management and managed the entire product life cycle for VeriSign's application and network security services. Earlier, he was the Vice President of Marketing at Logictier, a managed service provider funded by leading venture capital firms. He has also worked at McKinsey & Co., where he specialized in developing e-business and IT transformation strategies.
Anil received doctorate from the Massachusetts Institute of Technology, and B. Tech. in computer science from the Institute of Technology, BHU, Varanasi. He is also a Certified Information Systems Security Professional.
For Chronicle, Rajat Harlalka (Electrical 2005) took the opportunity to speak with Anil Chakravarthy to learn about his highly successful career and gain an insight into the security industry.
Q 1 – Welcome, sir. For the benefit of our readers, can you tell us a little bit about your background?
Currently I am working as the Vice President of India Technical Operations, Symantec Corporation, Pune,
Previously, I led Symantec’s Business Critical and Education Services businesses, dedicated to helping customers maximize the value of their mission-critical deployments of Symantec solutions.
I joined Symantec from VeriSign where I worked as director of product management. I also served as vice president of marketing at Logictier, a managed services provider.
Prior to that I worked at McKinsey & Company where I specialized in developing e-business and IT transformation strategies.
After graduating from IT-BHU, I got accepted for doctorate program at the Massachusetts Institute of Technology (MIT).
Q 2 – What is the future of anti-virus software? Will virus signatures continue to be the best tool in the arsenal? Are we about to deal with a new level of viruses -- more sophisticated, more dangerous?
Let me give some context about the security threat landscape – this will help to understand the future of the anti-virus (AV) software market. The threat landscape is continuously changing and getting more complex. Today, in addition to viruses and worms, we have a host of other threats such as malware, Trojans, phishing, rootkits, bots, spyware etc. These threats and their effects are more visible to the end-user now than ever before. Attackers are also moving away from large, multipurpose attacks on network perimeters and towards smaller, more focused attacks on client-side targets. The new threat landscape is dominated by emerging threats such as bot networks, customizable modular malicious code, and targeted attacks on Web applications and Web browsers. Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit. They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud endangering the business infrastructure, putting a lot of user data, like personal ids, passwords, finances, confidential data, etc at stake.
Anti-virus software is evolving very rapidly to address these threats. Symantec’s recently released Endpoint Protection 11.0 software is a good example of the breakthrough changes we are seeing in the AV world. First of all, a single agent protects the endpoint (be it a laptop, desktop or mobile device) from all these different threats. Second, AV software now relies on a blend of technologies ranging from anti-virus signatures to behavior blocking to protect against these threats. Behavior blocking, for instance, can protect a system from “zero-day” vulnerabilities, which are security holes that are discovered and exploited by attackers before the vendor has had the opportunity to fix them.
Endpoint protection software will continue to grow more complex and sophisticated. For instance, mobile security will become a bigger issue, as more people connect to open networks with their mobile devices, thus exposing them to security threats. Data leakage prevention is another area where endpoint protection software will play a major role.
Q 3 – How security conscious are Indian companies?
Indian companies and consumers are increasingly conscious about security. This is particularly true of financial institutions, IT / ITES / BPO companies, telecoms, and manufacturing companies that are part of global supply chains, but generally true across the board both for enterprises and consumers. Still, there is a long way to go.
Here is a data point about the increasing security consciousness in India. Dataquest Top 20, India – 2006 has pegged the overall secure content management market at Rs. 121 crore, up from Rs. 88 crore in FY 2004-2005, registering a growth of 37.5%. Secure content management covers antivirus protection, messaging security/email filtering and web content management/web content filtering components. Antivirus is estimated to contribute 75 % of this segment. In the past, the Indian security market has been driven by the enterprise segment. The last two years have also been growing investment from SMEs in security solutions.
This increased security consciousness among enterprises in India has also made security professionals much sought-after. The software body NASSCOM too pegs vacancies in this field at as high as over 188,000 by 2008.
Q 4 – Why do Indian companies not venturing into the anti-virus software security market?
Anti-virus software is extremely complex and sophisticated. In addition to deep security expertise, companies that develop anti-virus software need to have expertise in operating systems, networks, platforms and applications.
Also, it is important to have 24x7 response capability. Security experts such as Symantec have multiple centers around the world that are constantly on the lookout for new vulnerabilities and threats. For instance, Symantec collects data from over 40,000 sensors. Once they collect and analyze the data, AV companies need to quickly develop the response (e.g., signatures, definitions, etc) and ensure that they have a broad distribution capability to deliver the Response to all their users around the world.
Finally, as discussed above, anti-virus is rapidly evolving to become the core platform for delivering protection against a wide variety of threats (e.g. spyware, malware, Trojans, phishing, rootkits etc).
Q 5 – Worldwide, why are anti-virus companies more reactive rather than preemptive in their work? Discovery usually follows activation rather than vice versa
I don’t agree that a company such as Symantec is reactive. If you look at the data from independent organizations such as CERT, there are literally thousands of vulnerability and security threats. Symantec experts proactively research these threats and deliver the Response (as discussed above).
Most Symantec users (be they consumers or enterprises) are not even aware of all the threats they are being protected against, because the updates happen automatically. For instance, Symantec has a system called LiveUpdate which is the core distribution mechanism for delivering updates to end-users. Several hundred thousand LiveUpdate sessions happen daily, which gives you a sense of the scale of the automatic updates!
Occasionally, a threat does surface for which anti-virus companies have not yet developed a response. This is not surprising given the number of threats and vulnerabilities out there, and the complex nature of today’s threats.
Q 6 – Looking back how do you feel about your days at IT-BHU?
I had a great time at IT-BHU. It was the first time I had lived away from home. I grew up in Bangalore and didn’t speak any Hindi when I joined IT-BHU. So it was a huge culture shock initially. But the experience of adjusting to the new environment prepared me for both my future professional and personal life. And I continue to be very good friends with many of my batch-mates.
Q 7 – Please tell us something about your interests outside of your professional life.
I have numerous interests but unfortunately not enough time! Family comes first of course. I also like to read, solve cryptic crosswords and I watch a lot of sports (too much according to my wife :-) ).
(Chronicle would like to extend its thanks to Kerman Kasad, Head-Corporate Communications, Symantec Corporation, India who helped us extensively in getting this interview done.)
Additional Links:
Symantec’s Centre of Innovation
http://www.expresscomputeronline.com/20070716/market06.shtml