How Symantec Prepares for the Future

Gary Tomic is Chief Systems Architect and Broadcom Fellow working in the Symantec Enterprise Security Division at Broadcom.  Currently he is leading the creation of a cloud native datapath architecture for numerous Symantec Cloud based solutions and services.

Gary, what does innovation mean to you?

Innovation is what enables us to solve customer problems in new ways that improve quality, reduce costs and improve execution speed of the engineering teams by using state of the art technologies. We are using innovation to improve cybersecurity so that our customers can receive better protection from the threats on the network layer in less time. Part of being innovative is tracking the industry roadmaps and determining how we can leverage and bring together innovative tools and solutions from many teams internal and external to Broadcom.

What’s changed in terms of innovation since Symantec became part of Broadcom?

We’ve adopted Broadcom's engineering model, which is very different than the old Symantec model.  The Symantec model was focused on acquiring as many customers as possible, from consumers and to large enterprises, and then trying to meet their varied requirements. The Broadcom model instead focuses our attention mainly on strategic customers have very complex cybersecurity requirements, and we work closely with them to build our technical roadmaps to meet these requirements. We look for ways to innovate and serve the existing customer base and expand our ability to provide value to them.  That was definitely a very nice change as we moved from Symantec to Broadcom as we can focus our entire engineering energy on these strategic initiatives and engagements.

We also benefit from the scale of Broadcom.  As an organization there are things that we can do now, we could have never done at Symantec.  For instance, we have standardized on the Google Cloud and are therefore a very large Google customer. We regularly work with the Google cloud architects and development teams and collaborate on new initiatives that really move the needle for cloud native architectures. We could have never had this opportunity at Symantec as we did not have sufficient scale to have such a close innovative relationship with a public cloud vendor.

We are focused on building an architecture for the next 1-2 years with an eye for where we need to go long term to ensure we have a clear multi-year technical roadmap. 

Why is this important?

This ensures that we maintain industry leadership, earning the trust of our customers by demonstrating a robust roadmap that will meet their needs for many years to come. This roadmap takes into consideration evolving standards, changes in cloud technology and enables us to pivot and incorporate new security features rapidly to ensure our customers are protected from the increasing sophistication of cyber-attacks.  

Can you give some examples of past, present, and future innovation that you’re involved with at Symantec?

 Sure. And I’ll be brief.  But I hope we can go into depth on each of these in future blogs.

Of course.

An example of something in the field today is our Cloud-native firewall service that we introduced last year.  We replaced a third-party solution and completely rebuilt it using our own multi-tenant solution in a very short amount of time using cloud native primitives. In the past this would have taken far longer to build. But, with access to the cloud native tools and paradigms we were able to finish the project in record time. We then had to globally deploy the finished product. Under the Symantec cloud model, we could have expected deployment to take months. Under our current model, we fully deployed CFS in a few weeks and it could have gone faster but we intentionally throttle rollouts as a deployment “best practice.” 

Another popular and innovative feature that we were able to deploy very rapidly is Dedicated IPs. This feature allows our customers to proxy websites through our cloud that can only be accessed using IPs dedicated to the customer tenant. With our modern architecture, this feature was deployed in only a few weeks. Since it required net-new infrastructure, it’s a good example of a rollout that could have taken up to a year using the old physical infrastructure model still embraced by our largest competitors.

We’ve made a lot of progress on integrating all our cybersecurity products and technologies that Symantec has bought over the years.  Our focus up until now has been on data path integrations to eliminate any and all inefficiencies. Moving forward, we’ll shift focus improving the integration of the management plane. The goal is for the customer to always feel like they are using one product rather than several different products that are just deployed together.

One future innovation that is really important is our cloud native datapath initiative. This is taking the existing Cloud SWG solution set that is running in GCP and moving it from the current architecture to an even more powerful cloud native architecture. Most vendors today will claim that their datapath architecture is truly cloud native but there are two problems with this claim. First, we don’t believe you can claim to be cloud native when you’re not deployed in a public cloud, and most vendors are not running in public cloud. Without public cloud, you will always be constrained by your ability to manually deploy capacity throughout the world. Second, Kubernetes doesn’t yet support some of the constructs necessary to make a datapath truly cloud native so we can confidently say that there is no vendor that has a cloud native SWG datapath. We are strategically working with Google on several major changes to Kubernetes that will enable this over the coming year. We've already filed for several patents on the technology that overcome some of the unique challenges of creating a true cloud native datapath solution.

Cloud native datapath.  That’s definitely something we’ll talk about in detail in a future blog.

I’d like to also talk about what Symantec is doing with Encrypted Client Hello, or ECH.  Standards bodies are moving towards further encrypting the channel between the client and the server making it fully encrypted which will completely blind existing security networking solutions. We are participating in the IETF and ITU Standard Defining Organizations as well as working with very large communities towards solutions to maintain appropriate visibility so our solutions will continue to protect our customers from cyber threats. 

The Symantec engineering team is constantly innovating to produce a robust long term architectural roadmap. This is described in more detail here. I am excited to share more about specific innovations in future blog posts.