Life was very simple some years back, we used simpler technology to stop bad people. We used anti-malware, blacklisting tools, by doing this we wanted to do good business and we continued to do business. However, today in cybersecurity world you can’t really trust what you see, says Vijendra Katiyar, Director, Enterprise Business, Trend Micro during 7th NBFC100 Tech Summit in Chennai.
In today’s world dealing with bad people is really difficult. Because with the number of applications you are using in your organisation, the number of vulnerabilities is also increasing. Every day we find out that there is a new vulnerability.
In May 2017, WannaCry ransomware crypto-worm affected so many organisations across India. It was at the end of the financial year, and this cyberattack was targeting the C-suite officers of the organisations broadly. The way it was delivered was simple, you open your mail and the virus will encrypt your laptop/desktop and from there you have to decide you want to pay the ransom or recover the data. How ransomware has evolved today was not the case before. Today we not only have to worry about one system but the entire network.
Today Zero Day vulnerabilities are running in N numbers. So, dealing with black is not going to work. If you don’t have the right kind of visibility inside your organisation you won’t be able to say if you are compromised or not.
It takes about 250 days to identify or to contain a threat and more time you take to contain or identify a threat it runs into millions of dollars. So, that’s what organisations going to suffer financially.
We are caught in a perfect storm where there is lack of visibility. As per one of the surveys, which was done with CXOs across Asia-Pacific, 80 percent of them were not able to tell whether they are compromised or not because of the lack of visibility inside the organisation.
Another area which we are lacking behind is the skilled man-power. On an average, there are about 25 different security tools in an organisation and they throw all kinds of alerts. And then we figure out that we don’t have skilled manpower to understand these reports or logs. So, companies need to work on the training of our employees to make sure that alerts can be read at the right time.
Data Centres have evolved over a period of time. From the physical server to virtualisation it took some time. From there we adopted Clouds and now we are talking about containers, dockers and serverless environment. As per the statistics, 71 percent of organisations have already adopted dockers and containers because it gives them the agility to run their business. And the traditional method of saving these data centers is not going to help. Because in the serverless environment there is no infrastructure there is just a code or application that is running, you got to secure it.
As per the study by Gartner titled, ‘Adapt a safer technology’, in 2017, it defines what organisations need to do to ensure you are equipped to deal with this advanced threat. Prevention is Futile, but it’s just getting difficult. You cannot keep on adding layers of technology, the organisations need to focus on the detection and response.
Artificial Intelligence and Machine Learning have to be implemented when it comes to security, which means response. There are standard responses that have to be automated we don’t need manual intervention there.
Today End Point Detection and Response (EDR) has become a buzz word. It helps you to identify the root cause, in threat hunting, tells you about the system which has been compromised. It is a very effective tool, however, it comes with a lot of things and reporting that has to be understood. The ideal way of looking at EDR is a convergence of end-point protection platform an EDR having a single, collaborative agent that can secure your environment. EDR can be an extension to your traditional anti-virus.
In 2018, we launched managed detection and response program in India, wherein the entire scope is very different, it is not just restricted to end-points we look at your networks, data center, IoT devices. With this, we can detect the threat and what it can lead to. These are the services we are providing to our customers in India.
According to a report by Gartner, 5-6 years back if you talk about sandboxing, it was very popular, how the adoption was? There were some set of customers which adopted sandboxing as technology and spent millions of dollars. If you go and ask any particular vendor in security if they offer sandbox as a solution. His reply would be yes. This brings to us that if everybody is offering sandbox as technology is it an extension of technology or it is a feature of technology by itself. Because we have to think about it accordingly.
Similar is the situation with EDR, right now it is at the peak of the cycle, and we might look at a lot of stand-alone EDR which may ask you to pay millions. But it’s not the case, you need to see its an extension or the feature.