Are we fully secured from the ‘bloodless’ cyber war?

Cyber security in India has become a common board-room talk in most of the organizations and with thrust on digital India, eCommerce and digital payment; it has gained even more importance in recent times. The challenge is however - can we secure the world from the bloodless war? 
 

Cyber security has gained such prominence in the last few years that it has also been identified as one of the key areas of development by PM Narendra Modi. Today’s digitally connected world presents a high risk of exposure to cyber attacks which are also the most sophisticated ones. As more data becomes readily available and information sharing becomes a norm, customer trust, corporate control and data privacy are all at risk.  

Increasing need to secure information...
As the world enters the brave new world of compliance, cyber threats will continue to evolve. With the rising concerns on cyber security, organizations are mandated by regulators to protect sensitive and private information in many different ways; demonstrating diligence in maintaining accurate inventories of personal data, where it resides, and how and where it is transmitted and handled. 

Rajnish Gupta
Regional Director, India & SAARC, RSA

Connecting security incident with business context to manage risk and protect what matters most is what RSA calls Business-Driven Security. This also helps bridge the ‘Gap of Grief’.
 

Jitendra Ghughal
Director Channels, India & SAARC, Fortinet

"Security professionals are beginning to believe in taking an architectural approach that integrates tools into a single system to achieve real defense in depth and shorten the time between detection and response."

Nilesh Jain
Country Manager - India & SAARC, Trend Micro

"Trend Micro is working closely with most of our customers to ensure that they are fully aware about all kinds of attack vectors."

“Increasing advocacy and awareness on Data Privacy has resulted in more pressure on organizations to provide customers with insight and the ability to request at any time how much of their personal data is being kept and how it is being used. Regulatory challenges, if left unaddressed, could threaten the stability of the financial system. More robust and comprehensive data governance and privacy assessments need to be regularly conducted in order to ease compliance burden against the backdrop of a fast-evolving regulatory landscape,” says Rajnish Gupta, Regional Director, India & SAARC, RSA.

He further continues, “Connecting security incident with business context to manage risk and protect what matters most is what RSA calls Business-Driven Security. This also helps bridge the ‘Gap of Grief’. Both security and business leaders want to understand to what degree security incidents, be it from cyber or data privacy, impact business objectives, business continuity, intellectual property, and damage to reputation, among other things. The inability to do so is what we call the “Gap of Grief”. Organizations will need to have these three most critical elements for a sound security strategy; rapid response and detection, control at the user access level, and business risk management. It’s time to thrive in an uncertain, high-risk world. It’s time for Business-Driven Security.” 

“Modern networks are complex, with undefined perimeters and elastic architectures,” says Jitendra Ghughal, Director Channels, India & SAARC, Fortinet. “At the same time, modern cyber attacks are more frequent and sophisticated, identifying and targeting specific vulnerabilities and incorporating code into their malware that can detect and evade security. As technology evolves and cyber attacks have become more threatening, IT teams have had to incorporate additional security solutions along the way to protect data across their distributed networks and virtual environments. This sort of organic sprawl results in what many security professionals refer to as accidental security architecture.”

What many customers may not realize is that their gradual implementation of separate security platforms across each networking layer, including the Cloud, has actually limited their visibility and control and hindered their ability to implement an effective security strategy.

Security solutions from vendors –

Trend Micro
Trend Micro TippingPoint next-generation intrusion prevention system (NGIPS) solution detects and blocks attacks in-line in real-time.
It also provides endpoint security solutions like Trend Micro Smart Protection Suites, and Worry-Free Business Security to protect users and businesses from the threats by detecting malicious files, spammed messages and to block all related malicious URLs. Trend Micro OfficeScan with XGen endpoint security infuses high-fidelity machine learning with other detection technologies and global threat intelligence. 

F5 Networks 
F5 uniquely enhances organization’s security strategy with the broadest portfolio of app-centric security solutions and services in the market.  F5’s contribution to the security strategy goes beyond security solutions to include programs like F5 Labs, providing actionable application threat intelligence; the F5 Security Operations Center (SOC) and Security Incident Response Team (SIRT), providing intelligence services and monitoring to more effectively identify threats and deliver immediate response. 

eScan
With its strong R&D capabilities, eScan has incorporated technologies like Terminal Services Protection module (TSPM) to detect & mitigate brute force attempts. eScan’s EPP and EMM solutions are an integral part of eScan’s enterprise range of products, with MDM and Hybrid Network Support such as eScan Corporate 360, eScan Endpoint Security and eScan Enterprise 360. Furthermore, the new eScan Management Console (EMC) module includes a Secure Web Interface that facilitates dynamic security management of the server, endpoints and mobile devices in the corporate network. 

Fortinet
The Fortinet Security Fabric offers customers a unique resolution to security sprawl with its connected end-to-end security architecture.  It offers integrated tools that cover customer’s entire IT infrastructure, including application protection, security for public, private, multicloud, endpoints, networks, data centers, and more. In addition to integrate its own family of security products into the Security Fabric, Fortinet also offers the Fabric Ready Partner Program to ease Security Fabric deployment for both its Channel Partners and customers by allowing tools from third party vendors to interoperate across the Security Fabric. Fabric-Ready integrated solutions are pre-validated and ready for deployment. 

Sophos
Sophos’ XG Firewall stops evasive network applications that were going unidentified. It also has the ‘synchronized security’ its real time threat intelligence system that works together with network and endpoints to combat known and unknown threats.

Having to manage each of these tools and hand correlate data between them, especially as networks become more decentralized, puts significant strain on IT teams, which are generally already understaffed due to the current IT skills gap. As a result, they are more likely to miss important threat intelligence, as they do not have the time to adequately analyze and crosscheck data collected from multiple sources. The complexity of many Security Information and Event Management (SIEM) protocols means that far too often IT is simply unable to respond to even the incident alerts they know about. While many IT security professionals recognize that SIEM protocols can provide valuable benefits, 68 percent say they would need additional staff to maximize its value.

“Security professionals are coming to realize that the solution to an overly complicated security suite is not to continue to deploy more security tools. Instead they believe in taking an architectural approach to security that integrates tools together into a single system and incorporates machine learning and automation to achieve real defense in depth and dramatically shorten the time between detection and response,” says Jitendra.

Sunil Kripalani
Senior Vice President, Global Sales and Marketing, eScan  

"In our endeavour to remain at the crest of the growing security challenges coming from multi vector attacks, we have strengthened our technologies by relentless efforts from our R&D team."

Sunil Sharma
managing director sales, Sophos India & SAARC

"Sophos continues to enable business readiness to stay a step ahead of cyber threats. The security market has focused on scanning executables for anti-malware, but now we see a growing number of data breaches."

Advocate Prashant Mali
Bombay High Court Lawyer and International Cyber Policy Expert

"While some organizations spend only on prevention, in cyber space as new threats loom large, organisations need to be reactive to threats and should also have strategies in place to find the perpetrators."

Parag Khurana
Managing Director, F5 Networks India & SAARC

"At F5 we believe that the next iteration of security challenges to business will come from “Bad actors” that will not distinguish between a private business or a government business."
 

Trend Micro on its part has an optimized and connected security strategy, with separate team for government, large and mid-enterprises as they have different set of requirements. Its approach is very simple with a focus to protect customers irrespective of whether it is latest or conventional attacks, with comprehensive solutions, which cater to customers at all entry and exit points for attacks, including email gateway, web gateway, network or endpoint. “Our job is not only to protect enterprises from cyber-attacks, but also to prevent and prepare companies to tackle it themselves. And hence, we are working closely with most of our customers to ensure that they are fully aware about all kinds of attack vectors and the precautionary measures are taken accordingly,” says Nilesh Jain, Country Manager - India & SAARC, Trend Micro.

With its strong R&D capabilities, eScan has incorporated technologies like Terminal Services Protection Module (TSPM), MicroWorld Winsock Layer (MWL), Proactive Behavioural Analysis Engine (PBAE), Host Intrusion Prevention System (HIPS), Domain & IP Reputation Check and Non-Intrusive Learning Pattern (NILP) Technology to provide real-time protection against Ransomware, DDoS, APT and other cyber-attacks. “In our endeavour to remain at the crest of the growing security challenges coming from multi vector attacks, we have strengthened our technologies by relentless efforts from our R&D team,” says Sunil Kripalani, Senior Vice President, Global Sales and Marketing, eScan  
International Cyber Policy expert, Advocate Prashant Mali however feels that organisations spend too much on prevention but they need to be reactive to threats too. “While some organizations spend only on prevention, in cyber space as new threats loom large, organisations need to be reactive to threats and should also have strategies in place to find the perpetrators. Cyber Insurance should be on board agenda and the policies should be seriously evaluated by expert lawyers before buying,” he reiterates.

BFSI remains the main target for security hackers and being aware of this they have stepped up their cyber security defenses. Yet, it has not hindered cybercriminals from continuing to hack away at banks and financial firms’ defense.

According to a recently released Sophos Labs 2018 Malware forecast report that recaps ransomware and cyber threats trends, no platform is immune. Cyber threats will continue to grow in numbers and complexity. 

“Sophos continues to enable business readiness to stay a step ahead of cyber threats. For years, the security market has focused on scanning executables for anti-malware, but now we see a growing number of data breaches occur due to exploits. As a result, we have pushed aggressively into the realm of next-generation anti-ransomware exploit detection and prevention with Sophos Intercept X that fights zero day malware and unknown exploit variants. In a nutshell, being proactive in cybersecurity will ensure business continuity,” says Sunil Sharma, managing director sales, Sophos India & SAARC.
 

Overcoming security threats...
As was with last year, sophisticated ransomware attacks will continue in 2018, but in a more specialized and targeted manner. While this year, security for a handful of public cloud providers were compromised, next year, one can expect attack on applications and data of customers which are hosted in public cloud without adequate protection. 

“India has already experienced the exploitation of ATMs, through ransomware attacks. The year 2018 will experience more of similar targeted attacks at the ATMs. While earlier physical attacks on ATMs were common, malware attacks on ATM were not much heard of, till mid of last year. Momentum of similar attacks is going to pick up with hackers going behind ATM machines,” reminds Nilesh.

“Threats are evolving so quickly on the black hat side that the only way to combat them is through automated and intelligent defense layers that can quickly identify new and existing threats and then make decisions to mitigate them. This type of cybersecurity defense is called “actionable intelligence.” It requires deploying interconnected security solutions everywhere across your expanded network, including deep into the cloud. The goal is to create a security solution that is able to see and identify the stages of a threat and then make a decision on its own. Such an expert system is able to identify and block attacks at network speeds so that we don’t have to rely on humans, who often miss too much and respond far too slowly, to take action,” suggests Jitendra.

And all of this needs to happen automatically, everywhere and at the same time across the entire distributed network. This includes physical and virtual environments, distributed data centers, remote offices, IoT and mobile endpoint devices, and even deep into the multi-cloud, including everything from complex infrastructure solutions to simple cloud-based services. “Actionable intelligence combined with expert systems empowered with automated processes that enable autonomous decision-making is the future of cybersecurity,” he says.

Advocate Prashant Mali maintains that it is high time for organisations to establish a cyber security culture immediately and it should be every organisation’s goal. “Organizations should have legally vetted incident response policy which is to be drilled every year. They should spend on human dimensions of cyber security. Every single agreement every organisation has needs to be vetted in the light of cyber Risks.”

F5 Networks also believes that dialogue is always positive. Discussion and deliberation among boards and enterprise leaders are an imperative and help safeguard the organizations from possible threat. “However, our recent Global CISO report (conducted in partnership with Ponemon) found that security strategies are still only a reaction to threat rather than a proactive approach. The findings are in line with what we have witnessed in the market. At F5 we believe that the next iteration of security challenges to business will come from “Bad actors” that will not distinguish between a private business or a government business,” states Parag Khurana, Managing Director, F5 Networks India & SAARC.

He further continues, “The conversations so far mentions securing business networks from external threat whereas in an increasingly digital world and the advent of personal hand held devices the threat vectors have shifted. We have observed that almost 9 out of every 10 attacks utilize vulnerabilities at an individual user level. Hence, we believe the approach should be to focus more heavily at securing applications to consequently secure the network.”
While cyber threats of a higher magnitude continue to be a global phenomenon and cyber security becomes an integral part of national security, there lies a huge opportunity for India to lead in the cyber security space through innovation and leadership. 

Samrita Baruah 
samrita@varindia.com