Cloud Adoption Skyrocketing the need of Security Services

With a vision to empower all organizations to understand and reduce their cybersecurity risk, Tenable India has pioneered the IT Vulnerability Management market. The company is at the forefront of innovation in this new era to help organizations of all sizes rethink how they secure the modern digital enterprise as the pioneer of the emerging Cyber Exposure market. In a chat with VARINDIA, KARTIK SHAHANI, COUNTRYMANAGER, TENABLE INDIA depicts about the key security trends and technologies, how Tenable dealt with the pandemic and steps taken in the post-pandemic era.

KEY SECURITY TRENDS

Zero-trust network models are increasingly used to secure the remote work environments.

According to Kartik, as employees continue to work from their homes or begin the migration to a hybrid working model, this trend will continue. “Home networks are untrusted, personal devices are unmanaged and often not configured properly. Zerotrust network models are increasingly gaining popularity as a strategy to harden security. Authentication and authorization of users, devices, and applications will become critical as organizations adapt to the remote work environment with unknown and untrusted connections,” says Kartik.

Cloud (SaaS) security needs will increase along with increased cloud adoption

Kartik feels cloud targeted attacks are increasing with malicious actors targeting remote employees and tricking them into providing access to cloud services that should be protected. This is driving demand for improved security controls in the cloud. Traditional vulnerability management solutions lack the ability to continuously discover and assess cloud assets for vulnerabilities. Many cloud-only solutions provide siloed security visibility to secure a fraction of the attack surface.

He further comments, “SaaS applications have a myriad of security settings, and these settings need to be configured and audited. This ensures that access to the application is granted only to those that need it, and that the correct authorization levels are maintained. Many cloud security solutions focus only on cloud configurations and not vulnerabilities. Although a cloud vendor may be responsible for maintaining the security of the overall application, it is up to each user to ensure that their own settings are correctly configured and maintained for the specific requirements of the organization.”

Critical Infrastructure security becomes a priority

“As our reliance on mission-critical systems becomes even greater, ransom prices will undoubtedly rise and attacks increase. In times of crisis, the infrastructure and supply chains that underpin a society — agriculture, food and beverage manufacturing, pharmaceutical development - accelerate operations.” Security leaders must, therefore, ensure the uptime and security of critical systems now and into the future,” perceives Kartik.

The latest security technologies

Traditional approaches to cybersecurity are being put to test daily with organizations in India expected to adopt a hybrid work model over the next 12-24 months. Cybersecurity strategies that worked before the pandemic are now ineffective as continuous monitoring fragmented networks is a challenge. Kartik comments, “Tenable’s Nessus Agents is effective in assessing remote users that may not consistently or ever physically plug-in to the corporate network. It helps customers track environmental changes and discover newly released vulnerabilities or existing ones introduced into their environments. Frictionless Assessment and Cloud Connectors provide our customers with insight into what cloud virtual machine instances are configured and automatically assess them without deploying additional software or scanners. One of the most common vulnerabilities cybercriminals exploit is in the Active Directory. Tenable. ad provides real-time insights into changes in AD that introduce risk and attacks on the AD infrastructure.”

Steps taken to start the new normal

As per Kartik, “The shift to remote work has contributed to the rise in cyberattacks across the board. Apart from being available to our customers 24 x 7, our Tenable Research team has and continues to work around the clock to publish the latest research on cyberattacks, phishing attempts and other opportunistic behaviours so that our customers can stay informed.”

Tenable’s directory security readiness check

Discussing about fixing the security flaws Kartik points out, “Tenable.ad enables organizations to identify and prioritize weaknesses within the Active Directory domains and reduce exposure with the help of the remediation guide. Organizations can detect AD attacks like DCShadow, Brute Force, Password Spraying, DCSync among others. It helps identify dangerous trust relationships, catch every change in the AD and make the link between AD changes and malicious actions. Tenable.ad combines riskbased vulnerability management and AD security, to disrupt the attack path, ensuring attackers struggle to find a foothold and have no next step if they do.”

Dealing with the pandemic

In the new world of work, employees are no longer bound to their office desks and can log into the corporate network from anywhere. Against this backdrop, organizations need an option where security teams can scan devices outside the perimeter of the office. Kartik comments, “Nessus 10.0 available on Raspberry Pi was released in October this year and it is designed for portability, especially for those whose job functions require mobility in locations like pen-testers and consultants. Nessus 10.0 is a plug-in feature, which increases scan performance while also decreasing scanner memory overhead. Since each environment is different and every organization has different requirements, there is a customizable reporting functionality that can be optimized to meet specific needs. Nessus 10.0 enables a debugging capability to troubleshoot customer scanning issues.”

To Conclude

While winding up Kartik says, “Earlier this month, we established a local cloud instance for its software-as-a-service (SaaS) solution, Tenable.io, on Amazon Web Services in the Mumbai region in India. As a cloud-first company, we understand the importance of the cloud in the new normal. The new cloud instance enables organizations to benefit from the provider’s breadth and depth of cloud capabilities while adhering to local data regulations and requirements.”