Adoption of cloud technology, mobility and IOT are among the biggest concerns for enterprise CIOs and CISOs with ransomware, phishing, smishing representing huge risks for enterprises and demand Cybersecurity transformation using layered security approach with AI, ML, analytics, and proactive threat hunting and monitoring.
“CIOs need to maintain constant vigilance to watch out for vulnerabilities in the network, with a solid patch management process to ward off zero-day exploits and ransomware.”
Cofounder and COO
Can you shed some light on the current Cybersecurity Landscape in Indian enterprises?
India is experiencing a major digital revolution, as it exposes itself to new digital ecosystems and technologies; it needs to be aware of the risks involved as well. Digital transformation demands cybersecurity transformation, which needs to be agile, user-centric and automated.
As India is a major off-shoring destination for back office and other high-value business functions, cybersecurity orientation of Indian businesses has been an issue of pressing concern. BFSI and IT/ ITeS sectors drive the Indian cyber security market. Fintech innovation in conjunction with digital business has disrupted the traditional security approach for the financial sector. 88% of respondents in the 2017 KPMG Cybersecurity study expressed their readiness to adopt digital payment methods; therefore this industry is expected to have a large impact on the proliferation of modern cybersecurity techniques.
In India, as well as globally, the focus has shifted from protecting against cyber attacks, to preventing them before they occur. Detection, response and remediation are the Cybersecurity methods being employed now. A single pane of glass offering that combines these proactive methods is what most industries are moving towards, rather than single product offerings.
What are the common privacy related headaches for Indian CIOs/ CISOs? Are they well equipped to handle significant breaches?
The adoption of cloud technology and IOT are among the biggest concerns for enterprise CIOs/CISOs. As cost of data storage drops, the amount of data stored and vulnerable to breaches drastically increases. Another avenue to monitor is the BYOD market. As technology enables employees to be more mobile; ransomware, phishing, smishing, etc., represent huge risks for enterprises.
Another point to note is, given the proliferation of cyber attacks over the last decades, there has been a further spate of compliance measures to be followed. Failure to do so leads to high monetary costs and loss of trust and reputation. CIOs are pressured to be at the forefront of cutting edge technology, however with the adoption of new tech comes new avenues vulnerable to cyber assaults.
What new age security technologies or approaches can CIOs explore to improve aspects like ‘visibility,’ ‘threat recognition’ and ‘response time on zero-day attacks’?
The level of obfuscation and encryption used by malware software is increasing and there is a scarcity of labeled data. The problem with detecting unknown zero-day attacks is that the time and nature of the attack is always a mystery.
A layered security approach using AI and ML can protect against such modern cyber attacks. Using behavioral analytics, big data can be pulled out to detect and prevent such attacks. However, this creates a massive amount of data that human manpower is not up to alone, hence the need for AI. Using behavioral analytics, AI can create signatures that make hidden threats visible, and thereby improve the overall efficiency of threat recognition. Such technology can turn a zero day threat into a known threat.
It is good news for the industry that security solutions are being integrated with technology such as AI, ML, analytics and threat hunting to name a few. However, they have to be made to work well in the context of the organization. Simply acquiring new tools would not solve the problem. Cybersecurity transformation requires proactive threat monitoring. CIOs need to maintain constant vigilance to watch out for vulnerabilities in the network, with a solid patch management process to ward off zero-day exploits and ransomware.
Can you tell us a little about the new Endpoint protection offering from Aujas? How has been the response in US Market?
Aujas’ Managed Endpoint Detection, Response, and Prevention Service (MEDR) combines Endgame’s fully converged endpoint protection platform and Aujas’s managed security services expertise to enable threat hunting, prevention, detection, and response. Traditional cyber security measures such as firewalls and antivirus cannot protect against advanced persistent attacks. The Aujas MEDR is equipped with advanced analytics for investigation and AI/automation for rapid response and protection against similar future attacks.
Our business strategy focuses on leveraging business relationships and partner’s network to identify and make an entry into new accounts. For the US market, Aujas has centered on specific use cases and market segments. The response has been very positive and we are already on-boarding customers on the MEDR platform. MEDR is available as a subscription service, with a comprehensive service catalog and appropriate service levels.
What is your message to Indian CIOs? What improvements can they expect from this new offering from Aujas?
Cybersecurity transformation is the top priority for technology and risk management leaders. Organizations cannot outsource risk management; a component of the strategy should be to partner with technology and service providers for specific areas. At Aujas we have focused our efforts into putting together an automated incident response platform to improve overall efficiency from time-to-detect to time-to-respond for security monitoring and operations.
Offerings such as Aujas’s MEDR could be a right fit for enterprises, with the focus on outcomes as opposed to getting embroiled in technology, integration and service challenges. Privacy by design also helps to ensure that innovation and disruptive technologies in various fields mature safely, at least from data privacy perspective.