Security not just a product but a process and a practice
From the perspective of the enterprises, the fact that they are not able to protect themselves against a malware is a major challenge. “There are different ports which are open with the end users… Web ports, SMTP and SGTP.” A number of people in organizations today use social networking sites, something which has become fairly common with consumerization. “With LinkedIn, Facebook, emails coming in and going out; everything is available on the mobile. When you have such important information stored and there are a lot of ports open; cybercriminals can easily attack can enter into enterprise networks. This is a challenge from the technology perspective.”
The remarkable thing in this context is that there are safety measures which are available for organizations but haven’t been proactively deployed. “This is a major cause of worry. If something has been happening in US and Europe, we need to do it proactively in our own environment here too.”
Sophos sees that a number of recent examples point straight at this shortcoming that enterprises have to deal with. Security breaches like leaked Aadhar details of 13.5 Crore citizens, 3.2 million debit cards which were compromised in October last year and personal detail of 1.4 million pensioners which hacked of a website run by the Jharkhand Directorate of Social Security are but a few famous ones. Very recently, Zomato which is the largest online restaurant guide had a security breach on May 18th and names, email addresses and hatched passwords of 17 million users was leaked. “Now you have WannaCry on top of it.” Sunil further reveals that a number of users from the lower strata are being attacked with phishing mails and ransomware. “This particular data is not being collated and collected. We don’t have a proper picture as to how many users have been impacted across India.”
Synchronized security as a best practice for CIOs and CISOs
Security today doesn’t just end on an anti-virus or a firewall. Newer kinds of threats have given two newer aspects of security and corresponding technologies like UTM, DLP, Endpoint and encryption. Often organizations have various solutions coming from different vendors. There is a perpetual communication gap in these solutions, vulnerability which cyber crooks have been happily taking advantage of. “The first fundamental thing what Sophos did is talk about a concept called synchronized security. This concept is towards the best practices CIOs and CISOs should follow. Enterprises have a lot of pin-point products in their infrastructure but none of the products are talking to each other.”
When we talk about synchronized security, it primarily consists of two things, the network security side and the endpoint security side. In endpoint security, you have different products starting from the advanced anti-virus and ransomware to encryption, endpoint security, DLP, UTM and mobile security everything put together. On the right hand side which is network security, you have access point, email, web, the complete UTM and firewall. It is vital that there is a transparency between these solutions. “When you consider all these security products, there is a dire need to communicate. They need to ask each other if they are okay. This means a heartbeat, a concept which was uniquely introduced by Sophos worldwide and in India.”
Sophos has been advocating this concept to its CIO community, urging them to you use this concept in their organizations to secure endpoints from regular cyber attacks. Sophos introduced InterceptX in September last year. This specialized offering has three components to it: Cryptoguard, Exploit Prevention and Root Cause Analysis. “If we talk about WannaCry,” Sharma explains, “It had two components. One was that it was encrypted data but at the same time it also had a string attached which was actually a worm kind of malware named EternalBlue. That malware was primarily a network-layered malware. Hence, it may enter into networks which do not have security against those kinds of variants available. It will enter into a network and get onto one of the end points.” InterceptX from Sophos has been able to check this malware’s capabilities. “If the customers have deployed InterceptX, the moment this malware is on the endpoint and tries to encrypt data, the solution automatically understands that there is a problem. Whatever data, a very small chunk which got encrypted, goes back to the zero state and the enterprise data was saved.”
Sophos is confident that this solution will succeed even if there is a new variable of the malware that comes along in future which has not yet been analyzed. “Even if you have a zero-day attack happening, you will be saved from the ransomware. That is what Sophos as an organization is working on.” Sophos is also working on a product called Phish threat which is an educational tool primarily training people how to identify such phish mails. “We used it in our organization. What we preach, we execute it in-house too. Similarly, we tell CIOs to make their users aware as to what kind of phish attacks can happen and how can they identify these mails and delete them automatically. These are some of the measures that we have taken from the product point of view.”
A substantial 25% of Sophos’ workforce is working in India of a total 3000 people which are globally present. “This is something which talks a great deal about our commitment towards the audience in India.” Boasting a large footprint in India, Sophos operates a Research & Development Center based out of Bangalore and a Support & Product Development Center based out of Ahmedabad. For Sales and SE operations, which is the cap worn my Sharma for Sophos India & SAARC, he heads an 82 people strong workforce spread across 17 cities. “I am a very sensitive guy and I wake up every morning proud of the fact that today I have the responsibility of protecting the precious data of my customers.” Sharma believes cybersecurity is like a policeman’s job in the physical world and the cybersecurity community should feel honor and pride in the work they are doing. “The revenue we are going to earn comes second. It is a passion for us to do this kind of a job for our customers. “With WannaCry, we dealt with a lot of customers and all customers that deployed InterceptX are safe today.”
