The ever-evolving Technology presents a new challenge to the enterprise just as it solves other problems. Rajiv Singh talks about the role the latest technological trends play as far as the Security in the Enterprise Market is concerned.
Tech Mahindra has partnered with promising security Startups to address issues like Artificial Intelligence, IoT (Internet of Things) Security, and Critical Infrastructure Security. The objective is to address the growing needs of the enterprise customers globally and build a mutually beneficial relationship. ”
Rajiv Singh, Senior V.P. & Global Head of Enterprise Security & Risk Management, Tech Mahindra
What are the technological trends that you have witnessed in the industry that have improved your services and what are the trends you think should emerge?
With an increase in the cyber security incidents, securing networks and protecting data is becoming crucial to organisations. According to Cisco Security survey, India faces one of the highest cyber security threats in Asia-Pacific region. With an increase in the incidents of security breaches, there is an uptake in cyber security budgets. As per EY’s Global Information Security Survey 2018-19, around 70% of the organisations plan to increase their cybersecurity budgets. The companies will have a renewed focus on protecting and improving network infrastructure.
Tech Mahindra has partnered with promising security Startups to address issues like Artificial Intelligence, IoT (Internet of Things) Security, and Critical Infrastructure Security. The objective is to address the growing needs of the enterprise customers globally and build a mutually beneficial relationship. We have developed the World’s First AI-Powered Predictive Cyber Risk Platform that can predict and proactively avoid cyber-breaches by continuously monitoring IT inventories and take appropriate mitigating steps.
Our end-to-end security portfolio has disruptive solutions like continuous Security Assurance, Industrial IoT security, anti-email spoofing & threat score card that provides a transparent view of the risk resiliency of the organization and offers continuous assessment capabilities. Tech Mahindra’s intelligent Security Operation Center can prioritize the actionable intelligence for proactive handling of identified critical risks. It can also provide key insights to board members of the organization and accurately measures overall breach risk and cyber-resilience. Tech Mahindra in partnership with the US based Startup, has built Automated Security Assurance Platform (ASAP), that provides continuous assurance on compliance and risk management to the shareholders and assures the Board of Directors of the risk posture capability of the Enterprise. We have also partnered with an Israel based startup to develop advanced cybersecurity solutions like cybercrime investigation, cybercrime policing &analytics.
What are the current technological challenges faced by the CISOs from a security point of view?
Today, businesses are digitally transforming themselves at a rate faster than before. Businesses across key sectors are increasing their digital budgets in order to create new business models. With Internet of Things becoming more pervasive, security related responsibilities are getting complicated. Hence, the biggest challenge for CISO is to protect and secure the network from possible security thefts.
According to NASSCOM, India is one of the most vulnerable nations in the world when it comes to cyber-attacks. Therefore, it is critical for CISOs tobecome leaders who protect data and stay ahead of the game through continuous learning. The rise of ransomware is also a massive challenge for CISOs. According to a report by Cyber Security Ventures, ransomware damage costs are predicted to hit $11.5B by 2019 and cybercrime damage costs will hit $6 trillion annually by 2021. Hence, protecting sensitive data from the hackers is crucial to organisations. Other challenges for the CISOs include -compliance assurance, compliance management and ensuringcompliance with GDPR, Australian Prudential Regulation Authority (APRA), California Consumer Privacy Act (CCPA) and other similar standards.
The vendor landscape has started to leverage AI & ML for protecting the threat landscape. What is your organisation proposing to customers?
Key initiatives by Tech Mahindra to provide protection against the threat landscape includes:-
- Providing contextual threat intelligence, SOAR, Endpoint-detection and Actionable Intelligence with a single pane of glass as part of the tools stack via aid of partners’ tools/ platforms.
- Utilising threat intelligence from aggregators that contextualize STIX/TAXII and over 150 commercial feeds besides ISAC (Information Sharing and Analytics Centre) and ISOC (Integrated Security Operations Centre), US Cert and other neutral entities.
- LeveragingAI/ML to contextualize raw feeds and enhance the context, remove duplicates and false alarms
- Provide Digital-Forensics Analysis, anti-spoofing, anti-phishing services
Is “Zero Trust” the next BIG wave in Cybersecurity?
With businesses investing heavily in digital models, the world is becoming more connected than ever before, making businesses an attractive target for hackers. Hence, the legacy approach that relies on trusted and untrusted domains can no longer help in providing full proof protection to companies. This has led to the emergence of a ‘Zero Trust Network’. A zero trust network looks at everybody equally. It works on the assumption that one cannot separate ‘good guys’ from the ‘bad guys’. It is a holistic and strategic approach to protect the network and ensures security of the devices againstall possible security breaches.
IoT devices and IT/operational technology integration have dramatically expanded the attack surface. How does the new perimeter-less world save itself?
Tech Mahindra helps secure entire IoT value-chain from the devices at the edge of the networks, right up to Cloud. We conduct end-to-end security testing to verify – Security of the device (Baby Monitor), Security of Mobile-application, Testing of protocols, including Fuzz testing, Back-end server infrastructure : Web, SIP & XMPP servers, Crypto-analysis (cypher, Hash, certificates), Database security, and Secure code review.
Tech Mahindra offers solutions for OT (Operational Technology) Security Assessment by providing services like Security Assurance Testing, Compliance to Standards: NIST-800-82, IEC-62443, SANS top 20, NERC-CIP, Blackbox (Fuzzing) and Grey Box testing, Centralized point of monitoring, Control & Reporting, Complete IT/OT visibility, Asset Management, Detect known and unknown threats across cyber kill chain, Early warning – Actionable Alerts and Security Information and Event Management (SIEM) Integration
What are the services offered by Tech Mahindra with respect to Security in the Enterprise Market?
Tech Mahindra’s end-to-end security portfolio has disruptive solutions like Continuous Security Assurance, Block chain based Industrial IOT security, Anti – Email spoofing & Threat score card that can provide a transparent view of the risk resiliency of the organization and provide continuous assessment capability. Tech Mahindra’s continuous security platform protects any application, patched or unpatched, across the full application stack from file less threats to binary memory-based attacks. Itstops threats in real-time, delivering unprecedented accuracy without false positives.
By 2020, over one-third of all data will live in or pass through the cloud, with data production in 2020 being estimated at 44 times greater than it was in 2009. Given the global drive towards strong national privacy regulations, Tech Mahindra has developed MyData Shield, world’s first global privacy ecosystem that protects the individual’s right to privacy, consent and grievance redressal across multiple industries simultaneously, including health care, financial services, retail and government. MyData Shield supports integration with national identity and trust infrastructure, such as India’s Aadhaar biometric registration service.
Tech Mahindra also has an expertise in cyber crime investigations, starting from the social media crimes and identity theft related issues to high end financial crimes like Cryptocurrency Investigations and hacking. We examine the issue of cyber investigations and digital evidence like text messages, emails, pictures, videos in detail.
With Unique blend of tier1 OEM tools coupled with high-growth startups; Tech Mahindra delivers managed security as a service. The customized services include: Threat Monitoring, Analytics and Incident Management, Security Infrastructure Device Management, Threat Surface Management Services, Brand Monitoring and Protection Services , SOC in a Box, VAPT, Compliance Audit, Identity & Access Management, Risk Consulting, GDPR as a Service, Security Audit/Strategy, Cloud Security Monitoring and ETDR as a Service.
What is your roadmap in Cyber Security?
Tech Mahindra aims at building an expertise around Cyber Crime Investigation and Digital Forensics. Further, we are also hosting training programs for in house capacity building of the force. We have trained more than 2500 police officers through various works shops and trainings programs through such events. Tech Mahindra also plans to address the trend towards utilizing Big Data.