Murali Urs, Country Manager-India, Barracuda Networks in conversation with Enterprise IT World.
With massive digitization happening in the industry, what is the state of security and vulnerability expanding?
The massive digitisation and advent of newer technologies has also brought in some big challenges in the cybersecurity space. Email threats evolve quickly as attackers find new ways to evade traditional email security solutions. In the months to come, highly targeted attacks and conversation high jacking will proliferate as mechanisms for Business Email Compromise (BEC) attacks – making these threats even more convincing, and ultimately more costly. Web application security is often overlooked because most organizations don’t have the resources or skills needed to manage the solutions properly. In addition, many customers presume their hosting service supplies this protection when they may cover some but not all their requirements.
Another threat that is growing rapidly are “Deepfakes” – AI-based spoof images, videos and audios created using computers and machine learning software to make them seem real, even though they are not. Such as that video of Mark Zuckerberg bragging about having “total control of billions of people’s stolen data”, which had gone viral in 2019. Deepfakes will be used to propagate disinformation and even trick employees into making wire transfers. With ransomware, hackers will go extra lengths to make sure their attacks are successful. As more and more customers leverage public cloud infrastructure and solutions, human error will continue to be the primary source of breaches, leading to misconfigurations and overlooked vulnerabilities. The new age social engineering attacks such as spear phishing, vishing and smishing will tend to manipulate users in more convincing ways. All this makes cybersecurity infrastructure and solutions even more crucial.
With so many of solution providers with millions of spend on R&D, why there is no abatement of vulnerability?
The cyber security industry is developing new technologies to mitigate the emerging threats – targeting segments such as email security, data protection & cloud security. Unfortunately, many organizations still have inadequate protections in place. And many of the current application security solutions are too complicated for most organizations to deploy and manage. Even when a business has a solution in place, it usually isn’t properly configured – leading to vulnerabilities.
Security teams are stretched thin. Attacks keep getting more advanced, and there is less talent available to manage it. That is why, the way we approach security needs to evolve too. Lack of awareness could lead to human errors, adding to vulnerabilities. Hence, employees need to be informed about the threats they are facing, and how to recognize suspicious activities. CISOs will need to understand the proliferation of privacy and compliance laws that are being proposed and implemented globally. They also need to continue to make sure they are effective at driving support for key security initiatives with the CEO and board members, capitalizing on the attention raised by increasing security concerns to get the resources they need to address new challenges. It will be increasingly important for security executives to focus on how to integrate security into company culture so everyone in the organization understands the roles they play in keeping the company secure. Business leaders need to be aggressive about data security now more than ever. The masses need to be made aware of threats and how to not fall victim to cyber frauds. With a strong sense of cyber security and response plan, attacks can be prevented and mitigated better.
What are the advantages of Barracuda Networks?
Barracuda always strives to protect customers, data and applications from today’s advanced threats by providing the most comprehensive and easy-to-use IT-security platforms. Our goal is to make it easier for customers to deal with an evolving threat landscape and keep up with the rapid pace of attacks, while helping to build a safer world for all of us. We continue to invest in innovative solutions and work with many of the best technology companies to deliver unique integrations and solutions that solve our growing customers’ needs. Last year, we introduced Barracuda Cloud Security Guardian, integrating with Amazon Detective to provide end-to-end visibility into the security posture of public cloud workloads. We also launched Barracuda Cloud Application Protection (CAP) platform to provide web application security, including a new WAF-as-a-Service solution that is built on Microsoft Azure.
With our comprehensive solutions from gateway defense, resiliency, inbox defense to security awareness, customers can access a full range of security solutions to defend themselves from rising email threats. Our cybersecurity systems also protect networks and apps with cloud-generation firewalls. We offer cloud-integrated security for data storage and recovery, along with automated security policy compliance in the cloud. We also have the right talent to manage it all. Because the future of cybersecurity is about man and machine – using both their strengths. Barracuda provides several innovative tools, such as the Email Threat Scanner and the Cloud Security Scanner, which channel partners can use to help show customers what email threats have gotten through their current defense or the vulnerabilities that exist in their public cloud environments. We plan to build more tools like that that make it easier for channel partners to really understand customers’ environments and illustrate where their security weaknesses lie, ultimately so when can help better protect them for life.
You have solutions for on prem to cloud, what is the competition landscape? What are your competitive advantages?
The growing use of private cloud services fuels need for cloud protection, and the deployment of vulnerablecloud communication technologies makes cloud safety crucial.In its latest report titled ‘Future shock: the cloud is the new network’, Barracuda Networks mentioned that 44 per cent of Indian and APAC organisations said their cybersecurity staff spends four to eight hours preventing and managing cyber-attacks every week. And 84 per cent of Indian respondents said concerns such as security of public cloud infrastructure, the impact of cyberattacks, and security of applications in public cloud, restrict their organisation’s adoption of the public cloud.
Today, attackers move fast by automating the exploitation of misconfigured resources. To defend your network, you mustact fast. Barracuda Cloud Security Guardian polices and automatically remediates your management and data planes by instrumenting and configuring native controls. In addition, it can instantly configure and deploy Barracuda CloudGen WAFs and CloudGen Firewalls as needed to ensure seamless, comprehensive security across your entire cloud infrastructure. Only Barracuda Networks integrates cloud security management with perimeter and network security solutions – i.e., control, data, and management plane security together in a single solution.
Whether applications are deployed on-premises, in the cloud, or in a hybrid scenario, Barracuda Cloud Application Protection (CAP) makes it easy to keep them secure and available. It is an integrated platform that brings a comprehensive set of interoperable solutions and capabilities together to ensure complete application security.
Barracuda Web Application Firewall (WAF) solutions are available both as appliances (hardware or virtual) that can be implemented on premises or hosted in the cloud, and through an innovative SaaS solution that combines advanced functionality with ease of deployment and management.
How are you alleviating the CISO challenges?
Sophisticated and targeted attacks like spear phishing and business email compromise are fast-growing threats, getting costlier by the day. Thus, organisations remain vulnerable and hackers remain a significant threat. We continue to educate the market on the evolving cyberattacks’ landscape and the importance of readiness to respond to cyber-attacks. Such as on how organizations can protect themselves from cyber-attacks, mitigate business impact, and act appropriately with security solutions to recover operations if they happen to face an attack.
We understand that human errors within an organization continue to be the primary source of breaches, making user education crucial. Security awareness training programs keep employees informed about the threats they’re facing, how to recognize suspicious messages, and how to respond appropriately. Through our solution PhishLine – which guards against every facet of social-engineering threats with continuous simulation and training for employees – as well as regular workshops and webinar series available to partners, we embed learning into business processes with customized simulations that test and reinforce good behavior.
What are the real concerns of CISOs?
The top concern for CISOs is undoubtedly the threat of cyber-attacks, especially when organizations embark on their digital transformation – increasing the complexity of cloud and network application infrastructure. And unfortunately, many organizations still have inadequate protections in place. Cybercriminals now operate in a highly sophisticated manner, with a variety of hacking tools available in new technologies. While email and internet-facing applications continue to be the top threat vectors, email threats evolve quickly as attackers find new ways to evade traditional email security solutions. Cybercriminals are also succeeding in making attacks seem more convincing, and eventually more costly. They do this using and manipulating newer technologies, for instance using Artificial Intelligence to power deep fakes.
With the launch of The Personal Data Protection Bill 2019 in India and General Data Protection Regulation (GDPR) in EU, data loss and privacy issues are also on the top of CISOs’ minds. Executives need to be prepared to adapt quickly. The implications of these types of rules can be far-reaching, and they’re bound to get more complex.
Facing the increasing threat of cyber-attacks and compliance, security spending is expected to increase at the same time. Gartner forecasted worldwide information security spending to exceed US$124 billion in 2019, suggesting cybersecurity spending is outpacing general IT spending that would jump 8.7% YoY. CISOs would have to justify the rising security spending and its business contribution and it would be a difficult task.
Although board room discussion mentions security, to what extent CISOs are able to convince the CFOs/CEOs about spent on security?
Cost control and return on security investment (ROSI) are significant challenges for CISOs, as it is hard to demonstrate the positive business impact of security strategies.Barracuda’s latest global cloud research report Future Shock: The Cloud Is the New Network finds that key IT decision making tends to lie within IT directors and CIOs more than CISOs.
Yet, compliance and security concerns remain on the top of the board members’ mindsfor companies are required to follow privacy regulations like GDPR – which made regulation the main driver for security spending in 2019 behind security concerns. Whilethere is growing focus on digital transformation by IT Leaders, security is and needs to be among the top considerations for CIOs or board members in order to enable a safe cloud and cyber infrastructure that could potentially transform organizations into a larger business. These factors help CISOs to convince board memberfor security budget.
What is your product road map?
Attackers are getting more sophisticated every day, and we want to arm channel partners and their customers with the tools they need to keep up. We plan to continue to invest in innovative solutions that are designed to protect our customers for life. Our goal is to make it easier for customers to deal with an evolving threat landscape and keep up with the rapid pace of attacks, while helping to build a safer world for all of us.
By investing in development and expansion of solutions that take prevention, detection, remediation, and automation to the next level; we can help to make it faster and easier for customers to remain secure. We’re committed to making this type of investment across all our product areas, from email security to network, application, and cloud security.
How many cities are you present in India and what is your plan for expansion?
In November 2019, we established our APAC headquarters in Hong Kongto broaden our presence and answer the rising demand of security solutions in the region. India is a strategic country for us.Our recent research finds 86% of Indian organizations suffered from cyber-attacks. It is not surprising that APAC region is at special risk to cybercrime because of its high digital connectivity, low cybersecurity awareness, mounting cross-border transactions and data, and relatively weak regulations. As technology has played a large part in the rapid economic growth, our APAC headquarters will continue to expand our foothold in the region to serve the cyber security needs of companies in APAC and India.