ManageEngine build and offer more than 60 different software solutions that solve challenges for IT
Most of the cloud-based security incidents faced by organisations are due to settings not being configured properly. In fact, a majority of incidents have happened due to a single misconfiguration
Mr. Ram Vaidyanathan, Cybersecurity Evangelist, ManageEngine
Share the brief about the organization and what are your service offerings?
ManageEngine is the IT management division of Zoho Corporation, and it was founded in the year 2002. We build and offer more than 60 different software solutions that solve challenges for IT administrators across four broad areas: IT service management, IT operations, endpoint management, and cybersecurity.
In the realm of cybersecurity, we have two major software solutions, AD360 and Log360. While AD360 enables organisations to implement effective identity and access management policies, Log360 is a unified SIEM solution with cloud security and data loss prevention capabilities. All of our solutions are easy to install, deploy, and use. They feature intuitive dashboards and give actionable insights. Our mission is to bring all of IT together and help IT administrators make intelligent decisions.
How has hybrid work culture paved the way for an increase in cybercrimes?
Hybrid work has paved the way for an increase in cybercrimes in the following ways:
- Data is not protected by firewalls anymore: In traditional corporate networks, sensitive data was protected by firewalls, VPNs, and intrusion prevention systems. This was because the data still resided within the walls of a business. But today, data can be anywhere; in fact, more and more data is housed within the cloud. In such a climate, the risk of identity-based attacks is high.
- The use of SaaS-based applications: The average employee today uses more than 10 cloud applications for work purposes. While this has productivity benefits, it also carries the risk of both malicious and unintentional data leakage.
- The use of unmanaged devices: Employees in a hybrid setup tend to use their own personal devices such as laptops, mobile phones, and tablets for work. Many times, these devices are not patched properly and carry vulnerabilities that are exploited by attackers.
- Use of unsecure networks: The corporate network within the perimeter of a business may be adequately protected; however, in today’s hybrid environments, employees work from homes, coffee shops, co-working spaces, airports, and even airplanes. These networks are not secure and are susceptible to adversaries intercepting and stealing data.
What are the various challenges faced by organisations while operating in a cloud-based security environment?
The biggest security challenges while operating in a cloud-based environment are as follows:
- Cloud misconfigurations: Most of the cloud-based security incidents faced by organisations are due to settings not being configured properly. In fact, a majority of incidents have happened due to a single misconfiguration.
- Use of shadow applications: Many organisations don’t know the type and extent of applications used by employees. Many employees use unsanctioned applications to aid in their work; however, these applications could have security vulnerabilities and data could be leaked.
- Data exfiltration: In a cloud environment, employees may maliciously or unintentionally download sensitive data into third-party applications. This is not ideal in terms of security. Furthermore, this data could also be easily shared with unauthorized collaborators.
- Lack of visibility: More than 90% of organisations around the world use a multi-cloud strategy. In such a climate, it’s difficult for organisations to get visibility into all user activity in a single pane of glass. This is critical to monitor activity across different cloud deployments and correlate events to detect threats.
How does Zero Trust help secure the data infrastructure of organisations?
Zero Trust helps secure organisations’ sensitive data through:
- Moving controls as close to the data as possible: Security and access controls need to be placed as close to the data as possible to reduce the attack surface. This is why the use of a VPN is not enough to secure sensitive data.
- Microsegmentation: The network must be divided into logical microsegments to maintain granular access and security controls.
- The principle of least privilege: Users should only get the minimal level of access necessary to perform their jobs (just enough access). Access privileges should be based on risk levels and roles. Just-in-time access should also be implemented to limit the amount of time users have privileged access.
- The use of dynamic policies: Authentication methods should be based on user context and the sensitivity of the resource being accessed. Context includes the device location, device state, and network health.
- Comprehensive, continuous log collection: It is vital to constantly check for threats and reassess trust. The collected logs should be used to improve the organisation’s security posture.
ManageEngine’s role in helping organizations understand and ensure seamless implementation of Zero Trust?
Zero Trust is a philosophy, and organisations need to first plan their vision before implementing it. ManageEngine crafts software that enables organisations to implement several aspects of Zero Trust. ManageEngine solutions can help organisations perform:
- Asset and data discovery.
- Multi-factor authentication.
- Single sign-on.
- Identity and access management.
- Dynamic analysis of logs from all parts of the network.
- ML-powered anomaly detection for proactive threat detection based on risk scores.
ManageEngine provides two solutions, Log360 and AD360, that help with effective threat detection and identity and access management, respectively.
Potential of AI and automated architecture to ensure agility and intelligence in threat remediation
AI and automated architectures will become essential for effective Zero Trust. AI can be used to:
- Set baselines of expected activities for users and devices.
- Recognise deviations from the baseline and assign risk scores accordingly.
- Proactively detect threats in the network based on behaviour instead of signatures.
- Gain visibility into the organisation’s security posture.
- Create playbooks and workflows for automatically responding to threats.
What have been your organization’s achievements and your future plans? Elaborate.
- We have been recognized in the Gartner Magic Quadrant for SIEM for the last six consecutive years.
- We have been featured and recognized by analyst firms such as Forrester, KuppingerCole, GigaOm, and Quadrant Solutions.
- We have won awards such as Cyber Defense Magazine’s award for UEBA, threat detection, cloud security, and more.
- For more information, please see: https://www.manageengine.com/log-management/log360-awards-and-recognitions.html.
