Nilesh Jain, vice president—South East Asia and India, Trend Micro speaks on how CISOs and CIOs in India can mitigate the risks in a systematic approach and well-thought strategy against the growing menace of cyber-attacks. Edited excerpts:
How do you envision the security market over the next twelve months? Will the threat landscape become murkier in India?
In India, there are three or four aspects we see scale of cyber threats increasing this year. Number one is business email compromise. Many people have ignored it and they are all focused on firewalls, network security and many vendors are moving out of this space. Many vendors and their customers moving to standard hosted clod base dilution. They have not realized that they are not custom built for security or simply ignored.
We have seen large customers in all verticals are more concerned about email. We will see more sophisticated business email happening in 2018. We will see an increase in cases of compromise of IoT devices. We will see hackers using IoT devices to penetrate and launch an attack. Ransomware will continue to be more sophisticated attacks. Cybercriminals will use new technologies like AI, ML, and big data to understand customer environment more, and use that to by-pass security devices to hack them.
We will see a lot of application-level vulnerability getting compromised. We were concerned about OS vulnerability and how to patch Microsoft and Linux; but we will see high level of vulnerability which is not patched yet on app level or database level. We have seen in end of 2017 increase in those vulnerabilities being announced and lot of them getting compromised. We will see that trend of apps getting compromised in 2018.
Business email compromise is still a soft target for hackers as a ‘shot in the dark’ ploy?
Most of the business email compromise are targeted and well planned as the bad guys identify the customers and the users to go after. Nowadays most large customers are making end users aware of what to click and what not to. And hence it becomes tough for hackers to shoot in the dark as a bulk mail and expect users to click. That is still happening. But most of the times the hackers are now monitoring your behavior, your pattern and social profiles on how you operate and design emails and campaign that look genuine to each person. Many times users end up clicking on them. We will see many cases in this and we will see a surge in them. Primary reason you are not going behind the entire security architecture but just behind a specific person. They don’t have to invade firewall, not invade NIPS, HIPS just make sure you understand customer profiles and user behavior and send a mail.
Do you recommend enterprises to outsource their company emails on cloud? Is it safe enough?
In the interest of reducing the costs and better flexibility, many customers started outsourcing emails to third-party cloud. While there might be good firewalls and IPS they sometimes depend hundred percent on those hosting service providers. While they claim to have good security in place, those are not good enough to protect from targeted attacks. Even those customers who have deployed sophisticated Anti-APT Solutions are getting compromised. We do recommend them to go on cloud depending on their risk compliance policy. When they are moving to cloud, they should identify a specialized security player too. While Office 365 by Microsoft for example has the basic security, One needs an additional layer of security that does a good amount of sandboxing, spam filtering and that understands specific patterns of business email compromise.
“CISO and CSO have to be comparatively free to work with their business teams and help them adapt new technologies like big data analytics, robotics, ML in the competitive world.”
Nilesh Jain, Vice President, Trend Micro
Security is moving more towards solutions around behavioral analytics by many vendors than the traditional appliance approach.
True. Earlier there were firewalls, anti-virus, IPs and mail security as there were bound entry and exit endpoints. Today there are no boundaries as most of the company’s servers, emails, endpoints are outside their premises. Nothing is there in your Premise to predict an endpoint entry and exit. There are multiple thousands of entry and exit endpoints and one single or multiple device just to do protection without knowing what’s happening in the environment.
First, you need a device that does proactive understanding on what’s happening in your environment. It’s like a CCTV camera for finding the miscreant before taking any action. First and basic for any organization is to have a proactive detection mechanism on what and where things are going wrong. Depending on those, analytics take proactive and reactive actions to protect your endpoints and exit points.
How do you see the maturity of Indian companies with respect to security posture? How will the role of CISO and CIO change or evolve in 2018?
CISO role earlier was to make sure compliance has been met and they give comfort to business. CISO and CSO have to be comparatively free to work with their business team to help them adapt new technologies like big data analytics, robotics, and machine learning in the competitive world. CISO role is enabling business teams to adapt technologies, and that works well together rather than being reactive to firefight with malware attacks.
CISO role is to ensure a strong security team that understands security gaps, does proactive analysis, all security measures including security solution and proactive action on monitoring and takes a preventive action before anything happens. This entire thing has to be part of systems and processes for the CISO to have the time to be involve with business teams to help them adapt new technologies. The best practice for CISOs would be to have basic hygiene through proactive over watching mechanism. They can have firewall, IPS, 2FA; but customers need to have the visibility of their environment because most attacks surface after three months to one year time period and then create damage. CISOs need to put a process in place to understand the entry point of threats vectors and close it there and then.
Trend Micro’s 4 security predictions
1. Business email compromise to increase
2. IoT devices to be big on hackers’ target
3. Sophisticated ransomware attacks to continue
4. App level vulnerability to become important
Trend Micro from its heritage AV is focusing much more on Deep Security and Deep Discovery. What’s the uptake in India and how does it compare to competition?
The mentioned two are the part of big product family. Deep Discovery is part of network security family which comprises deep discovery analyzer, deep discovery integrator, tipping point from HP to name a few. We solve the customer problem of not being sure about their environment and correlate the three vectors of mail, endpoint, network and web. Network security products from Trend Micro cater to all three as an integrated and holistic picture to customers. We solve their biggest issue of the visibility of security status. Though network security is doing well in India that also includes anti-APT, and IPS is doing well in India.
The biggest contributor for us is Deep Security which is part of hybrid cloud security family that protect customers from physical server to virtual server to cloud servers. More than 70% to 75% of banks in India are using deep security. Most customers want to secure their most critical assets like customer data, net banking apps, and online apps for BFSI. When vulnerabilities are not protected it’s not only compliance issue but a big risk of compromise of customer data for banking customers.
Deep Security protects customer proactively as we don’t wait for attacks to happen. It is not possible for customers to seal the vulnerability in real time as they need to wait for patch release. The unique feature of Deep Security is virtual patching even if the companies haven’t done physical patching. Ease of use for the users to manage the software that includes a recommended scan is different than competition. The ease of use, proactive protection and scanning the vulnerabilities are biggest USPs and hence India’s largest banks, manufacturing, IT/ITes and others are deploying Deep Security solutions from Trend Micro.
Nilesh Jain’s India Priorities for 2018
- More footprint across the mid-market segment
- Focus on Government especially for Deep Security
- Scale channel partner ecosystem geographically
What would be Nilesh’s top priorities for India? Any new verticals or segment that will show huge uptake in India for enterprise security solutions?
Besides our dominance in the large enterprise, we would like to extend our footprint more across mid-market. We have increased our sales team to move beyond the market reach of dozen odd tier-1 and tier-2 cities in India and hence increase our mid-market presence.
Government will be a big focus in 2018 as we have won some large deals in the last couple of years. There is lot of consolidation of datacenter and servers, across which calls for protection of servers and we see a big market for Trend Micro Deep Security.
We are scaling channel ecosystem in India and helping them to be more profitable. We will relaunch our channel program with more rebates and incentives especially for partners who are technically sound to support and service our customers well. We are offloading many services to the channels as they conduct health check of customers’ security posture.
Trend Micro in 2018 will be primarily focused on giving proactive protection to customers in any vertical be it server security, end point security and network security. The simple mantra is to make sure that the customers don’t get infected.