Anil Bhasin, Regional Vice President - India and SAARC, Palo Alto Networks talks on the new threat landscape and why prevention approach as architecture is the right approach for companies in 2018. “We are the vendor that secures the customers’ digital experience and protect their data regardless of where it resides, “he says.
How do you foresee the enterprise security conundrum in 2018 versus 2017 in India?
Security definitely is gaining momentum, both in terms of Indian CIOs’ top of mind priority and at the company’s’ board level depending on different verticals. Their main concern is the hype and the media reports with some of the big names, especially with the hacks. The customers today want to ascertain their state of readiness which is addressed well by Palo Alto Networks’ PPA (prevention posture assessment) that is now adopted by more customers.
Also, the conversations are now on the business side. Many organizations are involving the Apps team and also talking about the type business model - cloud for example. Many workloads are shifting towards cloud with Azure, Amazon, and Google with a big focus to drive business agility.
Anil Bhasin’s Bucket List for CISOs in 2018
- Align with tech OEM as cybersecurity partner that delivers full visibility of the threat surface.
- Move away from the fact that security is a tactical necessity.
-Don’t think security as somebody else’s problem in your organization.
- Stay aware of the threat landscape with a long
There’s a revamp on the endpoint security as CISOs are moving from remediation architecture to a prevention-focused architecture with next-gen solutions having prevention capabilities. There is no longer this isolated view to have the skill sets for 10 different products but rather consolidate to make operations easier through the integration of people, process, and technology.
Overall, security is fast becoming a strategic imperative for IT, BFSI, Telco, government and defense as they move towards the next-gen solutions, which is expected to be seamless and embedded as architecture. It is no longer about multiple products from different players that don’t talk to each other.
Products from different security vendors talking to one another in an IT infra has been a big myth.
Yes, but unfortunately many industry colleagues still believe that best-of-breed to be the answer. The whole concept of defense in depth was deployed by almost everybody as the latest and the greatest but the huge challenge was the lack of integration (of solutions) and no visibility. How can you mitigate threats that can’t be seen?
The consensus amongst customers, partners and even OEMs is to first define the customer architecture – remediation or prevention - and then technologies required to integrate and automate. Automation is the key as it is a man versus machine game. People earlier bought products based on features and functionalities and then plonk them in their existing architecture and hope that would work. That’s not the trend today.
Trends like Automation, IoT, AI have given way to more data that needs to be secured. 2018 appears to induce more sleepless nights for CIOs and CSOs. Do you agree?
Many OEMs are defending their turf due to their installed base and they are driving a narrative in continuance with defense and depth technologies and the best of breed approach.
There is a different narrative on avoiding or reducing the sleepless nights. CSOs have to integrate everything and automate the response at their end. In case of a hack, they need to have the intelligence within the security architecture to identify the hack and prevent it correctly. The manual alarm and chasing it down isn’t working anymore. The journey of the transition from remediation to prevention has to start now. Many CIOs also realize the popularity of the hybrid model with Office 365 in the cloud for example or other apps, SaaS in the cloud and on-prem too. CSOs and CIOs want a seamless view of security threats regardless of where the data is.
Automation will complement the manual jobs and perhaps solve the persistent cybersecurity skillsets gap at end users’ IT security teams. A team can be skilled on 10 or 20 OEMs’ technologies to a certain level and integrate it in a right manner. We believe in marrying that skill with automation driven through technologies that talk to each other and provide meaningful information that is relevant. In case of WannaCry, there should have been skills to figure out through automation even in the middle of the night. To ensure that C-suite execs sleep peacefully the peoples’ skills need to be complemented with automation.
We are more than happy to step up as CISOs’ partners - not their OEM - to help them secure the data regardless of where it resides - on-prem or cloud. We provide a single pane of full visibility of all apps including SaaS to the customers as we bring in integration and automation to prevent that attacks which helps CIOs to reduce their sleepless nights. There are many customer case studies wherein Palo Alto Networks has provided prevention focus architecture. It does not otherwise justify our growth as per Q1 results contrary to some of the peers’ results, which testifies that our narrative is definitely working with the customers.
“CISOs are moving from a remediation architecture to a prevention-focused architecture with next-gen endpoint solutions that provide the prevention capabilities to secure their network”.
Anil Bhasin, Palo Alto Networks
Do you see CISO or CSO as a dedicated executive in Indian enterprises than the dual role (CIO + CISO) played by most CIOs today?
There are regulators that mandate this dedicated role. For example banking CISOs directly report to the board and they attend RBI meetings with their companies’ CIOs. CISO role is becoming more powerful as they report to the board in many other verticals as they are going beyond risk and compliance. They are seen as partners to the business and to build newer models that drive business outcomes and add agility to the company. CISOs or CSOs are becoming influential stakeholders in the modern business blueprint.
The devolution of powers depends on the IT architecture, like Infosec policies fall in CISO patch while infra is with CIOs. It’s a cohesive model, but I believe that CISOs will play a very important role in the design and architecture of security. Security is a business outcome, not a technology.
Let’s talk about your core business of network security. With firewall and then next-gen firewall, do you expect the next-next-gen firewall to be a Stopwall to prevent every possible hack?
The first defense of firewall becomes a very critical component. The threat landscape was very different when the firewall was launched with a couple of applications including email. Today, the same technology to prevent the most sophisticated attacks is like going to war with weaponry of the 1960s. Palo Alto Networks as the pioneers of next-generation firewall introduce an upgraded technology to deal with sophisticated attacks that happen today. We believed the need to build this platform with the firewall as one element at layer seven because we said that Apps are the next big threat factors. We are the industry’s only natively layer seven built the next-generation firewall in the industry.
Many OEMs probably thought next-gen firewall as more of the marketing deck when we started our journey. Now incidentally everyone is talking about the platform approach. The extensibility of the firewall to a platform gives us the big advantage as the first line and the strongest line. We are the only layer seven firewall extensible as a platform.
What’s your role as a security vendor for artificial intelligence, machine learning and IoT that are fast becoming new nightmares for CISOs and CIOs?
Our vision with these cognitive technologies is securing a digital life and make that experience successful by preventing the cyber attacks regardless of where it resides. We will eventually become the marketplace and provide all technologies in the form of services for consumption through our largest threat database for artificial intelligence, machine learning to pull out meaningful information.
It is a marketplace to start building these security apps consumed like an Apple user goes to the app store to consume the relevant stuff. We open it for the developers’ community to develop their niche on top of Palo Alto Networks’ platform.
We created a platform, build in services and now we are inviting the developer community to build the next best AI for that start up as an example they will have access to 45,000 customers that use Palo Alto Networks platform. We want to make sure that people get the best of technologies by providing open APIs.
Palo Alto Networks work with the security channels and partner community in India. Your channel blueprint for the year of 2018.
The customers are making a clear distinction between the channel partners as generalists and specialists. The customers today realize the security is a specialized conversation and hence it needs specific expertise from implementation partners. Many security-focused channel companies are building their expertise on security and complementing the other technologies they have. DLP as an example is very specialized expertise technology and we see partners move away from being a generalist to a specialist. We have over 20 loyal channel partners – tier-1 channels and mostly tier-2 channels – in India as we contribute to their success by helping them raise their skill level to position themselves better in front of their customers. These partners like our approach because of the specific focus with training, certification and best of tools/ processes of Palo Alto Networks.
We intend to extend more coverage across all enterprise and commercial segments with the top verticals of banking, government, defense, ITES, TELCOs in 2018. Another priority is increasing thought leadership on prevention and not remediation. There will be more focus on POC for the customers to test the next-gen technologies. We continue to address the customer pain point through both our channel sets – regular and loyal - partners.
Palo Alto Networks : 6 Steps of Prevention Approach
1. Have a complete visibility for effective mitigation.
2. Reduce the threat surface by each user in organization.
3. Anything known threat to be blocked immediately.
4. Convert anything unknown into known by automation.
5. Have single pane view of IT infra - cloud or on-prem.
6. Install self-audit mechanisms to adjust threat surface.
What should CISOs focus on and what they should not do in future? What does Anil Bhasin’s bucket list look like for 2018?
We are driving cyber hygiene as a program or rather a journey to create awareness through training for our customers’ executives. They need a cybersecurity partner and not an OEM partnership – who delivers full visibility of the threats and has the latest technology to resolve the issues. As CISOs and CIOs work closer, we are building this community by leveraging of intelligence through customer advisory board, partner advisory and their best practices with the customers.
We should get away from the fact that security is a tactical necessity. Don’t think that security is somebody else’s problem because maybe the breach has already landed into your infra and you don't know yet.
Many times the customers and even OEMs engage at only tactical level. They are trying to build an experience - whether POC or not, whether requirement or not – to stay aware of the threat landscape and with roadmap conversations, company vision, strategy conversations by CISOs which wasn’t the case few years ago. There are many customers understanding their own setup, by requesting for PPA to gauge their state of readiness.
How will the face of bad guys change in 2018 because we still see email spear phishing attacks and there are sophisticated hacks?
We talked about a lot of traffic being encrypted SSL traffic, which lately has gone up tremendously. Our presumption of embedded attacks through SSL has come true. We said that you’d see a lot more sophistication and automation in the attacks as shown by WannaCry, Petya.
We will see more aggression from these guys. They use sophisticated attacks at very cheap prices; we on the other hand, react with very expensive tools. The automation sophistication on their side is at low cost, we have very high costs and very low automation. I see the intensity to get even stronger and worse because now everybody knows about lot of vulnerabilities that exist and also the threat surface has increased with cloud,IoT,AI to name a few.
Security often gets caught into budgets and seeks the justification on the investment in the technology. Those conversations are bit worrying because security is a dynamic game that will turn on its head. It’s not about a budget available all the time for security but it is really about the long-term security strategy and your preferred OEM as a partner. That's the only way to defeat the bad guys.