With digital transformation sweeping across the enterprise, securing an organization against new and emerging threats has turned out to be a whole new ballgame. From managing security in a multi-cloud environment to dealing with zero-day attacks, the role of the CSO has never been harder.
Edgar Dias, India MD at F5 Networks believes that manageability of disconnected cybersecurity tools and process automation could go a long way in securing against newer threats.
Moreover, he emphasizes on why a “trust, but verify” approach is the right way to build a Zero Trust environment – an absolute imperative in the current threat scenario.
With over 22 years of experience across networking, cloud and SaaS, Dias has an excellent understanding of the industry and knows exactly how to align security spend to the evolving threat landscape.
Prior to joining F5 Networks, Dias was Managing Director at ServiceNow, India & SAARC. He was also Managing Director at Brocade Communications India & SAARC and has held various senior roles at Juniper Networks, Nortel Networks, Alteon WebSystems and Wipro Infotech.
What are the three biggest security challenges that you see in 2019?
Digital transformation across industries is driving architectural changes of all the digital assets today, and enterprises are using more and more digital platforms to bring the customer closer to their business. Opening digital assets to potential and existing customers creates its own challenges; hence the security challenges have also evolved to include:
a. Security in multi-cloud environments
b. Manageability of disconnected cybersecurity tools
c. Processes automation
Which technologies are disrupting the cybersecurity landscape?
The cybersecurity landscape can be divided into three major pillars:
a. End point-based security
b. Network based security
c. Application based security
Enterprises have been investing a lot in the first two pillars and hence when we talk about the evolving threat landscape, we see a lot of disruption happening on how applications can be secured. Today, the critical challenges around applications are majorly related to API, BOT, and TLS visibility.
Hence, solutions around these areas are creating more impact in terms of ROI as compared to existing installed measures. Application security solutions are becoming more intelligent and agile, offering a multi-layered dynamic security posture which helps organizations align better to business needs, regulatory compliance and user experience.
How can enterprises prepare better to deal with Zero-Day Attacks and Advanced Persistent Threats?
We need to form a “trust, but verify” based approach to a Zero Trust security approach. In order to work with zero trust approach, we must relook at skill sets, processes and technologies.
Zero-day attacks are like a mitigation of the unknowns, and hence from the technology standpoint, we must invest more in dynamic provisioning mechanism. Secondly, the entire provisioning automation should also be considered, as manual intervention will not work in case of zero-day attacks.
Advanced persistent threats (APTs) dominate the malware landscape, and signature-based detection no longer provides adequate security for this fast-evolving threat environment. Unfortunately, many of today’s threats are targeted to infiltrate a specific organization, used once, and then repackaged and modified to evade detection.
A number of trends are driving the need for improved SSL/TLS inspection, including growing usage of SSL/TLS, increased complexity (such as longer key lengths) across cryptographic protocols, and a trend on the part of the “bad guys” to encrypt malicious payloads, so they cannot be detected.
These trends place an ever-increasing burden on existing ATP systems and were a driving factor behind the development of the SSL Orchestrator - a solution that provides high-performance decryption and re-encryption of inbound and outbound SSL/TLS traffic, dynamic service chaining, and policy-based traffic steering for intelligent management of encrypted traffic flows across the entire security chain—thus freeing ATP systems to focus exclusively on detecting malicious objects.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
“Advanced persistent threats (APTs) dominate the malware landscape, and signature-based detection no longer provides adequate security for this fast-evolving threat environment. Unfortunately, many of today’s threats are targeted to infiltrate a specific organization, used once, and then repackaged and modified to evade detection.”
As we are going to fight the unknown in the present scenario, the role of automation becomes critical. Automation is not only effective in reducing the time to launch, it also reduces the mean time to resolution in case of security breaches.
The important aspect would be to look at what needs to be automated, and how it will impact the business.
We are now going full throttle in the next era of technology-driven business transformation.
The cloud, of course, is a driver of this transformation as it promises to enable people, organizations, and things to connect and engage more efficiently in new deeper ways that benefit both companies and their customers.
Artificial intelligence and machine learning, for example, are already making it possible to synthesize unfathomable amounts of data, identify trends and, more importantly, take action. All at the speed of light and, increasingly, without human intervention.
What is your advice to CSOs and other top-level security management professionals?
The IT landscape is changing and hence the security architecture should also be aligned. We would advise the following:
a. Align your cybersecurity spend to the evolving threat landscape:
Today all the digital assets of organizations reside with various applications. Hence the CSOs/security management should look at the security architecture vis-à-vis the application needs. Ninety percent of security budget is focused on the network perimeter, although only 25 percent of the attacks are focused on that point in the network. Each organization should look at what is getting saved when they invest in a security solution or platform - is it the datacentre, network, user or application, and then decide how much to spend on each type of solution
b. Security Platform Management (Visibility, Analytics, Automation & Orchestration):
In such a demanding environment, we need to build systems which gives us real time visibility. For securing applications, the application performance statistics are the real measurement of the security posture. Hence each security investment should also be aligned with a visibility/analytics platform, so that we have better ROI of the solution.
Programmability gives you the agility you need to reduce operational costs, drive successful security deployments, and manage your physical, virtual, and cloud infrastructure. We should focus not only on just automating tasks, but instead on automating processes. Empowering security teams with self-service catalogs of services that are automatically provisioned is vital, and so is helping IT security spend less time taking tickets—and more time supporting the business
c. Move beyond point products
Security in today’s world is a convergence of people, processes and technology. Using traditional security methods in an increasingly cloud-first, mobile-centric world is not the right approach, and technology leaders should gear up to understand the complexities to re-think and re-design the security architecture to meet the requirements of the evolving risk landscape.