CSOs must develop a training program focused on advanced threats: Nilesh Jain, Trend Micro

According to Nilesh Jain, Vice President, South East Asia and India at Trend Micro, creating awareness of the latest attack methods, and educating executives and privileged users will reduce the chances of attacks. 

Nilesh-Jain-Trend-Micro-300X225.jpg

Nilesh Jain has been the Vice President - India and South East Asia operations for Trend Micro since January 2018. Before his current role, he led Trend Micro as the Managing Director for India.

With about a decade of a successful sales career at Trend Micro, Jain has handled channels, SMB, enterprise and government segments with equal focus. As head of the business, he is currently responsible for all functions, with foremost emphasis on managing sales operations, profit & revenue in India and SEA region.

In an interaction with CSO India, he talked in details about the current and future trends in cybersecurity. The persistent goal of any CSO/CISO or top-level security management professional should be to continuously manage enterprise risk, he says. 

Edited excerpts:

What are the three biggest security challenges that you see in 2019?

Security is going through a major evolution now, as it happens every few years. The biggest security challenge remains to be a shortage of viable talents in the industry. This is observed all over the world and intensely felt in Asia.

... Do not underestimate the risk of cybersecurity breach in your organisation. While compliance is part and parcel of a holistic cybersecurity strategy, the driver for security should center around risk assessment – figuring out what are the intangible assets of a company and how to protect them. 
Nilesh Jain
Vice President, Southeast Asia and India, Trend Micro

That’s why Trend Micro decided to launch the Certification Program in IT Security (CPITS) in India this year. Under the program, we enrol and train graduates, and prepare them for a long rewarding career in cybersecurity. We’ve just finished our first batch. 

The second challenge is how fast cloud is sweeping over the industry. As a result, most organizations are now operating in a hybrid cloud environment. This poses a challenge for security as most enterprises know how to protect their physical servers, but little about protecting their cloud workloads, let alone protecting both at the same time. 

The third challenge is the volume and sophistication of targeted attacks and advanced persistent threats. Hackers are evolving their tactics and finding ways to evade traditional security defenses. This has led to a situation where enterprises are slow or unable to detect advanced threats that have entered their environment. 

Which technologies are disrupting the cybersecurity landscape?

Cloud is definitely a game-changer. It provides an alternative option to on-premise servers. Today, many companies in India are moving from on-premise infrastructure to the cloud. The result is that many of them are in a hybrid cloud environment, with some data stored in physical servers, and some stored in the cloud.

This is a challenge for security, as server security used to be designed for physical servers, and securing the cloud requires a different approach. That’s why it’s crucial that when customers think about securing their hybrid servers, they need to find a solution that’s capable of protecting both the physical environment and the cloud environment. 

“The best practice for CSOs would be to maintain a basic hygiene and have a strong security team that understands security gaps, proactively identify threats and attacks, monitors and takes a preventive action before anything happens.”

Secondly, vulnerabilities are becoming a big issue in the IT industry. Today, 99 percent of exploit-based attacks take advantage of vulnerabilities that already have a patch for, and studies show that it only takes one day for hackers to try to exploit a known vulnerability. But patching continues to remain a challenge for IT teams. In times like that, enterprises usually look to virtual patching for help, which patches the known vulnerabilities temporarily, allowing IT team some wiggle room when it comes to scheduling for company-wide patching. 

Thirdly, thanks to cloud and work mobility, the borders of corporate network are disappearing. Any device that’s connected to the corporate network can become an entry point for threats. This heightens the need for better network security. While firewalls continue to be the first line of defense of network security, companies are fast realizing that they need more.

Many are turning to a standalone intrusion prevention system (IPS) for help, to do comprehensive scanning of not only inbound and outbound traffic, but also lateral movement within the network – that’s when threats have gone past the firewall and entered the corporate network. 

How can enterprises prepare better to deal with zero-day attacks and advanced persistent threats?

Zero-day attacks are increasingly striking businesses and they pose a great risk to companies. But last-minute countermeasures like emergency patching can cause operational downtime. Like I mentioned above, IT administrators are seeing the value of virtual patching. As a strategy, virtual patching ensures that business operational goals are met without compromising security.

At Trend Micro, our virtual patching is backed by our strong vulnerability research capabilities. Trend Micro’s Zero-Day Initiative (ZDI) is the world’s biggest vendor-agnostic bug bounty program. And we have been a top supplier of zero-day vulnerabilities to companies like Adobe and Microsoft, whose software is widely used by virtually everyone. We use vulnerability insights gleaned by ZDI to power our security solutions. As a result, this allows us to protect our customers 72 days on average before an official patch for a vulnerability is made available.

When it comes to targeted attacks and advanced persistent threats (APTs), enterprises need to understand these attacks are customized to compromise them. This means they’re designed to evade whatever defenses the company has put in place. Detecting and blocking advanced threats requires collaboration of multiple detection techniques.

What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?

Machine learning and artificial intelligence will be able to determine if a computer file that’s never been seen before is good or bad; and minimise the number of false cybersecurity alerts customers receive on a daily basis.

Trend Micro has a robust threat database called the Smart Protection Network (SPN), as we have operated in the industry for 30 years and gathered big troves of threat data. SPN continuously mines data from around the world and helps our machine learning and AI engines to become increasingly accurate over time.

When we talk about automated threat intelligence sharing, we will have to talk about the concept of connected threat defense (CTD). Simply put, we believe all security solutions deployed in a corporate environment need to talk to each other and share threat intelligence.

This means if a malicious file is blocked at the endpoint by the endpoint security solution, this information should automatically be shared with the network and server security solutions, so they can block the same file trying to enter through the server or network. It’s akin to sharing a suspect’s composite drawing with all police departments across India, so they know what to look out for.

What is your advice to CSOs and other top level security management professionals?

Do not underestimate the risk of cybersecurity breach in your organisation. While compliance is part and parcel of a holistic cybersecurity strategy, the driver for security should center around risk assessment – figuring out what are the intangible assets of a company and how to protect them.

The best practice for CSOs would be to maintain a basic hygiene and have a strong security team that understands security gaps, proactively identify threats and attacks, monitors and takes a preventive action before anything happens. Constant vigilance is required at the response and recovery phases from both CSOs and their teams.

The persistent goal of any CSO/CISO or top-level security management professional should be to continuously manage enterprise risk. CSOs must also engage with business teams to help them adapt new technologies. They should also review existing security solutions with the latest technologies to detect advanced threats.

CSOs must develop an executive training program focused on advanced threats. Creating awareness of the latest attack methods and educating executives and privileged users on what types of suspicious activity to be aware of will lessen the chances of a successful attack at the hands of unsuspecting employees.

Interview

CSOs must develop a training program focused on advanced threats: Nilesh Jain, Trend Micro

According to Nilesh Jain, Vice President, South East Asia and India at Trend Micro, creating awareness of the latest attack methods, and educating executives and privileged users will reduce the chances of attacks. 

Nilesh-Jain-Trend-Micro-300X225.jpg

Nilesh Jain has been the Vice President - India and South East Asia operations for Trend Micro since January 2018. Before his current role, he led Trend Micro as the Managing Director for India.

With about a decade of a successful sales career at Trend Micro, Jain has handled channels, SMB, enterprise and government segments with equal focus. As head of the business, he is currently responsible for all functions, with foremost emphasis on managing sales operations, profit & revenue in India and SEA region.

In an interaction with CSO India, he talked in details about the current and future trends in cybersecurity. The persistent goal of any CSO/CISO or top-level security management professional should be to continuously manage enterprise risk, he says. 

Edited excerpts:

What are the three biggest security challenges that you see in 2019?

Security is going through a major evolution now, as it happens every few years. The biggest security challenge remains to be a shortage of viable talents in the industry. This is observed all over the world and intensely felt in Asia.

... Do not underestimate the risk of cybersecurity breach in your organisation. While compliance is part and parcel of a holistic cybersecurity strategy, the driver for security should center around risk assessment – figuring out what are the intangible assets of a company and how to protect them. 
Nilesh Jain
Vice President, Southeast Asia and India, Trend Micro

That’s why Trend Micro decided to launch the Certification Program in IT Security (CPITS) in India this year. Under the program, we enrol and train graduates, and prepare them for a long rewarding career in cybersecurity. We’ve just finished our first batch. 

The second challenge is how fast cloud is sweeping over the industry. As a result, most organizations are now operating in a hybrid cloud environment. This poses a challenge for security as most enterprises know how to protect their physical servers, but little about protecting their cloud workloads, let alone protecting both at the same time. 

The third challenge is the volume and sophistication of targeted attacks and advanced persistent threats. Hackers are evolving their tactics and finding ways to evade traditional security defenses. This has led to a situation where enterprises are slow or unable to detect advanced threats that have entered their environment. 

Which technologies are disrupting the cybersecurity landscape?

Cloud is definitely a game-changer. It provides an alternative option to on-premise servers. Today, many companies in India are moving from on-premise infrastructure to the cloud. The result is that many of them are in a hybrid cloud environment, with some data stored in physical servers, and some stored in the cloud.

This is a challenge for security, as server security used to be designed for physical servers, and securing the cloud requires a different approach. That’s why it’s crucial that when customers think about securing their hybrid servers, they need to find a solution that’s capable of protecting both the physical environment and the cloud environment. 

“The best practice for CSOs would be to maintain a basic hygiene and have a strong security team that understands security gaps, proactively identify threats and attacks, monitors and takes a preventive action before anything happens.”

Secondly, vulnerabilities are becoming a big issue in the IT industry. Today, 99 percent of exploit-based attacks take advantage of vulnerabilities that already have a patch for, and studies show that it only takes one day for hackers to try to exploit a known vulnerability. But patching continues to remain a challenge for IT teams. In times like that, enterprises usually look to virtual patching for help, which patches the known vulnerabilities temporarily, allowing IT team some wiggle room when it comes to scheduling for company-wide patching. 

Thirdly, thanks to cloud and work mobility, the borders of corporate network are disappearing. Any device that’s connected to the corporate network can become an entry point for threats. This heightens the need for better network security. While firewalls continue to be the first line of defense of network security, companies are fast realizing that they need more.

Many are turning to a standalone intrusion prevention system (IPS) for help, to do comprehensive scanning of not only inbound and outbound traffic, but also lateral movement within the network – that’s when threats have gone past the firewall and entered the corporate network. 

How can enterprises prepare better to deal with zero-day attacks and advanced persistent threats?

Zero-day attacks are increasingly striking businesses and they pose a great risk to companies. But last-minute countermeasures like emergency patching can cause operational downtime. Like I mentioned above, IT administrators are seeing the value of virtual patching. As a strategy, virtual patching ensures that business operational goals are met without compromising security.

At Trend Micro, our virtual patching is backed by our strong vulnerability research capabilities. Trend Micro’s Zero-Day Initiative (ZDI) is the world’s biggest vendor-agnostic bug bounty program. And we have been a top supplier of zero-day vulnerabilities to companies like Adobe and Microsoft, whose software is widely used by virtually everyone. We use vulnerability insights gleaned by ZDI to power our security solutions. As a result, this allows us to protect our customers 72 days on average before an official patch for a vulnerability is made available.

When it comes to targeted attacks and advanced persistent threats (APTs), enterprises need to understand these attacks are customized to compromise them. This means they’re designed to evade whatever defenses the company has put in place. Detecting and blocking advanced threats requires collaboration of multiple detection techniques.

What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?

Machine learning and artificial intelligence will be able to determine if a computer file that’s never been seen before is good or bad; and minimise the number of false cybersecurity alerts customers receive on a daily basis.

Trend Micro has a robust threat database called the Smart Protection Network (SPN), as we have operated in the industry for 30 years and gathered big troves of threat data. SPN continuously mines data from around the world and helps our machine learning and AI engines to become increasingly accurate over time.

When we talk about automated threat intelligence sharing, we will have to talk about the concept of connected threat defense (CTD). Simply put, we believe all security solutions deployed in a corporate environment need to talk to each other and share threat intelligence.

This means if a malicious file is blocked at the endpoint by the endpoint security solution, this information should automatically be shared with the network and server security solutions, so they can block the same file trying to enter through the server or network. It’s akin to sharing a suspect’s composite drawing with all police departments across India, so they know what to look out for.

What is your advice to CSOs and other top level security management professionals?

Do not underestimate the risk of cybersecurity breach in your organisation. While compliance is part and parcel of a holistic cybersecurity strategy, the driver for security should center around risk assessment – figuring out what are the intangible assets of a company and how to protect them.

The best practice for CSOs would be to maintain a basic hygiene and have a strong security team that understands security gaps, proactively identify threats and attacks, monitors and takes a preventive action before anything happens. Constant vigilance is required at the response and recovery phases from both CSOs and their teams.

The persistent goal of any CSO/CISO or top-level security management professional should be to continuously manage enterprise risk. CSOs must also engage with business teams to help them adapt new technologies. They should also review existing security solutions with the latest technologies to detect advanced threats.

CSOs must develop an executive training program focused on advanced threats. Creating awareness of the latest attack methods and educating executives and privileged users on what types of suspicious activity to be aware of will lessen the chances of a successful attack at the hands of unsuspecting employees.