Enterprises should invest in people and build cyber threat-hunting practices: Shrikant Shitole, FireEye

Cybersecurity in the new age enterprise doesn’t end at merely preventing attacks. CISOs need to be able to predict the time of an attack, who is behind the attack, and what is the motive of the attacker. Shrikant Shitole, Senior Director & Country Head for India at FireEye believes AI and automated threat intelligence are key to finding these answers.

Shrikant-Shitole-300X225_1.jpg

Shrikant Shitole, Senior Director and Country Head for India at FireEye is a cybersecurity veteran with over 26 years of experience in information technology.

Shitole has held senior roles at several firms in the IT and telecommunications segment, including Cisco, Nelco (Tata Enterprise), Avaya and Sify. Prior to taking over as the country head at FireEye, Shitole was the Managing Director for the India region at Symantec.

In an exclusive interaction with CSO India, Shitole reveals the biggest security challenges in his point of view, the game plan to take on zero-day attacks and advanced persistent threats, and his two cents for CXOs on optimizing existing security investments.

Edited excerpts

What are the three biggest security challenges you see in 2019? 

We are in the age of digital excellence where, businesses are striving to consistently transform and gain a competitive edge. While this is a progressive step, it also brings in certain concerns in terms of data protection and security. Some of the most prominent security challenges include:

... The current state of security in India is compliance driven, but CXOs today should focus on risk-based security rather than compliance. This helps organizations address the business impact and risk due to a cyber-attack or an incident.
Shrikant Shitole
Senior Director & Country Head for India at FireEye

• Increasing attack sophistication: Cyber-attacks are getting increasingly sophisticated and advanced, and enterprises are struggling to detect them. The attackers are well funded and deploy highly sophisticated mechanism to hide themselves behind legitimate business transactions. While organizations are getting better and faster at discovering breaches, there is also a rise in disruptive, random, or otherwise immediately visible attacks. According to the M-trends 2019 report, Asia Pacific region saw 204 days as the median dwell time, which is the number of days an attacker is present on a victim network. 

• Security risks associated with cloud adoption: While cloud adoption brings agility and flexibility to the business, it also brings a new set of risks to the organization. The security ownership of each cloud model (IaaS, SaaS or PaaS) differs and so do the risks associated with it. Cloud adoption definitely needs a review on regular basis to see whether the workload is operational, alongside the security checks for advanced threats. 

• Ever increasing complexity of security solutions: Organizations are adopting new technologies every year to address the ever changing threat landscape. However, integrating these complex solutions and deriving return on investment (RoI) or even optimizing the existing deployed security solution, is a big challenge. Deploying solutions alone will not solve the problem but it is mandatory to ensure the skills of the team is updated regularly.

Which technologies are disrupting the cybersecurity landscape?

“Enterprises need to believe that ‘breaches are inevitable’ and prepare themselves better to reduce the impact of breaches. They should deploy adequate technologies to address each vector – emails, network and endpoint.”

Emerging technologies such as artificial intelligence, machine learning and the internet of things are collectively transforming and disrupting the cybersecurity landscape. Most of the leading cybersecurity companies have adopted artificial intelligence and machine learning in their design.

Our clients who leverage AI and machine learning technologies for security have realized some significant benefits.

How can enterprises prepare better to deal with zero-day attacks and Advanced Persistent Threats (APTs)?

If a business has been profitable, it is possible that they will either be breached or have already been breached. Advance persistent threats or zero-day attacks are sophisticated attacks that use multiple attack vectors and newer techniques every time.

Enterprises need to believe that ‘breaches are inevitable’ and prepare themselves better to reduce the impact of breaches. They should deploy adequate technologies to address each vector – emails, network and endpoint.

Having new technologies and a strong security infrastructure is not enough. Enterprises should also invest in people and build cyber threat hunting practices to ensure malicious activities are proactively detected in the network.

Threat hunters use advanced threat intelligence to identify the attacker in the network, and thus help in considerably reducing the dwell time or the impact of the attack.

What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the years to come?

Currently, organizations aim to design and deploy the required security solutions to prevent an attack before it happens, detect it as soon as it takes place to minimize the impact, and respond to the attack before any damage is caused. In the next few years, enterprises will be able to answer some of the most difficult questions, using cyber threat intelligence or artificial intelligence. 

These technologies will help predict the stage of attack, time of the attack, who is behind the attack, what is the motive of attacker and other similar questions. The fundamental advantage of threat intelligence is to help understand who is behind the attack and what is the motive of the attackers.

By knowing the motive of an attacker, organizations will be well equipped to plan their response and align adequate budget for their security.

What is your advice to CSOs and other top-level security management professionals?

Cybersecurity is everyone’s responsibility. With regulations becoming stringent, cybersecurity has become a boardroom discussion and we see a lot of involvement from top level executives in the organizations’ cybersecurity decisions.

The current state of security in India is compliance driven, but CXOs today should focus on risk-based security rather than compliance. This helps organizations address the business impact and risk due to a cyber-attack or an incident.

CXOs also need to focus on validating the efficacy of the security controls by performing periodic 'red team and blue team' exercises. They should proactively sign up with security service providers who can act as an extended team, or provide expertise on demand whenever required. CXOs should focus on optimizing the existing security investment and rationalizing it.
 

Interview

Enterprises should invest in people and build cyber threat-hunting practices: Shrikant Shitole, FireEye

Cybersecurity in the new age enterprise doesn’t end at merely preventing attacks. CISOs need to be able to predict the time of an attack, who is behind the attack, and what is the motive of the attacker. Shrikant Shitole, Senior Director & Country Head for India at FireEye believes AI and automated threat intelligence are key to finding these answers.

Shrikant-Shitole-300X225_1.jpg

Shrikant Shitole, Senior Director and Country Head for India at FireEye is a cybersecurity veteran with over 26 years of experience in information technology.

Shitole has held senior roles at several firms in the IT and telecommunications segment, including Cisco, Nelco (Tata Enterprise), Avaya and Sify. Prior to taking over as the country head at FireEye, Shitole was the Managing Director for the India region at Symantec.

In an exclusive interaction with CSO India, Shitole reveals the biggest security challenges in his point of view, the game plan to take on zero-day attacks and advanced persistent threats, and his two cents for CXOs on optimizing existing security investments.

Edited excerpts

What are the three biggest security challenges you see in 2019? 

We are in the age of digital excellence where, businesses are striving to consistently transform and gain a competitive edge. While this is a progressive step, it also brings in certain concerns in terms of data protection and security. Some of the most prominent security challenges include:

... The current state of security in India is compliance driven, but CXOs today should focus on risk-based security rather than compliance. This helps organizations address the business impact and risk due to a cyber-attack or an incident.
Shrikant Shitole
Senior Director & Country Head for India at FireEye

• Increasing attack sophistication: Cyber-attacks are getting increasingly sophisticated and advanced, and enterprises are struggling to detect them. The attackers are well funded and deploy highly sophisticated mechanism to hide themselves behind legitimate business transactions. While organizations are getting better and faster at discovering breaches, there is also a rise in disruptive, random, or otherwise immediately visible attacks. According to the M-trends 2019 report, Asia Pacific region saw 204 days as the median dwell time, which is the number of days an attacker is present on a victim network. 

• Security risks associated with cloud adoption: While cloud adoption brings agility and flexibility to the business, it also brings a new set of risks to the organization. The security ownership of each cloud model (IaaS, SaaS or PaaS) differs and so do the risks associated with it. Cloud adoption definitely needs a review on regular basis to see whether the workload is operational, alongside the security checks for advanced threats. 

• Ever increasing complexity of security solutions: Organizations are adopting new technologies every year to address the ever changing threat landscape. However, integrating these complex solutions and deriving return on investment (RoI) or even optimizing the existing deployed security solution, is a big challenge. Deploying solutions alone will not solve the problem but it is mandatory to ensure the skills of the team is updated regularly.

Which technologies are disrupting the cybersecurity landscape?

“Enterprises need to believe that ‘breaches are inevitable’ and prepare themselves better to reduce the impact of breaches. They should deploy adequate technologies to address each vector – emails, network and endpoint.”

Emerging technologies such as artificial intelligence, machine learning and the internet of things are collectively transforming and disrupting the cybersecurity landscape. Most of the leading cybersecurity companies have adopted artificial intelligence and machine learning in their design.

Our clients who leverage AI and machine learning technologies for security have realized some significant benefits.

How can enterprises prepare better to deal with zero-day attacks and Advanced Persistent Threats (APTs)?

If a business has been profitable, it is possible that they will either be breached or have already been breached. Advance persistent threats or zero-day attacks are sophisticated attacks that use multiple attack vectors and newer techniques every time.

Enterprises need to believe that ‘breaches are inevitable’ and prepare themselves better to reduce the impact of breaches. They should deploy adequate technologies to address each vector – emails, network and endpoint.

Having new technologies and a strong security infrastructure is not enough. Enterprises should also invest in people and build cyber threat hunting practices to ensure malicious activities are proactively detected in the network.

Threat hunters use advanced threat intelligence to identify the attacker in the network, and thus help in considerably reducing the dwell time or the impact of the attack.

What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the years to come?

Currently, organizations aim to design and deploy the required security solutions to prevent an attack before it happens, detect it as soon as it takes place to minimize the impact, and respond to the attack before any damage is caused. In the next few years, enterprises will be able to answer some of the most difficult questions, using cyber threat intelligence or artificial intelligence. 

These technologies will help predict the stage of attack, time of the attack, who is behind the attack, what is the motive of attacker and other similar questions. The fundamental advantage of threat intelligence is to help understand who is behind the attack and what is the motive of the attackers.

By knowing the motive of an attacker, organizations will be well equipped to plan their response and align adequate budget for their security.

What is your advice to CSOs and other top-level security management professionals?

Cybersecurity is everyone’s responsibility. With regulations becoming stringent, cybersecurity has become a boardroom discussion and we see a lot of involvement from top level executives in the organizations’ cybersecurity decisions.

The current state of security in India is compliance driven, but CXOs today should focus on risk-based security rather than compliance. This helps organizations address the business impact and risk due to a cyber-attack or an incident.

CXOs also need to focus on validating the efficacy of the security controls by performing periodic 'red team and blue team' exercises. They should proactively sign up with security service providers who can act as an extended team, or provide expertise on demand whenever required. CXOs should focus on optimizing the existing security investment and rationalizing it.