Businesses Shifting From Legacy To Preventive Security Architecture

by Priyanka Pugaokar    Mar 31, 2017


The common adage ‘prevention is better than cure’ is duly applied to the information security industry. Prevention, detection and response are the three key pillars of the enterprise security architecture. However, most of the organizations put more emphasis on detect and respond and somewhere overlook the preventive measures. There are different views in the industry on the effectiveness of all the three approaches. Majority of industries today focus on detect and response mechanism, however, given the fact that cybercrime syndicates are becoming bigger and powerful, it is equally important to have robust preventive security measures in place to mitigate the cyber risks.

US-based next-generation firewall solutions provider, Palo Alto Networks believes that applying a prevention-based approach offers enterprises a better security ecosystem to identify both known and unknown threats, and mitigate them in real time. In an exclusive interaction with CXO Today, Anil Bhasin, Managing Director, India & SAARC, Palo Alto Networks, shares his perspective on how Indian enterprises are shifting their focus from legacy to prevention-based security architecture. 

CXOToday: What is an engagement of Palo Alto Networks in India? What growth prospects do you see in the country?

We entered into the Indian market in 2013 and now have strong footprints across the country. We are present in all metros and major cities in India. Today, we have approximately 30 employees, which include an experienced sales and support team, RMA (Return Material Authorization) depot and TAC (Technical Assistant Centre) in Chennai. India is one of the fasted growing markets, where we have seen a big uptake for security in verticals such as BFSI, ITeS and Telecom. We have also seen a sharp shift in the security strategy of enterprises. This is simply because enterprises now want to move away from legacy to the prevention-based architecture. 

CXOToday: What key trends do you observe in the security market in India? What is the impact of the digitization push on the current security landscape in the country?

There are three irreversible trends that are driving the security industry: Globalization, Digitization and Mobility. Internet is the common link among all the three trends. Today, the internet has become the business enabler but at the same time, is the most unsecure tool mankind has in its hand. The concepts of “digital” and “safer” are becoming increasingly synonymous with each other, and the push towards digitization and demonetization will further lead the need for a safer and secure Digital India.

CXOToday: According to you how the role of CISOs is evolving in the enterprise space in India?

The role of CISOs is evolving and there are certain industries that are taking the lead ahead of others in understanding the significance of CISOs. In verticals such as BFSI, there are certain regulations that suggest that CISOs should report to the board directly. There is a growing conversation on how the board perceives security; whether as strategic imperative or tactical necessity. The days of tick-box compliance are fast becoming over and done with, and Indian CISOs will have growing influence within their organizations. The one difference I do see is the lack of awareness in India, primarily because currently we do not have regulations around public disclosure, like in western countries.  If we were to have regulations like these in India, I think the sensitivity would be much higher.

CXOToday: How CISOs are influencing the decisions regarding technology deployments in their organizations?

The role of CISO in terms of decisions-making for technology deployments very much depends on the organization. Large organizations have different teams that influence decision-making regarding technology deployments. These decisions are mainly led by the four teams: Networking, InfoSec, Endpoint and Operations. Unfortunately, it is not about the one team taking a decision, but bringing together the whole organization, where the board plays an important role.

CXOToday: Do you think the formation of sectorial CERTs will help industries better manage and mitigate cyber threats?

Cybersecurity is the responsibility of every individual in an organization – and this understanding is the first step for better managing and mitigating cyber threats. Then it comes to how we frame laws for cybersecurity. There should be a discussion around the framework, education level and skills we need to develop. After which, you can have CERT or any other associations and make people and systems accountable. The whole idea is that we should have defined cyber laws. At the same, time we must have an umbrella agreement in place because regulations will be different for different industries.

We have good laws in place, but it is implementation that makes the difference between effectiveness and non-effectiveness. We are still some time away from the implementation part, where things like public disclosure and enablement will come into play. There is a huge opportunity to leapfrog legacy in India. 

CXOToday: Scarcity of skilled manpower is always a challenge in the cyber security space. How do you address this issue?

We need to understand that cybersecurity is an approach and it is a dynamic conversation. We must know how to integrate people, process and technology together to match to the threat landscape which is changing on a daily basis. Our idea is to marry processes with people and technology to develop a preventative cybersecurity posture. We believe it is our responsibility to work with the government and enterprises, where we are more than happy to share our academic program. We offer our curriculum on cybersecurity to universities, where students can strengthen their skill set and develop their understanding about cybersecurity challenges, to fulfil the requirement of CISOs and other cybersecurity professionals in the country. This initiative is very close to our hearts and we are running the program in major universities across South India.

CXOToday: What is your engagement with the Indian government? What are the key government projects you are working on?

We work very closely with the Indian government but unfortunately are unable to comment on any specific project. I can say that we work strategically with all our customers to help them build skills that secure their critical assets.

CXOToday: What is your positioning in the area of security of SCADA systems?

We have a number of notable architectures in the area of SCADA security. Palo Alto Networks is the only company that operates at Layer 7. We deliver a complete next-generation security platform that addresses the ICS cyber security challenges to help keep uptime and safety high. We have a strong SCADA networks infrastructure and it is very high on our agenda.

CXOToday: What value proposition the recent acquisition of LightCyber brings to Palo Alto Networks?

We announced the acquisition of LightCyber for $105 million in cash in our Q2 earnings. LightCyber is a privately held cyber security company that has developed award-winning, highly automated and accurate behavioural analytics technology. With this acquisition, we intend to go deep in the space of behaviour analytics and machine learning. Palo Alto Networks will continue to offer the LightCyber products and support existing customer implementations while it engineers the technology into the Palo Alto Networks Next-Generation Security Platform by the end of the calendar year.

CXOToday: What are your key thrust areas in terms of business expansion in 2017?

Our mission is to make digital life safer. We aim to earn our trust with customers as cyber security partners and not simply as an OVM. One focus area is to work with every customer who believes that cyber security is an important aspect of their business. Another focus is to educate and reshape the thinking of the market to better understand the importance of cyber security.


We will also focus on ensuring that we share the best practices that we have learned, while working with our 30000+ customers worldwide and collaborating with them to obtain threat intelligence that safely enables business applications and secures their critical data. The aim is to ensure our customers feel comfortable in building their business models without the fear of cyber security challenges.