Managed Security, The Answer To Growing Cyber Threats

by Priyanka Pugaokar    Mar 21, 2017

govind

With the nature of cyber attacks becoming more sophisticated and complex, it’s quite difficult for organizations to keep a close watch on the activities of the cybercriminals and update themselves at the pace of hackers and disruptors. Considering the several limitations, enterprises today intend to completely outsource the security to the third party managed service providers and free themselves from the headache of designing security architecture and framing security policies. Here the security vendors come in a big way, who can help the organization focus on their core business by taking up the task of managing their security. Hence, the concept of manage services is witnessing a rapid adoption across the industry verticals in India.

In an exclusive interaction with CXOToday, Govind Rammurthy, CEO and MD at MicroWorld Software explains the need for managed services and how security vendors can lead the adoption of it.

CXOToday: How the demonetization has changed the business pitch of endpoint security vendors in India?

In my opinion, the demonetization has expanded the horizon of the endpoint security industry in India. The prime objective of the exercise was to get people introduced to the digital money and boost cashless transactions. If you look at the entire landscape post demonetization, the security industry has definitely got a boost out of it. When people rely on their endpoint devices for digital transactions, the security becomes a major concern. As the digital economy rise, people will probably get introduced to more security products or technologies and this will help further expansion of the security business in the country.

CXOToday: Have you observed any major digital wallet scams or data breach incidents post demonetization?

We have not observed many security breaches prime facie because of digital platforms. Breaches happen once the industry takes shape and moves towards the level of maturity. This is a stage when hackers will want to benefit out of the security breaches. Hackers put their brain, money and energy in developing malware only when the technology reaches the level of maturity. No doubt digital wallet platforms have come up in a big way after demonetization, but they are not reached the level of maturity yet. I expect when these digital wallet companies will reach the level of maturity, security breaches will be discovered and reported. Second important point is, people in India use digital wallets for very low cost transactions. Therefore, I don’t think that hackers will target such low cost transactions.

CXOToday: Security of sensitive data on Debit/Credit cards and digital wallets is always a concern for users. How these platforms are vulnerable for digital transactions?

Hackers cannot misuse the stolen credit card even they have the evv pin because it requires two factor or multi factor authentication for the execution of transactions. If somebody steals mobile or card they still need to know the pin or password to get the access of the information. So even credit card details get leaked, hackers need to have many other things together with the credit card in order to steal something from users. Therefore, giving out the debit card or credit card details to the digital platforms is not a risk at all. There are ample mobile security products available in the market, which offer features like anti-theft to protect data. So if we look at the market, we hardly find people, who are cheated because of the digital platforms.

CXOToday: While pushing the citizen towards less cash economy, how can the government protect the interest of users by ensuring higher level of security?

In the United State, it is very clear that as far as the fraud is concern the liability lies with the bank. That means the bank is solely liable to take the security measures to ensure that customers are not defaulted. Therefore, in spite of absence of two factor authentication or multi factor authentication, the US has large customer base of credit card users.

Coming back to the Indian scenario, the government and banks are pushing people towards the digital economy, but the basic backbone of a law is not there in place and that is a biggest problem in our country. Banks have got more resources and more power to ring up the necessary law enforcement authorities if something goes wrong, but a single customer cannot do that. Therefore, there is a need for basic infrastructure and basic legislation to further enhance the utility or the value of digital wallets and the transactions happen on web. Less cash economy is a very positive move but the government has to take steps to have necessary legislation in place to ensure that it further moves ahead in a right direction.

CXOToday: The government is mulling crucial amendments in the IT Act 2000. What key recommendations will you give for the amendments in the Act?

My most important recommendation will be shift the liability completely from consumer to service provider. If banks or credit card companies are the service providers, the entire liability should be put on them. The moment that happens, the service providers will be more careful about all the compliances they need to put in place. If the government is able to do that, service providers will take real good pains because it is their money at stake, which is not the case currently. 

CXOToday: On the side lines of CERT-Fin, do you think that sectorial CERTs will improve the security posture in India?

I seriously don’t think that industry specific CERTs are going to help to stop cybercrime menace. Hackers don’t write industry specific malware. There is a very small percentage, where hackers write malware for specific industries, but almost 90 percent of hackers write malware that can target all industries. So, when entire industries can be targeted, then why spend money, efforts and energy and take headache of having industry specific CERTs. Secondly, sectorial CERTs are not going to resolve the issue of scarcity of skilled manpower. If the government forms such CERT, in my opinion, it will be no help other than sucking away the money of tax payers. As I mentioned earlier, you change the liability and source, the things will change automatically.

CXOToday: Then what will be the ideal solution according to you, which will address the issue of scarcity of skilled manpower and provide holistic security?

Skilled manpower will always be an issue as far as the cyber security is concerned. When it comes to managing threats and managing the information that is generated by the various product lines inside the company and interpret this information, organizations will need to avail managed services.  We have got requests from many large private sector companies and banks, who intent to outsource the task of managing security to the third party managed security solution providers like us. This shift is happening across the industries and organizations are moving in that direction.

CXOToday: What is a role of CISOs in deployment of managed services within their organizations?

CISOs are very much important to put security policies inside the company. When it comes to managed services and deployment of solutions on the networks, it is an expensive proposition. In absence of CISOs, CFOs or CEOs cannot take such call as they don’t have required intelligence to take decisions. Here CISOs come in a big way. Handling the security infrastructure and handling the companies like us become possible only in the presence of CISOs. The role of CISOs is evolving at a rapid pace and that is an encouraging sign for security solution providers like us.

CXOToday: How do you forecast the growth of endpoint security market in India in 2017?

ATPs have become a matured market in India and it is moving at a high pace. We see a lot of RFPs coming from the government organizations and banks for deployment of ATPs and managed services. Second significant trend is that the definition of anti-virus is changing. Anti-virus as a standalone product is dead today and the industry has moved way far and now working towards solutions.

Security solution providers like us are now focusing more on the enterprise security solutions and adding features such as to traffic scanning, advanced threat penetration and advanced malware threat checks in their standard AV offerings to make it a holistic security solution. Enterprises are deploying “Early Warning systems” in order to detect the suspicious behaviour or unauthorised login attempts before the breach happens.

CXOToday: How eScan is positioned in the enterprise and SMB market?

We develop security solutions that provide protection against current and evolving cyber threats. Our product portfolio includes eScan and MailScan that encompass Anti-Virus, Anti-Spyware, Content Security, Anti-Spam and Network Intrusion Prevention solutions. We offer ATPs and Advanced Penetration Test (APTs) platforms. We also offer correlation engines and User Entity Behaviour Analysis (UEBA), which helps admin to track all such kind of activities within a network and reach some conclusion. We currently do not have solutions for security of SCADA systems or real time industrial networks. We provide only APTs to industries. We don’t have any ideas as of now to do any investments on the IoTs, but IoT is very much in the foreseeable future.