Using Threat Intelligence and Security Automation to Curb Threats

The global pandemic has seen a huge rise in people working from home, shopping online, and generally being more digitally connected than ever. However, despite a year into remote working, most businesses remain concerned about the security risks of employees working remotely. In a conversation with CXOToday, Akshat Jain, Co-Founder and CTO of ‘virtual cyber fusion’ platform provider’ Cyware says it is time to reassess the cyber security landscape. In this context, he discussed topics ranging from cybersecurity awareness to CISO responsibilities and using threat intelligence and security automation to curb these threats. Edited excerpts:

What are your thoughts on cyber threat awareness among enterprises?

Cyber threat awareness has always been important for any organization to ensure that employees understand they play a substantial role in the cybersecurity posture of the company. Attackers regularly rely on employees to make mistakes, through attacks like phishing.

According to CERT-In, there has been a 300% increase in cyberattacks in India in 2020 over 2019, and these attacks include phishing and malware attacks, meaning that attackers can measure their targets effectively knowing exactly how many employees will fall victim to clickbait, and who will supply information unknowingly, so they can launch more targeted follow-up attacks with a higher chance of success. The key to cyber threat awareness lies in creating a situationally aware work environment through the effective use of threat intelligence.

The common pitfalls that we witness include the lack of clarity in identifying the malware and phishing attacks. These threats are further compounded as many organizations do not have the right platforms or solutions to consume the most relevant threat Intel and share that with their security team members and employees on basis of their role, location, and industry sector. What enterprises need is the capability to ingest, analyze, and alert their security teams and employees in real-time to create a 24×7 situationally aware workforce.

Considering that security breaches on big brands – not to mention SMBs – are rising by the day, where do CIO/CISO need to really focus on?

The focus for CISOs, CIOs, and other security decision-makers of today needs to be on moving from reactive security strategies to a proactive approach that leverages threat intelligence and security automation to curb threats before they create crisis scenarios. On top of this, various industry stakeholders need to join hands to share intelligence and learnings and build a collective defense against the most critical threats to ensure that no single organization is left to fend for itself when it comes to cyber defense.

How do we defend against more and more sophisticated cyber crime as our entire assets move to digital?

As we move towards a fully digitized and connected world, the attack surface for cyber crime keeps growing. Further, organizations need to establish a way to understand their full scope of cyber risk, and that means internally from machines to humans, and externally, where vendors, suppliers, and partners share a digital connectedness across systems and are sharing data.

To adapt to this evolving threat landscape, organizations need to broaden their horizons and adopt a holistic approach to cybersecurity that comprises various kinds of assets and the necessary defenses against emerging threats.

Holding on to a conventional perimeter-based and reactive approach for security can spell disaster for organizations as network boundaries become amorphous and threat actors move faster than ever before. What is needed is a threat intelligence and security automation-driven approach to understanding and responding to cyber adversaries and their sophisticated operations.

How does Cyware differentiate itself from the myriad security providers existing in the market? While a modern SOC employs dozens of security tools to address various security use cases, there is a lack of integration between various functions. The strength of Cyware’s solutions lies in enabling collective defense through the automated flow of threat intelligence within and beyond an organization’s boundaries, and the implementation of smart orchestration and automation workflows for detecting, managing, and responding to threats in an integrated manner. Our solutions are designed to allow for a modular deployment approach that also optimizes for scalability across global networks.

Can you tell us about your Cyber Fusion Center and how is it different from a Security Operations Center (SOC)? How does it enable organizations to mitigate security threats?

A Cyber Fusion Center involves a complete, end-to-end integration of the different security functions under a single, integrated platform to boost collaboration, unlock opportunities for smart orchestration and automation, provide comprehensive visibility and access to security-related information, and accelerate all the security processes.

This integrated workflow eliminates existing bottlenecks, saves time for security teams by automating manual tasks, improves threat visibility over the entire infrastructure, and makes it easier for SOC managers and CISOs to govern their operations with the most relevant metrics at hand.

The implementation of virtual cyber fusion helps organizations find the synergies among people, processes, and technologies to boost overall threat intelligence, accelerate incident response speed, and reduce incident costs and risks.