Security is creating a buzz. Predictions would be tough given that many of the well-known organizations were a victim of cyber hacking and undoubtedly, it will be inevitable in 2019. Because, security being my pique of interest, I interviewed some of the sagacious industry veterans, Sudhindra Holla, Sales Director, Axis Communications – India & SAARC; Rahul Kumar, Country Manager India and SAARC at F-Secure; Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet; Binu Thomas, Co-Founder & Executive Vice President, Paladion Networks was an enlightening experience. I am hoping that anyone with an inquisitive mind would also be beguiled with this erudite interaction.
Major Developments on ‘AI-Integrated Security’
Rajesh Maurya- While security professionals continue to grow in skill and acumen, the volume and acceleration of attacks, coupled with the evolving threatscape of our digital economy, far outpace any improvements to security, widening our gap in protection. For example, in 2007, security operations centers (SOCs) saw fewer than 1,000 alerts on an average day. Now, SOCs are seeing more than 10,00,000 alerts a day—a 1,000% increase. Every day to detect and block attacks of these volumes, organizations must react to threats at machine speeds. Machine learning and AI are becoming the new norm in network security to respond to threats at machine speeds. Integrating machine language and AI across point products deployed throughout the distributed network, combined with automation and innovation, will significantly help fight increasingly aggressive cybercrime.
Disrupting the criminal economic model, however, can only be achieved by tightly integrating security systems into a cohesive, integrated security fabric framework that can freely share information, perform logistical and behavioral analysis to identify attack patterns, and then incorporates that intelligence into an automated system that can not only respond to attacks in a coordinated fashion, but actually begin to anticipate criminal intent and attack vectors.
Binu Thomas- Speed, scale, accuracy: this is what artificial intelligence brings to the table, and this is why the technology is registering rapid adoption across multiple industries. AI uses its computational power to crunch through massive volumes of data and to extract relevant insights – all in a fraction of the time it would take human experts to accomplish the same task. It also allows businesses to automate certain repetitive tasks and processes and can be programmed to learn how to perform better over time to enhance overall productivity and the speed of business output.
When it comes to cybersecurity, these factors are extremely critical. The volume of data that is generated across the enterprise IT infrastructure is too large for human-only teams to analyse and respond to swiftly. As a result, attacks dwell within enterprise networks, data flows, and devices for several weeks, causing significant damage till the time they are detected.
AI-led MDR solutions also constantly analyze the data generated across an organization’s entire IT stack to identify security threats and vulnerabilities. They can swiftly separate false positives from actual breaches and automate security processes to deal with low-threat, high-volume attacks used by cybercriminals to camouflage more advanced attacks.
This allows AI to significantly optimize the enterprise threat detection, response, and mitigation capabilities. Attacks are detected on a near-instant basis, minimizing the response time and their area of impact. The post-breach forensics that AI enables also helps organizations address exploited vulnerabilities and improve their security posture against similar attacks in the future.
Sudhindra Holla – In the current scenario, we see a migration to Network IP from the analog camera. As more and more devices get integrated on to the network, the security risks associated with it will also increase. Industries have begun to run their surveillance system on AI with the aim of being proactive in an emergency situation. The overall crime reduces with the smart AI technology which uses analysis, while helping overcome human flaws in the surveillance system – such as the response and accuracy. For this reason, AI (along with machine learning) deployed in surveillance systems have catapulted the video analytics feature of the system. Just like IoT, AI will evolve in the security market and take video surveillance to the next level.
AI is also a cost-efficient way to monitor and analyze large streams of data. In terms of security and operations, various sectors have taken notice of the positive impact of adopting AI into their IP-based solutions.
Rahul Kumar – Artificial Intelligence has emerged as a game-changer within the cybersecurity space. Today, it is enabling us to automate non-critical processes and has been making cybersecurity professionals more productive with a singular focus on serious issues. The technology is also turning out to be quite pivotal in Detection and Response. This is further reducing the average dwell time while simultaneously increasing the precision of cybersecurity measures.
It must be noted that the technology is still in its embryonic state. It is currently being refined and will soon become more effective in dealing with dynamically evolving cybersecurity challenges.
Security Trends Catching Fire in 2019
Binu Thomas – There are two broad trends that I see panning out in 2019 which will influence most developments within the global cybersecurity domain: greater adoption of AI-led cybersecurity solutions, and the shift from standalone prevention-based security models to an interconnected detection-driven security approach.
It is almost certain that the adoption of AI-led cybersecurity solutions will accelerate. Artificial intelligence has already become integral to enterprise security, powering innovative countermeasures such as security automation and security analysis. Recent developments also hint at the rise of augmented intelligence. Such integration between human intuition and AI capabilities is expected to further enhance security operations.
Organisations will also move away from standalone, prevention-based security systems to collaborative security networks.
Rahul Kumar- Though Artificial Intelligence is gradually becoming part and parcel of cybersecurity solutions, in 2019, positive developments will be seen targeted towards reinforcement learning. Also, since the breakout of NotPetya attack in 2017, a constant diversification of the attack has been observed throughout 2018 and we believe that such supply chain-based attacks will increase in 2019.
Cybersecurity researchers, on the other hand, will hunt for alternative data repositories this year. This will help them in pre-emptively dealing with emerging security issues rather than responding to, and remediating them later. So, the honeypot infrastructure can be seen mounting globally. This infrastructure will also help in detecting the flaws in novel technologies such as IoT and cloud.
Rajesh Maurya – To manage increasingly distributed and complex networks, organizations are adopting artificial intelligence (AI) and machine learning to automate tedious and time-consuming activities that normally require a high degree of human supervision and intervention. These newer defensive strategies are likely to impact cybercriminal strategies, causing them to shift attack methods and accelerate their own development efforts. In an effort to adapt to the increased use of machine learning and automation, Fortinet predicts that the cybercriminal community is likely to adopt the following strategies, which the cybersecurity industry as a whole, will need to closely follow in 2019.
- AI Fuzzing:
Because they target unknown threat vectors, exploiting zero-day vulnerabilities is an especially effective cybercrime tactic. Fortunately, they are also rare because of the time and expertise needed by cyber adversaries to discover and exploit them. The process for doing so involves a technique known as fuzzing.
Fuzzing is a sophisticated technique generally used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. Though using fuzzing to discover zero-day vulnerabilities has, so far, been beyond the scope of most cybercriminals, as AI and machine learning models are applied to this process it will become more efficient and effective. As a result, the rarity of zero-day exploits will change, which in turn will have a significant impact on securing network devices and systems.
- Continual Zero-Days:
Traditional security approaches, such as patching or monitoring for known attacks, will become nearly obsolete as there will be little way to anticipate which aspect of a device can be potentially exploited. In an environment with the possibility of endless and highly commoditized zero-day attacks, even tools such as sandboxing, which were designed to detect unknown threats, would be quickly overwhelmed. While there are some frameworks like zero-trust environments that may have a chance at defending against this reality, it is fair to say that most people are not prepared for the next generation of threats on the horizon — especially those that AI-based fuzzing techniques will soon begin to uncover.
Advances in swarm-based intelligence technology are bringing us closer to a reality of swarm-based botnets that can operate collaboratively and autonomously to overwhelm existing defences. These swarm networks will not only raise the bar in terms of the technologies needed to defend organizations but, like zero-day mining, they will also have an impact on the underlying criminal business model, allowing them to expand their opportunity.
- A la Carte Swarms:
In a swarm-as-a-service environment, criminal entrepreneurs should be able to pre-program a swarm with a range of analysis tools and exploits, from compromise strategies to evasion and surreptitious data exfiltration that are all part of a criminal a la carte menu. And because swarms by design include self-swarms, they will require nearly no interaction or feedback from their swarm-master or need to interact with a command and control center, which is the Achilles’ heel of most exploits.
- Poisoning Machine Learning:
One of the most promising cybersecurity tools is machine learning. Devices and systems can be trained to perform specific tasks autonomously, however, this process can also be a two-edged sword. Machine learning has no conscience, so bad input is processed as readily as good. By targeting and poisoning the machine learning process, cybercriminals will be able to train devices or systems to not apply patches or updates to a particular device, to ignore specific types of applications or behaviours, or to not log specific traffic to better evade detection.
Security Tussle in 2019
Rahul Kumar- Global IoT adoption has been increasing across all walks of life. Today, technology is being used in everything from surveillance cameras to TVs, refrigerators, and ACs. However, there are a lot of vulnerabilities that are yet to be discovered within the technology. Apart from that, unsecured IoT devices can be compromised and be used to penetrate deeper into a secured network using a range of TTPs. The technology poses as a prime security challenge for cybersecurity personnel.
Also, privacy concerns were a part of the mainstream dialog last year. So, businesses will be more focused on protecting their both infrastructure, as well as data.
Rajesh Maurya – The challenge with our growing reliance on a digital economy is that anything that can be generated, transmitted, stored, or analyzed, no matter how valuable, can also be breached, corrupted, or misused. So the question businesses are grappling with today is, how can they capitalize on the opportunity of the digital economy while managing associated risks?
In this new environment, constant change is the new normal. And given the rate of change that network, devices, and applications are undergoing, organizations must establish a way to maintain control in a constantly churning environment. This includes establishing a deep understanding of every device on their network at any given moment, where their most critical data lives, who has access to which digital resources, where and how workflows and data move, and how applications and services connect everything together.
However, as the rate of adoption of devices and applications accelerates, maintaining visibility and control over these elements is becoming increasingly complicated. The sheer volume alone can overwhelm many organizations. And given the current rate of security breaches and malware development, however, it is clear that yesterday’s security strategies and tools are increasingly less effective. And the complexity and scale of securing against this evolving threat landscape will be compounded further as we move infrastructure and services to multi-cloud environments, leverage increasingly transitory network resources, embrace a more mobile workforce, and continue to merge our public, private, and business lives.
Binu Thomas – One of the biggest security challenges that organizations currently face is that of mind-set. Security, to most enterprises, is an afterthought instead of a priority. IT systems are designed, deployed, and upgraded without any consideration to cybersecurity. This culture propagates downwards; most business users don’t tend to apply recommended cybersecurity practices while using connected enterprise devices and networks.
The other major challenge is that of growing interconnectivity. The connected infrastructure is becoming more and more enmeshed within day-to-day business processes across multiple industries. SMAC (Social, Mobile, Analytics, and Cloud) technologies are becoming popular within the enterprise setup, while BYOD-led work cultures are also gaining acceptance in a big way, delivering higher productivity and better operational efficiency.
Cloud Security and Indian Organizations – Just Not a Story
Rajesh Maurya- One of the biggest challenges multi-cloud environments have introduced to the security posture is the isolated cloud environments found within networks. With every new cloud-based application, infrastructure, or software service added to a network, the number of potential entryways into the organization’s network that cybercriminals can exploit increases. With these disparate multi-cloud environments comes a variety of obstacles for IT personnel responsible for securing cloud siloes.
When multi-cloud security is siloed, cybersecurity efforts have to be manually carried out across each disparate cloud environment, limiting the response time and efficiency of cybersecurity personnel’s efforts. One of the biggest pain points created when any siloed element enters a network is its impact on threat analysis In order to properly maintain effective security posture, IT personnel need to understand the threats across their network, helping to expose attack vectors and their subsequent solutions. However, with disparate cloud solutions acting as digital point products, this adds complexity to an already sophisticated IT environment, forcing cybersecurity professionals to individually analyze each cloud.
As organizations continue to adopt more cloud-based capabilities into their networks, each siloed cloud needs to be properly integrated into a unified Security Fabric. By unifying siloed multi-cloud environments with additional virtual and physical network elements, cybersecurity personnel can gain broad visibility and protection across the attack surface, while gaining the capabilities for rapid advanced threat detection and automated threat response and breach mitigation.
Binu Thomas – Cloud-based security solutions such as MDR will be game-changers for Indian businesses, particularly those belonging to the MSME sector. Small and medium businesses lack the resources required to set up in-house cybersecurity operations, but still face sophisticated attacks like larger enterprises do. Tackling advanced threats becomes a big challenge for them as a result.
This is exactly where cloud-based MDR solutions step into the fray. By providing access to AI-led cybersecurity capabilities through the cloud, such security solutions enable enterprises of all sizes to adequately secure their business operations and data – all at a fraction of the cost of setting up dedicated cybersecurity operations of their own. This, in a fast-digitizing large economy such as India, will be the need of the hour.
Rahul Kumar – The Indian cloud industry has already become worth $2.5 billion in 2018 as per estimates and is further pegged to become worth $3.19 billion by this year. The growth is triggered by the increasing demand for cloud-based solutions in our rapidly digitizing nation. This directly increases the importance of Cloud Security solutions.
Impact of the Data Protection Bill
Sudhindra – With the Personal Data Protection bill (PDP) coming into being, data protection rights are enforced to the Indian citizens. While, the focus of the regulation is on mandating those rights, to any organization, regardless of geographic location, processing the citizens’ personal data. It details a number of Rights of Indian citizens in respect to how their personal data is used. India’s data protection law will shape the relationship between the citizens and the organizations and government entities/institutions handling their data. The aim of this law is to ensure a free and fair digital Indian economy and it is seen as an important milestone in setting up a framework which gives the Indian citizens full freedom to protect their data.
While it will be applicable across domains, a large part of the debate around the draft legislation has focused on how global IT technology companies use customer data as one of the focal points of the bill is to mandate storage of citizen data in servers located in India. The bill has a direct impact on businesses like retail, aviation, hospitality and so on running loyalty programmes, who will have to seek explicit consent from the user if they want customer details for accumulating points and offering a service. Working closely with customers and partners to solve their security surveillance issues all these years, I can definitely state that end customers have deep concerns as to how their data, be it information, images, videos or any other format, would be stored and utilized at a later time frame without their knowledge.
Taking all these into considerations, it is one of the landmark judgement taken by the Indian judiciary to protect the personal data from misuse and criminal activities, building a strong relationship of trust between the users and the organizations.
Rahul Kumar- Till now, data privacy and cybersecurity initiatives were taken quite lightly by Indian businesses and government departments. The Data Protection Bill will change this culture by pinning responsibilities on individual stakeholders. This will not only protect people’s data and ensure timely disclosure of breaches as and when they occur, but it will also lead to adoption of more superior cybersecurity measures in India. We believe this is a very positive development.
Rajesh Maurya- The Data Protection Bill makes individual consent central to data sharing as the previous privacy laws in India offered little protection against misuse of personal information. Unless an individual gives an explicit consent his/her personal data cannot be shared or processed. Also, any person processing your personal data is obligated to do so in a fair and reasonable manner and use it only for the purposes it was intended for in the first place.
The onus of data integrity and compliance now shifts to the organization that will be processing an individual’s personal data. Employees can unwittingly cause severe damage to a business due to a lack of awareness. To minimize risk especially as connectivity and digital resources become more intertwined, organizations need to must educate employees and promote security hygiene best practices that will minimize risk, data leakage, and non-compliance while still allowing for operational flexibility and efficiency.
Binu Thomas – When the Data Protection Bill comes into effect, organisations will have to ensure that their security infrastructure is robust enough to protect sensitive data. The good news is that enterprises have become more aware about this need-gap and are looking at state-of-the-art cybersecurity solutions to bolster their security postures
A large percentage of Indian businesses are currently unequipped to do this. They have little to no visibility into their networks, or how data flows within and outside it. This leaves them more vulnerable to security breaches and also makes accurate breach reporting extremely difficult.
CIOs and CISOs will have a massive challenge ahead of them when it comes to achieving compliance with the Data Protection Bill. Recent security breaches, such as those at Facebook, highlight that even large organisations with extensive capital, human, and technological resources are struggling to keep up with advanced attacks and threats.