InterviewNews

A Preventative Approach to Cybersecurity @ the Heart of a Good Defence

Sudeep Das, Head Security Engineer, India & SAARC, Tenable
Sudeep Das, Head Security Engineer, India & SAARC, Tenable

Principally, Tenable focuses on two things: First, it’s  automating as much as possible to monitor the entire digital landscape; second, It is analysing the risks and helping security professional focus on contextualised, risk-based activities that they can do based on the data that it is collected through unified platform.

In the modern attack surface, entry points are aplenty and cybersecurity efforts have always been aimed at “how quickly can we react to an attack”. The changing nature of work and ways of doing business now calls for a preventative approach to security,  that predicts, prioritises and eliminates threats. Sudeep Das, Head Security Engineer, India & SAARC, Tenable, in conversation with SME Channels, discusses how Tenable is helping organisations minimise cyber exposure and ultimately make risk management functions easier.

“By contextualising cyber exposure, organisations are now able to answer to very basic questions that haunts most security professionals.”

Sudeep Das, Head Security Engineer, India & SAARC, Tenable

The massive digitization after the COVID-19 pandemic has resulted in a significant uptick in demand for cyber security solutions. As a pioneering cybersecurity brand, how has Tenable been leveraging this rise in demand for cybersecurity solutions?

In India, the power of the IT network has grown with greater access. Before the pandemic, everyone was using traditional modes that are mostly in-house. COVID-19 changed the way IT services were delivered. People moved out of the perimeter, and hence the IT landscape that they were using changed and opened up too. This led to more entry points in the attack surface for the criminal.

As that happened, people also started seeing that it wasn’t sufficient to look into cybersecurity from the traditional methods of critical servers and critical infrastructure only, because now non-critical infrastructure is also getting exposed, and they are the vehicle to which the attacks are occurring. This meant that security professionals had to expand their horizon of thoughts. They now need to look into every digital asset that might have got exposed because of the openness with which services are getting delivered.

And that is where companies like Tenable started looking and finding novel ways to make sure that this entire attack surface of organisations can be addressed. And we have achieved it. I know the problem with cybersecurity is that there are too many things to be done with too many stages in which attacks occur. As a cybersecurity organisation, we needed to make sure that with the limited resources that we have in terms of people, we had to figure out how to really automate and help cybersecurity professionals focus their activities on things that really mattered.

At Tenable, we focused on two things, one is ensuring that we are automating as much as possible to monitor the entire digital landscape and the second is analysing the risks and helping security professional focus on contextualised, risk-based activities that they can do based on the data that we have collected through unified platform. Our comprehensive exposure management platform is our solution to the most pressing challenges facing modern cybersecurity.

What is Tenable’s approach to tackling the expanding modern attack surface, given remote and hybrid work models and the expanding attack surface?

Cybersecurity has certain fundamentals on which the entire framework is created. One of the fundamentals that Tenable focuses on is proactive and preventative security. If you look into the overall foundational things within the security framework, one is proactive security, the second is reactive security, and the third one is resilience in which organisations bring back their systems online after they’ve been breached.

And all these three phases of cybersecurity programs are something that every organisation should ideally be working on. With the massive expansion of the digital space or the attack surface, each of these 3 different layers of cyber security, and security professionals are trying to take the right approach to security. For example, factories that remained shut during the lockdown, opened up. And suddenly, the nature of work had changed and industrial control systems became more interconnected – they needed to be connected to the internet, IoT devices, OT devices were being linked to cloud devices and the desktops that contain web applications, and critical servers. Securing such a dynamic and complex landscape needed a proactive approach and that’s what Tenable is focusing on.

If you are trying to stop an attack amidst such complexity, it’s going to be impossible to do that with a reactive security approach given how the number of elements exposed to attacks has increased.

Tenable’s approach has been to ensure that organisations are better prepared by understanding the exposures and stitch together defences so the exposure level decreases. What we did was ensure organisations identify issues proactively in all digital assets be it cloud security, identity security, OT security, attack path analysis or external attack surface management – in a very automated manner.

We created an automated analytics platform which will contextualises all these different exposures surrounding all different interconnected. By contextualising cyber exposure, organisations are now able to answer to very basic questions that haunts most security professionals. With all these systems on the attack surface, how much am I exposed and what are the points of exposure? Are those exposures exploitable? Are they going to be exploited now, or is there nothing really happening? Contextualising risk provides concise risk-based action items for proactive security and proactive remediation to close those exposures. That’s how we help tackle the concerns of the modern attack surface.

How is Tenable aligning it’s channel market or your channel strategy according to the current market trends?

I believe every trend is driven by a necessity or a demand from customers and it stems the problems they face. As a channel-first company, our strategy is tailored to customer requirements. Channel partners help us operationalize our platform and bring together all the different moving parts come together. That is the way forward, and channels play a major role in it.

What we have done is ensure that channel partners are equipped with these latest innovations so they can tailor solutions to customer requirements around proactive security. Our channel partner program is designed to equipped them with APIs and development tools so that they can garner the information or the automated analytics that we are bringing about. Through a plethora of programs, our channel partners are well-trained on our products so they can deliver top-notch service to the end customer in a comprehensive and collaborative manner.

Cyber security has been one of the most tech-intensive sectors. When it comes to channelling the product to the market, keeping a tab with the channel partners, and upskilling them is important. So, what are Tenable’s upskilling initiatives for its channel partners?

There is no easy way out of this, apart from doing the grind. Our approach is intensive training sessions, providing them their access to the, and giving them the right tools to integrate with their other solutions within the market, ensuring that different solutions work together in an automated manner.

Our channel partners focus on processes rather than the technology itself so they can help organisations with exposure management. While they focus on the process and services, we ensure that the technology is automated and performing the analytics that it is supposed to, and providing actionable intelligence along with the raw intelligence that is invaluable to security teams. They also help customer scale up their cybersecurity initiatives. With Tenable’s technology and channel partners’ support in operationalising it for customers, we can scale faster, increase time-to-market and help customers adopt a proactive security approach quickly and efficiently.

How is Tenable been leveraging artificial intelligence or machine learning to folk out better solutions in the detection, prevention and mitigation of cyberattacks?

Tenable uses AI and ML to understand how known breaches have occurred and use that to predict attack pathways, identify the next exploit and help organisations prioritise which vulnerabilities or misconfigurations they must fix first to reduce the possibility of an attack that compromises the most critical assets. We have come up with simple-to-use metrics which is based upon these learning and prediction technologies that we’ve developed. It allows organisations to proactively eliminate weaknesses in their environments.

Such proactive security makes threat detection easier, because now the detection is not detecting the known threats but also the unknown ones. Instead of merely identifying the problem, Tenable’s automated solutions identify which ones to fix first. So, leveraging AI in our products ensure our customers can predict, prioritise and remediate. In addition, our dedication to research also ensures we are no compromising on the traditional ways of accumulating threat intelligence. So we get the best of both worlds which is helping us deliver great products that helps organisations achieve better cyber hygiene.

What are the key focused areas that you are currently focusing upon for channel upliftment and channel partners?

I believe India is quite unique, because I think the technology adoption in India has always outpaced other countries. While we might be late sometimes, once we start adopting it, we adopt it

wholeheartedly with full passion. So, the speed at which adoption happens in India, that is one of the biggest challenges that we have to face. The best way to handle these challenges is making sure that the channels, the people on ground, are well equipped to tackle customer concerns. For this we have two different approaches. The first one is the services channel or the people who actively deliver and operationalize our technologies for the end customer. The second is technology channel partners. These are the people are in the incident response space or the reactive security space. They help customers tackle integrations with the access management solutions, automation, incident management solutions, ticketing systems, patch management systems, etc. There is a whole bunch of technology partners and technology channels that we are working very closely with to ensure that the interaction and the collaboration between tools is automated. We already know the use cases. We deliver the use cases out of box. So that there is very little manual activity or manual processes that are in place so that the data exchange can be driven by the use cases and objectives.

So, the channel ecosystem, both at the technology level, at a service level, are well-oiled and this has been possible through continuous learning, lab access, and training programs driven by use cases.

The security adoption is moving at a very quick pace. It seems that security has come a long way from being nice to have to being must have in today’s scenario. And yet, many enterprises are still hesitant in adopting adequate security measures. What’s your advice to these people who are still lingering below the cybersecurity poverty line?

I think that’s exactly what is important. Address the problem in a way that people can understand. So, we all understand poverty line, and we know that has to be a problem that has to be solved. When you correlate security in that context, it is a common language which people can understand, and that’s exactly the queue that security teams must also follow. All this while we have been entangled in jargon that makes cybersecurity incomprehensible to people running the business. Business alignment of security output is one of the ways that CISOs can ensure cybersecurity adoption is better, that it is in line with the business objectives of the organization.

This changes the perception from “a good to have to a necessity”. Because cybersecurity is a risk management function and not an IT function anymore. Instead of saying, “We identified X number of vulnerabilities and patched them”, it would be better to say, “You have weaknesses in these environments which will bring down your most critical business service in a matter of days.” It’s about translating the cyber threats into business objectives. I don’t think our business leaders don’t want to have security measures. They just didn’t realise how important it is. It’s important to present the data in a meaningful manner so the board and non-security professionals understand the gravity of the situation. Tenable has ensured that this wide world of vulnerabilities that have existed in incomprehensible excel sheets is now translated into exposure scores, making it easier to understand.

How much work does Tenable put in to look at this wide world of vulnerabilities and how it is planning to leverage it to achieve growth. What is your growth outlook for the coming year?

The world of vulnerabilities, that’s raw data, is extremely useful – not merely as raw data but when it is analysed and put into a context. Today’s environment is not like 20 years ago where vulnerabilities existed only in a fraction of digital assets. We have tens of thousands of vulnerabilities, requiring automation to achieve scalability.

What Tenable does is take all of these raw data, put it into an analytics framework, and provide organisations actionable intelligence that is analyses, normalised and contextualised. This contextualisation is not just based upon the raw data of vulnerabilities but also data from other security tools, like incident response and reactive security tools. The proactive and reactive wings are brought to collaborate with automation, ensuring bottlenecks of patching vulnerabilities is eliminated altogether, making it easier for leaders to make decisions and measure the process that is driving the security force.

Look at the security market, there’s a clear emergence of security-as-a-service. Is Tenable offering this as a mode of service, or is it planning to offer this thing in the future?

We’ve adopted security as a service when we realized that people are buying our service. People are not buying a specific technology. A long time back we had started investing our time in ensuring the technologies we develop can be operationalized, can be provided as a service without too much of customization or without too much of specific enablement. All our technology has always been natively developed to be provided as a service, because ultimately a customer wants a business objective to be achieved rather than a technology to be deployed. When we are translating these technologies into business objectives, we are already in that mode of development where the technology is capsulated as a service, and the service has a specific outcome and that outcome is what is going to drive the business object. This whole path is where organizations like Tenable, realized a long time ago that this model is the way to go. Hence, we’ve invested heavily in the channel system.

When we struggle with an expanding this threat landscape, we find it is riddled with enigmas. As a security expert and one of the leading vendors, what would be your say on what’s driving enterprises and individuals to focus on security? Can you enlighten us on some industry best practices for enterprises?

The fact that the modern attack surface is expanding constantly is what’s driving organisations and individuals to adopt cybersecurity practices. Security practitioners already know how to defend their organisations. It’s just that enterprises have not really understood these best practices and adopted them at scale. The first best practice that to be really passionate about cybersecurity. It’s the mindset of having a clean infrastructure devoid of vulnerabilities and misconfigurations. When an organisation practices cyber hygiene and shores up its defences proactively, it makes it that much more difficult for threat actors to breach them. There are hundreds of benchmarks, hundreds of guidelines which can be completely automated meaning cyber hygiene can be completely automated and realizes in an organization. That’s the first best practice to adopt.

The second best practice is, preventative security. Breaches can be stopped by not

allowing the condition of a breach to be there at all. When we’ve removed the attack pathways, we know that we don’t have to deal with the detection, the breach, and incident response.

The third best practice is achieving full visibility into all assets – known and unknown – and doing it proactively and continuously. The fourth is securing newer technologies like the cloud and zero trust. Focusing on identity exposure reduces a lot of risk. And finally, every security needs to aligning its objectives with the business objectives. This ensures that security efforts are prioritised, ensuring better productivity and effectiveness of security programs.

How strong are you in the India market. Are you planning any major channel expansion? Is there any major investment in the pipeline?

India is growing, absolutely, and we are definitely prepared to leverage this expansion of the market that is already happening. We are ensuring that our channel partners and technology partners, and their collaboration can expand as our expansion into the market continues. We are very bullish in our outlook and we are driving the entire market of exposure management. Yes, we definitely want to be known as the leading exposure management company, and we are doing our enablement, our marketing in our field presence strongly to ensure that the word goes out and we establish ourselves as the pioneer of exposure management worldwide as well as in India.

Related posts

India Braces Against Phishing, Ransomware Surge and Alert Fatigue: New Study

adminsmec

MeitY Startup Hub partners with Dell Technologies to build robust Start-up ecosystem

adminsmec

Quick Heal Technologies announces salary increments from October 2020

adminsmec
x