/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2015/09/Scott_Intel.jpg)
Sonal Desai
Scott Lovett, Executive Vice President, Worldwide Sales, Intel Security, discusses different threat vectors and provides insights into how CISOs should prepare for future attacks, in an exclusive interview with CIOL.
There is a security cordon covering the security landscape globally. What exactly is plaguing us?
Security in the past has traditionally been protecting against known threats. But now the hackers themselves are morphing their tools so quickly, you have to protect against a lot of the unknown. That's the biggest challenge that CISOs have.
The known threats still affect 85 to 90 percent of the customers, but it's the unknown threats that are a major worry and the CISOs have realized that they will get breached.
Once you assert that the hackers have got in, how do you determine where they have been or what they have done? And then most importantly how do you re-mediate the damage? You combine all that with the addition of applications, cloud services and a multitude of mobile devices and the CISO’s job has become much more complex.
As you pointed out everyone is now talking about the unknown. So, maybe at a conscious or at an unconscious level, is there any chance that the CISOs are ignoring the known?
A lot of what the CISOs are trying to figure out is how do they stand against the known threats and they use a lot of legacy solutions, but how do they look at behaviour-based analytics to look at their user base?
What we are really seeing now is there's also an infiltration of internal hacking. Users that are now leaving the network can be identified based on behavioural-based security that allows us to look at things and say, I have seen your IP address, I have seen this device before but you have never connected to the server and you have certainly never downloaded terabytes of information, I should flag this and send an alert and sequester it over here, to restrict access until someone takes action on that. And so we are seeing a lot more of CISOs really looking at pro-active action.
But are they prepared for the challenges?
I think it's fair to say that a lot of them are challenged, not only because of the number of end-user devices, operating systems and diverse handsets that exist out there.
As more and more folks get out of market, it becomes difficult to protect all the different operating systems with different levels of hardware functionality. So, it's not that they are ill equipped at that.
I think almost every major breach that’s occurred globally, some security products somewhere alerted someone, and the problem is that nobody reacted to it.
So from a vendor perspective, I think CISOs are saying help me architect the solution that not only protects my network, but also protects the cloud-based applications, end-points such as traditional laptops and mobile devices. And they are looking for vendors they can play across that entire attack continuum.
The other request from CISOs is they don't require intervention from ops team or operations folks. But for that, they need to be proactive and train their systems and tools to actually go out and stop some of the attacks before they occur. And that's one of the biggest shifts, we have seen over the last twelve to eighteen months.
You just made a very crucial comment that people do detect attacks but do not send out the alerts... But we have a number of vendors who are providing end to end solutions
I think it's a really valid point, I think you have seen Palo Alto now move into the desktop and the antivirus space, that they haven't been traditionally because I think they have recognized holistically that a firewall in itself can protect an infrastructure, they can protect your network but it can't protect the end-points.
Similarly, Cisco is very dominating in the firewall category with their ASI solution, but they went out and bought an IPS company that also had advanced threat and desktop AV, with clam AV that they got from SourceFire.
What you are seeing is a lot of folks that are trying to replicate the security connected story as it exists out there. And it's not because they all want to be us, it's because that's what customers are demanding from them, you need to have a more holistic solution because CIOs say, “Scott, I bought best of breed in every product category. My set ops team evaluated all these products and we bought best of everything, guess what? Our breach statistics didn't get any better, if anything they got a little bit worse because these are silos of technology out there.”
Too often I think chief information security officer has been viewed as the restrictors of innovation with an IT. They are the ones that are putting up the walls of innovation.
The whole market is recognizing that they need a comprehensive solution to solve the challenge that the CISOs are facing.
Next Page: Key takeaways for the CISOs
Is the Indian scenario any different?
In India, we are being asked for a verticalized approach. Specifically the IT companies and global finance and banking are two the biggest targets that the hackers are going after. So, they are saying give us a vertical approach to architect their security story.
Besides these two, many things are getting connected. IoT is a huge opportunity but is equally vulnerable.
You know, we saw a couple of weeks ago that an automobile was hacked and they can take control of the automobile itself, and I think that's how the market's going to evolve as more and more things become connected. Airplanes, cars, refrigerators, the threat landscape becomes broader and tighter as well.
And I think that's one of the more interesting areas that McAfee combined with Intel to create the Intel Security Group, can really go after and look out an approach because all of these devices at some point have a processor or a chip set in it, we can secure the IOT space because that is a big concern.
For instance, the recent breaches reported in the US were of an APT type of threat. And from what I understand, a lot of these breaches that are occurring are polymorphic in nature. So, they come into the infrastructure, they sit for a period of time and are activated, so they are able to not only advance but also evade a lot of different traditional security techniques.
The point is behavioral analytics is occurring on the server against the best signature file, and that's never occurred before. That's why I think behavioral analytics moving forward, will become more important because the actors or the hackers are advancing all their techniques at the same time.
It's a continual battle that we have got to move forward but it's also multiple approaches from silicon to the network, to the end-user device, to SIM analytics.
You have got to have a cohesive strategy, and not just a piece point strategy.
Overall, what’s your advice to say an Indian CISO?
First and foremost, stick to the basics. In a lot of cases, a lot of folks have moved so aggressively towards advanced solutions that they forgot that majority of the breaches could be restricted or at least severely limited by using basic things like antivirus. So, it’s important to have security architecture and stick with it moving forward.
Secondly, antivirus in the desktop may not be the most innovative thing that people are seeing in the world; it will still stop 85 to 95 percent of all of the known attacks. So, that's really important to take a look at where is the attack vector usually comes from, things like spear phishing.
But most importantly, it's educating the end-users themselves. Most end-users haven't been trained to understand what a spear phishing attack may look like or what the dangers are of putting data on a USB that’s unsecured or unencrypted and cutting that. So, I think a lot of education of the employees as to what they should look for is crucial.
I think the evolution of analytics which really allows them to look at their own environment specific to them and analyze where breaches could occur and where they are most susceptible. So I think it's investing in tools like that, that help them make intelligent decisions and where to spend their security dollars.