VMware offers a range of security products for enterprises. This includes Carbon Black and Workspace ONE Intelligence for endpoint security; CloudHealth Secure State and Tanzu Service Mesh for cloud security; and NSX range of products for network security.
B.S. Nagarajan, Senior Director & Chief Technologist for VMware India, focuses on evangelizing and developing the market for VMware Cloud on AWS, NFV, and emerging growth areas such as IoT and developer-focused solutions. He is also responsible for providing leadership to the technical community and building a strong connection with the engineering teams.
A veteran with nearly 23 years of experience working with organizations such as Compaq /HP India, Wipro Infotech, and Triveni Engineering, BSN, as he is fondly called, discusses with The Smart CEO the challenges and solutions for security in today’s world of rapid transformation.
This article is being published as part of the 10-article series featuring leading CIOs, CISOs, and Technology Leaders in India. This series is brought to you in partnership with Sophos.
In this era of digital transformation can you share the top three security threats businesses face today?
Actually, there are plenty. But if you have to pick the top three I would say, the first biggest threat is that of lateral movement. In all the recent ransomware attacks happening in the country today, you can see a common pattern. All of them had very strong perimeter security and all of them were breached. In network security, it is common to strengthen the security between two firewalls, which is popularly called as is north-south security. But despite the best of efforts, it does get breached, so what then? Once a hacker gets in, you provide what is called east-west security to prevent lateral movement. So how you deal with the lateral movement of the malware is one of the greatest challenges.
The second thing is public clouds, which are being increasingly used by developers who are lax about security and make a system vulnerable through misconfigurations, not providing monitoring, giving overly liberal permissions, not enabling encryption, and so on and so forth. This exposes the whole organization to a big threat as once malware enters a public cloud-like an S3 bucket of Amazon, it can have access to the entire organizational system.
The third challenge is from the end-user. More than two-thirds of the attacks that we see happen are from the end-user devices such as mobile, devices and things like right, and especially today. The majority of the organizations are moving towards working from home and may access data even from public places such as airports, hotels, apart from the office and its branches. They use all kinds of devices, from IOS to Android, Windows, Mac, Chrome you name it. So it could be from edge locations, data centers, public clouds that are SaaS-based applications and so on. It has increased the number of things we need to defend against.
Kindly share your approach to Zero Trust and Context-centric security.
Zero Trust was coined by Forrester a few years ago and is about protecting applications and data. Applications are accessed from anywhere and any device and routed through the network. One of the key aspects of Zero Trust is to connect all these four points – the data, the applications, the servers and the devices – to give overall visibility into how they are integrated – and use automation and orchestration to the maximum extent possible to minimize human errors.
Today most organizations, especially large enterprises such as banks and telcos, have deployed many security solutions and next-generation firewalls such as IDS/IPS devices, web application firewalls, and secure web gateways. But despite that, the breaches haven’t stopped, in fact, they are increasing. Interestingly, the solution itself could be the problem. There are so many different tools, each with its own agents, its own management consoles, and most of them don’t talk to each other but operate in silos.
Hackers take advantage of this lack of alignment, making the complex security structure its biggest enemy. Hackers don’t operate in silos, so it’s very important for organizations too to have an integrated approach to the various threats across functions in a concerted manner.
There are three hurdles to implementing Zero Trust successfully: One is the context; it is important to know what you are defending. The second is knowing what we are defending against. The third challenge is, how to stop damage quickly in case of a breach. Time is a big challenge because there is a difference lag between the infiltration and the exfiltration, called the dwell time. This can be an average of about 38 days between a hacker entering your system, studying your environment by moving laterally, and then attacking.
So we are not trying to protect just the boundaries of the data center now but also the entire works – public clouds, multiple public clouds, edge locations and whatnot since the applications today are very distributed and not centralized.
Our approach is to use Situational Intelligence, Connected Control Portals, and Security as a Distributed Service.
Kindly share the best practices in threat hunting to proactively protect data.
Threat hunting is a science and an art. It’s a proactive technique that’s focused on the pursuit of attacks based on the evidence that attackers leave behind when they are attacking or conducting reconnaissance. Instead of just hoping that technology flags and alerts you when malware attacks your systems, you apply analytical capabilities and understand the environmental context to more quickly determine when unauthorized activity occurs.
Therefore, some of the best practices would include knowing the context very well. This is what we call Situational Intelligence. The second is to think like an attacker. Because of the amount of metadata on the traffic in the network, it is very difficult, almost impossible, for attackers to hide and provides you with insights into what your attacker is thinking. This makes network security paramount.
How can businesses with some level of security and governance build in a security-first approach?
What businesses need is intrinsic security. It cannot be an afterthought, where you deploy an application code and then think of security. That is called a bolted-on approach. You must embed security right from the time the developer is writing the code to ensure it is secure to storing and sharing it securely, all the way till it is deployed and run securely.
How can digital transformation technologies help with threat hunting and crisis preparedness?
AI/ML is a given because the power of analytics is what lets you anticipate attacks. When seen independently, the systems may seem very secure, but when you have visibility into all the systems in a holistic way, you will realise that something is wrong. You cannot do this manually.
We use AI and ML extensively across all our platforms, especially in our intersects, we use a combination of supervised and unsupervised machine learning. It alerts us to unusual behavior, some of which could be harmless too, but it helps to be doubly sure.
How do you ensure scalability and future-proofing of the security and therefore the digital initiatives of your customers?
XDR and confidential computing are two of the ways in which VMWare is looking at improving future-proofing of businesses. SASE (Secure Access Service Edge), a term coined by Gartner, is another area of interest as it combines networking and security technologies in the cloud. There are a number of networking technologies and there are a number of security solutions with overlapping dependencies. Bringing both of these together is the objective to give secure access. This will ensure context and identity-based security and will be founded on the principle of trust nothing. Inspect everything, authorize everything, and authenticate everyone will be the future of security and governance.