Utilize Combined power of Data Analytics and Machine Learning to Prevent Cyber Attacks

Srinivasan Ramasamy, Vice President, Infrastructure and Application Services, Aspire Systems Featured in   CIO-CISO Knowledge Series, Powered by Sophos IT/ITeS 100 - In Partnership with IDA Ireland

Srinivasan Ramasamy, Vice President, Infrastructure and Application Services, Aspire Systems, has over 30 years of experience working in the global IT infrastructure industry. He is a specialist in data centers, automation, and virtualization technologies.

He has designed and commissioned many data centers including data center consolidation. He has also architected and implemented large IT infrastructures, including the one for Asian Games in 2006 at Doha, and has implemented large offshore support centers in infrastructure and resources for Fortune 500 customers.

He shares with us how DevSecOps enables learning, failing, and succeeding without affecting the organization’s core business.

In this era of digital transformation can you share the top three security threats businesses face today?

Ask any customer about the key challenges that he/she faces today, and how to overcome the cybersecurity threat will be one of the answers. The one concern I hear repeatedly is how to keep their business going uninterrupted from attacks and other security incidents. Vulnerabilities in the corporate infrastructure can compromise both your current financial situation and endanger its future. The common security threats range from insider threats to advanced persistent threats. These threats can bring an organization to its knees unless its in-house security team is aware of them and ready to respond.

I believe that one of the major threats is a Malware or a Ransomware attack which is a malicious act that aims to corrupt or steal data, or disrupt an organization’s systems or the entire organization. Viruses and worms are malicious software programs (malware) aimed at destroying an organization’s systems, data and network.

Highly developed Ransomware attacks have plagued businesses for several years now. Successful attacks have caused companies to lose millions of dollars in ransom payments, encouraging hackers to keep using and refining these attacks.

Another big threat on the internet today is the Botnet. These are powerful networks of compromised machines that can be remotely controlled and used to launch massive attacks. And there are cloud security threats that organizations are facing. More data and applications are moving to the cloud, which have created unique info security challenges.

Kindly share the best practices in threat hunting to proactively protect data.

Yes, it’s absolutely essential to follow a few basic best practices to detect and prevent potential attacks. You can start by gaining an in-depth understanding of your environment’s routine and architecture. When we talk about taking a proactive approach to threat detection, threat modeling exercises are extremely helpful tools. It’s necessary to see where you can improve your threat detection and response efforts and understand where you need to patch vulnerabilities. Establishing effective endpoint security is one of the most critical points to remember while protecting your network. Especially as more employees work from home, accessing your network from various places and devices, endpoint security is even more critical for overall network protection. It is also important to have flexible storage and management options to ensure data is easily accessible when and where you need it. Last but not the least, to be an effective threat hunter, you should stay on top of attack trends and constantly learn about modern attack methods. You’ll be better prepared for the next big threat when you understand its origins and what it can do to your network.

Today there is talk of integrating security with devops? Kindly share your thoughts on this and how can businesses with some level of security and governance adopt this approach?

We are aware of the fact that DevSecOps bridges the gap between security and agility, building security into the DevOps cycle and making it an integral part of the process. DevSecOps aims to integrate security principles and standards in the DevOps cycle and implements security controls at each level, especially in the early stages of the software development lifecycle. Nowadays, firms are starting to make the development process more secure with DevSecOps. This approach proves to offer multiple benefits to enterprises, including reduced costs and faster delivery, because security problems are dealt with as they arise. The first step towards adopting this methodology is to think about what your company wants to achieve from DevSecOps. Meet your development team and experts and talk about the outcomes you want to achieve as an organization.

To adopt DevSecOps successfully, the biggest and most important change an organization needs to make is its culture. Simply asking ourselves why we have a process can be enlightening, qualifying the process for keep-or-sweep cleanups. We are living in the Golden Age of Software. In addition to product or application code, infrastructure components like routing and network fabrics, identity and access models, compliance policies, security scanning, CI/CD pipelines, and all parts of an automated delivery pipeline are built and delivered as software. This should provoke rethinking how security and compliance are structured in an IT organization. An organization might need a DevSecOps use-case to start with, something small with a high potential for success. This enables the team to learn, fail, and succeed without affecting the organization’s core business.

How can digital transformation technologies help with threat hunting and crisis preparedness?

Digital transformation is here to stay and brings with it a drive to always evolve and constantly change. Vendors are constantly improving and offering new features and technologies which outpace our understanding of the associated risks. We focus on the benefits while assuming vendors have resolved the security issues. For example, cloud technology tops the list of security priorities today, but AI and IoT/IIoT are on track to surpass cloud as the primary risk concern in less than two years. Firms that leverage a predictive security model such as threat hunting, machine learning, and device analytics are able to reduce their risk. By utilizing the combined power of data analytics and machine learning, the cyber threat hunters are able to analyze the huge volume of data to detect inconsistency that may lead to potential attacks.

Automation also plays a key role. Using automation has helped to accelerate the execution of techniques, tactics and procedures to keep up with the emerging attacks. The automation of cybersecurity solutions is key to coping with the growing number and sophistication of cybersecurity threats. DevOps and DevSecOps, for instance, can together create processes and environments that are both agile and secure.

What can be some of the bottlenecks to security in organizations? What can be some of the impacts of this?

Security can no longer be ignored by organizations. As more organizations transition their data operations online, the sheer volume of attacks has increased as well. A ransomware attack alone could lead to business-threatening downtime, negative PR, lost customer data and lost revenue. There are over six million data records stolen every day. Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges that the organizations sometimes face as they implement a security operation. Several companies suffer from numerous network security problems without ever actually realizing it. What’s worse, when these problems go unresolved, they can create openings for attackers to breach a company’s security infrastructure to steal data and generally wreak havoc.

As IoT botnets, cryptomining malware, and other emerging threats evolve, it is increasingly unrealistic for organizations to keep up on their own. Being prepared remains critically important to maintaining business operations and productivity. Data protection and privacy laws require you to manage the security of all personal data you hold – whether of your staff or your customers. Businesses that suffer a security breach will also generally incur costs associated with repairing affected systems, networks and devices.

As a technology solution provider with security as one of your areas of expertise, how do you ensure scalability and future-proofing of the security and therefore the digital initiatives of your customers?

We emphasize greater agility, scalability and security along with reduced costs and more robust business continuity. Our customers can be assured of security and scalability from day one. We conduct an identification and audit process to understand exactly what we’re responsible for, find out where the weaknesses are and understand the network attack surface of the platform and physically isolate or separate high risk systems in managed security zones. We are continuously looking for weaknesses with regular penetration and vulnerability testing and using monitoring solutions to detect attacks, whether successful or unsuccessful, and provide alerts and reports to help determine threat levels. Instead of treating data privacy as an evolving compliance issue, we need to proactively manage the data. This means rethinking the practices around privacy, and taking charge. Given that no one can predict future legal developments, we have taken this proactive approach that is best for future-proofing your company’s operations against security threats and data-handling mistakes that cost consumer trust.

Sophos Cybersecurity

Meera Srikant has been working with publishers and publications since 1993, writing and editing articles, features and stories across topics. She also blogs and writes poems, novels and short stories during leisure. Writing for The Smart CEO since 2010, she is also a classical dancer.

Leave a Reply

Related Posts