At the recent RSA India Summit 2019, most relevant issues relating to digital risks facing organisations undergoing digital transformation both locally and globally were discussed. Cybersecurity is going through immense revolution and handling digital risks is becoming more complex. Here Mike Adler, VP, Products, RSA Security, tells us about their security platform, how this can help us protect our money. Excerpts:
DQ: What do you foresee from the cybersecurity industry? How will you define the growing need for cybersecurity in India?
Mike Adler: The cybersecurity industry is dealing with immense transformation right now, which is giving way to more and more complexities and opportunities for attackers. The industry and companies in general, are looking for ways to manage these complexities and deal with the transformative effects, as they are increasingly having to handle digital risk. In general, we’re looking for opportunities for new types of tools and approaches, to handle some of these new challenges that the organizations are facing.
Organizations are trending towards larger security platforms that enable them to do more, as opposed to having to manage a collection of broad security tools across the board. As a result of this, we are starting to see that trend converting to platforms and things that can be brought together easily, to minimize the complexity involved with securing infrastructures across the board.
Today, from an economic perspective, India is going through huge transformation. As the country moves very quickly into a digital society, whether it is payments, record-keeping or personal identification that is stored by the government, it is undergoing this huge transformation at the government level, which is alsodriving the corporations to do the same.
The same challenges exist in India as well but they are more pronounced,due to the prevalence and the speed at which the transformation is happening. It is going to be a great thing for India, as it quickly accelerates the transformation, but it also opens up challenges. We could point at some of the lessons learned from the other economies that have gone through a very rapid digital transformation and look for opportunities to protect the critical infrastructure.
DQ: What are the global trends in cyber security?
Mike Adler:Globally, we continue to see information, as the critical asset that the attackers are willing to spend the time to get at. Information comes in ‘n’ number of forms,such as very personal information, that can be used for financial gain. So, while we used to see the trend of attackers trying for financial gain, we’re now seeing much more indirect attacks to gain credible personal information that will then let a financial attempt to be made and such trendsare going to continue.
From RSA Security perspective, we will continue to see more work towards a platforming effect by either realization that we can’t continue to add technical complexities to organizations and expect the static cyber security team to be able to handle it. We’ll see an increase in IT spending and along with that we’ll see an increase in IT security spending.As a result, we’ll start to see investments, not just in technology, but also in people and processes to help protect them.
DQ: How can the usage of AI prevent cyberattacks?
Mike Adler: Emerging technologies like AI/ML are not going to be, at least in the near future, a single solution. We’re very much in the early days of the AI security battles, and I think one of the things that we’re just seeing is the maturation of our learning models, that are really good at digging into very large datasets and finding very small and discrete patterns. When we look at larger complex government entities and organizations,the data generated is enormous, such as a human can no longer even find the patterns. But machine learning, and early artificial intelligence are areas that can maybe actually help us go through and find those patterns of that slow attacker that’s targeting an organization.
DQ: What are the best ways to manage digital risk and reduce losses?
Mike Adler: The best ways to manage digital risk is to firstfocus on risk identification, understanding where those risks are and identify them, which are going to be different for every organization, and really doing the types of audits and exercises that will enable you to identify digital risk. Some of these identification methods depend on the organization which leads to building out real plans to tackle those risks. Some risks can be owned, some risks need to be remediated, while some risks need new technical controls. As we move forward, one of the biggest risk that we see is simply the risk of identity and how to manage identities. I think we will also see risks around cyber security and monitoring and we will see risks around cyber security and monitoring as we move forward.
We’ll still see across the board in IT industry, the risk of attacks into critical infrastructure or beyond critical infrastructure into other types of networks where, you have a broad set of components that are non-technical, are available on the Internet and that can cause interruption into the business world or the government world. Those infrastructure lists are probably some of the greatest that need to be stepped into.
Technology industry is doing a really well in India. We are working with multiple universities to help create relevanttalent pool. We are seeing the graduates of cyber security degrees, with both the technical training as well as the process training, become available to organizations. We’re,however, starting to see the fact that technical training or cyber security training is something as a skill set that’s going to be valued in the marketplace. We will train students from much earlier stage to create such mind-set. RSA Security, like a lot of the other players in the industry,are helping to train students at a much younger age in analytics skills and making it a very dedicated part of technology.
DQ: With IOT and API Economy opening up the financial industry. Purely guarded systems to the ward. How can we protect our hard-earned money?
Mike Adler: I think protecting the APIs, is up to the organizations that are developing these applications and monitor those applications for behavioural attacks. We, at RSA Security, partner with a number of financial institutions with our broad business, to reduce fraud and help work with strong identity proofing.
Government should pass strong privacy laws and penalties to help hold companies accountable for poor security practices. Most importantly, as companies make those investments, the end users themselves are going to have to be a little more conscious about their personal information and the security around their private information. Unfortunately, most individuals today would freely trade away some of their privacy for convenience. When you’re thinking about protecting your personal money, those are the biggest things that raising awareness at the actual consumer level as well.
DQ: When it comes to data privacy, what, in your opinion, needs to be done?
Mike Adler: I am aware about a number of different states and nations who have taken different approaches to privacy regulation. Everyone has to figure out what’s right for them asdifferent economies and different situations require different answers.It is about striking a balance between accountability for those who hold private information. But, at the same time, we also have to hold consumers accountable, as well, for making sure that they’re at least more aware.
DQ: Tell us about threat detection and response, incident response and RSA Security Operations Center.
Mike: There is a need to drive out advanced security monitoring. Today, within the industry, we have more data and more complexity in the environment than ever before. We need a platform approach to try and to reduce complexity wherever we can and figure out a way to minimize the number of tools that we are using and the number of places where we have to move information from across systems.
The more you can do that, in a singular way, it reduces the gaps where attackers can sit in between. That tends to be an avenue that needs to be thought through a little bit more deeply as companies are making decisions. Then you can really dive into getting what we describe as full visibility.
Gartner, in its ‘Visibility Triad’, has talked about SIEM and UEBA, networks forensic abilities as well as endpoint forensic and detection capabilities and how that is necessary for every organization to be able to truly have the visibility they need.WithRSA NetWitness, wehave a platform approach for handling all that visibility, and then building on that visibility to provide both the insight and detections necessary andthen, taking that to the actions of remediation to help organizations quickly respond to threats. As we move forward, and we think about how this industry has these needs, we think that we’re in a really great place to be able to help customers address those needs in a platform approach that really creates the broadness of capabilitythat is frankly not available anywhere else in the market.
DQ: Please tell us a little bit about the security information and event management (SIEM) market.
Mike Adler: SIEM markets incredibly have gone through a large evolution over the last couple years. The traditional SIEM market has evolved to really encompass a lot of the ‘Visibility Triad’ that I spokeabout before. It is up to the organizations to realize that evolution and to probably invest as necessary, to complete their own internal evolution. It’s very unlikely that the traditional SIEM, that you owned five years ago, is going to meet your security needs at this point. There are so many opportunities around orchestration, automation and analytics. There is a greater number of components that are needed in order to build what is now called a SIEM, which is really a collection of visibility into a complete threat detection and response platform. It does require to evolve them across the board in order to be successful.
DQ: Tell us about RSA NetWitness.
Within RSA NetWitness, we have ML capability that was built up off of an acquisition that we did about a year and a half ago. We offer that as part of our UEVA modules, through which we can calculate today’s models based on ML over log data and endpoint data. This January, with our RSA NetWitness platform 11.core release, we will actually have over 30 models built out for network analytics as well.
We are building ML capabilities,which will comb through large amounts of data and look for patterns, especially abnormal patterns, based on the learnings that we have within each organization. We areapplying those learnings across a wide variety of data sets and bringing those models up. So, if you have the whole platform and the data gathering, all the data insights that the platform can provide, you have the richest set of data models available to you for fraud detection results.