IBM Security works with clients to help protect business with an advanced and integrated portfolio of enterprise security products and services, infused with AI and a modern approach to security strategy using zero trust principles—helping you thrive in the face of uncertainty.
By aligning security strategy to business; integrating solutions designed to protect the digital users, assets, and data; and deploying technology to manage defenses against growing threats, it helps manage and govern risk that supports today’s hybrid cloud environments.
Prashant Bhatkal, Security Software Sales Leader, IBM Technology Sales, India/South Asia, tells us more. Excerpts from an interview:
DQ: Please share insights on the evolving security landscape in India.
Prashant Bhatkal: Asia is now the most targeted region for cyberattacks, according to the IBM Security X-Force Threat Intelligence Index for 2022 – representing 26% of attacks analyzed in 2021. Among the most attacked countries in the region, India ranked second after Japan and Australia. The most dominant form of attack on Indian organizations was ransomware, with the Sodinokibi and BitLocker ransomware groups accounting for most of these attacks. Phishing attacks were a common pathway for many attacks on Indian organizations.
Further, the IBM Security Cost of a Data Breach Report for 2022 indicates that security incidents in India reached an all-time high of INR 176 million. For a country like India undergoing exponential digital transformation, these trends signal a growing need for organizations to strengthen their digital defenses and change their security posture to combat cyber-attacks.
To leverage a secure cloud environment and build a strong AI strategy, Indian companies need to strengthen their security strategy. In addition to reputational damage, customer turnover, and operational costs, there are many hidden expenses to consider. The ability to identify costs and reduce them can lead to more strategic investments and lower financial risks for companies in the near future.
DQ: What are IBM’s latest investment in India in the space of cybersecurity?
Prashant Bhatkal: We recently launched a multi-million-dollar investment to help businesses prepare for and manage the growing threat of cyberattacks to organizations across the Asia Pacific (APAC) region. The centre-piece of this investment is the new IBM Security Command Center in Bangalore, the first of its kind in the region, for training cybersecurity response techniques through highly realistic, simulated cyberattack – designed to prepare everyone from C-Suite through technical staff.
The investment also includes a new Security Operation Center (SOC) which is part of IBM’s vast network of existing global SOCs - providing 24X7 security response services to clients around the world. With capacity for 600 security response operators, it is the second IBM SOC in Bengaluru, with the other SOC continuing to specifically serve regional Indian clients.
DQ: In reference to the Cost of Data Breach Report 2022, what are some interesting key India findings?
Prashant Bhatkal: The India findings from Cost of Data Breach 2022 report illustrate the growing magnitude of the threat over time, with average data breaches costing 176 million, a 6.6% increase from 2021.
Some other key India findings in the 2022 IBM report includes:
- Top three industries per record cost were Industrial, Services and Technology Sector
- Stolen credentials, Phishing and Accidental Data Loss are the top three primary initial attack vector for data breach.
- Organizations in India that are in the mature stages of adopting zero trust deployment witnessed INR 151 million as the total cost of a data breach as compared to organizations who have not yet started zero trust deployment and witnessed INR 246 million as the total cost of data breach.
- AI platforms, engaged red team testing and Extended detection and response or XDR technologies were the three factors associated with the highest cost decrease
- Third-party involvement, occurrence of cloud migration (when the organization is in the process of migrating to the cloud) and IoT and OT (Operational technology) environment being impacted were the three factors associated with the highest cost increase.
In the future, the biggest challenge will be keeping security capabilities flexible enough to keep up with attacker agility. A zero-trust deployment, mature security practices, and artificial intelligence-based platforms can help businesses stay on top of cybersecurity challenges.
DQ: Please elaborate on IBM’s Security Play, including your strategy and offerings for the Indian market.
Prashant Bhatkal: IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, enables organizations to effectively manage risk and defend against emerging threats.
Our innovative, AI-drive security capabilities are used by thousands of clients around the world, spanning SIEM, SOAR, data security, identity and access management, mobile security, fraud prevention and more. These industry-leading solutions also simplify how organizations deploy a zero-trust architecture with the core principles of least privilege access; never trust, always verify; and assume breach.
IBM’s revolutionary Cloud Pak for Security is an open security platform that brings together leading capabilities from IBM and other vendors to connect security data, tools and teams across hybrid cloud environments
We ALIGN the security strategy to the business, PROTECT identities, data, apps, endpoints, and cloud, MANAGE defenses against growing threats and MODERNIZE security architecture with an open platform. IBM provides an open, unified approach to cybersecurity by bringing it all together in one integrated platform using Cloud Pak for Security (CP4S).
With the recent acquisition of Randori, IBM offers customers a cloud-based unified offensive security platform designed to emulate the techniques and actions of real attackers. Randori combines attack surface management and continuous red teaming in a single platform.
The key use-cases for Randori include Shadow IT, Vulnerability Prioritization and Mergers & Acquisition risk. Customers can begin to validate their security programs with continuous red teaming. The Key-uses for Randori Attack include Control Validation, Incident Response Testing, Purple Teaming, and Continuous Penetration Testing.
The benefits of this unified approach are three-fold. First, ‘Speed’ -- Randori provides instant and ongoing visibility into the unknown and unmanaged assets hackers are targeting. Secondly, ‘Focus’ -- we help businesses prioritize the vulnerabilities hackers will strike first. Vulnerability scans are necessary but crude and research shows that 70% of “high risk” findings are not in-fact high risk. Because we’re looking at a much broader set of factors, we are able to cut down the number of high severity issues a team needs to focus on in many cases by a factor of 10.
Lastly, ‘Proof’ -- Randori can continuously test your defenses and validate your controls against our automated red team. This provides security teams with not only insight into where attackers might strike, but proof of the impact and damage that could result if they did.
Cybersecurity is a major investment focus and growth vertical for IBM in Asia Pacific & India. IBM Security Command Center and IBM’s Security Operations Center are the latest multi-million-dollar projects from IBM.
Also, as an organization, IBM is committed to bridge the vast cybersecurity skills gap that exists in the industry by working with an ecosystem of partners, industry associations and the government. To help fulfil the required specialized and relevant skills in various security domain, IBM intends to train 500,000 people in India over the next five years. IBM has also been actively engaging with the university and academia. The IBM security internship programs has provided a career path for aspiring students to build a career in cyber security.
DQ: How can enterprises in India be cyber smart and address the digital risks?
Prashant Bhatkal: As organizations in India increasingly become targets of more and more sophisticated cyberattacks, speed is everything when it comes to response – from detecting and stopping potential attacks, limiting window of access to your environment, stemming reputational harm, as well as getting critical technology back online.
Companies should consider the following guidance when it comes to adapting and overcoming the new security challenges in the digital era:
Put Your Defense on the Offense with Zero Trust: Today, many security teams are unknowingly building “less trust”—not zero trust—network. To solve this, we must turn the tables and look at networks from an attacker’s lens, by behaving toward our environment as though it’s been compromised and under attack. Companies should focus on detection, threat Hunting, scrutinize connections and relationships and enforce and Leverage AI and analytics
- Incident Response playbooks – Every company is at risk of a cyberattack – how your team responds in the critical moment can make all the difference in the amount of time and money lost in a response. Create playbooks, test them regularly and think beyond the technical components of a response plan.
- Incident Simulations Cyber Range Exercises – We need to “train like we fight, and fight like we train.” Simulation tests should be a standard incident response practice to ensure maximum preparedness — by experiencing attacks before they happen, we learn how to better react under pressure.
- Adversary Simulations – Test your security team against current threats posing the greatest risk to your industry. Hire hackers to pressure-test your environment for flaws and weaknesses that might let a criminal gain access to your organization.
Reduce Complexity with an Open Architecture: Businesses should use an open and integrated security approach, which can help connect the dots between security data that resides across fragmented cloud environments. Also, businesses should consider security platforms that rely on open technologies and allow for tight integrations between tools.
DQ: IBM Security QRadar XDR offers an open and unified approach to Zero Trust that puts security everywhere. Can you deep dive on this?
Prashant Bhatkal: With IBM Security QRadar XDR, the first open and connected extended detection and response (XDR) cybersecurity suite, we are providing companies with comprehensive visibility across security tools and data sources, whether in the cloud or on-premises, equipping security teams with the insights they need to act quickly. IBM QRadar XDR Suite can help companies modernize threat detection and response with below key benefits:
Connected - Integration with Existing Tools or IBM’s: The industry’s largest Open XDR ecosystem can integrate your endpoint detection and response (EDR), security information and event management (SIEM), network detection and response (NDR), Security Orchestration, Automation and Response (SOAR) and Threat Intelligence, while leaving data where it is for a complete XDR approach.
Unified - Single User Experience across Tools & Teams: Simple XDR workflows, co-designed with experts, help speed up alert triage, threat hunting, investigation and response.
Intelligent - AI Built for Analyst Productivity: Automate the work of enriching, correlating, and investigating threats with purpose-built AI and pre-built playbooks, including automated root cause analysis and MITRE ATT&CK mapping.
Open – Adaptable Architecture: Help avoid lock-in built on IBM Cloud Pak for Security for deployment on premises or on cloud, and ready for use by security service providers.
DQ: What are the key capabilities of IBM’s Security Operations Centres? How many Security Operations Centers does IBM have globally and in India?
Prashant Bhatkal: In IBM, within managed security services we have 6 SOCs globally, India being one of those 6 and they work and follow the sun model. So, they support clients 24X7 around the clock, with most SOCs working during their local business hours with the exception of few SOCs like Bengaluru that work 24X7 round the clock.
IBM’s Security Operations Centers include physical facilities and a virtual network of 1600 security professionals working virtually across the world and in the recently modernized facilities in Costa Rica, Japan, Poland, India and Atlanta, and its HQ in Cambridge, MA.
The Bengaluru SOC is part of our global network of SOCs – staffed by IBM Managed Security Service experts, using a unified platform that streamlines response efforts that allows teams to respond faster and more efficiently.
Key capabilities or services that SOCs offer are Threat Management services – it could be on a SIEM, could be an endpoint detection, XDR etc. this plays well with IBM Security Command Center (cyber range); Zero Trust; Network Protection devices; Traditional security controls like Firewalls and antivirus; Identity and Risk & Compliance.