cyber security

Are SMEs ready to finally combat cyber security breaches?

SMEs are spending little on cyber security as compared to the overall IT budget. Around 86 percent of SMEs have less than 10 percent of their total IT budget allocated to cyber security. Jacob Thankachen, president and CEO, Cloud 24x7, tells us how the SMEs, and enterprises, should tackle cyber security. Excerpts:

Dataquest: Elaborate on the Cloud24x7 SecurityFirst. How is it different from the others?

Jacob Thankachen: SecurityFirst is our actionable and intelligence platform with SIEM functionality and threat intelligence, which offers unparalleled visibility into the global threat landscape, advanced analytics, and insights, delivers actionable, intelligence-driven security solutions to the clients. We have built this product in-house. We don’t have an OEM/alliance with any other vendors who provide MSS offerings. The major difference is that, we have been vendor agnostic.

Dataquest: How can SMEs define cyber defenses to prevent security breaches? They may not have adequate resources at times?

Jacob Thankachen: There are a couple of answers. The SMBs/SMEs and enterprises should have predict, detect, respond and prevent approach, when it comes to preventing security breaches. A recent study conducted in major APAC markets reveals that SMEs tend to be overconfident and unprepared when it comes to cyber security breaches and awareness.

One of the most striking results is: how little SMEs are spending on cyber security, as compared to the overall IT budget. Without the IT security resources and the expertise necessary to continually monitor, detect, and respond to security incidents, SMEs are simply exposing themselves to loss of revenue, brand equity, IP, and customer data, on a daily basis.

Eighty-six percent of SMEs have less than 10% of their total IT budget allocated to cyber security, and 75% have between zero and two IT security staff members, according to the results of a recent survey of more than 150 SME IT security professionals.

Dataquest: How can you help to prioritize and respond rapidly to security breaches, and predict emerging threats?

Jacob Thankachen: We have invested heavily in our Security Operations center, which is the first line of defense in handling incident response. Our team works 24x7x365 days, and monitor network patterns and behaviors. Our solution is intelligent enough to identify false positives and negatives as well. The SOC Team and the systems work in parallel, in identifying to stop suspicious behavior and emerging threat activities, which may harm the network.

Dataquest: How are you handling the application security layer testing?

Jacob Thankachen: This is among our core domain expertise. Ideally, security testing must be encouraged throughout the software development life cycle (SDLC) to ensure that the application weaknesses are identified and remediated during the SDLC process, rather than, taking a reactive approach. We hope that more adoption of DevOps will improve this strategy. At Cloud24x7, our cyber security experts leverage the blended approach of automation and human intelligence to identify all the possible vulnerabilities, weaknesses or loopholes in the target application.

With VAPTPro, we offer vulnerability assessment (VA) and penetration testing (PT), which covers top OWASP/CVE/NVDB/SANS vulnerabilities. Apart from this, the service also offers an extensive set of assessments, which includes risk assessment, security auditing, and overall posture assessment. Security auditing includes static and dynamic application security testing (SAST and DAST).

Dataquest: How are you addressing cloud security concerns?

Jacob Thankachen: We provide a bunch of solutions to improve the security posture of public cloud infrastructure. We offer real-time 24×7 monitoring of cloud deployments, along with the incident-response management. We also have a comprehensive cloud security auditing and remediation service to meet various regulatory compliances and to follow the best industry security practices.

Dataquest: Are you prioritizing DevOps as part of an agile strategy?

Jacob Thankachen: Yes. We strongly believe that DevOps is the future. As mentioned earlier, security is given the least priority throughout the SDLC cycle. But, integrating security in the DevOps, developers can easily produce software that is free of vulnerabilities. We are investing in various security automation tools and technologies to make application security within DevOps simple and easy.

Dataquest: Do you provide more immersive ML and AI systems? If yes, to what extent?

Jacob Thankachen: Machine learning is disrupting cyber security to a greater extent than almost any other industry. At present, we are supporting many of AI-/ML-based security solutions integrated into our central monitoring and management platform.

Dataquest: Finally, what is your take on the managed security services?

Jacob Thankachen: MSS providers are under constant pressure to develop more complex and robust threat-monitoring systems that completely secures the network infrastructures of organizations, and doesn’t leave any unsecured point of attack. Such organizational infrastructures are also becoming more complex in nature, as businesses grow in size and structure while utilizing social media, cloud services, artificial intelligence, and various other computing devices

There are growing trends in MSS which includes:

* reactive and network behavioral analysis.

* shift towards cloud-based services.

* enhancement of security offering.

Leave a Reply

Your email address will not be published. Required fields are marked *