Bridging the gap between agile innovation and data security, IT Security News, ET CISO
What do Nokia, Kodak, Xerox, BlackBerry and the GMC Hummer have in common?
These were brands that were considered unrivaled market leaders at one point, but lost momentum and fell behind as they failed to innovate quickly – some even falling into oblivion.
Businesses today face an even greater challenge: they must not only innovate quickly, but do so with robust cybersecurity measures in place, especially smaller players. According to the National Cyber Security Alliance, 60% of small and medium-sized businesses that have experienced a cyberattack go bankrupt within six months.
In an exclusive interview with Viswanath Ramaswamy, Vice President of Technology at IBM India and South Asia, we discuss how Indian companies can keep pace with innovation without compromising data security.
Ramaswamy also highlights some of the most pressing concerns reported by security officials in the country – from how best to use threat intelligence, to deploying SOAR and UEBA, and what CISOs need to keep in mind. mind when implementing identity and access management solutions. .
Veteran IBMer goes on to share ways CISOs can limit the blast radius in the event of a cyberattack.
ETCISO: A common topic of discussion in the industry is Agile vs DevOps. However, organizations today demand fast yet secure software and applications (Agile DevOps). What is IBM’s strategy to meet these requirements?
Ramaswamy: In today’s fast-paced, digitally-driven world, organizations are under pressure to deliver differentiated, high-quality products and services in a timely manner. Using Agile and DevOps delivery frameworks helps accelerate the delivery of business value across the organization. Agile and DevOps should go hand in hand, a good balance brings increased agility faster.
IBM’s strategy is to combine DevOps and security professionals into a common DevSecOps team and to integrate automation, in the area of quality assurance, into the security toolset to reduce risk. DevSecOps automatically integrates security into every phase of the software development lifecycle, enabling secure software development at the speed of Agile and DevOps.
Currently, security attacks are increasingly sophisticated and target a wider range of system components. This makes their prevention and recovery more difficult, especially when security knowledge and responsibilities are siled within an organization.
It is increasingly important to ensure that everyone in an organization has a stake in security and that business experts integrate more deeply with other teams. To truly make security a fundamental pillar, it needs to be embedded deeper into the organization’s engineering teams and software development lifecycles (SDLCs).
How can CISOs get the most out of threat intelligence? What are some of the common pitfalls or mistakes that organizations make when acquiring relevant threat information and acting on it?
The threat landscape remains challenging, despite increased investments in cybersecurity, as digital transformations, hybrid workforces and interconnected digital supply chains increase attack surfaces. Each threat actor has different motivations, capabilities, and intent, and threat intelligence can use this information to improve an organization’s response to an incident.
The vast amount of contextual information about new and emerging threat actors and the assets/organizations they are targeting can be analyzed by CISOs using threat intelligence. In fact, threat intelligence systems can use a variety of advanced, AI-enabled tools, such as SIEM, SOAR, UEBA, Breach and Attack Simulation (BAS), etc., to take quick and effective action. proactive to permanently block detected threats.
CISOs can bolster their defenses and reduce the possibility of compromise with the right structure and contextual awareness, while staying one step ahead of cybercriminals.
When acquiring relevant threat intelligence and acting on it, organizations often make the mistake of not understanding threat intelligence requirements. In order to understand which risks you should mitigate and which you probably shouldn’t, CISOs need to understand that threat intelligence won’t help you if you don’t have a good risk analysis model in place.
Additionally, mature security practices lag behind high-movement threats, such as attacks on APIs and cyber-physical systems (CPS), and organizations continue to focus on “if we are we attacked? rather than “when are we attacked?”. Rather than relying heavily on alert-based incident response, organizations need to use modern threat visibility and intelligence solutions that answer who, what, when, how, and why threats are happening.
It becomes increasingly difficult to identify the most serious security threats as they continue to grow in volume and sophistication.
IBM Security X-Force Threat Intelligence combines IBM security operations telemetry, research, incident response investigations, business data and open sources to help customers understand emerging threats and make fast security decisions enlightened.
We see many instances of compromised credentials being used as an initial attack vector – how far can UEBA go to help minimize these instances?
The need for UEBA has become increasingly evident as workplaces have become increasingly digital and distributed. As more people work remotely and SaaS, cloud and mobile applications are widely adopted, identifying potential security threats has become more difficult.
Data breach costs in India have risen to 176 million in 2022, up almost 25% over the past two years. It is clear that data protection is essential. Thus, identifying insider threats, such as medical records or intellectual property, is crucial to ensuring the security of sensitive data.
UEBA technology helps IT departments detect anomalies in the way users interact with our digital workspace, allowing them to more easily detect potential threats within the system.
Unlike perimeter security technology, UEBA solutions establish criteria for user behavior. By using machine learning technology, IT can identify and remediate security threats faster and more efficiently by detecting any user behavior that deviates from the norm.
What are your takeaways for CISOs on improving IAM?
Identity and Access Management (IAM) models, originally designed to manage digital identities and user access for unique organizations, are now redesigned to provide the right level of resiliency, along with advanced features. critical authentication tools that can be applied to federated, private, public and multi-cloud computing environments. Here are some takeaways for CISOs on improving IAM.
- To improve the IAM program, CISOs need to look beyond standard use cases such as user lifecycle management, governance, single sign-on, MFA, and more. They should have built-in solutions that covertly analyze the context behind each session to help achieve zero-trust design principles.
- Identity has become the new perimeter, hence the zero-trust principle of “never trust, always verify” is key to controlling the risk surface and ensuring that the right user under the right conditions has the right access to good data.
- IAM programs or solutions should maximize risk identification by leveraging trust that provides visibility into the areas mentioned below and balances user experience and security for consumers and workforce work :
- Holistic Risk Context
- AI and machine learning on device, network and user behavior
- Anomaly detection, fraudulent patterns and consortium data
- Keep protections up to date in the face of evolving threats
Much attention is paid to the first stage of a cyberattack. What important information do you want to highlight during the 2nd and 3rd stages of cyberattacks? How can CISOs limit lateral movement?
Several critical events occur during the life cycle of a security breach. The first event is when there is a violation. In the second stage, the data has been stolen or destroyed. This is the third step when the breach is discovered (either externally or internally).
As attackers move into the third phase of the attack, they continually focus on understanding the local system and domain they have access to, as well as acquiring additional credentials to allow lateral movement.
The first recommendation is that CISOs rethink their network infrastructure so that digital assets are segmented according to risk.
Segmented networks make it much more difficult for an attacker to compromise one system and jump to another. Second, Zero Trust Network Access (ZTNA) provides secure access to applications and services after user authentication through a secure and encrypted tunnel. With this method of protection, lateral movements of attackers are prevented, a vulnerability that cybercriminals exploit to analyze and switch to other services.
Having a properly prepared and trained incident response team can help organizations detect and stop potential attacks, limit access to the organization’s environment, prevent reputational damage, and bring back critical technology quickly.
With IBM Security Command Center, security professionals and C-suite executives experience simulated cyberattack scenarios to learn how to respond, manage, contain, gather threat intelligence, and remediate a cyber incident. Through this process, organizations can develop the skills needed to anticipate and defend against current and future threats.