While highlighting the gaps between cyber attacks and cyber defenses,
Harpreet Bhatia, Director, Channels and Strategic Alliances, India & SAARC, Palo Alto Networks, spoke to Amit Singh on how the company’s AI-driven threat intelligence cloud is helping organizations prevent threats and how they can improve their security posture
How has the cybersecurity landscape changed over the last few years?
The customer perception towards security depends upon whether it is seen as a tactical necessity or a strategic intervention. With not-so-stringent cyber laws, security has been seen as a tactical necessity to meet the compliance requirements in India till last few years. Most of the security implementations were executed in a patchy manner to solve a specific threat, which creates a lot of siloed solutions with no coordination.
However, in the last couple of years, the customers’ perception toward security has changed. Now, it is important to take products faster to the market. And with the increasing threat landscape and vulnerabilities in networks, cloud, and apps, security has now become a strategic investment.
According to the reported data, the cyber breaches have generated over $460 billion in cash for cybercriminals. However, if we consider the unreported data as well as the loss of brand value, it’s a $1 trillion industry.
Customers are realizing that the siloed approach to solving particular security problems will not help. In fact, security has become the top-3 discussions in the boardrooms. Data security over the cloud is also a cause of concern for CXOs.
The inherent approach of the customers has turned to prevention-first. This approach offers a consistent level of security to the data, wherever it resides: on-premise or on the cloud.
How do you see the direction of cybersecurity in 2018 and beyond? How are technologies like AI and machine learning affecting the security solutions landscape?
Right now, it’s an uneven battle we are fighting with cybercriminals. They are utilizing the power of cloud and knowledge-sharing to improve their attacks. On the other hand, we still have manual processes to respond.
Moreover, a ransomware attacker can change its pattern of attacks within 3 seconds. However, the endpoint OEM is unable to respond that fast; it takes at least 8-10 hours to respond. Hence the direction of security has to be towards AI and machine learning as we need to be fast enough to prevent the threats.
In fact, the heart of our technology is based on threat intelligence cloud, which observes the threat repository of over 50,000 customers globally. The threat data that we observe from all our customers is actually shared among our customers. The threat intelligence cloud is built on AI and works without any manual intervention.
Further, we have opened APIs for start-ups to develop their own solutions built on our platform. With this, we are positioned to offer an app store kind of platform where developers can develop the applications and customers can consume the apps. That’s the direction where security will be delivered in a consumption model.
What are the trends you see in the security appliances vs. the software, virtual models, and security-as-a-service?
In the current scenario, security appliances are quite relevant as a sniffing point inside the organization. It sniffs the data and offers the visibility of the threats. Our firewalls, VMs, and end-points are our sniffing points which then bring the data on the threat intelligence cloud.
Security appliances will continue to grow for at least 2-3 years as it is easier to control and manage the dedicated hardware in their own environment. SMB, mid-market, and even large enterprises will have hardware chunks in their security infrastructure.
On the other hand, we must realize that there are over 2000 security vendors across the globe, offering individual appliances which don’t talk to each other. We have the threat repository already available and we are willing to share the threat intelligence with others. The data sharing will enable the vendors to offer security as-a-service in a consumption-based model. That’s the future of security we are looking at.
In the context of digital business, the people and process elements of security and risk management are becoming extremely important. How do you think organizations can improve their security posture?
Security is a function of people, process, and technology. The primary challenge with the organizations is that they don’t have visibility in the network. Siloed approach with multiple technologies is not going to work in this scenario. Unless you have a visibility of the threat, you can’t stop the threat. A platform-based approach will be able to provide customers with visibility on what’s happening in the system and what applications are running.
Hence the customers should have zero-trust architecture. We can very well stop the known threats but when it comes to unknown threats we need to have an integrated approach to view and scan every activity on the network.
Secondly, posture should be on prevention rather than on detection, so as to keep the threats outside the premises.
Further, there has to be an automated environment powered by AI and machine learning, as the manual approach will not work against the number of looming threats.