#TimesTechiesWebinars: Unlocking the technologies and innovations in Security
welcome to this times techies webinar i am sujit john and i have with me my colleague shilpa fatness the two of us will moderate the discussion we hope you and your families are staying safe and doing well our discussion today is in association with akamai technologies i had always known akamai as a content delivery network having these edge servers that would accelerate data flows but akama is also now a major cyber security and cloud service company and today's discussion will focus on cyber security and in particular on ransomware attacks ransomware attacks are rising every day as the number of people using online systems keeps increasing due to the digitization and hybrid work culture the threat will only grow as criminals are inventing new ways to gain access to networks and systems the attack surface is also growing with continued work from home and the rise in internet-enabled devices akama's recent acquisition of guadicore enables it to offer micro segmentation solutions these solutions are designed to limit user access to only those applications that are authorized to communicate with each other to talk about all this and more we have three very seasoned professionals with us today we have with us country manager for the india region at akamai technologies he's responsible for accelerating growth of the business in india and sarc countries mithes has a sales career spanning over 18 years he has worked with companies including oracle microfocus ubex and adobe driving enterprise account strategies as well as helping orchestrate business transformation for organizations across industry segments welcome mithesh thanks we have with us rama vedashi rama is the ceo of data security council of india daci is pursuing a cyber security industry growth charter to make india a global hub for cyber security prior to dsci rama was vice president as nascom leading all initiatives in domestic i.t e-governance and smart cities at nascom she's also led the health care initiative rama also has had long stints at nit technologies microsoft and general electric welcome rama and we have with us ariel sertlin ariel is vp and cto of the enterprise security group at akamai technologies ariel co-founded body core with which akamai acquired last year prior to that he spent 11 years as an officer in the israeli defense forces where he worked closely with quadicore's co-founder pavilion gorice he's based in israel and speaking to us from tel aviv welcome ariel thank you those of you who can send in questions through the facebook comment box sujit and i will put them to my page rama and ariel uh coming to you mithesh and rama first what is the current landscape of ransomware in india sure um i can go first um so first of all thanks for the brief introduction the sujit once again super excited to be here today uh been at arcmai for a little over nine years now and in my current role as the country sales director in india i lead our good market teams where i get an opportunity to collaborate with a lot of our customers across white verticals helping them to leverage the power of akamai and uh be unstoppable with uh world's largest and most trusted edge platform uh now coming to a question on ransomware landscape you know ransomware once simply a piece of malicious software that takes over computer systems denying user access to data which was used by cyber criminals to really demand ransom in exchange to you know restore access to that data has now really morphed into an attack method of epic proportions and you know while the threat of permanent data loss alone is disturbing cyber criminals have become more sophisticated to use ransomware to penetrate and really large enterprises governments and all honesty enterprises of all sizes and yes much to our disliking our ransomware attacks are increasing in numbers and intensity every passing year so it's a huge problem for enterprises around the world with new attacks striking every 11 seconds and the damages resulting from ransomware is expected to amount over 20 billion dollars globally just last year alone now coming to india indian enterprises have been facing a growing number of ransomware attacks as these cyber criminals try to compromise their infrastructure you know almost half of uh enterprises in india suffered multiple ransomware attacks while 76 percent were hit by at least one ransomware attack in the past 12 months and you know many indian companies even gave in to extortion demands of attackers to avoid an attack so we've been facing a steady increase in cyber attacks and breaches uh since the onset of pandemic and the shortage in the cyber security talent has only made it worse so you know it's a serious problem that can't be overlooked anymore rama you want to add to that and an additional thing to companies i mean they generally says massive number of these attacks happening but we don't really hear about so many or in the media i presume a lot of the companies keep it to themselves that true not really yeah i mean all companies uh try to first address the problem but to add to what uh you know mithish articulated while the rest of the cyber threats even including you know something like the phishing campaigns have continued you know particularly in the last two years with a wave of digitization i think ransomware is a big problem which started with you know the the first big attack across the world which was one wannacry whereas in the last couple of years we've seen maze really create amazing proportion of disruptions across various enterprises and many other ransomware attacks but i think what is the biggest challenge we as industry whether it is user enterprises or the security industry spacing is the emergence of ransomware as a service which is really creating a third-party ecosystem of you know ransomware as a service where the attackers need not have those kind of skill sets and competencies there is a third party ecosystem to be leveraged to create or you know to just launch a ransomware attack so this ransomware as a service is something is i think beginning to become a big menace at a country level and a company level across the world it's not just in india so whether it is asserts across various countries whether it's national security institutions and of course our own industry members who are trying to secure networks for our customers worldwide there is a huge challenge because here we are seeing you know the actual attack on it does not need to have those kind of competencies so ransomware as a service is i think what is really making this menace of ransomware even more a bigger cyber risk that is something that we are seeing yes as mitesh has articulated ransomware attacks have become more proliferate if you see the moment at which a particular attack happens in one part of the world the way it gets launched in other parts of the world where because the supply chain of in the digital ecosystem you know spreads across multiple geographies and multiple customer organizations the speed at which it happens is worrying every cio and see so and given the way these are attacking how do you upgrade your enterprise technology infrastructure people capability is another big challenge now that doesn't mean the other cyber risks have gone away they continue to whether it is all the risks around zero day vulnerability supply chain risks phishing some of the risks around migrating to you know legacy systems onto internet platforms or cloud platforms which took place at a rapid scale in the last two years all of those continue it doesn't mean that now a ciso can work with their security providers to mitigate the ransomware risk they need to look at every other risk but also give attention to ransomware because it creates a lot of you know disruption the kind of scale and you know the extortion data exfiltration is another one that's a big challenge that you know enterprises deal what is that i mean in any of these cyber attacks the way the data gets exfiltrated from your enterprise networks based on which criminals try to monetize it and get a ransom out of it okay okay yeah if i can if i can just add one last bit to what drama said uh you know so what we've seen the factors that are attributing to the sudden increase in ransomware attacks are you know one of course as we witnessed a massive surge in adoption of technologies in the wake of uh koei 19 pandemic you know several companies were forced to shift to a remote or a hybrid working model uh increasing their dependence on the online business processes which made most of these companies an easy target for ransomware attacks which really resulted in uh you know a greater attack surface for cyber criminals to exploit you know remote workers ddos attacks targeting vpns and and and the remote access infrastructure and then the other is cloud migration uh you know i mentioned uh about skill shortages and really the increased threat activities you know which left many organizations struggling to keep up with the base of these uh security developments and some of the recent breaches we've seen are classic examples of this and sadly you know these threats will only grow as more enterprising cyber criminals you know find new ways to take advantage of this you know ever-growing attack surface and and so it's very very vital for organizations to put in place a strategy for protecting you know critical assets once those defenses are breached so apart from ransomware which are the big ones what kind of attacks i think the zero-day vulnerabilities and fishing particularly last two years with so much of a remote workforce where he targeted fishing campaigns that has been two big menaces i would say and zero day vulnerabilities and uh supply chain risks the third one we are seeing particularly in the i.t industry is the services companies being targeted to actually launch you know uh attacks of a larger scale because if one services company is breached uh it lets you penetrate many other networks of the customer yeah you're talking about id services companies or uh how does that work uh the chain effect you said what we're saying is that when a services company is targeted we've seen this even in ports and other critical infrastructure right when there was an attack on the merc systems so when if let us say one services player is attacked it is not the intention is not to target that services company it is the intention is to amplify the attack to the entire customer base so let us say even we have seen the kesaya attack right where we see it's a third party ecosystem third party product which is used in a lot of remote infrastructure management so when that kind of a product and that ecosystem is attacked it pretty much attacks every other uh the customer base where this installation is happening so we see some of this but of course ransomware phishing attacks those are the ones and supply chain risks is one the third big one okay okay ariel i want to bring you in here uh so your micro segmentation solution uh how exactly does that work yeah sure uh so i i think that um uh first of all kind of connect to what my colleague said i think ransomware is uh in a way just a new way to monetize access so the way ransomware uh gets to the organizations is all those uh old tricks uh that we have seen it's just a new way for uh attackers to monetize access i think what changed a little bit is that uh you used to be uh if you have used to be a target if you had very interesting data like health scare financial and so on now it's not that interesting a school is a target not because they have data it's because they need their business to operate and run somewhere can exactly attach itself to this to this point if uh school cannot operate without their systems and they don't have any interesting data that attackers can sell so i think what ransomware change is that everyone became a target of those techniques that were previously targeted to financial institutions or government organizations and this is why it's so widespread i think i think what micro segmentation is actually not a new concept if you look at uh how ships were built uh from the 15th century is that they assumed they can hit an iceberg or uh or under a rock under the water and there can be a hole uh in their perimeter and then to make sure that the sheep doesn't think they would compart analyze the structure of the ship so only one area of the ship will be filled with water and we see this same type of approach in very different areas actually this is how bulletproof tires are built it's not i'm actually will it prove that i'm going to say bullet resilient uh and uh and micro segmentation takes the same approach to two networks uh which means that uh you would assume that you're being bridged what you want to do is you want to reduce the blast radius you want to make sure that attacker only gets to where he's initial foothold brings him to either through phishing so he will stop on the first laptop that click the byte or and will not be able to propagate further or if he's able to get into the most sophisticated supply chain attack he will stop on the server that was affected by the supply chain and gives control to the security administrators to assume a breach can happen but really mitigate the impact uh and the way it's it's done is by breaking down the network into small segments and the smaller the segment the the bigger the resilience uh and uh and uh micro segmentation is when you get to relatively small segments uh over it can be as small as one server so that's in general macro segmentation which is a part of a bigger approach uh of zero trust uh that actually uh in a way uh doesn't uh lets you control effectively uh any access any connection uh any data point uh so um and this is actually was the idea behind uh joining forces uh with zacamaga and acquisition is that we will bring the inside the network micro segmentation technology enjoying it with akamai's uh technology coming from where they're really strong is from the edge controlling access to the applications from the users to the applications from the internet to the applications and this way to provide the widest sort of zero trust control uh toolkit to the seasons but with microservices and containers and all that uh given the easy flows that happen between applications all of that uh you can still segment it is it and ensure the attack doesn't go beyond one application or one workload or something yeah absolutely i think we uh what we've seen the last two years is that uh the actual implementation of innovate or die businesses that used to have shops needed to go online completely it's a completely new way of doing business businesses need to compete with each other with better offerings they needed to change the way the infrastructure looks to let their workers connect from their homes and what innovation brings in most of the cases on the id side is new technologies new types of infrastructures it's much easier to develop and build new things with technologies like containers or in the cloud so this we have seen the uh wide adoption of those in our customers uh and uh what they are facing now is a combination of extended attack surface because they used to have their well or what they thought is well protected data center now they also have a cloud and it's connected to the data center now people are connecting from their homes to the perimeter so they open little up so the uh in in from one side the attack surface grew significantly and very fast over days and on the other side [Music] attackers are now targeting everyone and leveraging this attack surface so when people are looking to protect their uh infrastructure they need to address everything and uh and they need to address everything faster than they thought so applications were spun up in the cloud without the security having the convenience of planning it over months no they need to deal with the reality so uh we of course support all of those otherwise we'll be out of business uh because this is where the customers internets are they are interested to protect their very old on-prem bare metal servers as well as containers in the cloud and that are managed by kubernetes or whatever and this is this is how the surface attack surface looks like and this is where customers want to do implement the zero trust okay okay with the threat actors becoming sophisticated with each day how are enterprises protecting themselves and how can a security partner empower them yeah so you know the first step businesses can take to strengthen their cyber security posture is to really reframe their security strategy to uh focus on both external and internal attacks this means you know moving away from old perimeter-centric approach to security towards a zero trust model that focuses on granting the right people the right access at any time regardless of location you know with end users applications devices now anywhere organizations should look towards shifting their security stack uh right at the edge of the internet which ensures that attack traffic can be blocked right at the uh right at its source uh you know preventing access to uh its target now to easily zero trust i've been hearing zero trust a lot lately so it basically means don't trust anything that uh comes in till you verify it or something is it absolutely right now to ease this transition uh you know enterprises can work with cyber security provider of the choice that helps to deliver security capabilities from a single platform and is also capable of managing and abstracting the complexities of the distributed uh infrastructure now in alkamine we have grown our security portfolio from point solutions into a uh comprehensive platform which provides defense in dip to address our customers biggest threats and uh now by adding guardi course micro segmentation solution into our extensive xero trust security portfolio we are uniquely suited uh to provide comprehensive protection to the enterprises defending against all these threat actors and uh these spread you know spread of malware and also ransomware so micros uh segmentation comes in at a point when despite all the protections that you have is there's still a breach but at that point uh micro segmentation helps to ensure that the i mean it does it's not widespread so as i said absolutely right as uh area also sort of briefly touched upon so the philosophy is that despite having uh you know all the perimeter defenses attacks will happen but when they do happen uh are you in a position where you can sort of contain the you know blast radius uh the extent of damage that those attacks can potentially do you want to say something uh i had a question on talent but uh did you want to say that i wanted to you know add to what mithish and ariel talked about because i mean further to your question whether it's containerization and whether it's micro segmentation and what is this entire zero trust paradigm it's all because of the last two years the entire enterprise networks are truly borderless it's not a buzzword right you cannot really know cio see so can really define what is my enterprise security parameter a perimeter sorry right because there's so much that has moved to the cloud multi-cloud and also have a public cloud so much is moving to the public cloud and there's so much that is happening at the end user working from anywhere in a remote infrastructure so it's extremely important that zero trust as a paradigm needs to be implemented in the enterprise before you choose the technology stack to implement zero trust first zero trust is a paradigm in terms of how do you authenticate and authorize your users how do you you know validate every resource access it's not like the first time you log in and most importantly here everything is access and resource access control through digital identity whereas when we were working in offices maybe you know you had this card and one year once you have got and there is some kind of access that is and you are logged in on to your network physically right from your office whereas now everything is digital identity based access so how do you make sure that you don't trust any access at a resource level any user and that paradigm needs to be implemented that is you know what is zero trust once that you decide to implement that paradigm it's not like every organization is ready for a zero trust rollout right now they need to do an assessment of their readiness for zero trust right and then also they need to do it in a phased manner maybe it could be certain workloads it could be certain set of users it could be certain operations and then you can say you're ready for a zero trust paradigm and then what is the technology stack and who's the security provider or the services or a product company but i think there is no choice when we started two years back zero trust was still you know at a concept but the way it has got accelerated there are so many enterprises even in india some public sector enterprises in oil and gas in banking sector have gone down this path and getting get up so really yes they are following this uh no trust model i mean some of them have already rolled out whether it is in the itits sector but many others are getting prepared they've done all their assessments some of them need to beef up their current enterprise security posture and preparedness to get ready for zero trust so it is definitely happening in all the large enterprises okay okay area when you adopt so many security measures does it slow down the system at all are there techniques to avoid all that so i think that yeah in general i guess complexity is is uh one of the biggest problems of security almost that at uh at any at any level that you look them from the amount of tools you need to manage to the amount of signals that you get to the complexity of operations to to deal with something investigate and so on so i think that what zero trust uh is as an industry uh i would say effort or adoption makes it creates a really standard stack that organizations can uh align with and it's a good one uh in fact uh it's it's almost uh i would say uh a new name to a very good long-time practices if you look at regulators uh specific compliances like pci it's very very similar to what zero trust talks about and it exists for years so the uh and so industries are i think this is a good uh move by the industry of force i would say by the pandemics and ransomware in a way to align the stock and uh i think when uh there is sort of a standard of uh how organizations want to protect how they want to spend and prioritize their uh security spending uh the vendors will align and will provide good uh uh integrations within the stock so platforms that cover a lot of the stock will will be preferred uh pieces of stock that work together well uh will be preferred because it exactly reduces the complexity and uh and definitely in within any specific product uh i think that specifically if you look at micro segmentation the uh this this is became one of the key selection criteria is how easy it will be to implement uh the micro segmentation with this specific product how easy it will deploy to maintain to actually do the micro segments and this is what people are looking at security complexity is definitely a major major concern okay yeah if you can also talk about the role and impact of ai machine learning and 5g on the security landscape uh yeah i i can i could try to start i think that again looking at my sort of a microcosm of uh micro segmentation uh i think that a lot of the security products are adopting ai as a way to deal with exactly this complexity right uh too much signal uh how do you identify what's good what's bad uh and in micro segmentation when the idea is to try and break down your data center into smaller segments uh you need to understand your environment really well you need to understand where our applications or our users how they are connected what's allowed what's not allowed and we invested a lot in machine learning and uh to help customers exactly simplify that process to identify applications for them to help them identify the dependencies and help them set the policies suggest uh what we think should be based on how other customers are uh probably an exchange application looks the same in many all of the customers and uh so we can come up with okay let if you're going to segment your exchange application let us find it for you let us suggest you the right policy uh you don't need to reinvent the wheel so uh yes i think ai is touching uh every uh single product and security every single area and uh for specifically for uh 5g i think it's just another carrier of innovation and change in the infrastructure uh it will allow a lot of new use cases it will allow organizations innovate faster which will create for the system's new attack surfaces and so on so i think it will only increase the the need for uh for uh further adopting uh this approach of uh trusting nothing okay i just wanted to take up on what rama previously said uh indian enterprises when you go to sell to them what is the attitude that you see uh what are they on they do they understand the risks or are there still a lot of hesitation is it an expense for them do they see it as an expense what well i mean yeah i think i've come a long way you know everybody understands the importance of uh you know having the defense in depth improving the overall security posture um you know cyber security is obviously becoming a severe issue for well not just individuals but also enterprises even governments you know in a world where everything is on the internet uh you know from cute kitten videos to our travel diaries to even our credit card information you know ensuring that the data remains safe is one of the biggest challenges of cyber security and of course the challenges come in many forms such as we've been talking about ransomware but then phishing attacks malware and many more um so obviously security and compliance are the top challenges enterprise face when uh you know moving legacy systems to cloud and unfortunately many enterprises are still approaching security with the outdated notion of uh protected uh you know firewall corporate network however that has changed the last two years but this approach is obviously inconsistent with our cloud first you know work from anywhere world you know things like public facing applications virtualized servers and a mix of on-prem cloud technologies which traditionally meant a protected perimeter approach to security where you know a user or an application is either on the network and trusted or off the network and not you know leaves organizations extremely vulnerable this is both because there is nothing to stop attackers if those defenses fail and also because it's really hard to put cloud-based applications and infrastructure behind traditional security defenses and still maintain the performance i know you briefly touched upon the question around hey can we still maintain the performance with all this and uh you know this complexity will only increase as uh work from home continues to really blur the lines between personal and professional home and office and uh that's not all you know go to market timelines for uh digitization solutions in india have uh accelerated due to pandemic you know causing a shift towards hybrid work you know leaving product teams to i hate to say this uh to de-prioritize security in favor of speed now this is something that malicious actors have been able to exploit leading to uh you know a rise in the number of cyber security security attacks so it is critical that uh you know businesses today realize that cyber security is not a nice to have but an absolute necessity rama i just want to ask you i mean mentioned this uh issue of talent um not enough talent to secure everything i mean what what is the sense you have and is dsa i do doing anything to increase the talent that we have yeah i mean before get into the talent just to add a couple of points to what mithis talked about at an india country level i would say it's a mixed bag if you look at the large enterprises particularly the regulated sectors i think they have significantly stepped up their cyber preparedness because of the regulatory frameworks that are coming up of course itits sector because they serve the global markets their level of maturity is very different we see banking telecom insurance capital markets because of the service guidelines but if we see other sectors like small and medium state governments i think only a handful of state governments in india who are doing so much on digital and government to citizen services have socks so healthcare i think only a handful of hospitals even have a good established security practices so there are some sectors where significant investments have to happen so when we are attackers interested in the sme segment i mean what they do i mean because when you say smbs it's it's across verticals right when you look at manufacturing sector the smbs are the supply chain of the large oems whether it's in the auto sector or any other manufacturing sector appliances similarly when you look at smb when you see all these b2c platform companies they're those mega platform companies which are in the e-commerce set but there's a mushrooming of business-to-consumer platforms across you know whether food aggregators all of them right so there are targets of attack particularly because of the data part you know the the way the black marketing of data happens right there there is an interest in terms of talent i would say even if you've read the recent this month's world economic forum uh risk perceptions report it's talking about a gap of 3 million workforce in cyber worldwide so even in india we have a big talent gap i would say this talent gap is happening across various segments one is at the entry level where mostly the entry level hiring happens in the iit industry there is a gap there too but i think most of the gap is happening in the mid level to the senior level and specializations because no longer there is no cyber security expert right you need specialists you need specialists in crowd cloud security you need specialists in you know sock specialists you need sock level 3 level 4 kind of analyst you need people who are into foreign six very advanced foreign sex right so you need a lot of specialization i think there there is a much larger gap even when you look at vertical specific because in oil and gas sector there is so much convergence happening between ito d right so when you look at scada security specialists or operational and technologies and industrial control systems i think there's a much larger gap in the talent pool even in the mid to senior level and of course at the entry level so while there is a broader gap i think now we need to address the gap at a role specific level whether it's in forensics because there's so much of forensic talent requirement to support the law enforcement and state police units because of the cyber crime and the investigation that needs to happen similarly when you look at socks before it was an on-prem sock right where you were doing a sock for a customer whereas now socks are for multiple clients maybe on the cloud how do you manage those kind of stocks right similarly so much so much critical workloads are moving to the cloud so when you're moving into the cloud what is that application security what is the cloud security and governance so we would say now the time is to go into specialization we are doing quite a bit on that where we do a lot of sessions and webinars nasscom and dhci are trying to do a lot around future skills and the cyber security job roles and what is that we work very closely with ministry of information technologies and electronics on the icia program which is information security education awareness program if you just do a dipstick sujit now versus last year how many engineering colleges have an mtech cyber and a btec cyber you will see the number of colleges which are offering that that means even at an entry level we are trying to build that specialization really that's very interesting it is huge it's a huge number of colleges that is thanks to the ico program which is now in its phase three which is only focused around cyber security capability building in the formal education sector uh so we are seeing that we are also seeing more and more phd uh pass our phd you know disciplines in cyber where across all the premier engineering colleges a lot of them specializing there is a talent gap next is the cso at a leadership level right because now more and more sectors are mandating a full-time see so already we have that in across all the large enterprises right where is that cso leadership talent pool because the cisos are technocrats they're also the risk leaders they're accountable to report to the board so there is that business management function so across all this there is a talent and i think we are trying to solve it but there is a lot more to be done that's very heartening to hear shilpa yeah coming to you if you can talk about uh you know many enterprises still use legacy firewalls they're not effective so if you can take us through what is the future of firewalls how is uh software addressing that i think that uh in general uh organizations uh staying away or trying to start starting to shift from appliances based approach to something more software-based exactly because of the reason of the operational cost of managing that appliances usually require physical connection to a network and changing that requires someone going there and switching wires that's uh something that was not possible in the pandemics and in fact the the timeline of physical manual effort is not meeting any business requirements anymore uh so we specifically talk about segmentation which is by the way what firewalls were supposed to do is create segments uh just uh it takes too much time uh and uh especially if you need to do it across a global organization you need to involve multiple people going to multiple places uh it just doesn't fit the modern environment so we see a lot of organizations starting to think about shifting from this approach to software-based i think the wider adoption is exactly because firewalls were not fit to implement a lot of segments uh which is what microsegmentation is so micro segmentation is first taking place where the firewalls created a gap which is mostly inside the network now the forward thinking organizations saying okay maybe maybe i can stay away from firewalls at all i can remove them from my data center so we see a lot of our customers actually not renewing firewalls uh and uh building their organizations and building their networks on based on software defined approach and uh i think this is uh this is the future definitely it will take time because uh taking a firewall out organization is a complex process technically it's complex process because you need to disrupt the network a little bit uh uh psychologically is a difficult process because this is the most trusted known security tool in the organization and on the talent side it's process because people build their careers on firewalls and now uh what does this mean for them uh so uh it it's uh it's inevitable uh process uh in my opinion because this is you know this this is how the cloud builder no real appliances so uh this is definitely a software approach taking over uh and i do believe that and see that everything that's new is already built in this new manner and everything that's old will softly but surely shift away from from boxes so that's the general akamai guadico proposition uh uh how's that are you in taking me to the indian market how's that resonating yes um so this is new and as uh errol mentioned uh we do have uh you know a few existing customers in india who are already using gardicore uh but before that um let me uh let me just also give you a quick sort of snapshot on what have we been up to with respect to uh you know security and helping our customers in india so over the last several years uh we have grown our security portfolio from you know point solutions into a comprehensive platform which as mentioned earlier provides defense in depth to address some of the biggest uh cyber security threats now the breadth of our defenses is important to a lot of our customers in india and across the globe who want more security capabilities from fewer vendors our security solutions are highly differentiated and recognized as best in class by customers who see us as a leading provider of services that protect most of their critical assets including enterprise websites applications data access um you know for example akamai disrupted the web application security market when we launched uh our kona site defender back in 2012 and since then we have continued to extend our leadership position in the uh web application firewall space uh we've been the market leader in uh ddos protection since we are quite relaxing back in 2014 and as new threat vectors have emerged we've extended our platform to really defend against them we also created the first comprehensive uh bot management solution to protect our customers from uh you know sophisticated bot operators who try to steal content disrupt operations or you know penetrate user accounts uh most recently we released my page integrity manager to really identify malicious code in third-party scripts and uh websites that designed to steal uh you know end-user data uh this really helps to address a major threat that's been costing businesses hundreds of millions of dollars and fines as well as serious reputation damage uh we now plan to extend our web application uh protections further uh with solutions like account protector primarily for audience hijacking prevention now this is designed to reduce frauds by you know making sure that the entity logging into an account is really the true owner of that account audience hijacking prevention of course can help businesses protect sales by efficiently navigating malware that diverts a customer just before the completion of a transaction so you know really since our founding 20 years ago our vision has been to help our customers solve their toughest uh internet challenges and now of course that includes uh stopping ransomware we're already selling solutions like enterprise application access that help prevent attackers from gaining access to an enterprise infrastructure and applications but to be secure in today's world organizations also need a second layer of defense to block the spread of uh malware that has gained into uh you know foothold into an enterprise and that's where gardicore comes in it helps detect you know when a breach has occurred by uh identifying anomalous data flows within the enterprise network um guardi could also help prevent the malware from spreading through a capability which uh you know area touched upon known as micro segmentation where the solution limits access within the enterprise to only those applications that are authorized to communicate with each other you know denying communications as a default greatly limits the uh spread of malware and protects the flow of enterprise data across the network and that's the key to stopping uh ransomware and we truly believe you know guardicore's best-in-class micro-segmentation solution is the perfect addition to our zero trust portfolio enabling uh akamai to offer customers a comprehensive solution to stop the damage being caused by uh ransomware and malware okay got it yeah uh this is question from uh manish rau uh from the audience uh uh asking rama maybe you can take that uh on cyber security insurance what is your view our company is taking it i mean i think now cyber insurance is reasonably a mature you know practice at least all the large enterprises uh it's it's over a period of time right i mean there was very low understanding of cyber insurance even from an actuary side you know how do you assess the risk what would be the role of a risk assessment when you structure a policy particularly post that you know will the cyber insurer provide you in terms of you know the entire remediation you know investigation also so whereas now i think increasingly at least across all the large enterprises cyber it's part of the cross and cso starter and there is a lot more maturity in the insurance provider ecosystem i think even organizations like irda have given some attention to it on how do you go about these kind of policies but still i don't think it's broadly taken by all small and medium businesses and several other businesses i don't think whereas if you look at all the large enterprises the csos very much take it it's very similar to the way you protect a lot of your information assets right cyber insurance is one of the risk mitigation strategy particularly with the ransomware attacks rising cyber insurance is gaining a lot of attention and sometimes that's part of the assessment of the providers also by the customer organizations on how are they insured and all of that but we still have a long way to go both on the provider side and the structuring the policies because the policy should be linked very closely to what is the digital risk quotient of the enterprise for which the policy is rolled out i think what are the frameworks to measure the digital risk quotient of an enterprise is not an easy thing but the way the digitization is you know leapfrogging every quarter how do you continuously assess the digital risk of an enterprise what workloads are they moving to the cloud what is happening remotely what is the integration with third party suppliers third-party vendors i think how do you continuously evaluate this is a big challenge but taking cyber insurance at least in all the large size enterprises across verticals is one of the it's become now like a hygiene track um yeah okay okay i'm sure it's complex though yeah yeah we have a question from our audience to compliances and laws of the land about maintaining data servers within the country cause the detriment to cyber security before we get into the cyber security aspects overall mandates and regulations around data residency tend to impact the digitization momentum because i think where the data resides is not so important it's extremely important and how are you making sure that you're securing your data and you're doing the privacy protection it's only a myth that data residency within a country will guarantee privacy i beg to differ on that i have actually done a decent note when i was part of the committee of shri krishna justice free christmas committee even our recent nasscom submission to join parliamentary company mandated that right so it does challenge that the moment when you talk about data residency in a particular geography which means you're putting the onus of uh you're not uh you know the kind of security best practices that you can do around your data centers it gets diluted to a certain extent i am not saying data residency in a certain geography will make it more insecure but it does not also guarantee more security right because when you look at the data center industry and now the cloud industry worldwide where the data centers reside it's a very complex thing right from quality of power to you know the talent tool that is available to manage the data system so i would say that residency of data in a certain geography does not guarantee either security or pens okay okay uh there's also this question on uh maybe ariel can take that uh you know metaverse is uh how does does that impact security quant and also quantum computers and all that meta was first yeah it's uh interesting question uh not an expert in this at all uh frankly but uh i think that uh it's uh it's frankly yet to be seen i think that it's uh in my opinion a lot of hype and not a lot of implementation yet okay uh we'll see how this develops and but i'm sure any innovation will bring a new risk so uh uh that does the only thing i have what about quantum aerial quantum computers i'm i'm told will have a deep impact on secure security practices i think the uh i think it it's even further than uh metaverse okay okay it's a while away okay if it happens it can have implications on uh strengths of [Music] cryptography that is underlying feature in security and then new risks can and can appear where something is sought as strong and secured and can only be brute forced in three billion years this can break and and if this breaks with quantum computing that that can affect a lot of practices but i think it's it's really really nice and still okay okay so also want to ask you micro segmentation does that use ai a lot uh it does yeah i think uh almost any security product today uh uses i just use complexity in microsegmentation specifically the whole notion of understanding your data center helping you decide how to build the micro segments is basically built on machine learning algorithms that help you identify applications look at your data center saying hey this is your uh is that your web applications this is your uh this is your databases this is where critical information is this is the best practice of how to segment those uh and uh share this knowledge from between customers and uh enable you to do this with a few clicks without you know going through the same process again and again in every organization okay okay do you have anything to every security product and also a service because that's the way you're detecting and remediating and you know analyzing the data machine learning and there are some with also drama you again they go to every security stack and product okay okay got it shilpa you did you have anything yes sujit i have this question from uh surya nishtan how can enterprises take care of take care of accounts for slip-ups from their end customers who wants to take that yeah so i obviously need to qualify this question better so i really didn't get the account slip ups is it more around uh there's a question more on account takers maybe you should buy a muted uh is it no how can enterprises take care to account for slip-ups from their end customers you know if i'm if i can read from the question i think it is you know what they're saying is your end consumer security awareness yeah let's say you're a bank how can a bank take care of the lack of security awareness of their end consumers probably that's the question right so you know again it's uh it's a continuous process and i think uh from our standpoint uh you know both the enterprises and uh and it's a continuous journey you know and the end customers need to uh continuously be educated about the risks and uh uh you know how can uh they sort of protect themselves uh by uh you know having uh but by being aware of some of the threats that we see on a daily basis okay so we are almost out of time uh some final words from each of you um nitish you want to start a message to companies and to users in general what would that be yeah sure and i'll um i'll probably uh you know touch up on arcmi first so you know obviously uh customers our customers see akamai as uh as a strategic partner um in security not only because of the strength and breadth of our solutions but also because of the depth of our security expertise and threat intelligence and the scale of a platform um you know it's the same platform that underpins uh our world's leading cdn uh where we handle five trillion requests every day in addition resolve uh you know more than three trillion dns queries each day which sort of gives us unmatched you know real-time insight into words internet traffic which we then analyze to provide best-in-class threat uh intelligence protection and uh and support and you know we also touched upon the cyber security skills or the shortage of it uh but at alkamine we have one of the industry's largest and most experienced team of security professionals with thousands of engineers and consultants uh working on security for our customers um so i definitely uh you know welcome uh anybody to come and talk to our team and uh probably learn and understand more about uh what we have to offer uh to protect the enterprises and we're really really looking forward to uh uh you know the the joint forces with uh with guardicore now ariel any final words yeah i just want to advocate zero trust as a as a i really believe in this framework i think organizations facing change and their id and the way their business works uh this is a really good framework to adopt uh and follow uh so uh uh any any organization that has substantial id should uh look at this and uh i believe akamai has a lot of advice to give and a lot of tools to provide for for dealing with that okay drama i would say security is a collective and shared responsibility so it is not just the uh role of the security providers and the industry members like my and their peer organizations but there's a role for government and national security institutions for the user enterprises and most importantly even end users who are going digital and going online and all of us need to collectively make sure that we step up absolutely so uh it's everybody's responsibility while we have some fantastic technologies uh i mean as users we can be the loose ends which can create trouble so uh thanks so much to all of you mithish rama ariel really nice having you on the platform uh great discussion thank you so much thank you
2022-05-30 19:40