Mihir Maniar, Dell Technologies | Cyber Resiliency Summit
here Manar is here he's the vice president of products at Dell Technologies maner thanks for coming in live to the studio it's great to see you excited to be here Dave and it's nice to be in the studio over here in poto it's always better when we can go live so so tell us manir give us the the sense of your scope VP of products but what products where how does it relate to cyber sure Dave so I've been actually in security for a while I was in un security from the revenue cetric and application delivery and security and now I'm in Dell I'm the BP of products for isg which is our infrastructure solutions group Edge and then security services so happy to discuss about security an important topic and you did a I think you did a stint that you said you said Cisco Juniper C jiper so you've seen a lot of changes over your career what how would you describe those changes and and where are we today in the state of cyber security a lot of things have changed a lot of things haven't like today if you go to see there are sophisticated attacks emerging because of the Adent of AI so that's one change which has happened compared to the traditional attacks which are like Insider Insider attacks or credential attack you know attacks that you basically use credentials weak passwords to get into uh into networks and so on uh so those kind of things have remain the same but the sophistication of attacks the volume of attacks because of AI has increased dramatically obviously but the talent shortage that companies have remains um for for them to create a good cyber security hygiene to go and make sure that they have all the controls in place the resiliency practices in place is really hard for them so those kind of things have remained the same but the thing which has evolved is the industry the industry standards and Frameworks keep evolving you got nist you got cmmc you got miter framework you got presidential uh uh mandates coming out so a lot of things are changing a lot of things remain the same I think oper operationalized ing those Frameworks I mean take zero trust for instance is awesome but then to operationalize it um is is a challenging and then you've get like you said you get the the the executive order you get the poor practitioner has all the stuff thrown at him or her right so when you think about and you mentioned AI does AI does does AI make that Talent shortage worse or does it help with the talent shortage yeah it's a great question so if you look at AI the first part is the sophistication of attacks because of AI are increasing right so you're going to have the attackers use AI for having malv which is much more sophisticated uh so at the same time you you're going to have uh on on the on the customer side with security operations yeahi being used in like co-pilots so you have co-pilots for like security operations teams that helps to to overcome some of these attacks and then you have some of these Frameworks whether it's a n n extension or whether is the miter extension with Atlas to to combat some of these attacks coming in because of AI so you're going to have combination of like the adversaries are using AI to go and you know come up with sophisticated attacks it's def fakes whether it's simulating your voice and acting as you or whether it's um malware which is you know uh using AI for discovering and being more Dynamic so those kind of attacks are increasing the volume as well as the sophistication but then you're going to have like on on the Security operation side co-pilots coming out as well as these new Frameworks if the security operations teams mies takes these into effect then you can combat some of these Advanced attacks they constant balance yeah I I I think that's the thing is and there is no shortage of of tooling and security products out on the market how does it really come down to simplifying it for organizations because I I think that's a big piece that I've been looking at and when I talk to customers they're always like I have things in Cloud I have things on premise I have things in Colo all you know all the way out to the edge in iot how how do you look at that and how does Dell approach that from a a complete overall strategy for those organizations yeah I think if you go to see the threat you're right the threat surface area is expanded dramatically you're having users coming from any location you have things connecting to Applications applications morphing into multicloud and so with this vast expansion of threat surface area it's really hard for Security Professionals to keep up you know including the sophistication of threats and then Talent shortages right so that's where Dell comes in Dell wants to make sure that our CSG business the client business and the infrastructure business the isg business of which I'm a part of we create trusted products so the first step really is to create trusted products on both the sides of the fence whether it's you know Hardware or software or Cloud products going all the way from secure boot secure OS secure supply chain verification of hardware and software to create an infrastructure which customers can trust the next step for Dell really is to take away the complexity from some of our customers by creating a set of managed Security Services Right End to End security services that we can provide to to our customers which are facing these shortages all the way from advisory services for zero trust to building out all these security controls as you said the threat surface are has expanded so you got to create all these controls to put into place the third one being a very robust set of uh resiliency practices you know spanning from a good vulner management uh service that we can provide to pen testing and breach attack simulations service to kind of shift left and create more proactive set of services to cat things before they actually happen but you know you got to be prepared for emergencies and that's where the resiliency service comes in where we can go and create the cyber security wall that we have in place we are industry leader number one and in that uh we we have a MDR service we launched an MDR Pro Plus which is a manage detect and response service with a lot of shift left and proactive Services over there because things are going to happen right and so you have to be able to detect threats and then respond to threats and then worst case scenario we have an incident response and Recovery Service where we going to have feet on the ground in like you know 24 hours you know talk to customers who are breached in two hours and make sure that we can help them throughout this entire Journey so it's not just products I mean obviously Del Product Company but you're revolving your services as well let me ask you this is are the services that you apply how do you keep them from getting stove pipe because I'm presuming some of these services are going to be Dell services some are going to be partner Services some are going to be focused on the cloud some are focused on the core some are focused on iot how do you ensure a sort of comprehensive set that's not in turn stove pipe yeah that's a great question so I um if if you go to see Dell wants to be the turnkey end to end services provider manage security solution provider to our end customers right with the sophistication of attacks Talent shortages industry Evolution with keeping up with all those attacks so in order for us to do that we want to be the single single you know set of provider in that case we provide our services on a manage service platform which is the key platform that customers interact with so it doesn't matter they buying a Management Service or they buying a MDR service which is manag DET detected response or incident response service they are interfacing toward us like how you have with your AT&T mobile app it's onetop shop whether it's uh using it for cell phone or telephone or cable or whatnot right right so basically we provide a manage services platform which is global in nature right it's a global platform digitally enhanced that we provide to our customers as a single Stop Shop and in turn we use basically API calls to you know D products or third party products that we use for creating this whole control zero trust controls across the entire thread surface area so we make it really simple for our customers to use our services so now rob you and I have talked a lot about the the the acronyms of privacy in compliance you sort of gdpr is the one that everybody knows about you've got a Litany of other sort of acronyms that that you use I we'll be even talking about things like Dora which is not the Explorer with the backpack and cute things over in Europe where Financial Services have to really uh buckle down from an EU perspective and be able to re able to have that resiliency and Recovery in a time frame I think that to me is the regulations keep getting bigger and bigger how do you really work with your partners and your customers you're providing the platforms do you give them the opportunity to then ex you know build on top of that yeah that's a great question if you really go to see right now because of the threats you know expanding in terms of the sophistication and stuff of that the regulations have to keep up with it right so in that sense you have the regulations forming in terms of in compliance so compliance has been there for a while so whether it's Hippa whether it's PCI whether it's your stockto compliance n compliance and now we have additional with with SEC is mandating companies to make sure that they would if there is a incident breach they have to report the breach and they hold offices liable right so you're going to have a compliance that companies going to meet then you have controls in order for you to actually meet a certain Benchmark so in that there are two main like the gold stand really is nist the nist 853 has got 1,200 fine grain control security controls to put in place to prevent attacks from happening then you have the zero trust framework which is the US DOD framework with 152 activities right that you put in place for from for preventing actually across the entire threat surface area so basic and you have MIT framework right which is also very useful and expanding with Atlas for incorporating AI based attacks so I think we keep we keep a tab of all these different Frameworks regulations and we provide advisory Services as well as the the building of the controls we can build build the controls for customers Services as a onstop shop zero trust controls using these Frameworks and compliance and and and and uh and and things right so we keep up with that and you mentioned the SEC of new new rules that basically require you to disclose a breach many of you in the audience know this but some may not the hackers are now ratting you out if so they'll hack you and if you don't disclose it they'll say hey by the way we just hacked this company and they're not dis closing it so that in in as a way to put increased pressure on the victim I mean it's just it's incredible how sophisticated and Brazen the attackers are but that just underscores the nature of the threat doesn't it I completely agree I mean it's it's uh it's basically the it's like you're guilty until you're proven innocent has become like that so companies have to make sure that they are disclosing all these different breaches incidents happening they liable for it as you've seen in some of the cases like uber and others so it's a really tough market right now right for for for cesos and security operations teams and and that's why we provide this One-Stop shop we provide virtual ceso Services we have a robust program on controls as one side and the other side is resiliency Services we have to make sure that things are going to happen controls are prevention prevention is better than cure but we have to be prepared for for preparing the customers for emergency when emergencies happen right that's where resiliency kicks in where we focus a lot on these things like what's your business impact analysis right in terms of your our entire entire infrastructure and RTO and RPO which is the the recovery you know time objective or recovery Point objective to make sure that your business impact translates into the resiliency measures that we are going to put in place for our customers right whether it's what's how often backups are you having a cyber residency service wult which is an airgap Vault so no one can go and access and it's immutable are you having a continuous monitoring logging and monitoring with manage detect and response service so there something happens you can detect in response with sore playbooks s is automation playbooks and then we have the instant response run books to make sure that when something happens there is people process and technology in place with the Run book to follow in order for you to cter that right so emergency preparation is is is everything when you think when you talk about the Bia the business impact analysis the the way in which you you typically look at these things is the the the reduction in expected loss right you're going to have some probability of of getting hit and there's going to be some impact and you know used to be once once every 10e incident now it's like once a month kind of thing there's a small there's another small item in the Bia that I want to ask you about which is Insurance costs Insurance costs are going through the roof on this stuff but you know how when you install like an alarm system in your home you get a break on your insurance presumably if you work with a company like Dell and you've got a comprehensive set of services and and processes and procedures that you can you show to compliance or audit or an insurance company you're actually going to get a little break on your your insurance actually you might not be able to get insurance unless you can show that so it's not a huge financial impact but it actually could be down the road what are your thoughts on that oh yeah I think that's a very important Point you're raising right now which is that insurance companies want to make money and breaches are happening much more often so the loss that they encounter in paying back uh for to the customers is very high it's like easily 40 50% of the premiums they collect is is paid off in paying off losses so they have to make sure that when they Dole out the insurance uh uh to customers that they are covered in terms of all these different uh basic premises that are there do you have vity progam Management program uh do you have a pen testing program do you have the basics zero trust framework in place do you have residency processes in place do you have a retainer with the insurance company in place so that you can be a provider so Dell actually does work with with insurance providers to be a provider right so that if if if customers get hacked and they go to insurance companies they can be the the instant response and Recovery vendor which can help that as a trusted vendor to to customers to recover from the incident and and and respond to that right so yes it's very important to have those basic principles in place that insurance companies now can use to reduce the premiums for the end customers so that you know it's it's a win win win all for all right you're reducing the the the customers risk and also the insurance company's risk exactly um what are your thoughts M here on the intersection of SEC Ops and AI Ops now with AI so front and center uh we certainly saw the you know the the open AI governance meltdown was a big concern we talked to a number of customers that were shutting off co-pilots as a result of that so everybody's sort of freaked out a little bit about that but what about that intersection between AI Ops and SEC Ops how do you see that playing out yeah I think if you go to see there are there are three main things that we talk to our customers about the first one is about about having the the rules and governance mechanisms that companies need to have for all the employees on how they can use AI like what are the AI best practices what are the AI uh guidelines for using some of these new tools right so can you you know use your propriety data for feeding into a cloud which is where where the AI models are running and so like we have those guidelines that we need to set for our customers that's what we at customers make sure their guidelines are set for all the employees as to how to use AI right safely safely uh the second one is around security operations teams are are are facing also a lot of fatigue right so in order for helping them uh the co-pilots are emerging whether we we use Microsoft stools or crowd strike as Shard and others that are there's a key partner for us we have a security operations teams use all these new methods which are AI Centric and co-pilot Centric to help them and for an average security security analyst to become one of the best analysts using some of these tools right so that's very important and the third step really about EI is hey we got to make sure that the customers are adopting some of these new controls which are extending when AI attacks come in so you you may have heard of oasp top 10 for llms or the MIT Atlas framework which has extended that this is the kind of a attacks you can have and so how do you mitigate against that right and nist is having extensions as well so those have to be in place right seops has to make sure that when AI happens they are they are ready for that and and are you seeing this as a yet another uh piece of the security attack plane because there could be injections of data and things of that nature how are you talking to customers about that where again from a security Ops and AI Ops coming together they have to be resilient and be able to get the data back and things of that nature yeah that is Paramon and that's exactly what I said the controls are important you know shifting left and creating prevention mechanisms very important but things are going to happen and so emergency preparation with the resiliency practices that we create with the the Bia leading to RTO RPO and then leading to a robust backup plan for customers so that you have a business continuity and Disaster Recovery plan in place for the backups and then having a vault that John and others have mentioned John schimon and other have mentioned to have a cyber agency vault in place which is an air gap solution immutable no one can touch it so in case you get a ransom your attack you can recover from that right to meet your RTO and RPO is super important and having run books in place like people actually run around when there's a breach or incident happening right because you don't have the right processes in place so it's all about making sure that the right people with the right processes use the right technology all comes together to recover from those kind of scenarios and you can automate a lot of that you mentioned Charlotte before it's very cool how how crowdstrike is using Charlotte it's llm to really change the security Ops experience um last question Mahir what are the two or three things that you want SE Ops Pros in the audience to go home with and the big takeaways yeah I would say the first one really around make sure that you have a robust set of controls in place prevention does help so the zero trust control framework from usdd is a good framework to make sure that that's in place that's not enough so you're got to make sure you have a good V vulnerability Management program because let's face it a lot of attacks happen because things are not patched so you're going to make sure that you have a good program in place for catching those voles much in advance before someone attacks and takes advantage of that right and the third and the second step is really around the residency programs to keep in place keep a IR retainer in place make sure you have a cyber recovery Vault so that if you get attacked you have something to recover from um right and and make sure you have a detection and response service right which can continuously log and monitor with user and entity behavioral analytics so they can catch all these attacks and the third one really is you know because it's so complex and talent is short you know pick your right service provider when you want to Outsource right pick someone like Dell who has the global footprint right from a physical scale standpoint we provide like MDR Pro Plus in 75 countries 24 by7 for instance right the second one is a digital scale a platform which can be providing a manage service platform which can scale globally to all customers right and third one is really around like John skon went through we we partner with the SRO organization a security and resiliency organization that protects 30,000 employees and lots of different products whether it's Cloud you know Hardware software whatnot so we we benefit from that knowledge and use it towards the services that we create for our customers right so those are things which are super important and I would say pick your right service provider like d m here thanks so much for coming into the studio today it was really great to have you thank you da pleasure this is a different change for me and excellent I'd love to have you back so look if you're a small or or even a midsize business you some of this stuff is pretty daunting up next Daniel Bernard who is with crowd strike and Rahul tiku who is senior vice president GM of the client solutions group at Dell are going to talk about a partnership that they have serving small and midsized businesses you don't want to M this miss this stay right there
2023-12-19 03:53