Cisco Security's Vishak Raman on why firms need to get out of 'anti-virus mode'

Cisco Security's Vishak Raman on why firms need to get out of 'anti-virus mode'
Vishak Raman, director of Cisco's security business for India and SAARC.
13 Jul, 2018

The cybersecurity division of US-headquartered IT giant Cisco has been analysing 20 billion threats a day even as Indian enterprises look to secure themselves and contain attacks. 

The country is an important location for Cisco, with the Indian unit comprising 20% of its global workforce of security engineers. 

Vishak Raman is the director of Cisco’s cybersecurity business for India and SAARC. Speaking to TechCircle on the sidelines of the recent Cisco India Summit, he spoke about the future of the cybersecurity business in a scenario where attacks are set to become increasingly more sophisticated. 

Edited Excerpts:

Many experts say the reality today is that you cannot protect all your data but only the most important sets. How has Cisco adapted to this change?

Organisations were protected very differently four or five years ago. You had a central location and branch offices connecting back with a central gateway. It was basically your pure hub-and-spoke model. All your security was confined to your network, branches and the assets were present at the data centre. The business and security products evolved around this model. 

However, this model was thrown out of the window when people started migrating to a hybrid cloud for separate operations or purposes. So what used to be a legacy information exchange in networks metamorphosed into information exchange that included participation of users from various locations. This made Cisco rethink its security strategy and made us secure the cloud infrastructure alongside the networks. 

Which products did Cisco launch in connection with this shift?

One such cloud security product Cisco runs is Open DNS (Domain Name System) that adds features such as phishing protection and optional content filtering in addition to DNS lookup, if its DNS servers are used. 

If you look at our CloudLock portfolio, it provides access security brokerage making it easier for IT admins to protect hundreds of cloud applications running on the cloud infrastructure of the company. 

The other most important change was the rising importance of endpoint security. Hackers gave up trying to hack the network or the data centre and focused on targeting endpoint devices which would carry the trojan or malicious payload so that they could gain access to the network or the data centre.

Most security products and services generate threat reports and it becomes a nightmare to skim through all of them and figure out which ones to prioritise. Is Cisco working on a solution that can ease this problem?

Cisco's vision is to make sure that every product we develop runs on four fundamental principles - sharing alerts, events, threat intelligence and contextual information and this includes even third parties. 

What started happening in enterprises was that each of them had 25 different security solutions generating 25 different threat intelligence reports in their own format, thereby making life very difficult for chief information officers (CIOs). 

We tried to normalise the threat intelligence alert process by combining all the 25 different reports into one console that would generate one threat score about the entire organisation, highlighting areas that needs attention. 

This means that if there is a new threat intel in one part of the globe, the rest of our customers are already alerted to take precautions.

India is believed to be a top target of malware and ransomware, but CIOs say they find it difficult to obtain an increased outlay for cybersecurity. What has been your experience in this regard?

I think India has taken a big leap towards security in the last 18 months. If you look at some of the cybersecurity guidelines that are coming, we are on the right track. Regulators such as Reserve Bank of India are playing a mature role and that is how it should work in mature economies.

But because of the PC penetration and the lack of security features on endpoint devices, customers are still in the anti-virus mode whereas the market has moved from endpoint protection (EPP) to an endpoint detection and response (EDR) mode. People need to be trained to face real-life attacks. 

What has been your strategy to tap Indian enterprises, especially small- and medium-businesses whose products are dependent ever more so on technology stacks?

One of the strategies involved is to do it at source. Most of these functions or apps reside on the public cloud infrastructure. Now public cloud without security is like standing in the middle of a highway and wanting to cross the road. So what we are doing is we are partnering with cloud infrastructure companies such as Sify and NetMagic which are essentially cloud aggregators. 

We basically try to drive a utility-based model that attracts SMBs. Our global team works with products around Amazon Web Services and Microsoft Azure.

What changes will we see in the cybersecurity space in the short-term?

You will see a lot of changes in the nature of attacks. There will be a lot more automated attacks without human intervention. Interestingly, there will be automated protection and that means it is going to be an interesting battle. You will also see a lot more state-sponsored and endpoint-targeted attacks. 

People will look at mass-device vulnerabilities and then there will be a new kind of hack where your machine's resources or power will be used for nefarious or malicious activities such as mining cryptocurrencies. 

But what is more interesting is the future of security protection and mitigation. Attacks can be predicted and more and more artificial intelligence and machine learning is being used in predicting them. 

The idea is to use AI in combination with a threat inhibitor cloud that is resilient enough to block DDoS [Distributed Denial of Service] attacks. This is in contrast to popular belief that using more cloud infrastructure increases the threat spectrum of an enterprise.

The cloud I spoke about will contain threat intel, have advanced traps and information about tools or mechanisms used by hacker groups so that countermeasures can be easily launched.