Cisco’s Vishak Raman on how small and medium businesses can overcome network security threats

Cisco Systems Inc. is betting big on network security services in India. It is ramping up investments in India, where research firm Gartner forecasts that enterprise spending on information security products and services will touch $1.9 billion this year from $1.7 billion in 2018.

As director of Cisco's security business in India and South Asia, Vishak Raman is tasked with figuring out the main threats that companies face and how to mitigate those threats. Raman spoke to TechCircle about how the threat landscape is evolving in the region and how small, medium and large enterprises need to adopt to the new threats. He also talked about how artificial intelligence and machine learning play a critical role in network security. Excerpts: 

How is the security landscape evolving? What do customers expect from companies such as Cisco?

Customers want to move away from heterogeneous, distributed security investments that cannot provide a unified view of the dashboard or their resources.

There is a lot of consolidation seen in the market. The talk is how to leverage the investments already made in e-mail security, web security, firewall security, DLP (data loss protection) and endpoint security. There have been multiple layers of security but customers today want a consolidated view of their threat landscape and of the attackers.

Previously, File Integrity Monitoring used to be the panache to consolidate all of it but customers are looking towards simplification of security today. Cisco is working towards adding value and leveraging the existing security infrastructure instead of buying expensive tools.

Tools such as the Cisco Threat response can help with the simplification and orchestration of security. The customers want greater visibility, an overview of attacks that are blended and an automated security solution.

Do small and medium businesses (SMBs) face similar security issues as large enterprises?

The problem for SMBs is very similar to large enterprises in terms of managing the alerts. However, alerts management is a universal problem and pertains to all types of organisations. SMBs are also moving towards classic approaches of cloud adoption.
SMBs have already made investments in cloud, security and even AI. They are at the leapfrogging stage, where they are quickly moving towards digital transformation. The top three investment areas for SMBs will be cloud, security and upgraded IT infrastructure.

Are AI/ML technologies overhyped or are they a crucial aspect of security?

The way you use AI/ML is to gain actionable intelligence. Cisco traverses 3.4 million malware samples, 600 billion emails, and about 140 billion DNS (domain name system) requests a day. These require computing at a massive scale. 

Cisco has built a superscale sensor using its AMP (Advanced Malware Protection) cloud, which uses a huge amount of ML at the backend to crystallise data. The software decides what packets should be classified and what secure hash algorithm (SHA) values are bad or good.  

So, if you are an SMB who uses our Meraki solution, it has an AMP connector that feeds in information into the backend machine learning engine. This provides the right SHA values that are given to the Meraki customer to derive value.

Companies like Cisco are using AI to eliminate false security alerts and only focus on alerts that require attention.

At what level of maturity are companies in terms of network security? What additions are required to a firewall in order to enhance security?

Firewall is a basic ingress-egress necessity but there is so much more that goes on top of the firewall. Firewall provides visibility for network layer attacks, and NGFW (next-generation firewall) gives visibility for application layer attacks but what is missing is the difference in depth of the entry point gateway solutions. This is where customers look for additional visibility. 

Cisco’s Stealthwatch maps the network behaviour over a period of time and watches out for application layer attacks, DDoS (distributed denial of service) attacks, baselining, data theft and data exfiltration scenarios and can then work towards mitigating the same.

Even though SMBs are deploying perimeter security, there is so much more that they need to protect against network visibility, DNS traffic and proxies which require added security layers for better protection.

What types of new tools are hackers using to gain access to networks and sensitive data?

If you look at the attack landscape, endpoint security has become more pervasive. Hackers are analysing how not to break the rails of security but get inside the network through a compromise. Hackers are trying to exploit endpoint vulnerabilities beyond traditional antivirus and malware detection.

Cybercriminals also increasingly use drive-by-downloads, whereby people are coaxed to click a link and a non-malicious code comes into the system. The code understands the environment and, for example, might recognise that Microsoft Outlook is not patched and is outdated. Hence, it senses the environment from machine and network views and then calls back to the command and control to download more malicious software that extracts critical data. Most of these attacks occur at the endpoint level.

What are the top security issues that SMBs and large enterprises deal with?

The typical trend is an upgradation towards a next-generation SOC (Security Operations Centre) where data monitoring extends beyond the organisation.

Companies also have to move from on-premise into a secure cloud access gateway, where adoption to newer SaaS infrastructures is happening. 

The third aspect is enhancing visibility and control across the footprint for the network, data centre, endpoint and the hybrid cloud.

The fourth issue is with compliance, customer data protection laws, and more importantly compliance with the European Union's General Data Protection Regulation. The drive towards compliance is the biggest ever and there are huge investments being made in the space.

Last and most importantly, companies are driving towards simplification, automation and orchestration of security, which is slowly becoming the norm today.