Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
Shrikant Shitole, Vice President and Country Manager, India , India, FireEye explains the cybersecurity scenario during the pandemic and how FireEye helped mitigate the challenge
What are the solutions and services currently in the FireEye portfolio?
FireEye is an intelligence-led security vendor that offers a single platform blending innovative security technologies, nation-state grade threat intelligence with Mandiant consulting. The enterprise security solutions include FireEye Helix Security Operations Platform, Mandiant Security Validation, FireEye Network Security & Forensics, FireEye Email Security, FireEye Endpoint Security and FireEye Detection On Demand. With these solutions FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyber attacks. Network security also includes Security Orchestration, Automation and Response (SOAR) and Security Information and Event Management (SIEM) .
FireEye security services include Mandian Breach Respons (like Incident Response, Incident Response Retainer and Compromise Assessment). The Mandiant Security Assessment services include Red Team Assessments, Purple Team Assessments, Penetration Testing, Security Program Assessment, Response Readiness Assessment, Active Directory Security Assessment, Tabletop Exercise and ICS Healthcheck
More than 75% of the Fortune 100 companies have used Mandiant services. It protects more than 1,000 government and law enforcement agencies worldwide. Overall FireEye has more than 9,300 customers across 103 countries, including more than 50% of the Forbes Global 2000.
What was driving the push for cybersecurity among enterprises especially during the pandemic?
Due to the WFH and Work From Anywhere scenarios, there was a broader push on cloud providers to offer more proof of compliance to industry regulations and customer requirements during the pandemic. There was the need to offer clear ways for their customers to validate what the vendors were doing. It became imperative to focus resources on properly securing the cloud, work with cloud platforms and gaining visibility across multiple cloud providers.
Security teams did their best to provide online access to their employees while keeping them secure during this extended period of WFH. However, this accelerated pace of digital adoption by the remote workforce, coupled with the rising pressure of shrinking IT budgets, businesses became increasingly vulnerable to security risks.
How are CISOs looking at cybersecurity in a post pandemic world?
As the world resumes its transition back to regular business operations, organizations face different levels of crisis management. The first step is to identify the crisis phase and then develop a supportive strategy to work around.
The next step is to gather relevant data that will support any cost optimization efforts. Organizations need to create a record of how their respective sector is performing versus how the organization is performing. Comparing performance metrics also provides the necessary insights for businesses to scale and grow.
Subsequently enterprises should validate and gauge security controls against security threats. Security validation is the baseline for planning cybersecurity ROI. With security validation, output can be generated which explains how well security tools and procedures are performing while helping identify where duplicated tools or gaps exist. This in turn will help CISOs accurately target areas where expenditure can be controlled or reduced.
How would you recommend CISOs to look at today’s additional security threats?
Vectors such as phishing, social engineering, credential theft and nation-state attacks are operating today at various levels especially during these current volatile periods. A sound understanding of the threats that matter to the businesses is crucial. Timely access and visibility of threat intelligence helps organizations understand what is important, and prioritize accordingly to manage risks proactively and efficiently.
To assist in decision-flow, communication and prioritization of activities, it is crucial for CISOs to outline the intensity of cyber security risk encountering each department or enterprise against the value it brings to the given operational units.
Why is email security becoming even more critical during this WFH scenario?
WFH and prolonged lockdowns have taken almost every interaction, engagement and transaction online, and increased the vulnerability of businesses to cyber attacks. Despite the advancement of security systems, phishing continues to be one of the most common threats experienced by enterprises. While the scenario continues to change, hackers and threat actors continue to stay busy too.
A significant percentage of employees working from home were not necessarily in a secure environment. The risk is higher as a huge amount of data is vulnerable to external servers. The cyberspace in India needs to always be on high alert, and organizations need to be on the look-out for two escalating risks brought about by this evolving event.
First, the large increase of phishing and social engineering campaigns that use public fear to enhance their effectiveness. The second focus should be on the increased risks due to WFH employees and an increase in online transactions.
COVID19 is being adopted broadly among social engineering themes because it has generic appeal, and there is a genuine interest for information on the subject that encourages users to take actions. Any user on the Internet is prone to an attack if he engages with an unknown source on social media or through email even with the mere intention to support a cause or create a discussion.
The same applies to any staff working in an organization, who may or may not be aware of the threat. As the email is a primary attack vector, organizations must continue to focus on both building user security awareness and hardening their technical mitigation and detective controls.
What are the email security tools that FireEye should recommend for enterprises?
Enforce Multi-factor Authentication (MFA): Set up a process to login to your Microsoft Office 365 on the web by assuring multiple authentication can help in preventing an attack through emails.
Configure Spoof Protection Controls: One can restrict traffic and prevent several Denial of Service attacks by configuring spoof intelligence control in your system.
Validate Email Security Gateway Implementation: There are various ways in which an email threat can be detected. One of which is proactively detecting it by implementing an email security gateway that checks the domain of incoming emails, thus detecting a threat and alerting you before it affects your system.
Formalize Phishing Reporting Process: Report an attack, even if it is just a scam email is important. Organizations need to invest resources for setting an intelligence team that always assesses these attacks to ensure being protected from threat at all time.
Develop and Operationalize Phishing Incident Response Playbooks: This helps formalizing an incident response and establishes automated operationalization of threat management. This helps in managing the risk automatically in case of recurrence.
What should be the key approaches for this cost optimization?
A proactive versus reactive approach is crucial to achieve cost optimization. The focus should be on security contract negotiation/re-negotiation. The aim should be to getting the best price and terms for security purchases and consolidating vendors where necessary. As a measure to enhance security efficacy, it is important to identify potential for improving processes to deliver workforce and technology efficiencies.
Portfolio optimization and aligning workforce skills are the other two critical approaches. When working at scale, investigate whether automation of procedures will be beneficial. With a focus on assisting business recovery, this may require redundancies, additional hires, reallocation of skills or talent sharing. In most cases, cost optimization initiatives will involve a trade-off between the cost saved and the risk associated with a change in activity.
What has been the vertical wise traction amongst enterprises especially to mitigate these security challenges during the pandemic?
From healthcare to logistics, every vertical is impacted by the threat to their data. In this current situation, when there is a pool of information that is passed through emails and the cloud, healthcare operations, related manufacturing, logistics, and administration organizations, as well as government offices involved in responding to the crisis are increasingly critical and vulnerable to disruptive attacks such as ransomware.
The threat is induced as cyber espionage actors are seeking to collect intelligence and to deliver malware in an effort to establish a foothold into the corporate network through phishing tactics. This could lead to affecting an entire security system with just a click.
According to WHO, there has been a dramatic increase in the number of cyber attacks directed at its staff, and email scams targeting the public.Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund.
How can enterprises look at tackling the cybersecurity skill gap especially in the current situation?
- Adequately leverage and train the existing personnel to enhance their capabilities and acquire new skills
- Conduct table top exercises to evaluate the organization’s cyber crisis processes, tools and proficiency in responding to cyber attacks
- Automate the time consuming and repetitive processes
- Conduct regular mock cyber threats to better equip the employees to anticipate threats.Outsourcing specialized roles can help organizations access responsive, scalable and highly skilled security experts who can strengthen operational capabilities of existing security teams during their times of need. Organizations need to start thinking differently about building their own cybersecurity capabilities.
Why should they hire an individual, when they can hire an entire team of experts with a diverse set of industry leading cybersecurity expertise? This solution is also termed as ‘Expertise On Demand’. It can help the enterprises extend their core capabilities and boost capacity by providing flexible access to a full range of industry recognised expertise.
What are the benefits of this ‘Expertise om Demand’ concept?
‘Expertise On Demand’ is about augmenting the infrastructure organizations already have and amplifying those capabilities of the existing team with external resources to achieve the best security posture. It is about giving companies a way to extend their team, increase situational awareness, and get access to the intelligence and experts that would otherwise be unavailable to them.
The enterprises can avail the following benefits by outsourcing these specially trained and skilled experts.
•Expertise: These are usually teams of on-demand cybersecurity professionals who are some of the best in the industry.
- Flexibility:This team of outsourced skilled professionals will have the flexibility to scale both up and down as business conditions change, whether bridging shortterm gaps or filling in while clients transform operations. This helps to ensure organizations have access to the experts they need, when they need them.
- Consistency:Unlike inhouse cybersecurity professionals, this on-demand team of dedicated professionals will be there to backstop the team, provide insights to the latest threats, and train inhouse team members to the industry’s highest standards.
- Reduce Risk:According to the latest M-Trends report, the APAC median dwell time for an intruder who has breached a network is 204 days. The trouble is, an intruder only needs days in a system for the damage to be done. If a company’s security team is ill equipped to handle a breach or conduct a forensics search, this dwell time can be much longer, potentially leading to substantial data loss. Having an on-demand expert task force is a simple, quick and efficient way to empower the team to reduce risk and minimize potential breach damage.
What was the rationale behind rebranding the partner program as FireEye Affinity?
Affinity embodies the transformation journey we have embarked on with our partners. In 2018 we launched the first iteration of our partner portal making it easy to produce quotes and request MDF program funds online. We even added a Partner Locator so customer could easily find a partner within their region. Trust is paramount and this is reflected in Affinity. Partners are an extension of FireEye and with a shared mission and values, we will undoubtedly be successful together.
Subsequently we expanded upon these capabilities by offering incentives in the form of rebates, SPIFFs, and point based rewards. New partner sales kits were also made available to better drive partner enablement. We will continue to make investments in our program to make it simple to understand, while making it easy and profitable to do business with us.
In 2020, we released an Affinity program branded portal refresh with more intuitive navigation menus to make it easier for our partners to find what they need. We also offered a partner enablement module—Fast Track with FireEye—that helps our partners to be successful in selling FireEye solutions even quicker.
We added a new Partner Performance Dashboard to the portal which gave partners a simple snapshot view of how they are tracking with us, highlighting revenue attainment, along with tips for how those efforts could translate to greater margin or cash, with higher discounts and incentives.
