In today’s dynamic and fast-changing cybersecurity landscape the businesses are always on the threat radar. Therefore, most of the enterprises are in a lookout for an integrated security solutions that have built-in advanced analytics to support them in cyber threat detection and its management. Securonix is a leading next-gen security analytics and operations management platform for the modern era of big data and advanced cyber threats. SmartStateIndia in an exclusive interview with Harshil Doshi, Director Sales (India and SAARC) of Securonix, discussed the importance of cloud-based Security Information and Event Management (SIEM) solutions for an organization and the upcoming trends in cybersecurity.
Being a cloud-native SIEM enabler for enterprises, what according to you are the challenges/short-comings that enterprises face today with their SIEM strategy?
SIEM solutions are revolutionizing the cybersecurity world nowadays. It can solve various security challenges that an enterprise faces, but it is very important for organizations to be fluent in their SIEM strategy in order to address the ever-evolving cybersecurity threats.
Some of the challenges that enterprises face with their SIEM strategy are:
- Deployment of SIEM: Deployment is one of the most persistent SIEM challenges, perplexing IT security teams of all sizes. They frequently attempt to deploy SIEM solutions across the entire network at once, which gives rise to other challenges such as alert fatigue and log collection overstimulation.
- Alert Fatigue: Security event correlation generates alerts in traditional SIEM solutions as it uncovers potential events. These security alerts, however, frequently misinterpret legitimate behaviors and activities as correlated attacks that drain the investigation time of IT security teams, thereby hampering the team morale.
- Log Management: The collection and storage of log files from operating systems are referred to as log management. It can also gather data from applications and multiple hosts and store it in a single centralized location. The decentralized nature of modern networks makes it difficult to properly compare and examine log data at the same time. By centralizing them through SIEM, the IT security team can more easily correlate potential security events and discover security incidents.
- Unsecured data storage: Enterprises become vulnerable to loss of data and important files as more users interact with data over time. As a result, organizations suffer from data breaches because most of them store their corporate data on unsecured third-party sites spread across different networks.
How can an advanced SIEM solution help organizations detect a cyber-attack or avert any data breaches? What emerging technologies are driving this big data security analytics on the cloud?
With enterprises shifting to the cloud, securing one’s data and escaping various cyberattacks has become the priority for all. Deploying advanced SIEM solutions such as shifting to Next-Gen SIEM, UEBA (User Entity Behaviour Analytics), SOAR (Security orchestration, automation, and response), XDR (Extended Detection & Response) has become the need of the hour. Advanced SIEM solutions help organizations to detect undetected threats by filtering massive amounts of security data and prioritize the security alerts generated by the software. Modern SIEM helps to detect new-age cyber threats and avoid data breaches by providing a holistic view of the overall IT security environment of the organization by storing all the data in a centralized repository making it invulnerable to foreign sources.
Emerging technologies such as the advancement of the Hadoop Ecosystem, the emergence of Artificial Intelligence, NoSQL database, R programming, and storing information on data lakes have revolutionized the SIEM strategies of organizations – giving them the power of pure SaaS scalability and active threat detection response.
Ransomware tops the list of security concerns for any organization, so what trends do you see coming in the cyber threats and security domain in 2022? What will be your top advice to organizations for countering these threats?
In addition to the Ransomware attacks, some of the cybersecurity trends that organizations should look out for are:
- Increased cloud security adoption: Cloud security will rise to the top of the priority list, especially for organizations pursuing remote and hybrid workplace strategies. As companies continue to ramp up cloud adoption in 2022, cloud security posture management will become a top priority for security leaders.
- Endpoint Security: As more people work from home, businesses are focusing on endpoint security, which includes laptops, mobile devices, and anything else that connects to the network. In such a scenario, extended detection and response (XDR) capabilities will become more widespread and robust, while traditional cybersecurity solutions like security information and event management (SIEM) systems will increasingly rely on AI for security orchestration, automation, and response.
- Single source for multiple cybersecurity solutions: Businesses are expected to consolidate and seek suppliers who can serve as one-stop shops for multiple cloud-delivered security products in 2022 in the coming year and beyond. According to one study, 30% of businesses will use the same provider for cloud-delivered secure web gateway, zero-trust network access, firewall as a service, and cloud access security brokers by 2024.
According to me, in order to combat various threats and vulnerabilities, organizations should use security solutions based on behavior analytics and machine learning that can detect account compromise, insider threats, and other advanced threats, providing full-fledged, 360-degree data security and protection.
With organizational data on the cloud the threat from cyber-criminals is always there, but employees themselves can be an insider risk case for the company. Can this also be factored into the analytics that can offer insights to organizations about any potential data breaches?
Insider threats are a major security concern for most organizations today, as they can cause devastating losses. With the WFH situation, insiders now reside beyond the traditional enterprise security perimeter, making it difficult for traditional security solutions to detect potential attacks. UEBA is an essential requirement in order to be able to detect and protect against insider threats.
There are multiple scenarios for an insider attack. It can originate from malicious insiders or insiders that are simply negligent and do not follow best practices. It can also originate from compromised accounts that are controlled by an outsider. Given all the scenarios, monitoring solutions are forced to curate use cases in conjunction with purpose-built detection techniques in order to derive specific outcomes to be effective in detecting infractions. This shift in behavior is becoming more evident as organizations ramp up visibility into how its employees and contractors use their assets and resources over time.
Securonix forayed into India some 3-4 years back, and then the last two years have been COVID-19 impacted years where many companies saw cloud adoption. In all these years, what has your observation been of the Indian market in terms of the cybersecurity landscape, and what are your plans and focus segments for the Indian market?
The pandemic has affected the working dynamics of every company. SaaS-based services and cloud systems are rapidly replacing on-prem systems across enterprises. With enterprises shifting their operations to the cloud, SaaS-based products enable organizations to have complete visibility and unlimited scalability while requiring no infrastructure management. This is true for the Indian market as well as businesses are continuously expanding their security investments to protect their data. Also, as Digital India is making great strides, cybersecurity remains a top priority for enterprises and governments alike.
The threat landscape is ever-evolving and as we work with customers across finance, healthcare, government and technology, we realize that security teams are still struggling to manage and respond to threats in a multi-cloud environment setup. This is the reason behind our success in the country as we use cloud-native, next-gen SIEM platforms built on advanced analytics that organizations need to strengthen their security operations and thwart new-age threats. There is a significant opportunity in the market, and we look forward to continuing to expand our robust customer and channel partner portfolio as we deliver value to leading organizations in India.