In conversation with ETCIO, Vijendra Katiyar, Director – Enterprise Business, India & SAARC, Trend Micro, talks about the transition from EDR to XDR and highlights how Trend Micro XDR help CISOs accelerate the process of detection and response at their enterprises.
Edited Excerpts:
An economic slowdown seems to be on top of the list of worries for many companies and they are relatively going slow on expansion plans. Amidst the Covid-19 crisis, how has been the overall business for Trend Micro in India? What has been the transition in your go-to-market strategy amid Covid-19?
While there is no denying the fact that Covid-19 has severely impacted businesses and industries globally and it might continue to do so for a while, it has in equal measure brought with it fresh opportunities and avenues for certain industries as well, one of which is cybersecurity.
As a company, we have always been agile and forward-thinking in our approach with innovation at our core, and our solutions and offerings continue to seamlessly align with the volatile demands of the industry, as we did during the pre-pandemic period. We continue to expand and grow during this difficult phase and have in fact registered profits globally. In India, we have witnessed a 3X growth in our profitability, especially during the last three to four years. We have noticed strong tailwinds in the first half of this year and expect the same momentum to continue.
We have invested in the right areas of security and will continue to do so. This includes massive investment across cloud through our Cloud One offering, TXOne for IIoT security and XDR platform, which is our most comprehensive correlated detection and response offering for the industry.
With the current situation, we are increasingly interacting and engaging with our customers and partners online. To that effect, we recently organized our annual PartnerTrends event virtually across AMEA. On the same lines, as you may be aware, we did successful “XDR launch” event across AMEA attended by 3000+ cybersecurity professionals. What you will witness next is AMEA CLOUDSEC 2020, our flagship event, which is the largest in cybersecurity industry conducted across multiple geographies globally.
In the last couple of months, cyber security analysts and researchers have reported targeted attacks and other malicious activities affecting various industry verticals across the globe. How do you see the security threat landscape evolving? What are some of the threats that should concern enterprises post Covid-19?
In the current scenario with a fully distributed remote workforce, many organizations are seen grappling with breaches and attacks deployed by threat actors for which they aren’t prepared well enough, whether it’s to do with detection, prevention or a suitable response strategy. Referring to the earlier mid-year security roundup report, 68 new families of ransomware were found this year, which is a 45% increase from last year. We have seen organizations getting affected by Maze and Netwalker ransomware this year, a new variant which has a devastating fallout on an organization’s reputation, and it’s going to persist. We have also seen a 300% increase in email threats including spear phishing attacks and BEC targeting CEOs and other C-suite executives.
What enterprises will need to focus is on addressing ‘vulnerabilities’ in operating systems, especially those reaching end-of-life. The latest vulnerability is Zerologon, which can allow an attacker to impersonate the identity of any computer. The entire attack can be executed in approximately 3 seconds. According to Trend Micro ZDI (Zero Day Initiative) report, we have observed a 16% rise in ICS threats, which is alarming. With OT environments exposed to the internet, industries including manufacturing, healthcare, pharma, oil & gas, power, which have adopted industrial IoT are exposed to these lurking risks. With our TXOne solution, we can ensure that the security of the OT environment and ICS is maintained.
With online meeting platforms gaining popularity and becoming the new norm, and with a proliferation of fake apps, we are seeing a spurt of targeted attacks like Zoom-bombing and others.
What are the challenges faced by security teams around the globe while deploying detection-based security technologies?
While in the past, EDR has been viewed as a valuable tool for organizations in safeguarding their endpoints, the attack surface has vastly expanded to include email, network, cloud and IIoT. Hence, the horizon has expanded and so should the security strategy, to be able to provide an all-encompassing visibility and detection to its users across multiple layers.
According to a research report by Ponemon Institute, the Dwell time – i.e. mean time to identify and mean time to contain a threat has been around 300 days for the last 5 years. Despite the evolution of next-gen technologies, this hapless equation hasn’t changed much, warranting an immediate overhaul. According to a Verizon report, 94% of threats originate from email, hence it becomes important threat vector to be considered.
I would like to reiterate that detection and response strategy can begin with endpoints but should not be limited only to endpoints for it to be effective. We need to think of how we can go beyond endpoint and make it enterprise-wide across multiple security layers.
How can Trend Micro XDR help CISOs accelerate the process of detection and response at their enterprises?
In many ways CISOs see why it’s imperative for them to focus on detection and response, since the entire industry is moving towards it. Analysis firms like IDC speak about the mindset of CISOs, where they are looking at essentially three important factors, which is – visibility across enterprise whether it is cloud, email, IIoT or networks, automation and consolidation of multiple security solutions.
Another interesting report by Gartner on security trends 2020 talks about how XDR or cross- generation detection and response solves the problem of not limiting the detection and response to only endpoints. In the current scenario, the problems faced are the complexity of integrating all the different security tools, as said earlier. Alert fatigue is still a major problem even with tools like SIEM/SOAR. Also, it is important to eliminate the noises to avoid the ‘needle in a haystack’ situation and focus on the incident response activity.
And, that’s exactly where the strategy of Trend Micro XDR comes into the picture, as it helps reduce the complexity of integration, increases productivity of SOC , gives the right context and improves incident response capabilities. Trend Micro XDR consolidates telemetry data from multiple security layers into a single platform; providing detection and hunting capabilities across these security layers and automate response by either blocking an IP address or quarantining an email, which makes the work of security teams easier.
From EDR to XDR, what has been the market response towards this security transition? How this solution is addressing the bandwagon of new age business challenges?
We are noticing that the response to the transition from EDR to XDR is such that, the organisations who are the early adopters of EDR now want to extend it to other layers apart from endpoints. The market response has been good from all corners, whether you consider it from cybersecurity analysts, vendors or customers viewpoint. Everybody is talking about XDR and it is definitely the need of the hour. This transition is already underway, and organizations want to ensure that they are able to maximize ROI out of their existing SOC or SIEM tools. We at Trend Micro are the early proponents of XDR.
How have customer needs and expectations changed over the past few months? Amidst Covid-19, what are some of the key initiatives taken by Trend Micro to support customers in India?
We need to align towards the changing needs and expectations of the customers, irrespective of whichever business we are in, and cybersecurity is no exception to it.
The CISOs and CIOs whom we interacted with, were of the view that this transition was too fast and sudden, and they had to struggle in mobilizing assets (e.g: laptops etc.) for their remote workforce/employees. They had to allow employees to use their personal devices to ensure work doesn’t stall. It is important to make sure that these devices and the data being accessed are secured along with the endpoints.
At Trend Micro, we have been very proactive when it comes to understanding these pressing needs of our customers. Since March, our focus has been to make sure that the customer data, applications and their unprotected devices are safeguarded. We provided complementary licenses for unprotected devices. We started doing security assessments to ensure we provide safe remote working environment for customer employees.
With Phish Insight campaign the objective was to create awareness around different kinds of spear phishing emails and how to deal with them and avoid becoming prey to such attacks.
How do you look at digital transformation after this pandemic in the context of a CISO? Is it a challenge or an opportunity?
I definitely look at digital transformation as an opportunity, one which is here to stay. With the current pandemic it has taken a different pace and proven to be a business enabler. Post-pandemic, the transition towards digitalization will gather further momentum, as it is to do with leveraging technologies like cloud and adopting DevOps/DevSecOps culture. It will initially be a challenge for CISOs while the transition towards digitization is happening, they would need to deal with legacy system and also ensure security for hybrid environment.
From a CISO’s perspective, the key takeaways would be:
- Cybersecurity should be woven into the blueprint of the digital transformation journey. It is important to envisage how security can be incorporated while developing an application or adopting a new platform (e.g: moving from on-premise to cloud). It should not be an ‘afterthought’.
- Cybersecurity should be flexible and adaptable to any changes carried out within the IT environment. It should automatically adapt to provide security irrespective of the platform chosen.
- Automation helps in faster threat response which is the need of the hour.
In this VUCA world, businesses are struggling with changing ways of business outcomes and operating normalcy. Do you think in the current economic scenario, CISOs will need to cut their IT security spending in the coming future?
Currently, CISOs are running a tight ship in their organisations, but things will surely change post-Covid-19. In the context of a CISO, business priority would be the central focus. If cloud adoption accelerates, then the spending would be on securing the journey to cloud because agility is necessary in cloud adoption. For some CISOs whose organisations are into manufacturing or the power industry for instance, IIoT is very important, and their concern will be to secure ICS that are connected to IT and exposed to risks. CISOs might have a ‘wish list’ but their business priority will take precedence over everything else, and that is where I concur most of the IT spend will be channelized.
Post-Covid-19 and with all the learnings from this pandemic, they will also look at consolidation of IT, and focus on business continuity plan (BCP) to deal with similar exigencies in the future. Importance will be given to reduce operational costs and that’s where automation will come to the fore, doing away with rudimentary processes. IT consolidation will also help in optimizing cloud costs.