US-based IT security firm Fortinet has consolidated its position as a leader in the network security market in India with strategic customer wins, business expansion and growth across verticals, introduction of new technologies and services. Rajesh Maurya, regional vice president, India & Saarc, Fortinet, in a recent interview with Sudhir Chowdhary spoke about the security challenges facing CIOs and business in a hyper-connected world. Excerpts:
Tell us about your presence in the Indian market?
The strength of the Fortinet security fabric positions us well to provide industry-leading protection for our customers against the aggressive threats that they face now and in the future wherever their assets and data are deployed: on premise or in the cloud. Our solutions cater to all three segments: SMB, enterprise and service providers. India also hosts the second largest R&D centre for Fortinet at Bengaluru and a DDoS research facility at Hyderabad.
What are the challenges that Indian CIOs face in handling cybersecurity risks?
Existing companies are burdened with legacy infrastructure, and they must find a way to marry it as harmoniously as possible with new technologies, increasing the already complex environment that is integrated across every part of the business. Companies must be aware of issues relevant to their new, extended and complex infrastructures, such that most siloed products cannot communicate with other security devices, making collecting and correlating threat intelligence to detect advanced threats hiding in your extended attack surface difficult, if not impossible.
Likewise, poor documentation, lack of skilled resources and limited budgets, combined with intense pressure from management to stay in step with business changes, often seduce technology professionals into taking shortcuts and not conducting proper evaluation on what products to retire and what products to extend.
How can businesses look at Artificial Intelligence (AI) to rebalance the cyber criminal advantage?
We are already seeing attacks with automated front ends mining for information and vulnerabilities, combined with AI-based analysis to correlate vast amounts of pilfered structured and unstructured data. IT teams need to rebalance this advantage by leveraging AI to address two issues:
Greater visibility: Capturing and correlating all relevant threat intelligence from entire network of sensors adds transparency to network operations. The next step is to combine this intelligence with metrics observed across individual networks to provide a benchmark for comparison.
Improved collaboration: The only way to stay ahead of cyber criminals is to act immediately whenever and however they strike. That includes using Big Data analytics to examine and analyse attacker files in combination with AI and adaptive learning, to mitigate threats, and to detect and predict threats and threat behaviour.
AI can create networks that make effective and autonomous decisions. Combined with automation that allows them to operate at digital speeds, networks will not only be able to withstand serious and sustained attacks, but also automatically adapt and respond to threats.
What makes cryptojacking more lucrative than the ransomware attacks in 2017?
Cryptojacking started last September when a new technology to mine Monero cryptocurrency within web browsers surfaced. Once a computer user visits such compromised pages, their computing power is hijacked for the currency mining process. The more time users spend on the web pages, the more CPU cycles can be consumed. This explains why hackers typically pick illicit video streaming web sites, where people stay for hours watching movies or TV serials, to plant such scripts.
Back-of-the-envelope calculations show that cryptojacking can be lucrative—hackers targeting popular illicit sites like The Pirate Bay can earn up to $12,000 per month. Deploying the right security tools will help, but being cautious and thinking twice before taking any action will also go a long way in preserving your money, confidential data and computing experience.