Ransomware attacks have been the biggest pain point for enterprises. They have become a scourge for consumers, businesses and government institutions.
According to a report by Trend Micro, India had been the victim of the highest number of ransomware infections during the second quarter of 2015. India’s position had risen from the eighth to number one.
On that note , we had a conversation with Ravi Raman, SVP and head of engineering – security intelligence and analytics, Paladion Networks, who offered insights on cyber security trends in 2016, their offerings to protect organizations from ransomware attacks, channel plans in 2016 and how they plan to ramp up the channel ecosystem.
What are the major cyber security trends in 2016 and how different will it be as compared to the past?
Dynamic morphing will be a cybersecurity trend in 2016. The malware which is being detected is morphed and signatures change often, making it difficult for anti-virus software to detect the malware. This has been happening regularly over the past year.
Secondly, there is a stage of attack where malware enters the network not through tradition devices like firewalls but through regular desktops and PCs. This is a vulnerable point of attack. As they enter the network through the PC, there is a long cycle of two months where they go through the network, find vulnerabilities and make their way towards critical information residing in the company’s systems.
The industries which are going to be infected with ransomware attacks are BFSI, healthcare and retail.
That said, ransomware attacks are going to increase in 2016. As malware takes a lot of time to manifest, there is a need to use Big Data analytics to identify these threats.
What are the key offerings of Paladion Networks in 2016 to protect organizations from ransomware attacks?
Our key offerings in this space comprise of CyberActive SOC (Security Operation Center) services and the RisqVU platform.
CyberActive SOC houses several malware researchers and security researchers who stay on top of the latest developments in malware engineering and its attack patterns. CyberActive SOC is a premium service for end-to-end cyber security needs.
Our RisqVU products are engineered to detect creative malware like ransomware that escape traditional monitoring systems.
Ransomware or other malware used in large scale attacks change their signatures often, which makes it difficult to detect. Our products additionally use other indicator of compromises (IOCs) to detect malware activity.
We also use Big Data analytics with advanced visual analytics and machine learning to improve a security analyst’s chances of identifying an attack being staged. This provides an effective layer of defense against ransomware.
Today, when an employee leaves an organization with his domain account open, malware morphs itself as that user and accesses the information that he has permissions for. In order to address this concern, our RisqVU system has a scanner that identifies users who have resigned and makes sure that their accounts are closed.
There’s also a technique called malware beaconing where we look at the data going through the network and identify information going out of a system to a server outside the network. The moment we find this happening, we can take corrective action and remove the malware before it becomes a threat.
In 2015, ransomware attacks gained a lot of prominence and dented the reputation of many enterprises. This year, what kind of measures and steps should be taken by CISOs to protect against ransomware attacks?
We expect this year onwards that ransomware attacks will not only target end points like PCs but also focus on making lateral moves from these end points to other critical information assets within the organization. This will put an organization’s critical corporate data at risk too.
Therefore, there is an urgent need to move beyond end point protection. The focus should be on running tools to detect such activity in a corporate network before ransomware can take hold.
Tools that apply machine learning and data science algorithms to data flowing through networks will be needed to identify patterns of infection before it manifests.
Further, as malwares are morphing new strains quite frequently, security departments of companies should equip themselves with tools that they can use to quickly create small applications that can scan their networks for IOCs quickly on an ad-hoc basis. This will enable them to take corrective action.
What are your channel plans for 2016 and how do you plan to ramp up your channel eco-system in India?
We are focusing on the channel network for our product Paladion On Demand. We are building a channel partner ecosystem including resellers, system integrators and managed service providers to serve the growing demand for cybersecurity in India.
We also have a channel partner program in place that provides our channel partners a flexible model to engage with us to profitably grow their business.
Moreover, we plan to further broaden our channel partner base to include many more types of channel partners – telcos, ISVs, security consultants and vertical or horizontal specialist channel partners.
Could you highlight the key differentiator between Paladion Networks and other security firms?
Paladion has over 15 years of expertise working in the cybersecurity space. The knowledge that exists within the organization is in itself an asset and a differentiator.
On the products front, we are focusing on products that act as aggregators of data and provide a central orchestration layer since that is the market need today.
Paladion’s proprietary RisqVU platform helps enterprises analyze large amount of data. Security teams can then focus on the important ones and use the RisqVU platform to orchestrate responses. Our products are agentless and work remotely. This non-intrusive engineering philosophy gives us an added edge.
On the managed security services front, we have Paladion On Demand, which is the Industry’s first Cybersecurity-as-a-Service platform. On Demand integrates protection across endpoints, network, applications, users, mobile, and cloud environment with security analytics to help customers solve cyber security and compliance challenges.
What are your plans for the future?
Our focus for this year will be to consolidate our position as an IP-driven security services organization. Towards this end, we have invested in a number of product offerings. These products will continue to be engineered in line with market demands.
We will also focus on bringing our Cybersecurity-as-a-Service from our On Demand offering closer to enterprises so that it’s easier for them to manage and scale.
Information sharing is an important aspect of cybersecurity. Paladion has created a defense network that comprises of several other cyber security providers and enterprises to share its latest findings from the threat landscape. We hope to make this network stronger going forward.