Traditional endpoint security tools not enough to shield advanced cyber-attacks: Sridhar Iyengar, ManageEngine

Sridhar Iyengar, Vice President, ManageEngine believes that while the importance of traditional endpoint security tools cannot be understated, organizations also need to complement them with latest technologies and tools to establish protective and detective controls and thereby thwart attacks.


In today’s world, where cyber breaches and attacks are more ingenious and threatening, traditional endpoint security may keep out low-level breaches, and next generation firewalls can slow attacks down, but determined hackers and attackers will find a way to exploit the keys to the organizations’ IT ecosystem to get inside the network and masquerade as legit insiders. And that is why organizations require layers of security.

On that note, we had a conversation with Sridhar Iyengar, Vice President, ManageEngine, who highlighted information security trends of this year and next, and also provided insights on how their offerings stand out in the market along with their key focus areas.

Edited excerpts:

From cloud, big data to IoT, how do you find customer requirements change and how have you evolved over the years?

We started as a network management software company serving the telecom industry, but then, we began developing software products for enterprise IT management, and went into cloud-based business and collaboration applications.

At ManageEngine, we strive to adopt emerging technologies to make things easier for our customers. Earlier IT management vendors were large, and products were expensive and difficult to use. That’s when we started developing suites of products that are easier to use, affordable, and packaged with great technical support.

As cloud started to emerge as a new technology, we realized that the software-as-a-service deployment model will work better than the installed one. With pay-as-you-use and an OPEX model from cloud, customers won't have to worry about hosting and managing IT infrastructure. This model applies for internet of things as well.

Our culture of openness and transparency has helped us in listening to our customers, understand market trends, and build a community around our products. Open forums, discussion platforms, user conferences and client seminars have been great channels that connect us with our customers. Inputs from our customers in these platforms also helped us validate our ideas, via beta programs for new products or features.

Traditional network and end point security tools are no longer sufficient to defeat today's increasingly sophisticated cyber attacks. Please comment.

Traditional end point and network solutions are still effective in controlling a good number of cyber-attacks. However, as the threat landscape is constantly evolving, organizations cannot rely completely on the traditional tools alone. Especially, the term ‘end point’ itself is undergoing a sea change with the emergence of BYOD, IoT, and remote access, third-party contractors, and vendors.

IT security spans several layers, and it is essential that organizations adopt a layered approach. In addition to perimeter defense and network security, organizations require to bolster security at other layers, which involves several aspects such as controlling access to IT assets, sound password management, monitoring traffic and events, centralized log collection, analysis, security scanning, managing patches, tracking changes, and detecting and remediating vulnerabilities.

Also, cyber-attacks do not always come from the external world. They can also come from company employees. Malicious insiders can cause greater harm than external attackers. So combating sophisticated attacks, internal or external, require continuous monitoring, enhanced visibility, and control over activities in the network.

Above all, security awareness among employees is a key factor. No matter how many security devices you have in place, the organization will become a paradise for hackers if employees turn off vital security settings or applications, fail to monitor information from security devices, or fall prey to spear-phishing by indiscriminately clicking links and opening malicious attachments in mails.

While the importance of traditional endpoint security tools cannot be understated, organizations also need to complement them with latest technologies and tools that help in establishing protective and detective controls and thereby thwart attacks.

What are the trends that you are witnessing in Indian IT security market in 2016-17?

The focus of organizations is shifting towards security analytics, detecting attacks and real-time security monitoring. IT organizations tend to gain visibility and complete control over their networks, as BYOD and IoT have created new challenges for IT security. As a result, organizations have started spending on security monitoring, privileged access management, internal controls, log management, mobile device management, and policy enforcement solutions.

What are the key features and value proposition of ManageEngine’s security offerings?

Traditionally, IT operations and IT security have been at loggerheads. The IT operations team is tasked with the responsibility of carrying out day-to-day activities, maintaining software and hardware inventories, ensuring reliability, optimizing performance and capacity, utilization of the network, and a host of other activities. They always need to respond to business requirements in the quickest time possible, keeping in mind business continuity. IT security, on the other hand, is tasked with safeguarding the business from evolving, sophisticated cyber threats and ensuring compliance with regulations. To reduce risks, IT security enforces processes and places controls.

To achieve business objectives, IT security must complement IT operations. ManageEngine’s IT security solutions have been specifically designed to complement organizations’ IT operations, network management, and desktop management. With a market-leading suite of products, ManageEngine has perfectly complemented network management and IT operations through its IT security solutions, which cover the entire gamut of network security.

Our IT security solutions are in fact security management solutions for IT operations, because they appeal to IT operations and network teams as much as to security teams. Synergy between operations and security mandates that, IT operations must not be hindered by security activities like tracking changes, preventing unauthorized changes, enforcing access controls and security policies, monitoring traffic, analyzing logs, detecting vulnerabilities, and managing patches. ManageEngine helps organizations achieve this perfectly. In addition, our products are highly intuitive and follow the do-it-yourself model as opposed to requiring heavy IT consulting or professional services.

What are your key focus areas, verticals, and technologies for this year and next?

In IT security, our focus is on strengthening privileged access management, log management, SIEM, and mobile device management. IT organizations are increasingly facing threats to their information security from internal and external attacks, which look to exploit vulnerabilities, resulting in loss of revenue, customers, and credibility of these organizations. We will continue to invest and strengthen our security products to help in detecting, mitigating, and remediating those security risks.