Security landscape is changing its form in terms of vectors and types of attacks. Vendor companies like Fortinet too are adding new portfolio and services to stay relevant to the market. Rajesh Maurya, regional vice president, India & SAARC, Fortinet speaks on the security priorities for CISOs and CSOs of India.
How do you see the dimension or the direction of enterprise security in 2018? Any trends on the horizon?
The biggest change is how the IT decision makers now look at security. Earlier they used to deploy few products like firewall, SSL, VPN and some ATP (advanced threat protection). But the way ransomware and malware is catching media coverage has made people think differently. Many organizations are now connected to IoT devices, moving to cloud, the apps becoming prevalent which has changed their perception. They are aware that if they don’t have right security posture they can be hit because a company of any size can be breached, though now only prominent companies are.
There are ATP solutions able to block malware not only by device signature based scanning, but with advanced scanning mechanisms. Malware are using drop and pull mechanisms for upload or download or they are getting into devices which never used any security. Most users using the default passwords in wireless networks have realized that basic passwords will not work.
Does modern security landscape call for more companies to appoint a CISO or CSO?
Companies are looking more at solutions approach for their security posture. Fortinet has a big solutions portfolio including next gen firewall that understand apps, appliances with inbuilt ATP, and forensics features because it is important to capture the incident in MIS and to give recommendations. Prevention is more important than detection. Proper posture for app, infra to be implemented or many companies are moving to SD-WAN. Before any company ventures into new business decision today, the right security measure for infra or cloud or app is thought much before. That is the new mantra.
Hence the trend of hiring specialized people as security thinkers is becoming popular in India as the security landscape becomes murkier with targeted attacks, hacking as a service etc. Some ransomware attacks have been reported to be funded. There have been attacks globally to extract personal information like healthcare records. You need specialized people to outsource or insource services. For outsourcing security services, executives need to keep a close watch on their workloads and apps. Even smaller companies now have dedicated officers like IT managers for security.
Your suggestions for CISO and CSOs as they firm up their company’s security posture in 2018.
The most important ‘to-do’ for them is to explore solutions for their security posture which are more future looking. They also need to invest in right manpower to manage the security aspect in an age of apps and AI. The earlier efforts to hack you or company has reduced with the proliferation of mobiles, and apps are fast becoming one of the popular vulnerability points for breaches.
Rajesh Maurya’ Bucket List for CISOs & CIOs
Another suggestion would be implementing a clear strategy on Vulnerability Assessment (VA). Some recent ransomware attacks indicate that many patches available were not implemented by companies. CISOs and CSOs should make sure that the patches provided by software vendors including security players are updated in their IT Infra. VA should be built in as a periodic exercise and it should be conducted preferably by third party to build more intelligence into the infra.
Don’t have a smaller budget for security which gets exhausted by buying point products. Don’t buy few products and few services and expect all is fine from security perspective. Make sure that you have periodic evaluation. Question the security vendor on the product roadmap and company vision from time to time. Check with your security provider on updates, and ensure that product and firmware are getting updated.
Do you see uptake or stagnancy in terms of UTMs (hardware appliances) as software and virtual models come to the fore?
Hardware UTMs (unified threat management) will continue to grow for at least two to three years because it is easier to control and manage the dedicated hardware in their own environment. SMB, mid-market and even large enterprises will have hardware chunks of UTM in their infra.
Virtual or managed services for UTM and firewall will pick up once the bandwidth connectivity becomes more reliable and available in India. And the infra becomes better for cloud management as security solutions encompass pushing policies and also receiving the reports in real time. Also hardware UTMs add a comfort level of security as a mindset for organizations depending on criticality of data and the vertical segment.
Fortinet has a well-entrenched partner ecosystem in India. What would be your key channel mantras for them to grow fast in 2018?
Channel partners need to be certified in security solutions and they need to invest in right resources. They should pursue a clear strategy to offer, deliver and support solutions and services to their customers. We are not working only with security focused channels but expert partners in networking and apps also work with us as today channel blueprint is all about connected infra and delivering value to their customers. Many IT infra channel partners work with us.
Channels should invest in demo devices as they can showcase the technology and its benefits to the customer to take informed decision as POC often leads to orders for channels.
How would Fortinet transform to the new security paradigm and changing business climate in 2018?
We are focused on delivering security solutions to the customers. The security fabric from Fortinet covers the security spectrum from client to cloud, with our portfolio and for all security providers. We also have working models on cloud, IoT and AI as these trends become prevalent.
Banks and manufacturing segments are changing the type of technologies they adopt for security posture. Service providers will need more security solutions as digital payments gain momentum in India. Government is also emphasizing a lot of IT cybersecurity with digital India and other initiatives. Many verticals are looking at future-proof security solutions than point products. Securing Cloud, IoT and critical infra will be key growth factors for us.
Fortinet is a technology-oriented future-looking security company. We are the only company that is pioneering technology as a focused security vendor and we also work with multiple vendors in the ecosystem to make the world a safer place.