Research shows that CEO fraud / BEC attacks are on the rise. Attackers are constantly evolving their tactics to evade defences, and are more frequently targeting lower-level employees who might have access to sensitive information or who might have authority to authorize or send payments. As more and more organisations are going to the cloud, the threat vector is on the rise from known patterns as well as newer versions. So the companies need to have a strong security planning and compliance strategy. Hatem Naguib, Senior Vice President and General Manager, Security Business at Barracuda tells HPC Asia, how that can be achieved.
What is the threat scenario globally? How are the businesses getting impacted in such a scenario? How India faring in all this?
The threats continue to increase on a regular basis. The level of exposure is broadening from what used to be high profile targets like big enterprises. By and large everybody within an organisation is to some level susceptible and at some point have their information taken from them and at some level been held at ransom, or see other types of malicious attacks.
We see novel combinations of highly personalized tactics – spoofing your domain, impersonating your CEO, engaging in convincing conversations with your employees. Spear phishing is rampant. It’s no longer just the large enterprises or C-suite that need to be on high alert.
India is a technologically advanced country that is a focal point for many mal-intent. Exposure to threat is no different from what would happen in Europe or the US.
In such a scenario, resources and capabilities to secure is very important. You have first class capabilities in India. It is at par with what is happening globally. And I think as more and more companies are shifting to cloud computing, adopting IOT; security needs to become the front and central focus for them.
What are the biggest challenges in ensuring a secure environment in an organisation?
There are three biggest challenges today that the enterprises have to deal with. First one is ransomware. Arguably everybody is worried about it. We have done all kinds of surveys, and seen that over 70 percent of our customers have been hit. It is so prevalent that some of them succumb to the threat. Unfortunately, they give in to the demand rather than risk losing their precious data; because it is cheaper to deal with few hundred dollars than lose all data. As an impact to a company, people are much more aware of it and much more conscious of it.
The other thing that is becoming prevalent is spear fishing in more personalised levels of attack. It is both at individual and company level. So people who are developing this type of malware are social engineering them. They are conscious of people online and their position in a company. They are taking advantage of this and very quickly establish a level of trust with an employee so that he or she very easily provide them with financial information or company information or even personal information. You get tricked into believing the information is from an established company or a trusted head of an organisation, but you were actually spoofed. This is more prevalent now, and its effect is lot worse. People do feel the financial impact but there is also a bigger issue of brand credibility. When as an employee or a customer you give your personal information to a company there is a certain level of trust credibility that comes with it. That trust needs to be protected. This is over and above ransomware. We are building a lot of technology to address that.
The third one is the distribution of the services and the architecture within an IT infrastructure of an organisation. It is all part of a digital transformation. The company may have some database in the datacentre, some information or data in the cloud, some applications within the organisation. Now you may want to collect information from the machines, you may want to access data about your customers. All of this distribution requires you to understand your threat vectors quite well and all of this requires you to understand the components of the architecture available. So knowing what’s available and how it is being used becomes important for your overall security strategy. We are seeing this third level of threat, where companies using cloud are not realising the things they might have on public cloud are being exploited because they don’t have the right set of compliance in place. I think this is the newer area where we are seeing an increasing number of security breaches.
How do you advise your customers on security compliance? What are the aspects they need to look at for being secure on the cloud?
There are several points that need to be addressed. One of the things that we talk to our customers about is that it is really important when moving to the public cloud to make security a part of the conversation in the beginning and not in the end. Unfortunately, in large enterprises security is seen as an afterthought. We talk about five key areas that we think is important for the customers to think about from security perspective.
First is identity and access. So customers need to plan on who has access to what, what are the workloads in the cloud, and how they will be accessed. It is very important to understand that context because the world of public cloud is global. Say, something that sits in a repository here and is not secured properly in the public cloud can be easily accessed by a person with mal-intent and set up in another location and nobody would know. Then the threat begins.
The second part is monitoring and detection. So the organisations need to know what is happening within their cloud infrastructure and track a breach or issues within the infrastructure. The third part is protecting the assets that are there from web perspective and how should they connect to those assets. We call that infrastructure security. The fourth is data security – how are you protecting your data, how are you encrypting your data, how are you ensuring that it is secure. And finally, it is incident response – when there is a problem what is the process you follow.
We find that these five conversations occur irrespective of public cloud or on-premise, and it really helps the customer get a context on how they should be thinking about their various cloud infrastructure. Then we give them the tools and architecture by which they are able to do that.
How do you offer your solutions for security on a public cloud?
For public cloud, we work with over 1000 customers globally. So our recommendation really comes down to this – to understand the shared security model, so when we talk our customers, often they have the impression that public cloud is not secure and that is where we have to make sure that they understand is that public cloud is really two parts brought together. One is their core infrastructure and the second is your workload on the core infrastructure.
In fact, the infrastructure of any public cloud provider arguably is more secure than any company can have because it is their core business. They spend a lot of time making sure that their facilities, networks, servers, are highly secure. Then they give you an apparatus by which you can put your workloads on the cloud. And when you put your workloads on them and don’t protect them then that is really your problem. And I think this is where lots of enterprises first learn that when they go to the public cloud they have an obligation and a responsibility to protect the workloads.
So the first thing we tell them is that when you go on a public cloud and put your workloads there, make that secure. Second thing we tell them is that you need to understand that the architecture of the cloud is very different from what you have on premise. So we define and explain to them that historically on the premise they would have a set up with a wall around it where nothing comes in or goes out without their security code on it. In public cloud actually, it works opposite of that. In public cloud you have many small networks, you can set them up or close them down, so actually have security at the workload level with the workload as it is created or as it is destroyed, as it is moved around. So, you have to think of security as something that is integrated into the fabric of the public cloud.
Where we have been successful is that we have our products integrated into the fabric of the public cloud. All the capabilities you get are integrated into the public cloud. The security capabilities are deeply integrated into the product.
What are the solutions from Barracuda?
Three areas that we are providing security solutions for the cloud. One is our web application firewall. It sits in front of web properties that provide security for web traffic that can come in. It is very relevant for clients who are doing e-commerce business. For e-commerce companies that have web pages for providing and collecting customer information we strongly recommend that you use a web application firewall. The second thing that we recommend is traditional network firewall, and our network firewall has been leveraged to secure public cloud and on premise networks. It works on both but most of our investments have been into connectivity components. Since connecting the public cloud is an important aspect of how you gain success from it by optimising the traffic, ensuring that you have efficiencies in the information going back and forth between what you have on premise and what you have on the cloud. Then the third area is within our email business, so we both leverage public cloud and then both support customers who run public cloud based email like Gmail, Office 365, and we provide a whole set of security from sandboxing advanced threats, spam capabilities and new capabilities that we launched about 3 months ago which leverage AI technology. It is hosted in public cloud to help protect customers from spear phishing.
How are you using AI for cloud security?
As Barracuda we have over 35,000 customers worldwide who have our email security capability and about half of those have started migrating to Office 365. Because we have over 15000 people using this we have a large amount of data on how the attacks happen. We are leveraging the data with an AI technology to look at all the emails from a company and be able to create a profile of a company of 15 or 16 different characteristics, who are the people who are highly targeted by spear phishing attacks, when do they send or receive emails, when do they talk about money and in what way. So we can actually create a characteristic for individual company so that as an email comes in, we can tell real time whether this is a spear phishing attack or the normal way â€“ the way person who send an email to a CFO or the accounting department would send a mail out. We can automatically quarantine that email if it has any suspicious characteristics. We have 95 percent accuracy rate.
Barracuda Sentinel leverages artificial intelligence to give our customers a comprehensive way to stop spear phishing and cyber fraud attacks in real time. This is unique in the email business because most customers have been trying to deal with this by tagging but that has not been foolproof. While with AI the system is constantly learning and understanding the threats that comes in. It combines three powerful layers – an artificial intelligence engine that stops spear phishing in real time, domain fraud protection using DMARC authentication, and fraud simulation training for high-risk individuals – into a comprehensive solution that protects people, businesses, and brands from these personalized attacks.