India has become much more sophisticated in utilisation of technology, it is very common to see the same types of problems in India as you would see in other parts of the world - Hatem Naguib -SVP & GM, Security Business, Barracuda Networks
In conversation with Hatem Naguib -SVP & GM, Security Business, Barracuda Networks during his India visit
Question
2017 has seen a lot of cyber attacks globally. Are we going to see any new trends in India because of this in the near future
Response
So, I think it is important to recognise that the types of threats that we see in other parts of the world are not invisible in countries like India. And as India has become much more sophisticated in utilisation of technology, it is very common to see the same types of problems in India as you would see in other parts of the world, be that from you know a phishing attack and Ransomware to more social engineering types of attacks towards customers. And other types of, credit and financial based attacks have become very common even in India as there have been in other parts of the world.
Question
I was going through a Barracuda report which was published in the month of June which says that India (46.89%) and Indonesia (47.99) have a higher proportion of their infrastructure in public cloud compared to other APAC countries. So, 2017 has seen a lot of cyber attacks globally. So, how are you managing to protect the cloud infrastructure which is currently in India from cyber attacks.
Response
So as more and more customers adopt public cloud and cloud services, we have found that our products have become very important in the protection of their assets and their finances as they become leveraged by public cloud. We also have customers who adopt public cloud for the first time by going to Office 365. And for many years we have provided a very robust portfolio email security capability for customers who are on-premise or in the public cloud space. In the public cloud space we have added additional capability to offer Office 365 customers our product that leverages AI technology to protect them from more advanced cyberattacks like social engineering and email phishing.
When customers move their workloads to public cloud, we have two key products that customers have used in the recent past and the third one that we use to enhance supporting public cloud infrastructure. The first one is the network fire wall or NG Firewall. This has been a very powerful product for connectivity and security for customers who have a distributed enterprise. And for them using public cloud becomes just another extension of their distributed enterprise.
The second one is web application firewall or WAF. This is used for e-commerce or any of their websites up on the public cloud. This solution protects from cyberattacks tailored towards websites.
The third is a backup solution which has historically been cloud enabled and cloud connected. This solution can backup your assets and data.
You have to have two types of protections when you are looking at any type of attacks. One is to stop the attack from coming in and detecting the threat vectors wherein our security product is very important for delivering that and the second is to have a very robust and effective backup and data protection solution, so that in case of an attack from Ransomware you should be restored to the most recent version of what you have.
Question
In 2017, many bank credit cards or debit cards details were stolen. So, these kind of cyber-attacks occurred on the banking server, so, is there any solution from Barracuda to protect that or stop that?
Response
Many of the customers get their credit card stolen because the information about the credit card and credit card numbers were provided to online sites, banks and e-commerce sites. And then those websites were not well protected from access by malware. For this purpose, we provide a web application firewall that sits in front of theses online site. And provides protection from inside which extracts the information such as the credit card information. We also have capabilities in our product that identifies when credit card information is being collected and sent out. And then finally we have a relatively complete solution to provide what we refer to as encrypted networking capabilities which means that any communications you have on the internet is encrypted which makes it difficult for people to steal the information.
Question
And as you are working on ground with cloud infrastructure companies, I just want to know, are you going to see any new trends in 2018.
Response
I will say that in the public cloud we see new features and capabilities on a regular basis. So, we continuously work with them to support a lot of the services… In fact, many customers look at new ways of consuming our products as they move to public cloud. For instance, where historically, you know, a person would have bought an appliance and pay for it upfront. Now what you will find is that more and more customers want to pay for what they use, and so our product has been designed and continues to evolve so that they can be delivered as part of this usage base for need of consumption. So if I have only worked with the system for an hour I only pay for the hour that I use the workload, as opposed to paying upfront for three years and only using it for an hour. These are the types of changes that are occurring within public cloud to increase the adoption of better and more effective security capabilities within public clouds.
Question
Okay. Can you tell us some of the challenges you are facing currently in the security market in India.
Response
So, from security marketing access, one of the things that we see is at least at the enterprise level, people are becoming more and more aware of the various challenges that they have. They do understand that while the network firewalls will offer network security, they still need to take care of application security such as preventing hackers from hacking into your website. And for that you need a web application firewall type of a product. So, there is growing awareness around that part. They do realise that protecting against malware needs to be very comprehensive solution, it cannot be done as just putting some sort of endpoint antivirus type of solution.
Question
Okay. And can you tell me about your new products that you have launched in India.
Response
We have a few new products that we are launching, or have launched in last several weeks. The first one is called Barracuda Sentinel, we deliver that for email customers and it uses artificial intelligence and machine learning to help protect customers from spear phishing attacks. These types of attacks usually don’t have attachments and use social engineering on specific targets within the company like someone in accounting or EO or CFO to quickly establish some trust from that person, and then extract information or financials from the people. For instance, you can send an email to someone in accounting stating you need the account number to be able to send money to a vendor and within a few minutes that accounting person will give you a purchase order for the amount that you require. We’ve seen a lot more companies being attacked by these type of attacks. And we use a solution that uses AI to protect different characteristics of how emails were sent within a company, who was targeted, time that it was sent, what was the tone of the email, what did they talk about, etc. This works in quarantining real time phishing attacks with 95% of accuracy rate.
Any other insights?
So, we are constantly evolving and improving our security architecture especially around areas of encryption- our next generation firewall has actually been a leader in this stage. We have massively simplified what it takes to set up these secure infrastructures and monitor and manage them. One of the biggest challenges that customers have is that it is very complicated to set up the necessary infrastructure. And we have large investments that we have made in that and a lot of customers will deploy our technology because it is easier. We also work very closely with other vendors and communities around SSL and encryption. As the standards for these technologies evolve and evolve quickly we try and make sure that we are leading because as you rightfully say the technology on the bad guys’ side is continuously evolving. We have to figure