Dr. Parag Pruthi, the Founder, Chairman and CEO of Niksun, spoke to Channel Post to throw some light on cyber attacks in this region, the awareness level of such threats, and the solutions available
What sort of market do you see for real time and forensics-based cyber security and network performance management solutions in the Middle East?
The timing is appropriate for the market here. The reason is because cyber attacks have been taking place in the region for a long time, I’d say more than a decade, but they have not really been observed and the implications have not yet been dealt with except after attacks like Stuxnet, Flame and Shamoon.
When those incidents started to happen, it significantly raised the awareness levels, and with this it became clear to people that such things were possible in this region too. Earlier, we may have been talking about it but no one actually believed that such things were possible.
The types of infiltration that is happening in this region is mainly financially motivated and therefore the people or organizations who are conducting these operations are not interested in letting anyone know that they have succeeded because they can continue to reap benefits. State sponsored back door activity is not something to be disclosed because it’s being done to be exploited at the right time.
So, how does one find out about these things? The best way I can describe it is to have a security camera on the network. Network forensics is not as efficient when done with log data, alone, but is very efficient when you can record all the activity of interest so one can replay it back.
Now that the awareness is high, and people have tried many solutions that are incident based, and the fact that hackers are always trying to use the newest vulnerability which may not get detected by the stand detection tools, forensics of the nature that I’ve described is the only answer.
So while the timing is very good, the awareness is there and the technology is there. It has been demonstrated in many places to work, awareness now being in the region that other solutions have been ineffective because issues have happened then we need something better. So this is the next thing.
How has the IT security market grown in the region over the last couple of years?
The IT security market in the region has exploded, especially after the incidents in Saudi Arabia and other major incidents. It has actually created an increase in sales of other IT equipment which is not just considered to be IT, but modernization.
A lot of the systems which were in place were lagging behind the times, and not patched, and not current, and so needed to be replaced. So these incidents helped bring about awareness which caused everyone to examine their infrastructure and conduct appropriate upgrades, put in the right policies and procedures, and personnel to administer, maintain, and continue to operate the security systems in a proactive way.
So I would say the IT market has grown significantly but the actual potential is much larger than what it is now. Because only the largest of players, have sort of been able to practically modernize themselves. The smaller and medium size players don’t have the expertise in-house.
The expertise in the region is also limited and the existing expertise gets deployed by the large players, who have the biggest demand, and so the majority of the market has actually not yet seen the benefit of modernization of security systems.
I believe this will happen over the next few years and as we build up to 2020 here it’s going to be more important that people who visit the country during that period do not suffer any sort of catastrophic situation or financial breach in their credit cards or debit cards.
Therefore a lot of banking and infrastructure for dealing with transactions in the retail space will have to be looked at and made PCI compliant, which they probably are lacking. And so, this region should see a significant surge in security spending over the next decade I would say.
When you speak to CIOs and CISOs in this region, what are the main pain points they face when it comes to security of corporate data?
There is a lot of noise in this market as there are lots of vendors selling a lot of different things. This confuses the CIO and CISO because they cannot look at everything as all solutions and products sound the same. Eventually, everyone converges to the same language to describe the problem they are trying to solve.
It’s hard for them to figure out what is better and what really works in this domain. For things that they are very familiar with there are not emerging technologies for them they are mature and they know that. But in this space which is in its infancy in this region, I would say that education is lacking. And so they have a hard time understanding what they need and how it will help and how to distinguish one tool from the other.
How has the role of the CIO and CISO changed since the adoption of BYOD in companies and consumerisation of IT?
In order to be cost competitive, companies have had to allow employees to bring their own devices into the enterprise. And when this happens it makes the cost of administering applications and services cheaper and they don’t have to give devices to everyone and keep updating them.
Consumerization of IT is here because of cost competitiveness of operating and making people satisfied with the device they have. The flip side is that you cannot control this ecosystem and therefore there can be, in terms of security, vulnerabilities can be a lot greater.
Because organizations cannot lock down a device with a specific operating system and mass upgrade everyone’s device. So when employees bring their own devices, they also bring their own vulnerabilities into the network. This can also lead to performance issues and applications may not work very well across devices.
This creates greater costs for the CIO and CISO that they had not previously accounted for because now they need to be securing their network and moving to a more robust one that it needed to be before it was standardized with the end clients. So now CIOs & CISOs need more efficient tools.
If organizations have a standard device then they can deploy agent based technologies on them to monitor activity. But with devices (mobile & laptops) operating on OS, one cannot deploy agents and monitor efficiently because it’s also not their device. Now network monitoring becomes even more important tool for the CIO and CISO.
They need a team to understand & operate these devices in this diverse environment and so ultimately the costs have not gone down. I have not seen a study that reports this, and because of additional costs, there may be an insignificant savings at the end of the day. But may be users are more satisfied to bring their own devices to work, so there is a benefit to that.
What sort of security threats do companies face in the age of BYOD? How does Niksun propose to thwart these security threats?
As I mentioned earlier, there are essentially two ways to look at the security problem; one would be that organizations monitor activity on the devices, and know who is accessing what information on what device and where that information is going.
And in a way, the anti-virus tools on these devices do that job. While an organization may or may not have a policy and procedure on BYOD, as to what security tools or policy to use, I encourage them to have that well know and articulated.
The other thing is that there will always be some sort of vulnerability that someone has exploited that is unknown at the current time. Finding that using an agent on the device is very hard, because agents on devices are looking for certain things. Typically they have a signature list they are going to be looking for certain content on bad sites, but you cannot assume that all these devices are updated, and the device may have been off the network for a while, or it didn’t get updated, or the update procedure failed for the new signature database to be loaded.
So when you concentrate this function on the network and you say that you are going to be OS independent and able to look at malicious information, as companies only care about it when it’s moving off the device. The only scenario to worry about is someone plugging in a USB and taking information.
Niksun does detection and archiving of data like a video camera on the network, this allows for forensic ability to analyse activity in case it wasn’t detected something in real time. It’s important that system administrators know what’s happening quickly as delay may be fatal. When a breach happens it needs to be controlled.
Niksun gives a standard technology that can be deployed across networks in a controlled manner that functions regardless of the devices attached to that network. It provides both detection and forensics capabilities in one, which brings detection time to very low, and a forensics analysis time to be very fast and allows to reduce the cost of operations because the security people have only to understand one tool and one interface.
And this interface works somewhat like a web browser, for example Google. So if one knows how to use Google, they will know how to use Niksun. It is user friendly and allows users to be trained on it and become effective. It also address the current shortage in the security industry where we cannot afford to have a lot a training time, hence a simpler user interface where people can learn and interact with quickly is better, and use one rather than many client tools..
What sort of channel community do you work with in this region?
The channel that we like to work with has to be highly educated and have a good set of engineers because we have to remember that this domain is not yet mature. This field is in its infancy and once needs smart, intelligent, and knowledgeable personnel who can very quickly pick up the underlying technologies and learn about them and propagate that to their customers.
So the right channel partners are the ones that are highly tech oriented that have a good service team, good training capabilities and are users of these technologies which Niksun has to offer. They should have clients who have these types of issues, and we look for partners who have a good client base where our technology is relevant.
Which industry sectors are you focusing for 2014?
There are three main industries that are prime for Niksun in the region; The first is the telecoms industry mainly due to radio spectrum shortage. This is also an issue because this type or malware and bad traffic may choke the network and it doesn’t help the customers anymore.
For their protection, telecom operators need Niksun like technologies. The other sector is the BFSI sector where transactions take place. Clearly this segment is ready for our technology because they have been exposed to the problems and the cost of crimes this domain is very high. The third segment is large enterprises such as oil and gas.
What sort of channel strategies do you have in mind for 2014?
We wish to work with a few partners in the region to establish our presence here. We are also looking to get some good reference accounts onboard and build a reputable name for ourselves and create a positive reputation with reputable channel partners of quality products and solutions.
Niksun has not run away from the market in the last 15 years and is not likely to go away. We don’t wish to sell and run, so hence we want partners who think the same way. We are looking for good client relationships and these are the partners we are looking at; with good technical expertise, long-term vision, and steady knowledge transfer over multiple years to customers to help them to not only buy and deploy but maximally use them.
Our best customers are the ones who use our products extensively and benefit from it so much. We do not want to do a disservice to our customers and are here to have happy satisfied customers. We have customers across the world who say to us that ‘we have not had that problem because of you’, and we want to see the same here in the ME, and we will see that happen with the right partners.
What sort of marketing initiatives will you undertake going forward?
We will conduct channel activities to raise awareness of our products, participate in shows such as Gitex, and others in the region where we will be increasing our presence with our partners. We will be doing a lot more education in the market through seminars, training sessions, conference speeches, and specific training for specific customers.
We need to have a strategy with our partners to educate large customers. The types of marketing programs will be tailored towards specific clients as well. As we start engaging with customers, it will be broader to the market, and we will then narrow our focus on the specific needs of the customers.
Any major announcements you plan to make in this region for 2014?
This is a very strategic region for Niksun and so later this year we will be bringing certain capabilities specific to the region. For example, we have Arabic language support in our products, and we will be enhancing that for this region and integrating with other tool sets that are more common here so we can make the user experience much more seamless and efficient.
There are strategic partnerships in the pipeline which we will announce later in the year. Right now we want to focus on getting our partners up and running, get them educated to start initial engagements with customers and start our marketing programs. As we understand the region better, we will tailor the programs to better serve our customers with technologies specific to this region.