India is rapidly digitizing at present. This development is expanding our digital infrastructure and, with it, the multi-layered vulnerabilities that can be targeted by a cybercriminal. We envision to eliminate all such vulnerabilities so that India’s digital advent is smooth and without any roadblocks, says Gnana Prakash Masilamani, Sales Leader, Cyberbit in conversation with Anupama Suresh Mehra of Elets News Network (ENN).

Tell us about Cyberbit’s current standing and developments?

Cyberbit is a provider of military-grade cybersecurity solutions. Our product portfolio includes behavioral-analysis-driven ‘Endpoint Detection and Response (EDR)’, ‘Security Automation, Orchestration, and Response (SOAR)’, ‘ICS/SCADA Security (OT Security)’. It also has the world’s leading platform for simulated cybersecurity training, ‘Cyber Range’.

India is rapidly digitizing at present. This development is expanding our digital infrastructure and, with it, the multi-layered vulnerabilities which can be targeted by a cybercriminal. We envision to eliminate all such vulnerabilities so that India’s digital advent is smooth and without any roadblocks. We are also going to make India a global hub for cybersecurity training.

How Cyberbit is playing an important role in Cybersecurity segments?

Globally, the cybersecurity market is in a dire need of skilled industry professionals. In fact, just India needs around 3 million cybersecurity professionals while the current workforce is less than 1,00,000 as per an IBM report. Obviously, this skill shortage is creating inefficiencies and losses at a global level.

A report by Cybersecurity Ventures indicates that there will be annual losses to the tune of $6 trillion by 2021 because of cybercrimes and exploits. So, there needs to be a sense of urgency for relevant countermeasures that, in addition, have to be taken at scale.

This is when the IT sector and the ones that leverage its services are making the IT infrastructure as dynamic as it can get. They are driving embryonic technologies to the system, thereby introducing new vulnerabilities when the prevalent ones are yet to be addressed. The attack vectors and TTPs (Tactics, Techniques, and Procedures) have to be thoroughly examined to remediate the underlying problems.

It will also help in countering an ongoing attack by the Security Operations Center (SOC). The challenge over here is that a large part of the cybersecurity workforce is not well-versed with ultramodern cyberattacks and their TTPs. So, they are not able to effectively counteract against an ongoing attack.

Here, the Cyber Range solution creates immense value for the entire ecosystem. It trains the in-house professionals in the SOC-like hyper-realistic environment via simulation. Cyber Range also decreases the onboarding time for fresh talent and can further be leveraged by academic institutes to make students market-ready.

Cyberbit also decreases the overall workload of the in-house SOC team through SOAR (Security Orchestration Automation & Response) or SOC 3D. The solution integrates all of the security tools used by the SOC into a single screen and automates the incident response playbooks. Ultimately, SOAR helps in reducing the time-to-respond by as much as 90% while simultaneously tripling the capacity of the Security Operations Center.

Lately, there has been a paradigm change in both IT and OT infrastructure, wherein the lines between the two are gradually fading. This is where our ICS/SCADA Security adds value. It addresses the across-the-board security concerns of Industrial Control Systems (ICS) including electric grids, transportation systems, manufacturing lines, power plants, and so on. Any breach of such networks can have far-reaching consequences and can cause environmental damages while also putting lives in potential danger.

Modern cyberattacks can easily bypass the firewalls and anti-malware systems of an organisation. A lot of recent cyberattacks are a testament to this fact. Here, Cyberbit’s EDR solution, which leverages AI-ML and Behavioural Analytics amongst other technologies, can easily detect any anomalous activity over the network as well as the potential threats.

What are your plans for the Indian market in 2020?

Our primary approach is to alleviate the industry’s biggest challenge at present, i.e. the cybersecurity skill gap. With this approach, we also look forward to positioning India as the global hub of cybersecurity training and in fact, as a hub of global cybersecurity solutions.

The nation has all the right ingredients to turn the table around on a global scale. It is one of the fastest-growing nations, one of the largest global markets, second-most populous nation, the most youthful country across the globe, and there is enough room for novel approaches given its sheer dynamism.

The way we see it is that after the nation’s challenges are addressed, the avenues to tap the global opportunity will undoubtedly get unlocked. Cyberbit envisions to act both as an enabler and a catalyst in this development.

We are approaching this objective by making military-grade cybersecurity a norm across the nation. Next, with our Cyber Range product, we are addressing the skill gap and workforce shortage in the industry. We are also joining forces with academic institutions to give students hands-on experience of the market against just theoretical education.

This approach also familiarises all stakeholders – including the current workforce and future working professionals – with novel attack vectors and TTPs and takes a forward leap as compared to the ‘Baptism by Fire’ approach which is an industry norm. Our business model, as already explained, is a confluence of these approaches.

What are your plans to expand in India and the vertical you are planning to put your major focus on?

Our primary focus area is going to address the current threat landscape as well as the operational challenges faced by organizations. Since the security concerns are more pronounced in the sectors where there are regulatory obligations or there could be far-reaching consequences, Financial Institutes and IT/ITeS players are our main target verticals. Apart from them, we also look forward to working with government agencies and ICS operators in light of the new-age cyberwarfare. Our all-encompassing approach also eyes onboarding as many educational institutions as we can for the Cyber Range solution.

How Cyberbit support the statement that Automation and Orchestration can ensure the command control on the security operation center?

Today, organisations are threatened by complex and persistent attacks from multiple vectors in which attackers penetrate networks by executing malicious files. Such activity can trigger a Command & Control playbook. Automation and Orchestration platform plays a vital role in detecting such communications.

SOAR Tool integrated with EDR/IPS can identify a malware-related activity and generate an automated alert for the SOC team. SOAR tool can also streamline event management, automate playbooks and procedures, and integrate seamlessly the entire portfolio of security tools and feeds to detect suspicious behavior. This will help SOC teams to accelerate their response by 90% as they have playbooks for multiple types of incidents such as phishing, ransomware, DDoS and more, as well as user-generated playbooks.

How end-point detection and response with the banking enterprises play a crucial role?

The technological intervention within our banking system is unprecedented as of now, especially with the rise of wide-ranging digital technologies. This development has considerably added to the efficiency of our banking industry by automating processes, decreasing human involvement as well as related errors and omissions, and eliminating paperwork. It has added thrust to the financial inclusion in our country.

However, given the imperfections of digital technologies, it has also opened our banking system to the associated vulnerabilities. So, the cyberattacks conducted during yesteryears – including Cosmos Bank breach and the attack on State Bank of Mauritius’ Mumbai branch – didn’t come as a surprise.

It is observed that cyber attackers generally compromise the SWITCH and SWIFT systems. For the uninitiated, SWITCH is a group of servers that are used to send approval requests to the core banking system from an ATM. On the other hand, SWIFT is used by banks to send secure inter-banking messages globally, used to communicate wire transfer requests between different accounts or stakeholders.

Since SWITCH and SWIFT are responsible for the authorization of transactions, they are the most sensitive constituents of the banking infrastructure. This is precisely why sophisticated solutions such as avant-garde Endpoint Detection and Response prove to be a gamechanger for banks. EDR continuously monitors the entire network with Behavioural Analytics and Machine Learning to give intensely accurate detections. This is while keeping the chances of false positives to the bare minimum.

Hence, banks are able to detect even the slightest of an anomaly in the network and prevent the associated risks.