Life of today’s CISO is nothing less than a rocky boat in the stormy ocean. It never knows where from the high tie would come. Despite all the precautions many large boats capsize and many small boats even survive the rough weather with their skill and best practice. WE spoke to Diwakar Dayal the Managing Director and Country Manager for SentinelOne India and the SAARC to understand his learnings about the CISO predicament. Excerpt.
What are the major challenges of CISOs?
As a link between employees, senior leadership and other stakeholders, CISOs role is no longer limited to implementing digital security strategy but also includes being a risk manager and a strategic communicator.
CISOs’ search for hiring skilled security professionals is getting harder by the day. With the attack-surface expanding, CISOs have to develop, maintain, and constantly update their cybersecurity strategies and solutions. They have the difficult task of choosing the right tool-stack and proactive solutions that are capable of combating complex cyber threats at speed as a single-layer reactive security solution no longer serves the purpose.
What should be the mitigation strategy?
First and foremost, having telemetry that captures a wide range of activity and behaviors across multiple operating systems and which can serve as a base for all your threat-hunting effort, is required. Additionally, the context surrounding the data should be captured too.
Threat hunters need a solid understanding of the organization’s profile, business activities that could attract threat actors, such as hiring new staff or acquiring new assets, and companies. A critical component of threat hunting is having the data to baseline ‘normal’ and find outliers (outlier analysis).
Hypothesis formation and testing is the next step. Ideas can be sourced from MITRE ATT&CK framework, Threat Intelligence reports, Blogs, Twitter, Conference talks, and Penetration testing. After generating the hypothesis, the next step is to follow up on it by investigating various tools and techniques to discover new malicious patterns in the data and uncover the attacker’s TTP. Once a new TTP is uncovered, it is important to effectively respond and remediate the threat. The response should distinctively define both short-term and long-term response measures that will be used to neutralize the attack.
The final step in the practice is to use the knowledge generated during the threat-hunting process to enrich and improve EDR systems.
How differently are today’s cyber security technologies from the older technologies?
The cybersecurity industry in the two decades or more has provided different solutions based on the problems. Earlier they applied a signature-based solution like a typical band-aid to address the issue. 10 years ago, the problem slightly changed when we started to have adversaries, like focused cartels. Cyberattacks were far more sophisticated and then the industry was compelled to opt for cloud-based security solutions. But over the last few years, we have people sitting outside the traditional office, and data is floating between different devices, and being accessed from everywhere. For this, the traditional cybersecurity
approaches, signature-based or cloud-based solutions are not effective. Today only with an AI-powered, and automation platform can we defeat ransomware everywhere, anywhere without dependencies such as signature or cloud.
How is AI and analytics helping strengthen the security posture?
AI is designed to give computers the responsive capability of the human mind. The ML discipline falls under the umbrella of AI and continuously analyzes data to find existing patterns of behavior to form decisions and conclusions and, ultimately, detect novel malware.
AI is able to process millions of vectors every second and combat emerging attacks by detecting new patterns in real time. It helps build the complete threat analysis needed to sustain a working zero-trust model. AI technology can augment cybersecurity teams by automating the interpretation of attack signals, prioritizing alerts and incidents, and adapting responses based on the scale and speed of the attacker.
AI analytics enables recognition and response to threats quickly, reducing the time to Reduce intrusion response time.
SentinelOne is one of the leading players in security market, how are you different from companies like Crowdstrike and other modern-day companies? What are your competitive advantage?
In the latest, Gartner Gartner Critical Capabilities Report, SentinelOne has been rated highest. SentinelOne, a Magic Quadrant Leader, creates value for organizations of every size, maturity, and industry for cloud, endpoint, and identity security.
SentinelOne offers Military-grade prevention, detection, and response powered by patented behavioral AI. Always on, no internet connection required.
SentinelOne offers the most comprehensive, easiest-to-visualize MITRE coverage, whereas Crowdstrike detection requires extensive tuning with diminishing results, as seen during MITRE Enterprise Evaluations.
SentinelOne provides automated remediation where malicious activities can be reverted with one-click remediation and rollback.
SentinelOne offers rich feature parity across all supported operating systems, including Windows, MacOS, and Linux. SentinelOne’s out-of-the-box multi-tenancy, RBAC, enables you to scale and manage geographically dispersed sites, whereas.
SentinelOne offers automated deployment. Singularity Ranger covers your blind spots and automatically deploys new agents in real-time, as needed.
SentinelOne manages large deployments with ease with remote script across multiple assets and provides full remote native OS tools coverage
Key consideration of CISOs is to have robust after sale, better pricing, commitment to support, how does SentinelOne fit into the scheme of things?
A strong XDR solution helps maximize the value of your security investments. SentinelOne’s Singularity Marketplace makes it easy to add integrations to third-party systems such as SIEM or SOAR solutions, with just a few clicks. These integrations can then be enabled and automated without the need to write complex code. Another important benefit is a lower total cost of ownership for the organizations.
CISOs have partnered with SentinelOne for in-depth guidance on how to enhance their enterprises’ overall security posture across all vulnerable attack surfaces including endpoint, identity, and cloud.
SentinelOne’s free ebooks, 90 Days | A CISO’s Journey to Impact – Define Your Role and 90 Days | A CISO’s Journey to Impact – How to Drive Success, are resources available to CISOs as they implement security initiatives and new strategies.
How many customers you have so far and what are the major verticals that SentinelOne deployment is happening?
Over 9,250 customers, including 3 of the Fortune 10, hundreds of the Global 2000, prominent governments, healthcare providers, and educational institutions, trust SentinelOne to bring their defenses into the future, gaining more capability with less complexity. SentinelOne is a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms, and is a go-to platform across all customer profiles, as highlighted in Gartner’s Critical Capabilities report.
Name few of your major customers?
Aston Martin, TGI Fridays, Norwegian Airlines, Samsung, Hitachi, Estee Lauder, Cars.com, Autodesk, Cengage, Shutterfly and many others.
What is your roadmap in India for 2023
In 2023, we are prioritizing areas of clear competitive differentiation across product roadmap and goto-market. A platform is only as good as the sum of its parts, and we intend to remain best of breed in all aspects of our platform. We expect to advance our fundamental security leadership, extend our cloud security advantage, and further expand our platform breadth—all powered by a unified security data lake. Our top priority is ensuring that enterprises are always secure and protected. Our platform approach helps enterprises consolidate point solutions and achieve better security outcomes. We believe our broadening platform innovations will magnify our competitive differentiation across multiple and large addressable markets.
As enterprises are rapidly shifting workloads to the cloud, rising cloud-based attacks are bringing awareness to this critical enterprise need. Cloud security is a critical enterprise need and a fast-growing greenfield opportunity. Singularity Cloud’s operational stability, resource efficiency, and real time visibility distinctly stand out from the competition. We have a clear competitive advantage in this market. And now, we are extending our cloud security advantage by combining forces with Wiz, the leader in cloud security posture management (CSPM). Through this exclusive partnership, we are combining two of the leading cloud security assets in the market and creating a best-of-breed solution for enterprises.