Wana Tun, Regional Technical Evangelist, Sophos
Data&StorageAsean: Has the rise in cloud adoption affected the way people (vendors and users) approach security?
Wana: We have observed a steady growth in the adoption of cloud based security services, especially in the SMB market segment. In fact, Gartner has predicted the cloud-based security market to hit US$4.13 billion by 2017, driven mostly by SMBs.
In response to the cloud adoption trend by enterprises, security vendors have aimed to cut down on some of the traditional complexities related to security management.
We at Sophos, see too many customers crushed under an avalanche of cloud security tools that are too complex to manage effectively. Therefore, we have approached security differently by introducing an integrated management platform that simplifies the administration of multiple Sophos products. This unified platform for cloud security management is an element of our synchronised security strategy to enable multiple security products to work together seamlessly with simpler management and better security.
Data&StorageAsean: Do XaaS providers do a good job of securing your data?
Wana: Instead of assuming that security is taken care of IaaS, PaaS or even XaaS providers, it is important for enterprises to understand how their data is being protected whenever it is stored and processed in the cloud. Security should be a core functional requirement for all companies to protect mission-critical information from accidental or deliberate theft, leakage, integrity compromise, and deletion.
There is also a shared security responsibility model for cloud, an approach that holds the cloud provider and the enterprise accountable for certain aspects of security. For example, the XaaS, IaaS, PaaS vendors own, control, and provide access to their Data Centres where the data resides. This covers physical access to all hardware and networking components and any additional Data Centre facilities including generators, uninterruptable power supply (UPS) systems, power distribution units (PDUs), computer room air conditioning (CRAC) units and fire suppression systems.
Essentially, the vendor is responsible for the components that make up the cloud, while the enterprise is responsible for the data that is put ‘into’ the cloud.
Data&StorageAsean: Security used to be about virus protection and access control. How has that changed?
Wana: Security has definitely become more complex over the years and to cope with sophisticated threats, companies need to be more strategic instead of tactical in their security approach.
It is recommended for enterprises to consider a security solution where the endpoint and network protection act as one integrated system, enabling organisations to prevent, detect, investigate, and remediate threats in real-time, without adding any staff. For example, Sophos offers a synchronised security approach that eliminates the need for additional agents or layers of complex management, logging and analysis tools to solve a security problem.
Today, as ransomware is one of the most dangerous threats, organisations also need to start considering next-generation endpoint protection solutions for a more coordinated and automated response to attacks.
Data&StorageAsean: Can a company protect themselves 100% from Data Security Threats?
Wana: With cyber attacks becoming more sophisticated, it is harder for a company to be completely protected. However, there are definitely best security practices that can be implemented, such as the following practices to defend against ransomware:
1. Back up files regularly and keep a recent backup copy off-line and off-site. Encrypt the backup for an additional layer of protection.
4. Don’t enable macros in document attachments received via email as infections can be spread this way.
5. Be cautious about unsolicited attachments and refrain from opening it.
6. Do not stay logged in as an administrator longer than required, and avoid browsing and opening documents while logged in.
7. Consider installing the Microsoft Office Viewer, as the application provides a preview of the document without opening them.
8. Patch early and patch often. Any ransomware that is not spread via document macros, often rely on security bugs in popular applications such as Office and Flash.
9. Stay updated with new security features in your business applications. For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”, which helps protect against external malicious content without stopping you using macros internally.
Data&StorageAsean: Are you seeing big data or machine learning being used in data security - on either side of the fence (hackers and/or vendors)?
Wana: We are definitely seeing big data and machine learning being incorporated in security solutions to defend against the latest threats. In fact, the Sophos team has recently used big data analytics along with our deep understanding of threat patterns to design a solution for ransomware called Sophos Intercept X, which recognises malicious behaviours and stops potential attacks much sooner in the kill-chain.
Separately, hackers too have turned to big data. A popular global example to cite would be the Ashley Madison data breach, where cyber crooks got their hands on user data and exposed customer records, conversations, credit card transactions, real names and addresses.
This is why data encryption is important. As the last line of defense against data loss, encryption can prevent online fraud and theft of financial and personal information. Encryption is also valuable as it slows hackers down. For example, if hackers steal encrypted data, they would still have to search a few days for the encryption keys, and in this time, IT security teams have a higher chance of detecting suspicious activity.
There are high legal costs and regulatory penalties a business would have to face if the company loses intellectual property. Therefore, data encryption is a recommended measure to have in place, as it is affordable and effective.
Data&StorageAsean: What’s unique about your own offerings and product strategy?
Wana: At Sophos, we have people behind the scenes constantly collecting, correlating and analysing data to provide the best protection for enterprises. With ransomware being one of the most widespread and damaging threats today, we have recently launched a host of next-generation endpoint protection solutions for enterprises.
For example, Sophos Intercept X blocks zero-day attacks and threat variants within seconds, without the need for traditional file scanning or signature updates. Sophos Intercept X is a component of our synchronised security strategy and is enabled with the Security Heartbeat to share threat intelligence with Sophos’ next generation endpoint and network solutions for a coordinated and automated response to attack.
We are excited about how Sophos Intercept X will change the way the market views endpoint protection. With exploit detection, anti-ransomware capabilities and the ability to hunt down and destroy persistent malware and spyware, Sophos Intercept X truly heralds a new age in endpoint protection.