While highlighting that it will take quite a long time to build self-reliant AI system, Rajnish Gupta, Regional Director, India & Saarc, RSA Security, informed Amit Singh that some of RSA’s products use AI and machine learning right from 2005. However, human intervention is still required as we need to really learn and feed that data into the AI systems to make them more intelligent
What are the significant strides that RSA has taken over the last 24 months?
RSA has been in the enterprise security space and is selling technology that is at the higher-end of the cybersecurity technology. Our offerings correspond more to the regulatory compliance needs of the customers and in an environment where there are stringent monitoring and implementation of controls. Hence a majority of our customers are from the segments like banking, IT/ITeS, and government (both central and state). In fact, these are the segments where we are seeing large growth.
While the cybersecurity market is growing at 10 percent, RSA has been growing at 18-19 percent YoY. All our solutions are horizontal, which cater to every segment of the industry including pharmaceuticals, manufacturing, energy, and utilities. Moreover, we are the leading player in advanced SOC with our RSA NetWitness SIEM. We also offer a comprehensive risk and compliance solution, RSA Archer.
In addition, our online fraud protection solution, RSA Fraud Risk Intelligence, is quite popular among the banks. We also have a lifecycle, governance and identity protection solution.
In fact, we differentiate from the competition as the largest player in the enterprise SOC deployments. Wherever the customer requires large-scale on-premise solution you will find RSA as the foremost choice, be it banking, government, or IT/ITeS. Our presence in these segments is quite dominant.
Further, 4-5 years back we came with a concept that logs are not enough for complete visibility of the network to detect EPTs faster. Now customers are also realizing that standard technologies are not going to work and they need a specialized solution to counter emerging threats. Hence, we are witnessing high traction on our SOC, SIEM, risk and compliance, online fraud protection and identity and access management. Our idea is to minimize the risk and bring the business context to the cybersecurity.
In the face of changing architectures and models, how has RSA changed its approach to security? What is your go-to-market security blueprint?
Bringing business context to the cybersecurity programs is our biggest focus area. We understand that attacks are inevitable and you never know when you going to be attacked. The important thing that we need to understand is the business context and what is more critical to business. We need to figure out the crown jewels and protect that first through a risk mitigation strategy; we need to protect the servers holding our critical data. What keeps your business running is critical for us. Mapping these critical assets to security controls will eventually mitigate the risk.
In addition, our focus is on detection and fast response. So far, most of the players have been focused on prevention, however, that doesn’t really help. Despite all the prevention techniques, fraudsters have been able to get into the network, hence strategies need to change. While the breach is inevitable, our focus must be to detect and respond faster. Most of our technologies are focused on this part. As we mentioned that SIEM and log analysis solutions were not enough being reactive solutions, hence complete visibility of the network, endpoint, and identity is crucial. We came out with a solution, NetWitness, five years back when the market was still focusing on protection.
As per analysts, it takes companies an average of 170 days to detect that an incident occurred and an average of 72 days to contain it, which implies that the evolving and furious frequency of cyber attacks has been winning the war against cybersecurity defenses. In this scenario, how is RSA ensuring the protection of customers?
This kind of scenario happens when you don’t have visibility into your network and endpoints. Hence, we need to have visibility on what’s really going on and figure out what is abnormal. We are applying analytics, AI and machine learning technologies to identify the abnormal behavior.
We enable the people and process to respond faster through our technology. Of course, technology is not the only element contributing towards cybersecurity; we need to have sufficiently trained and skilled manpower to build a response mechanism. Hence, having complete visibility, defined processes and faster response mechanism will reduce the dwell time of the threat and malicious vectors.
Most of the customers who have deployed our range of detection and response technologies are quite happy and are able to detect much faster.
Further, RSA has got into the SOAR (Security Orchestration Analysis and Response) technology with our NetWitness Orchestrator. It helps the customer to automate and speed up the entire response mechanism by prioritizing the alerts coming from business critical elements. Apart from this, we have NetWitness Logs and Packets for network visibility, NetWitness Endpoint and we are also introducing the latest NetWitness User and Entity Behavior Analytics. All this put together really help customers to protect their network, data and crown jewels much better.
While AI has a big role to play in cybersecurity, the current reality is that it cannot work independently from humans. Nevertheless, AI is being adopted by hackers to improve their systems and make it more likely to break through. How is RSA guaranteeing defense in this scenario where hackers are able to change their pattern of attacks in just 3 seconds?
AI and machine learning are more of a buzz-word as these technologies existed a long time back. In fact, some of our products use these technologies right from 2005, including the fraud management solution. We do a huge amount of machine learning, behavior analytics to make meaningful decisions based on step-up authentication.
If we take an analogy, AI is like a rocket and data is the fuel; unless we have real meaningful data, AI will not be able to deliver. It’s like garbage in, garbage out.
At the same time, few of the fraudsters and hackers are utilizing these latest technologies much more efficiently to their advantage, while we still struggle to make a business case around the efficacy, safeguards, and savings.
It will lot more time for us to build a very strong AI system for security and everywhere else. Human intervention is still required as we need to really learn and feed that data into the AI systems to make them more intelligent. Our NetWitness Orchestrator is using AI techniques to learn and deliver a faster response. That’s where RSA is really working on.
Cloud environments have become a potential target of security breaches. The complex, hyper-connected networks that cloud providers have developed can result in a single point of failure for hundreds of businesses and critical infrastructures. What is your strategy to secure the cloud?
I think businesses are becoming more aware and the competitive advantages are driving the cloud adoptions. That’s how security is also changing. Most of the security technologies today focus on cloud infrastructure security.
According to me, things in the cloud are becoming much better than they were in the recent past. People understand the requirement to put control on the cloud infrastructure. That’s making the entire cloud environment more secure and reliable.
What are your top focus areas for RSA Security over the next 12-18 months?
We are focused on creating more awareness in the market that protection alone is not enough. We need to continually educate on identifying the security gaps in the detection and response fronts.
Secondly, we are focused on bringing business context to the security programs and creating a risk mentality. We are propagating the idea to appreciate digital risk.
On these fronts, RSA NetWitness is our focused platform, which we are seeing to grow at a rapid pace. RSA Fraud Risk Intelligence is another technology we are quite focused on.
In addition, multi-factor authentication is another focus area. We are seeing good traction on risk and compliance area where we are focused with RSA Archer. While Archer contributes quite low to our business as compared to the global figures, we are witnessing a rapid adoption of this technology in India now; GDPR is also helping the adoption by sensitizing the businesses on data privacy and protection.
Many customers identify lack of advanced skills among the solution providers as a major challenge. How are you enabling channels to possess skills in advanced cybersecurity technologies?
On the channel front, our key focus is to work closely with our focused partners. As we work with a limited set of niche and highly-focused partners, we don’t find any challenges in training and skilling them. The technology that we offer requires good maturity curve and in many cases, the timeline of the implementation projects go beyond 5-6 months. Everybody doesn’t have that kind of appetite. Hence, we choose partners who have a security mindset and are ready to invest in skill acquisition.
In addition, we ensure regular training of partners to achieve advanced levels. We have many partners who are purely services-oriented; we tend to leverage them if any other partner lacks the implementation skills in a particular technology.
Further, to overcome the problem of trained cybersecurity resources, we are planning to implement a training strategy which we follow in Singapore, where we have collaborated with a polytechnic. The polytechnic offers 3-year cybersecurity diploma and delivers trained experts in cybersecurity analysis. We are looking at forging collaboration with few educational institutes in India as well. We will help them design the curriculum, provide technology to build SOC, and offer our security experts to make them more than industry-ready. Currently, we are identifying institutes to run these kinds of programs and courses.