Sunil Sharma, Managing Director, Sophos India talks on why Sophos is the best fit for all tenets of security – endpoint, network and cloud- across the enterprises in India.
The breaches are moving out of the on premise infra to the cloud, mobile and internet of things. How will Sophos secure Indian companies across both – traditional and new-age vectors?
Absolutely. India is one of the most vulnerable countries to malware attacks. In 2017, WannaCry shook the world as the cyber hi-jack accounted for more than 45 percent of all ransomware tracked, closely followed by Cerber at 44.2 percent, according to Sophos’ most recent malware report.
Sunil Sharma’s Bucket List for CISOs & CIOs
1. Educate your employees on best security practices and the latest threats.
2. ‘Patch early patch often’ to ensure that all vulnerabilities are guarded.
3. Revisit your product suite and utilise IT security features effectively to optimise ROI.
4. C-Suite Execs must be open to understand the solutions before the informed decision.
5. CISOs should not fear of the management and support teams.
6. Don’t limit the investments in IT security.
In September of 2017 alone, 30.4 percent of malicious Android malware processed by Sophos Labs was ransomware. Sophos expects the number to cross approximately 45 percent in October. The majority of these attacks have targeted Windows users, but the number of attacks on other platforms is increasing, including those targeting Android, Macs and Linux. While malware is hiding in Android Apps online gaming is being used to spread ransomware and malware.
The bad guys unfortunately are going nowhere in 2018 as well.
Our go to market approach has always been futuristic as we continue to constantly play the cat and mouse chase with the crooks to keep a step ahead of them all the time. We have invested in developing next gen technology that will enable us to secure businesses of all sizes across all platforms – on premise or cloud – at the network gateway – servers – or endpoints. We are excited to integrate the machine learning technology that we acquired from Invincea last year into our product suite. Our firewall too delivers machine learning capability.
There is endpoint security, network security and cloud security and unless these three work in sync, no solution can protect you. Sophos synchronised security syncs all these pieces that talk to each other and that’s our prime plan in 2018.
What makes you believe Synchronized security will gain momentum in 2018 in India? Any pertinent roadblocks you want to address?
At a time where threats are becoming more agile, sophisticated and coordinated, it is important that IT security at the cloud, network and endpoints should work together as a system and share threat intelligence in real time, that is smarter than the malware it is being dealt with that is able to understand machine behaviour and eliminate threats. Synchronized Security is the right ammo for businesses of all sizes especially in this highly digitized world. I am confident that it will gain momentum and acceptability as we see a transformation in the way businesses perceive IT security.
Today, organizations are deploying multiple products at the network, server or endpoints – Unity in diversity is certainly not going to help businesses in this scenario. They need to move from pin point products to a more cohesive and comprehensive environment and adopt a ‘United we stand’ policy as exhibited by Synchronised Security.
Security is an integral part of the overall enterprise IT infra budget. But most organisations in India have security budgets that are underpenetrated or insufficient to a large extent. Your view?
It is undoubtedly underpenetrated. The firing of CEO and CFO of Equifax within a week of the company witnessing huge security breach was a big alert for everyone across the globe. That once again highlighted the importance to invest rightly in security as an important activity by C-execs.
3 Priorities of Sophos India for 2018
1. Register double digit growth and capture market share
2. Push the pedal on Sophos endpoint solutions portfolio
3. Encourage MSPs & CSPs besides our traditional partners
As per recent EY global survey 55 percent of CIOs and IT leaders do not have, or have only an informal, threat intelligence program. Only 44 percent do not have, or have only an informal, vulnerability identification capability. Another interesting fact is that 52 percent would not increase their cybersecurity spending after experiencing a breach which did not appear to do any harm.
CEOs with CIOs and CISOs need to with participate in discussions with security budgets especially in case of eventuality. They should have emergency fund and a big portion invested for cybersecurity.
There is an increase in awareness and acceptability that IT security is a priority. It is only a matter of time that IT security shapes business operations.
With IT security becoming a priority for many companies, what do modern CISOs expect or want from security vendors like Sophos?
CISOs today want innovation, next generation IT security that is simple and easy to manage. Security made simple is not only a brand ethos of Sophos but it is applied in every aspect of the technology that we develop.
Another thing that I see CISOs are struggling with is ‘Actionable Automated Dashboard’. Imagine a scenario where you get to see what is happening in your network in a single click. And that your security solution has remediated in real time even before you actually saw the threat.
It is time to look at collaborative security and combat threats together as one team rather than always compete against each other from security OEMs perspective. And collaborative also means synchronized security – let all security solutions be able to talk to each other and share real time threat intelligence. If the market matures in this manner we will give the crooks a run for their money.
What will your channel roadmap in 2018 as Sophos now has both sides of security - end point and network? Your channel mantras for successful business growth for Sophos’ channels?
As an extension of our partner program we are providing all the required training and enablement support, financial incentives etcetera to help our partners support their customers who are using or migrating to the public cloud via our Cloud Security Provider program.
Alongside the CSP initiative, we would like to enable our partners to become Managed Security Providers. Both the CSP and MSP programs will provide an opportunity for partners to add an incremental revenue to their turnover and become holistic solution providers for their customers Apart from that we continue to work towards our ‘channel best’ and ‘channel first’ sales strategy via our multiple channel led initiatives.
My channel mantras for 2018 for partners would be to focus and prioritise security as a key component of their portfolio. They should continue to invest in people competencies as new age security technologies come to the fore. And they should adopt a scalable model for their business.
Sunil Sharma’s ‘top of the list’ Dos for Indian CISOs in 2018 to encompass a fool proof security posture?
Sophos’ patented Layer8 technology was developed to meet the requirement of the end user. Deploying the best of IT security technology will do no good if your user in ignorant.
“Fearing the technology should not be the right approach by CISOs and CIOs because you are limiting the ability to protect your business environment which could cost you dearly and in certain cases your job.”
MD, Sophos India
We believe security is a shared responsibility. And CISOs / CIOs need to make sure that their employees are educated on best security practices and aware of the latest threats that they should look out for. One of the ways to achieve the required education and awareness is via simulated training drills. Our Phish Threat solutions enables CISOs to conduct a simulated training exercise across the organization.
The recent ransomware attacks displayed that the crooks exploited vulnerabilities in an existing software and launched their malware attack. Hence it is important to ‘patch early patch often’ to ensure that all vulnerabilities are guarded. Many organizations deploy IT security but they do not fully optimised their product. It is time that IT security heads revisit their product suite and utilise the IT security features effectively that would also optimise ROI.
Deploying new technology can sometimes disrupt business operations in a not so good way.
That’s true. But fearing the technology should not be the right approach by CISOs and CIOs because you are limiting the ability to protect your business environment which could cost you dearly and in certain cases your job. I would request my fellow colleagues to be open to understanding what is being offered and then making an informed decision.
Many times the purchase manager drives IT security procurement or a finance colleague wants to go for an L1 vendor. But purchasing IT security is way beyond pricing and being L1. It is about the requirement and the technology that is being offered. CISOs should not fear of management and support teams.
CISOs should not limit investment in IT security. At times, due to lack of budgets at customer end, we as vendor cannot offer them the best solution for the present and the future.
What would you pick as your three prime priorities for India market in 2018 and beyond?
Sophos wants to register double digit growth and capture more market share in 2018. Sophos is the only vendor in the world that has a balanced portfolio of products and solutions in both the endpoint and network category. While we have a commendable presence in network security we’d like to push the pedal on increasing the sales of the endpoint portfolio of solutions. We want to enable our thrust on endpoint is imperative that our partners are enabled and equipped on everything related to endpoint security.