Our Previous Edition Post event synopsis

In association with

Gold Security Partner Silver PartnersSecurity Solutions Partner Security Partner

Information Security Summit 2013-1411th December 2013, Vivanta by Taj President, Mumbai

Post Event Synopsis

CONTENTSiCxO INFORMATION SECURITY

SURVEY 2013 - 14

Director-Content

Director- Marketing & Alliances

Contributors

Research Support

Cover Design

Publication design and Layout

Printed by

Sudhir Narasimhan

Vasuki Kashyap

Kanika GoswamyRajeshwari Adappa

Ramya Ramachandran

Shwetha.S.

Likhith Creative LensBangalore

Paramesha at Ganesh PrintersBangalore

The copyrights of this publication are owned by Aquaint MediaWorks Pvt. Ltd., 674, VALMIKA, 20th Main, 27th Cross, Poorna Pragna Nagar, BSK V stage, Bengaluru-560061, Phone:+9180 6547 5039. This is a limited edition publication with a controlled circulation. The contents of this publication can not be reproduced in full or in part without the express permission of the publisher. This publication is not for sale and can be selectively distributed by the publisher only.

05

Information Security Summit 2013-14Post Event Synopsis

check prior to employment, employees go through an major highlight of the iCxO Information Security induction programme that familiarizes them with the Summit 2013-14 was a high profile panel security policies of the company. “We also carry out the discussion featuring prominent CISOs and CIOs process of validating the knowledge and knowhow on the and technology providers. The discussion, information security processes, privacy processes on a moderated by Sivarama Krishnan, executive director, PwC regular basis as part of their typical day to day KRAs. Also provided insights into how enterprises across different processes are well defined. We validate and update them industry verticals viewed emerging security threats and regularly so that they are relevant to the changing IT how they were preparing to address them. landscape,” he said. He was of the view that while one can't Participating in the discussion Sunil Mehta, Senior vice mitigate threats with technology alone, it was a mix of president & Area systems director (Central Asia), JWT, said processes, people and technology which ensured a large that JWT did its first security audit way back in 1999 when part of the security needs of his company. He noted that there were no compliance requirements like SOX or ISO implementation of a GRC solution gave them a lot of 27001 and that proactivity helped when the company later comfort on governance across the globe.became compliant to SOX and ISO regulatory regimes. He

Noting that data security was of paramount importance said while all company laptops at JWT were encrypted the to banks, V.Subramanian, Chief Information Security company was open to allowing social media access to Officer IDBI Bank said that data stored in a bank is money in employees for work related stuff. “We took a creative reality and when data gets transferred from one account to approach to educating employees on information security another it is actually money that is getting transferred. He which helped keep threats at bay,” he said. said that security as part of a normal process in banks had Presenting a view of how a large services company like changed as banks had to defend themselves and their VFS global which processes visas for 45 governments in customers from fraud in a big way. With the emergence of 102 countries around the world, DhirenSavla, Chief electronic channels banks today needed to authenticate Information Officer, VFS Global said that the Information remote users and this was a major challenge. “We are now security process in his company starts right from the time going into electronic channels where ATM, internet they hire employees. In addition to a thorough background

A

Combating threats:An industrywide perspective

Combating threats: An industrywide perspective

Four Trends that will redefine Information Security Strategies

Organizations will spend more on security in 2014

Organizations should have strategic as well as tactical solutions to counter threats

Transform your security Operation centers into Security Intelligence centers

Innovation is Fortinet's key strength

ExpertsSpeak

Panel Discussion

Glimpses

5

8

9

11

12

13

14

15

18

CONTENTSiCxO INFORMATION SECURITY

SURVEY 2013 - 14

Director-Content

Director- Marketing & Alliances

Contributors

Research Support

Cover Design

Publication design and Layout

Printed by

Sudhir Narasimhan

Vasuki Kashyap

Kanika GoswamyRajeshwari Adappa

Ramya Ramachandran

Shwetha.S.

Likhith Creative LensBangalore

Paramesha at Ganesh PrintersBangalore

The copyrights of this publication are owned by Aquaint MediaWorks Pvt. Ltd., 674, VALMIKA, 20th Main, 27th Cross, Poorna Pragna Nagar, BSK V stage, Bengaluru-560061, Phone:+9180 6547 5039. This is a limited edition publication with a controlled circulation. The contents of this publication can not be reproduced in full or in part without the express permission of the publisher. This publication is not for sale and can be selectively distributed by the publisher only.

05


check prior to employment, employees go through an major highlight of the iCxO Information Security induction programme that familiarizes them with the Summit 2013-14 was a high profile panel security policies of the company. “We also carry out the discussion featuring prominent CISOs and CIOs process of validating the knowledge and knowhow on the and technology providers. The discussion, information security processes, privacy processes on a moderated by Sivarama Krishnan, executive director, PwC regular basis as part of their typical day to day KRAs. Also provided insights into how enterprises across different processes are well defined. We validate and update them industry verticals viewed emerging security threats and regularly so that they are relevant to the changing IT how they were preparing to address them. landscape,” he said. He was of the view that while one can't Participating in the discussion Sunil Mehta, Senior vice mitigate threats with technology alone, it was a mix of president & Area systems director (Central Asia), JWT, said processes, people and technology which ensured a large that JWT did its first security audit way back in 1999 when part of the security needs of his company. He noted that there were no compliance requirements like SOX or ISO implementation of a GRC solution gave them a lot of 27001 and that proactivity helped when the company later comfort on governance across the globe.became compliant to SOX and ISO regulatory regimes. He

Noting that data security was of paramount importance said while all company laptops at JWT were encrypted the to banks, V.Subramanian, Chief Information Security company was open to allowing social media access to Officer IDBI Bank said that data stored in a bank is money in employees for work related stuff. “We took a creative reality and when data gets transferred from one account to approach to educating employees on information security another it is actually money that is getting transferred. He which helped keep threats at bay,” he said. said that security as part of a normal process in banks had Presenting a view of how a large services company like changed as banks had to defend themselves and their VFS global which processes visas for 45 governments in customers from fraud in a big way. With the emergence of 102 countries around the world, DhirenSavla, Chief electronic channels banks today needed to authenticate Information Officer, VFS Global said that the Information remote users and this was a major challenge. “We are now security process in his company starts right from the time going into electronic channels where ATM, internet they hire employees. In addition to a thorough background

A

Combating threats:An industrywide perspective

Combating threats: An industrywide perspective

Four Trends that will redefine Information Security Strategies



Transform your security Operation centers into Security Intelligence centers


ExpertsSpeak

Panel Discussion

Glimpses

5

8

9

11

12

13

14

15

18

06


banking, mobile banking and point of sale terminals are the ParagDeodhar, Chief Risk Officer and Chief Information areas that account for maximum transactions. In IDBI bank, Security officer, Bharti AXA, said that he viewed risk from a the amount of transactions through electronic channels has holistic angle which consisted of operational risk, far exceeded the transactions through the traditional Information Security, fraud risk and reputational risk. banking channel over the last couple of years. “While we have deployed security measures at various Consequently authenticating a remote customer becomes levels, to me what is more important is how various a major security challenge,” he said. restrictions affect our business. We have to make sure that

the security is transparent to the users, partners and Amit Pradhan, Chief Information Security Officer, Cipla everyone. Security should not become an impediment to said that security challenges faced by pharmaceutical business but instead becomes a system enabler,” he said.companies were radically different from those faced by

BFSI or other sectors. “The most important asset in a Adding a technology provider perspective to the manufacturing or a pharmaceutical company is intellectual discussion, HarmeetKalra, Head-Strategic Accounts, property. There are figures which say that about 65% to Checkpoint, seconded Deodhar's view and said that 75% of IP reside s in email so by default the first and the information security restrictions should not be a deterrent foremost asset that we need to protect is emails. We have to doing business. He also felt that understanding one's all the basic to advance controls in place for emails,” he business was critical to coming out with a successful said. He also noted that the other important issue was strategy to combat security threats. “I think the changing the mind-set from content security to contextual differentiator between a successful security deployment security. “Data is important, how the data is used and and an unsuccessful one is whether the customer applying risk to it gives us more sense and more help to understands his own business environment well or not,” understand the controls around it,” he added. he said.

th26 February 2014

Mumbai

Knowledge Partner Print Partner

08


09


from infrastructure, application and the network to the he keynote address delivered by Sivarama users.” It's no more about how we are going to secure Krishnan, executive director, PwC focused on our infrastructure, application or Information. It's how the economy had changed over the last about who accesses what and when and where. It's 300 years and how business evolution cycle is about whether the user is logging on to the enterprise getting shortened in recent times. He highlighted the network from inside or outside,” he said.importance of how business evolution cycles are

faster than technological evolution cycles. Changing In his view enterprises still tended to associate global demographics, regulations and new security with boundaries while we were entering a governance structures impacted Information Security boundary less world. “When we think of security we in their own ways. mostly think of boundary and how to protect the

perimeter, the data center, servers and the Considering the highly connected world shaping application. But today we are transitioning from up today, he said that Information access today was boundaries to a boundary less world. We no more like a circus. And because organizations have to should look at boundaries but what we have in terms juggle within this circus like situation, he felt that of information and how to protect it,” he said, securing Information was a major challenge.

“Infrastructure revolution, Internet of things, data The next trend he outlined was that security today explosion or big data, and ubiquitous connectivity are is maturing from control driven to intelligence driven posing challenges. It's not IT connectivity alone but protection. In the past protection meant preventing also devices are getting connected. Future finance someone from accessing in excess of what he/she and the way we are dealing with finance are changing needed alone. “In the present context it's not enough. and maybe this is encouraging unscrupulous We need more information than that. Who's accessing elements to take to cybercrime,” he observed. He felt what and from where and how and analytics takes that we need new identity and trust models. The care of that. It's no more about the individual alone, it's Information based device based, application based the situation that becomes more important,” he said. identity models of the past will no more work. Enterprises today need two levels of protection, one

when an employee is accessing the company network He felt that four trends will define future from within the company and one where he's Information security strategies of organizations. The accessing the network from outside.first trend was that the focus on security is shifting

Four Trends that will redefine Information

Security Strategies

T

he iCxO Information Security trends 2014 and iCxO also sought to probe how secure were the various beyond covered CIOs and CISOs of 500 large components of enterprises networks. Office applications enterprises in India to gauge threat perception presented the largest security concern with 76 per cent of and understand how they are gearing up to the respondents saying that they were vulnerable to

protect their information assets against emerging threats. external attacks. 72 per cent of the respondents said that The survey revealed that there is a growing awareness client OS and client hardware were of major concern from a among organizations about the risks posed by Uber security standpoint. 70 per cent said that networking connectivity and consequently the Information security hardware like routers, switches etc. were the weak links in spends are increasing in 2014. 85 per cent of our their IT infrastructure. 60 per cent said that business respondents said they will be critical apps like ERP, Core spending more on securing their Banking Systems, and CRM information assets over the next a m o n g o t h e r s w e r e two years. vulnerable. 58 per cent said

that external internet apps We sought to find out the major accessed by employees s e c u r i t y c o n c e r n s o f t h e caused security concerns.enterprises. 62 per cent of the

enterprises we covered cited The survey revealed that internal security as the biggest area with enterprises embracing of concern, 59 per cent said that new technology paradigms data theft and unauthorized like BYOD, cloud that they physical access was a major need to re-engineer their concern, 41 per cent said that p rocesses to address phishing was also a major concern emerging security concerns. and 25 per cent said that mobile and 4 1 p e r c e n t o f t h e client security were also a cause of respondents said that they concern. need to upgrade their

T


52 per cent of the respondents said their biggest challenge was providing network access to external entities like customers, partners and suppliers

08


09


from infrastructure, application and the network to the he keynote address delivered by Sivarama users.” It's no more about how we are going to secure Krishnan, executive director, PwC focused on our infrastructure, application or Information. It's how the economy had changed over the last about who accesses what and when and where. It's 300 years and how business evolution cycle is about whether the user is logging on to the enterprise getting shortened in recent times. He highlighted the network from inside or outside,” he said.importance of how business evolution cycles are

faster than technological evolution cycles. Changing In his view enterprises still tended to associate global demographics, regulations and new security with boundaries while we were entering a governance structures impacted Information Security boundary less world. “When we think of security we in their own ways. mostly think of boundary and how to protect the

perimeter, the data center, servers and the Considering the highly connected world shaping application. But today we are transitioning from up today, he said that Information access today was boundaries to a boundary less world. We no more like a circus. And because organizations have to should look at boundaries but what we have in terms juggle within this circus like situation, he felt that of information and how to protect it,” he said, securing Information was a major challenge.

“Infrastructure revolution, Internet of things, data The next trend he outlined was that security today explosion or big data, and ubiquitous connectivity are is maturing from control driven to intelligence driven posing challenges. It's not IT connectivity alone but protection. In the past protection meant preventing also devices are getting connected. Future finance someone from accessing in excess of what he/she and the way we are dealing with finance are changing needed alone. “In the present context it's not enough. and maybe this is encouraging unscrupulous We need more information than that. Who's accessing elements to take to cybercrime,” he observed. He felt what and from where and how and analytics takes that we need new identity and trust models. The care of that. It's no more about the individual alone, it's Information based device based, application based the situation that becomes more important,” he said. identity models of the past will no more work. Enterprises today need two levels of protection, one

when an employee is accessing the company network He felt that four trends will define future from within the company and one where he's Information security strategies of organizations. The accessing the network from outside.first trend was that the focus on security is shifting

Four Trends that will redefine Information

Security Strategies

T

he iCxO Information Security trends 2014 and iCxO also sought to probe how secure were the various beyond covered CIOs and CISOs of 500 large components of enterprises networks. Office applications enterprises in India to gauge threat perception presented the largest security concern with 76 per cent of and understand how they are gearing up to the respondents saying that they were vulnerable to

protect their information assets against emerging threats. external attacks. 72 per cent of the respondents said that The survey revealed that there is a growing awareness client OS and client hardware were of major concern from a among organizations about the risks posed by Uber security standpoint. 70 per cent said that networking connectivity and consequently the Information security hardware like routers, switches etc. were the weak links in spends are increasing in 2014. 85 per cent of our their IT infrastructure. 60 per cent said that business respondents said they will be critical apps like ERP, Core spending more on securing their Banking Systems, and CRM information assets over the next a m o n g o t h e r s w e r e two years. vulnerable. 58 per cent said

that external internet apps We sought to find out the major accessed by employees s e c u r i t y c o n c e r n s o f t h e caused security concerns.enterprises. 62 per cent of the

enterprises we covered cited The survey revealed that internal security as the biggest area with enterprises embracing of concern, 59 per cent said that new technology paradigms data theft and unauthorized like BYOD, cloud that they physical access was a major need to re-engineer their concern, 41 per cent said that p rocesses to address phishing was also a major concern emerging security concerns. and 25 per cent said that mobile and 4 1 p e r c e n t o f t h e client security were also a cause of respondents said that they concern. need to upgrade their

T


52 per cent of the respondents said their biggest challenge was providing network access to external entities like customers, partners and suppliers

10

Ramandeep Singh Walia, Principal Consultant, India

& SAARC, Check Point Software focused on the

kinds of threats enterprises and governments had

witnessed over 2012-13.

Ramandeep Singh Walia, Principal Consultant, India & SAARC, Checkpoint Software focused on the various kinds of threats enterprises and governments had witnessed over 2012-13 and outlined what one can expect in the future.

“We have seen advanced persistent threats, up going identity frauds, revocation of certificates and reuse of certificates. The reason attributed to the fact is that everyone needs access to data anywhere and everywhere. In the bargain, users get targeted for financial gain or competitive advantage,” he said. He noted that interfaces commonly accessed by users were being targeted and specific apps and interfaces had been seeing the vulnerabilities and the exploits over the last 18 months. Also hacktivism and syndicates of the underworld cyber economy were complicating the situation. “People are selling exploit nets with post sale support etc. Advanced threats today are not limited to an exploit, an intrusion, or a botnet. And it's not just non-state actors who are exploiting your info. It's not even a zero day malware,” he said,” Earlier they were on the desktops and now they have moved from laptops to mobiles and tablets. Advance threat is a permutation of all or any of the ones as the linear equations here. There are motives that can be governmental, military or anything else.” In his view, most target attacks start from a reconnaissance of a weak user. The attackers also know how to conceal themselves so that security systems won't be able to detect them.

He quoted a Checkpoint real data survey of 900 organizations from 90 countries across the globe. Every 43 minutes a host is trying to take users to a malicious site. The attackers, he said, have lucrative ways of drawing their victims to the site. 63 per cent of the users had got infected. The first infection always lead to a communication with the people who were attacking.

Walia said that organizations should have a strategic as well as a tactical solution. They should have a physical layer as well as a cyber-layer. “We need to think about how we can change a physical strategy model to a logical strategy model. Today is a time of collaboration. We need to collaborate with entities all over whether they are within India or outside. You need the right tools and the right infrastructure at the entry and exit of your infrastructure. You have to have the right tools to detect the threats and combat them” he added.




11

security policies and processes to combat emerging and security as a critical tactical aspect of their overall IT threats. strategy.

Despite increasing external threat and the highly With the last few years seeing a massive uptake of connected nature of the world, many organizations mobile devices, more and more enterprises are evaluating continue to allow their employees to access external apps equipping their executives with mobile devices. While on the internet freely. 55 per cent of the respondents said mobility provides flexibility and productivity gains there their organizations allowed their employees to access are serious security concerns around mobile clients. 34 per whatever they wanted except dubious sites that cent of our respondents said their organizations were compromised their security. 24 per cent said that they don't evaluating providing mobile connectivity to select allow their employees to access to public domain apps employees. 38 per cent are already providing mobile access including Gmail and Yahoo from their corporate networks. to enterprise applications. 31 per cent said their However they were allowed to access these from their organizations do not have a compelling business case for home networks. adopting mobility.

Getting management buy-ins for security investments We asked our respondents to list their biggest is becoming easier. 55 per cent of the respondents said challenges with regard to Information Security. 52 per cent their managements were more receptive and of the respondents said their biggest challenge was understanding regarding investments in information providing network access to external entities like security. However, 21 per cent said getting management customers, partners and suppliers. 48 per cent said their buy-ins for security related investments was tough and 17 biggest challenge lay in managing security information per cent said it was somewhat tough. and taking proactive steps to secure the perimeter. 48 per

cent said securing the data center was also a major We sought to probe the importance organizations challenge.45 per cent cited external threats like phishing, attach to Information Security. 31 per cent of the DDoS and data hostaging presented a massive challenge. respondents said their organizations viewed Information 41 per cent said internal security was a major challenge.security as a strategy that furthered their business goals.

39 per cent said their organizations view IT as a strategy

10

Ramandeep Singh Walia, Principal Consultant, India

& SAARC, Check Point Software focused on the

kinds of threats enterprises and governments had

witnessed over 2012-13.

Ramandeep Singh Walia, Principal Consultant, India & SAARC, Checkpoint Software focused on the various kinds of threats enterprises and governments had witnessed over 2012-13 and outlined what one can expect in the future.

“We have seen advanced persistent threats, up going identity frauds, revocation of certificates and reuse of certificates. The reason attributed to the fact is that everyone needs access to data anywhere and everywhere. In the bargain, users get targeted for financial gain or competitive advantage,” he said. He noted that interfaces commonly accessed by users were being targeted and specific apps and interfaces had been seeing the vulnerabilities and the exploits over the last 18 months. Also hacktivism and syndicates of the underworld cyber economy were complicating the situation. “People are selling exploit nets with post sale support etc. Advanced threats today are not limited to an exploit, an intrusion, or a botnet. And it's not just non-state actors who are exploiting your info. It's not even a zero day malware,” he said,” Earlier they were on the desktops and now they have moved from laptops to mobiles and tablets. Advance threat is a permutation of all or any of the ones as the linear equations here. There are motives that can be governmental, military or anything else.” In his view, most target attacks start from a reconnaissance of a weak user. The attackers also know how to conceal themselves so that security systems won't be able to detect them.

He quoted a Checkpoint real data survey of 900 organizations from 90 countries across the globe. Every 43 minutes a host is trying to take users to a malicious site. The attackers, he said, have lucrative ways of drawing their victims to the site. 63 per cent of the users had got infected. The first infection always lead to a communication with the people who were attacking.

Walia said that organizations should have a strategic as well as a tactical solution. They should have a physical layer as well as a cyber-layer. “We need to think about how we can change a physical strategy model to a logical strategy model. Today is a time of collaboration. We need to collaborate with entities all over whether they are within India or outside. You need the right tools and the right infrastructure at the entry and exit of your infrastructure. You have to have the right tools to detect the threats and combat them” he added.




11

security policies and processes to combat emerging and security as a critical tactical aspect of their overall IT threats. strategy.

Despite increasing external threat and the highly With the last few years seeing a massive uptake of connected nature of the world, many organizations mobile devices, more and more enterprises are evaluating continue to allow their employees to access external apps equipping their executives with mobile devices. While on the internet freely. 55 per cent of the respondents said mobility provides flexibility and productivity gains there their organizations allowed their employees to access are serious security concerns around mobile clients. 34 per whatever they wanted except dubious sites that cent of our respondents said their organizations were compromised their security. 24 per cent said that they don't evaluating providing mobile connectivity to select allow their employees to access to public domain apps employees. 38 per cent are already providing mobile access including Gmail and Yahoo from their corporate networks. to enterprise applications. 31 per cent said their However they were allowed to access these from their organizations do not have a compelling business case for home networks. adopting mobility.

Getting management buy-ins for security investments We asked our respondents to list their biggest is becoming easier. 55 per cent of the respondents said challenges with regard to Information Security. 52 per cent their managements were more receptive and of the respondents said their biggest challenge was understanding regarding investments in information providing network access to external entities like security. However, 21 per cent said getting management customers, partners and suppliers. 48 per cent said their buy-ins for security related investments was tough and 17 biggest challenge lay in managing security information per cent said it was somewhat tough. and taking proactive steps to secure the perimeter. 48 per

cent said securing the data center was also a major We sought to probe the importance organizations challenge.45 per cent cited external threats like phishing, attach to Information Security. 31 per cent of the DDoS and data hostaging presented a massive challenge. respondents said their organizations viewed Information 41 per cent said internal security was a major challenge.security as a strategy that furthered their business goals.

39 per cent said their organizations view IT as a strategy

Navin Mehra, Regional Manager, Fortinet, emphasized on how Fortinet had a new security label and the company had more than 133 labels

NavinMehra, Regional Manager, Fortinet, emphasized on how Fortinet had a new security label and the company had more than 133 labels. He said that the company had not focused so much on marketing as it had been working on technology. “People who have been using Fortinetproducts over the years have seen how good they are in terms of their features, deployments and total cost of ownership,” he said. From a global perspective, he said that Fortinet had operations in over 40 countries and employee strength of around 2500 people with five R&D centers. Fortinet also had threat response centers across the world. “We give updates, prevent zero day attacks, creating awareness about it among other things,” he said.

He also pointed out how Fortinet was placed in the leading quadrant and was among the top most vendors in the world with the highest market share. “Innovation has been our key strength; the products that you have been using in 2010 can today be upgraded without changing the form factor onto the same box. Today we have 15 products,” he added. He also outlined how the next generations of Fortinet's firewalls will help enterprises secure their networks.


Gopinathan K, Practice Head for managed security and Network Services, Wipro Infotech felt that Information thefts were primarily due to the advanced thefts occurring in the network.

Gopinathan.K, Practice Head for managed security and network services, Wipro Infotech, felt that Information thefts were primarily due to the advanced thefts occurring within the network.

In his view, botnets were moving from command & control connectivity to peer-to -peer kind of connectivity. Referring to a recent incident in the Middle East where 38,000 desktops were down due to Botnets, he noted that DNS reflection attacks and DNS amplification attacks caused major problems. DNS attacks are known to very few people.

He felt that high bandwidth attacks and targeted attacks in a BYOD scenario could inflict great damage.

He also told users to be aware of existing capabilities and mitigating the attacks.” Figure out how you can mitigate threats within your resources. Document them and have cyber threats response documented and make them available for everyone concerned within the organization,” he said.

He also emphasized that user awareness was a major area of concern. Basic controls on taking actions and vulnerability control were necessary.

He advised users to transform their security operations centers into security intelligence centers. “Reporting of security incidents should be translated into the language of business. Strategic advisory needs to be communicated in a proper way,” he observed.

Finally, he emphasized on the importance of how Incidents needed to be analyzed in a 360 degree way. Physical security needed more concern as well as integrating various data and tracking user activity from a holistic perspective.

Transform your security Operation centers into

Security Intelligence centers

12



13

Navin Mehra, Regional Manager, Fortinet, emphasized on how Fortinet had a new security label and the company had more than 133 labels

NavinMehra, Regional Manager, Fortinet, emphasized on how Fortinet had a new security label and the company had more than 133 labels. He said that the company had not focused so much on marketing as it had been working on technology. “People who have been using Fortinetproducts over the years have seen how good they are in terms of their features, deployments and total cost of ownership,” he said. From a global perspective, he said that Fortinet had operations in over 40 countries and employee strength of around 2500 people with five R&D centers. Fortinet also had threat response centers across the world. “We give updates, prevent zero day attacks, creating awareness about it among other things,” he said.

He also pointed out how Fortinet was placed in the leading quadrant and was among the top most vendors in the world with the highest market share. “Innovation has been our key strength; the products that you have been using in 2010 can today be upgraded without changing the form factor onto the same box. Today we have 15 products,” he added. He also outlined how the next generations of Fortinet's firewalls will help enterprises secure their networks.


Gopinathan K, Practice Head for managed security and Network Services, Wipro Infotech felt that Information thefts were primarily due to the advanced thefts occurring in the network.

Gopinathan.K, Practice Head for managed security and network services, Wipro Infotech, felt that Information thefts were primarily due to the advanced thefts occurring within the network.

In his view, botnets were moving from command & control connectivity to peer-to -peer kind of connectivity. Referring to a recent incident in the Middle East where 38,000 desktops were down due to Botnets, he noted that DNS reflection attacks and DNS amplification attacks caused major problems. DNS attacks are known to very few people.

He felt that high bandwidth attacks and targeted attacks in a BYOD scenario could inflict great damage.

He also told users to be aware of existing capabilities and mitigating the attacks.” Figure out how you can mitigate threats within your resources. Document them and have cyber threats response documented and make them available for everyone concerned within the organization,” he said.

He also emphasized that user awareness was a major area of concern. Basic controls on taking actions and vulnerability control were necessary.

He advised users to transform their security operations centers into security intelligence centers. “Reporting of security incidents should be translated into the language of business. Strategic advisory needs to be communicated in a proper way,” he observed.

Finally, he emphasized on the importance of how Incidents needed to be analyzed in a 360 degree way. Physical security needed more concern as well as integrating various data and tracking user activity from a holistic perspective.

Transform your security Operation centers into

Security Intelligence centers

12



13

14


15


It's no more about how we are going to secure our infrastructure, application or Information. It's about who accesses what and when and where. It's about whether the user is logging on to the enterprise network from inside or outside

Sivarama Krishnan Executive Director, IT Risks & Control, PwC India

We need to think about how we can change a physical strategy model to a logical strategy model. Today is a time of collaboration. We need to collaborate with entities all over whether they are within India or outside. You need the right tools and the right infrastructure at the entry and exit of your infrastructure

Ramandeep Singh Walia,Principal Consultant, India & SAARC, Checkpoint Software

Reporting of security incidents should be translated into the language of business. Strategic advisory needs to be communicated in a proper way

Gopinathan K, Practice Head for managed security and Network Services, Wipro

We took a creative approach to educating employees on information security which helped keep threats at bay

Sunil Mehta, Senior vice president & Area systems director (Central Asia), JWT

We validate our processes and update them regularly so that they are relevant to the changing IT landscape

Dhiren Savla, Chief Information Officer, VFS Global

The amount of transactions through electronic channels has far exceeded the transactions through the traditional banking channel over the last couple of years. Consequently authenticating a remote customer becomes a major security challenge

V.Subramanian, Chief Information Security Officer, IDBI Bank

PA

NE

L D

ISC

US

SIO

N

Innovation has been our key strength, the products that you have been using in 2010 can today shape up and be upgraded without changing the form factor onto the same box

Navin Mehra, Regional Manager, Fortinet

14


15


It's no more about how we are going to secure our infrastructure, application or Information. It's about who accesses what and when and where. It's about whether the user is logging on to the enterprise network from inside or outside

Sivarama Krishnan Executive Director, IT Risks & Control, PwC India

We need to think about how we can change a physical strategy model to a logical strategy model. Today is a time of collaboration. We need to collaborate with entities all over whether they are within India or outside. You need the right tools and the right infrastructure at the entry and exit of your infrastructure

Ramandeep Singh Walia,Principal Consultant, India & SAARC, Checkpoint Software

Reporting of security incidents should be translated into the language of business. Strategic advisory needs to be communicated in a proper way

Gopinathan K, Practice Head for managed security and Network Services, Wipro

We took a creative approach to educating employees on information security which helped keep threats at bay

Sunil Mehta, Senior vice president & Area systems director (Central Asia), JWT

We validate our processes and update them regularly so that they are relevant to the changing IT landscape

Dhiren Savla, Chief Information Officer, VFS Global

The amount of transactions through electronic channels has far exceeded the transactions through the traditional banking channel over the last couple of years. Consequently authenticating a remote customer becomes a major security challenge

V.Subramanian, Chief Information Security Officer, IDBI Bank

PA

NE

L D

ISC

US

SIO

NInnovation has been our key strength, the products that you have been using in 2010 can today shape up and be upgraded without changing the form factor onto the same box

Navin Mehra, Regional Manager, Fortinet

16


We have to make sure that the security is transparent to the users, partners and everyone. Security should not become an impediment to business but instead becomes a system enabler

ParagDeodhar, Chief Risk Officer and Chief Information Security officer, Bharti AXA

The differentiator between a successful security deployment and an unsuccessful one is whether the customer understands his own business environment well or not

Harmeet Kalra, Head-Strategic Accounts, Checkpoint

Enterprises need to re-engineer their processes and upgrade them to meet emerging threats

Sudhir Narasimhan, Director-Content, iCxO

PA

NE

L D

ISC

US

SIO

N 65% to 75% of IP reside s in email so by default the first and the foremost asset that we need to protect is emails

Amit Pradhan, Chief Information Security Officer, Cipla

16


We have to make sure that the security is transparent to the users, partners and everyone. Security should not become an impediment to business but instead becomes a system enabler

ParagDeodhar, Chief Risk Officer and Chief Information Security officer, Bharti AXA

The differentiator between a successful security deployment and an unsuccessful one is whether the customer understands his own business environment well or not

Harmeet Kalra, Head-Strategic Accounts, Checkpoint

Enterprises need to re-engineer their processes and upgrade them to meet emerging threats

Sudhir Narasimhan, Director-Content, iCxO

PA

NE

L D

ISC

US

SIO

N 65% to 75% of IP reside s in email so by default the first and the foremost asset that we need to protect is emails

Amit Pradhan, Chief Information Security Officer, Cipla

18


19


18


19


Documents

Our Previous Edition Post event synopsis