The exponential increase in endpoints in the last nine months has hugely contributed to a dramatic rise in network and endpoint perimeter breaches. However, there is one man who seems to be fighting fire with fire by providing a unified solution that is changing the face of network and endpoint cybersecurity not just in India but around the globe. Meet Karmesh Gupta, the change that you may know, but the man you didn’t.
Karmesh is the CEO of the Indian cybersecurity-based product suite provider, WiJungle. Honored by Forbes as the best “30 Under 30 Asia 2020,” he has not always had a smooth ride. It was rough, patchy, full of bumps, and only after two failed attempts, did he make it big. Karmesh humbly says, “Persistence did pay.” His company’s unique cybersecurity offering in the network and endpoint security domain is ringing bells around the globe (which already has a product reach in 30+ countries).
It is the end of the year and endpoint security has grabbed headlines almost all year round. So, in a fireside chat with Mihir Bagwe, Tech Writer at CISO MAG, Karmesh helped us gain deeper insights into the trenches of network and endpoint security.
The edited excerpts of his interview follow:
1The Readiness Quotient
Yes, in the case of large businesses, who already had the required infrastructure for business continuity during the pandemic.
No, in the case of SMBs, who either didn’t have the required products for remote work enablement or were managed by third-party vendors. In both these cases, the movement started happening around the first week of lockdown.
Specifically referring to our customer base, only 12% of the people were using the remote work enablement function of our product before COVID, while within the initial 10 days of lockdown, this number rose to 80%.
2Pre and Post-COVID Strategies
A. Between the pre-COVID and post-COVID era, there has been a shift from network security-centric policies to endpoint-centric policies as endpoints have become the first entry point for any threat. Policy enforcement around Endpoint Data Leakage Prevention (DLP), Host-based Intrusion Prevention Systems (IPS), Ransomware Protection & Application Filter have been the prime adoptions/amendments in the overall strategy.
3Hidden Risks of Remote Working
Due to complete remote working, there has been a significant increase in usage of Virtual Private Network (VPN). As multiple endpoints from around the globe are connecting the corporate network daily, the entry points for perimeter breaches have risen. Moreover, neither every official endpoint in the pre-COVID phase was configured for such utilization, nor the newly added personal devices during this scenario were equipped with concrete BYOD policies.
That’s the reason attackers have shifted their focus to breach the network via making an entry through vulnerable endpoints. It is one of the prime reasons for increased cyberattacks post-pandemic. The only way to resolve this is by having proper endpoint protection policies.
4Including Endpoints in Our Security Perimeter
A. Enforcing the security policies on these endpoints is a challenge, and hence a comprehensive or unified product holds the key to bringing them under the security perimeter. Cloud-based solutions like SDPs or Unified Network Security Platforms could simplify these aspects to a huge extent.
5Reason to have a Unified Solution
The reason is simple. Unified products give you the leverage to efficiently manage the policies and monitor the traffic.
As an example, the unified client application that we provide does the work of both VPN as well as Endpoint Protection. If you already have our network security product, then on subscribing to the endpoint protection, end users are just required to update the client app and endpoint security functions get enforced immediately. The admins are only required to enable the option of applying the user network security profile on endpoints, and 80% of their configuration task is done by default.
Now imagine the same implementation if an organization would have opted for separate stand-alone products for network and endpoint. It would have doubled the task and turnaround time.
One thing to remember is that SCCs are used in many countries where the protections are significantly less than in the U.S.
6What’s in the Cloud?
‘As a service’ model, for sure, is the key to the future but having said that, cloud comes with its challenges. Whether you are hosting some data on a public/private cloud or using third-party applications, businesses adopting cloud for hosting their data or using third-party applications or both have different challenges.
One of the biggest misconceptions I have witnessed among the small and medium business owners is – ‘Hey, we use AWS or Azure or GCloud and they, by default, provide required security’ or ‘Hey, we use Gmail and it, by default, provides every kind of security.’ They do not understand what kind of security these platforms are talking about and conveying. It makes their cloud open for potential threat actors.
Since the cloud utilization is higher than ever, it needs to be ensured that SMBs at least have basic DDoS protection enabled for their data hosting along with the right access configurations provided by the platform. Moreover, if suitable, they should go for a Cloud WAF and Virtual Firewall.
In the case of third-party applications, if the number of such applications is less, then they still could be managed by proper access configurations, which should be provided by the platform itself. In any other case, one should deploy a CASB.
7Choosing a Network and Endpoint Security Solution
For sure, number one is to go with a unified synchronized solution for easy management and scalability. The form factor of the solution could be cloud or appliance depending on the business operations need. If they have plans to work 100% remotely for some years, then cloud-delivered security makes sense for them.
Number two on the consideration list is the part where we discuss the capabilities. Ensure that network solution includes Zero-Day Protection, and the Endpoint Security Solution has features of DLP along with ransomware protection.
8Prevention is Better Than Cure
As mentioned earlier, there are two aspects.
Firstly, the majority of ransomware attacks in enterprise networks happen as attackers can traverse through the remote endpoints. Hence, the foremost need is to have the right policy and security at both, network as well as the endpoint level. It is a kind of proactive defense.
Secondly, if the above seems to be a difficult job then one could opt for deception technology such that threat actors could be deceived and their network scan time could be increased to make IT admins aware before a possible security breach occurs. It is a reactive defense.
The most trending forms that we have observed are:
- Malware Attacks (majorly ransomware, Trojans, and spyware): Via phishing, messaging platforms & freeware.
- Payment Frauds: Via fake mobile apps, websites, calls, and emails.
I don’t think any. The world is already witnessing all the possible permutations and combinations of the challenges during the pandemic.
About the Interviewer
Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.
Other Interviews from the Author:
- “COVID-19 is a humanitarian crisis but also emerging as a data security challenge” – Nikhil Korgaonkar
- “Invalidation of the EU-U.S. Privacy Shield was a long time coming” – Robert Meyers