Quantifying cyber risk and consolidating security solutions are paramount for safeguarding complex environments. Sharda Tickoo, Country Manager-India & SAARC at Trend Micro, shares her insights on these critical issues in an exclusive conversation with ETCISO. Tickoo discusses the need for ongoing monitoring and adaptation to emerging threats, emphasizing the integration of best-of-breed solutions to enhance organizational security.

The industry is steadily moving in on quantifying cyber risk. Tickoo’s modus operandi lists knowing the attack surface and risk exposure as the starting point. “The digital surface of an organization has expanded into new ways of working,” she says.

The next step is mapping the high priority assets and their respective exposure. There are multiple factors at play, she explains, “The value of the asset, its position in the organization, who accesses it, what it stores, etc. and then assess the risk associated with each asset. Post which we can arrive at a metric to define the risk.”

While the metrics may not be standardized–and it has to be contextualized to the business the organization is doing–Tickoo explains that the industry is steadily recognizing and arriving at it. “It is important as cyber risk constitutes a boardroom discussion now and we need to arrive at a formula to educate the latter on the former,” she says. “The holistic cyber risk is one that takes people, process and technology into consideration.”

This philosophy rests at the core of the Trend Vision platform. The range of knowledge provided to the organizations on cyber risk is extensive and with a value to it. Additionally, it gives insights into elements contributing to the cyber risk for them to work on reducing it. And there is data on benchmarking against peers and the overall sector.

Role of ML

Quantification of cyber is a function of multiple things. Along with prioritization of assets, it is as much about slicing and dicing the threats identified. “Technologies like AI, they definitely help in doing that,” Tickoo explains. Upon identifying a potential attack path that a threat actor is using, one can view the network flow, the assets connected to others, overall environment and ways in which vulnerability can be exploited.

“All of these models are being built. With more data being captured, analytics and GenAI tools hoisted on top of it– the learning derived of a potential attack is immense. it is essentially like the red teaming exercise organizations undertake,” Tickoo explains.

Security consolidation is a journey

CISOs always are in constant dilemma about choosing between a unified platform-based solution and integrating best of breed. Tickoo takes us to the root of the issue– alert fatigue the SoC team faces monitoring close to 20+ consoles of respective security solutions. Additionally, SOC teams are dealing with silos and lack of visibility.

“Consolidation is the answer to all of this. Consolidation, essentially, is to club technologies that are homogeneous in nature,” Tickoo says.

But why are organizations wary of this owing to the investments made in their security solution and the wait period to realize the RoI of it. Tickoo opines consolidation, therefore, is a journey.

“At Trend Micro, we are offering our customers access to our consolidation platform, Trend Vision One Essential Access, for those using our products such as email, web, network, or endpoint security. This platform allows customers to onboard and experience the benefits firsthand. We ensure they can use the base features to understand its value.

Additionally, the platform can integrate with other security solutions, such as firewalls, demonstrating its adaptability even if the customer does not exclusively use Trend Micro products. Our goal is to avoid siloed operations, promoting seamless communication and more meaningful insights through consolidation and integration,” Tickoo says.

Assessing long-term scalability

With times being interesting, stability of the vendor you want to onboard is important, believes Tickoo. Point number two is to identify the key areas the platform can cover. This includes email, endpoint, network, data, identity, cloud, OT, edge network, and more. The question is, how much consolidation can be achieved across these areas? Evaluating how consistently a platform can handle maximum consolidation is crucial.

“For instance, at Trend Micro, endpoint security, network security, and email security are our strengths, with a long history of customer use.

Point three is the roadmap and the organization’s focus on R&D. For our large customers, we ensure our product leads are part of these conversations to directly hear feedback. India, in particular, provides many innovative ideas, which we relay to our product teams to improve our offerings. Sometimes, we have even co-developed products with customers to meet specific needs. For example, we have customized solutions for India’s largest VCR and bank. Securing such large entities involves handling technical complexities and adapting our approach to their unique environments.

Thus, the third point is the vendor’s flexibility to adapt to your environment by making necessary adjustments or integrating with your existing security framework,” Tickoo adds.

AI for/in security

With AI now, there’s a dual challenge: Leveraging AI to enhance security and securing AI themselves. For organizations it is a tightrope walk to balance both.

AI for security is not new; it has been utilized in this field for a long time. “At Trend Micro, we’ve been leveraging AI for over two decades, starting with AI models in our email security and evolving to advanced external detection models,” Tickoo says.

The latest innovation at the company is the GenAI tool, called Companion, which began as a basic chatbot and has now progressed to recommending key security pillars and automating security playbooks. “This evolution in AI for security has made our analysts’ work more efficient,” she adds. Trend Micro recently partnered with Nvidia to enhance its AI capabilities, utilizing the latter’s GPU and CPU technologies to improve accuracy and speed.

Security for AI is a growing concern, especially as large enterprises develop their own AI infrastructure and models. “Securing AI infrastructure is akin to the early days of cloud security, requiring solutions for access control, privileged user management, and data integrity,” she recollects.

AI apps are vulnerable to issues like prompt injection, model poisoning, and jailbreaking. Securing AI involves ensuring the integrity of training datasets, adhering to security best practices during app development, and conducting regular red teaming. Responsible use of AI is crucial, particularly in safeguarding PII during training and usage.

“Trend Micro addresses these concerns by providing protection for cloud infrastructures used in AI development, controlling access to GenAI tools, and intercepting inappropriate inputs and outputs. Organizations must adopt best practices for AI hygiene and responsible use to mitigate risks effectively,” she says.

Vulnerability management

The increasing use of digital applications inevitably leads to more vulnerabilities. Vulnerability management has evolved significantly over the years.

“Our flagship IP solution, Trend Micro Tipping Point, is a critical part of our Network Detection and Response (NDR) story. Tipping Point is a standalone Intrusion Prevention System (IPS), although similar technology can be embedded in firewalls. However, we believe large enterprises benefit from dedicated IPS solutions.

I recently discussed this with the CIO of a large IT organization. Despite the availability of combined firewall-IPS solutions, he insisted on a dedicated IPS. He explained that while an IPS protects against threats, it also provides a comprehensive view of the organization’s vulnerability posture. This insight is crucial, as it consolidates data from various vulnerability scanners, showing which vulnerabilities are covered by the IPS. This allows for virtual patching, a vital feature that provides security without requiring immediate downtime for physical patches,” Tickoo explains.

In response to this feedback, Trend Micro extended the virtual patching technology to the server level, ensuring that both network perimeter and internal servers are protected. This approach has been adopted by many large organizations to maintain security while managing downtime effectively.

Vulnerability management has always been crucial, and the Tipping Point solution now integrates with the Trend Vision One platform, offering a comprehensive view of vulnerabilities across endpoints, networks, and more. This integration allows for prioritizing patches based on the likelihood of exploitation, providing a clear and actionable security strategy.

One common pitfall in vulnerability management is the reliance on checklists, states Tickoo. Security teams often work in silos, and regulatory requirements can be inflexible, leading to a box-ticking approach rather than a strategic one. “Effective communication is essential to convey the importance of prioritizing certain vulnerabilities over others, based on risk assessment rather than merely following a checklist,” she says.

CISOs must take the lead in educating their teams and stakeholders about the criticality of addressing the most significant threats first, balancing business uptime with the need for robust security, concludes Tickoo.

NOTE: This article is a part of ETCISO Brand Connect Initiative