Cybersecurity Is About Visibility, Integration, And Automation

Regional Sales Director for India of SentinelOne, to have adequate protection against cyber attacks, you must have good visibility of all company assets (including the perimeter and the cloud) and be able to manage them in an integrated and automated manner. Today, the needs of Italian companies in terms of cybersecurity can be summed up in three words: visibility, integration, and automation.

A company that has been offering solutions for the protection of corporate information since 2013 and which has immediately focused on innovative artificial intelligence and machine learning technologies and EDR systems (Endpoint Detection and Response) to try to more effectively counter attacks.

Could You Be More Specific? What Exactly Do You Mean By Visibility, Integration, And Automation?

Visibility is essential because the migration to the cloud has completely diluted the company perimeter, and security teams have lost some visibility over assets, who can access them, what they can do, and what their privileges are. As for integration, organizations have always used multiple security tools to defend themselves better. And this is even more true today, with the new perimeters that have been created.

However, increasing the number of security tools does not mean increasing the effectiveness of protection. According to some recent research, each organization uses around 40 specific tools to protect company data. It is unthinkable to manage them all in a timely manner; it is necessary to integrate them within platforms.

Integration also becomes a fundamental point because it is difficult to find competent personnel in the cyber field today. All this makes the work of security operation teams extremely difficult, and it is therefore strategic to be able to integrate the tools within complete platforms that are able to manage all the information better.

The third need concerns automation, which becomes fundamental to managing the current increasingly complex and sophisticated scenario of cyber attacks with completely autonomous tools and being able to provide fast and as complete as possible responses to the board or to anyone who needs it.

Does This Apply Equally To Both Businesses And Public Administration?

Security needs also exist for public administration bodies, but the way to respond is quite different than for a company. Cybersecurity evolves quickly, and the approval process for a public tender risks leading to the purchase of something ineffective because, in the meantime, the attack techniques, tactics, and procedures have changed.

Then, there is a problem linked to skills. In the PA, they are more difficult to attract than in the private sector because the budgets are less suitable than current market demands. The ACN provides guidelines that help public administration and the management of critical infrastructures.

These guidelines allow us to identify the cyber maturation paths that organizations must follow. However, it will be necessary to move from the topic of approaches to that relating to correct execution to bring the process to a conclusion.

In This Sense, What Advantages Can The PNR Bring?

The PNRR is undoubtedly a useful tool, but it must then be put into practice. It offers a valid possibility, but it is up to individual organizations to define plans, strategies, procedures, processes, and consequently, technologies so that this possibility is transformed into something concrete.

This depends a lot on the organizations. Some know how to respond quickly and are able to exploit the opportunities offered by the PNR; others, unfortunately, are slower and need help to understand and define precisely what to do.

What Are The Vertical Sectors That Make The Most Investments In Security In India?

Definitely banking and finance. The latter is a highly advanced sector because it needs to be in line with the provisions of international laws and regulations. Then, some companies need to protect critical infrastructures, including the energy and gas sectors, to which there is a lot of attention today, which, by definition, pays particular attention to cyber issues. I would also add manufacturing, which is improving a lot. While retail moves more slowly.

How Does SentinelOne Respond To Cybersecurity Needs, And With What Solutions?

SentinelOne was born in 2013. It was the first company to introduce the concept of next-generation antivirus and EDR using the most modern and innovative technologies. We then moved towards the world of mobile devices and traditional servers, but they had already been brought to the cloud. The next step was to satisfy the needs of companies with cloud systems, understood, for example, as microservices set up on clusters, Kubernetes, containers, and docker.

Today, we provide complete protection in this area, too. However, the enterprise is not just made up of endpoints but also other attack surfaces. With this in mind, through some acquisitions, such as that of Attivo Networks, we have expanded our coverage to the topic of identity according to the concept of Identity Treatment Detection Response.

In practice, it involves the complete analysis of the Active Directory and checking for any compromise of the identities on the endpoints up to the point of deception to create paths and decoys within the organization where the attacker is more straightforward to arrive. In this way, it is possible to understand what the attacker is doing, prevent it from affecting production systems, isolate the threat, and gain some time to protect the organization.

The third step was to integrate all the protections into an ecosystem that allows both the aggregation of different sources and the automation of correlations between the information we receive. We have thus introduced the concept of XDR (extended detection and response). This platform allows us to collect telemetry coming not only from SentinelOne systems, endpoints, or agents but also from external security systems.

We have multiple integrations that will enable security analysts and security operations teams not to have to jump from one console to another to find information separately and then correlate it with each other. This task is, in fact, delegated to our platform. Our solutions allow you to see more (detection is one of our strong points), protect better (thanks to all the technologies we make available in an integrated way), and resolve faster (through analysis and our artificial intelligence systems).

Should SIEM Take Care Of The Integration And Automation You Talked About?

In reality, SIEM was created mainly to do compliance and requires enormous human effort because automation could be more robust. So, devoting security to an SIEM is a highly complicated job that consumes both human and economic resources.

Instead, having a solution that allows you to automate these activities as much as possible is extremely interesting. Our platform is called Singularity and is aimed explicitly at acquiring security information and correlating it with each other in an automated manner.

Are Companies Prepared To Use Your Solutions Appropriately?

We see enormous growth in the MSSP model, especially in the SMB segment or medium-sized Italian companies, regardless of the technology. All organizations below certain thresholds (of employees, turnover, or core business) struggle to manage security within themselves. For this reason, they are increasingly turning to the MSSP market, which in the cybersecurity field is growing more than consultancy or the sale of specific products for certain areas.

In India, the largest and most structured organizations are able to manage SentinelOne technologies independently. Instead, small to medium-sized businesses are increasingly adopting an approach that involves security service providers.

From Your Point Of View, What Will Be The Trends That Will Characterize Cybersecurity In 2023?

Ransomware will undoubtedly continue to be one of the main elements of attack. If the geopolitical situation does not improve, a series of state-sponsored attacks will continue: companies should consider solutions capable of detecting or otherwise responding to this type of attack quickly.

Cybersecurity is not only a question of technology but also of processes and people, which must follow the evolution of the global scenario and be implemented appropriately. We need to equip ourselves with the right technologies, associate adequate processes, and train people so that this type of behavior is increasingly responsible.