Martin Sutherland, General Manager, NetWitness, talks to Nitya Ravi on the importance of foresight about potential security breaches.
What according to you are the main security challenges that the META organisations need to address?
There are some distinct security challenges faced by customers in the Middle East and Africa. Ransomware attacks are at the top of that list. There are ongoing and continuous attacks in the region. Around 42 percent of local business in the UAE that we survey says that there has been some level sort of business closure or shut down due to ransomware.
Ransomware is a major issue, however, it’s not the ONLY issue. With the onset of the pandemic, a lot of organisations have undergone digital transformations that have enabled remote workforces, which rely on more digital tools and cloud resources. Many of these tools pose their own security risks. Most of the people assume that the cloud is secure but that is not necessarily the case. Organisations need to perform extra due diligence to ensure that they have the same level of security in the cloud as they would on-premise.
How does NetWitness help tackle this current increase of ransomware attacks?
A lot of people believe that ransomware is an attack where data is encrypted, and you pay a fee to fix it. While that’s essentially true, it’s more nuanced than that. The first incident is the attack or breach, but threat actors are in the system, what follows is a period when the encryption process occurs. This encryption process could take weeks to spread within the network, moving from one critical system to the next. That’s why it’s important to quickly detect these types of threats. For NetWitness, our mantra is detect, investigate and respond. Early detection of threats can help save some of the data in your network and mitigate the impact on the organisation.
Can you throw further light on this
On average, customers who pay the ransom are able to recover only 65% of their data. From those who pay the ransom, 25% could only decrypt less than a third of their data and 33% could only decrypt less than 50% of their data. Furthermore, about 80 percent of the people attacked by ransomware will get attacked again since the attacker might keep a “backdoor” in place to attack again later. Hence its quite important to address this quickly.
We have an Incidence Response team that helps companies investigate attacks onsite or remotely and uses our solutions to respond and hopefully prevent major impact. We not only investigate where the breach is but we move through the system laterally – just as an attacker would – which allows us to detect where the point of attack is and from where its spreading to other capture points. Our Incident Response team also checks for those “backdoors” that attackers like to leave, and remove them.
Why NetWitness and what are your key differentiators?
Cyberattacks are increasing both in frequency and sophistication. That means that security teams need increased levels of visibility across their systems. The NetWitness Platform is a SIEM and XDR platform that accelerates threat detection and response. It can collect and analyse data across all capture points (logs, packets, netflow, endpoint and IoT) and computing platforms (physical, virtual and cloud), enriching data with threat intelligence and business context.
We also have a number of professional services offerings, including a global incident response team that trained to the highest level to hunt attacks. They come quickly and, in some places, also deploy our technology.
What is your take on the Security landscape in the region and openness of organisation in adopting new strategies?
I oversee a mix of mature markets like the UAE and less mature markets like in some parts of Africa. One of the things we focus on as a team is not to simply sell a technology but rather be a consultant to help customers. We come in and review the entire infrastructure and make recommendations about not just the technology, but also how to improve or automate processes, educate analysts and provide peace of mind to executives. Our aim is to be a trusted advisor in the region.