There Is No Peacetime in Security: Juniper's PaulJuniper's CTO on Asian Security, Virtualized Security
Cyberattacks are increasing in frequency, complexity, nuance and stealth. But human error, business compulsions and increasingly complex environments make it difficult to maintain adequate defenses, says Sajan Paul, Juniper Network's CTO for India & SAARC.
"The complexity and nuances of attacks is increasing. Ransomware, zero-days, APTs - all have been around for a while. But now the objectives have gotten more focused," he says in an exclusive interview with Information Security Media Group. "Monetary gain is the prime motivation most of the time. Even when there isn't a direct financial motive, money is involved somewhere in the attack chain." (See: The New Economics Of Cybersecurity Risk)
Attacks are becoming more frequent, with cybercriminals increasingly using open-source, customizable malware in the cybercriminal landscape, he says.
Recent attacks in the region have been made possible, in part, because of human errors, he says. For example, many standard security practices are not followed, and checks and balances are not strong enough.
"A lot of the time, compromises are made in this area, primarily because of business compulsions - the risk is knowingly undertaken when business wants to scale and the security controls become a bottleneck," he says.
Many organizations make the decision to bypass security after determining that although there are risks involved, the additional business volumes and speed-to-market in lieu of security is more important (see: Security and the Need for Speed).
Paul says a security environment has two components: static, steady-state policies and rules and dynamic policies. Static policies are known elements of the security equation, but dynamic policies are more important in today's environment because of the rapidly changing nature of threats (see: Security Spending for the Long Term).
A coordinated threat intelligence lifecycle is essential to deal with changing threats, he says. And to really make all the threat intelligence available to an organization actionable, practitioners need to have the authority to empower people to act upon it, he stresses.
In this interview (audio player link below image), Paul speaks about the changes in the threat landscape in Asia and the common challenges faced by practitioners. He discusses:
- Security challenges in virtualized environments;
- The need for coordinated threat intelligence;
- Recommendations for practitioners.
As CTO for Juniper Networks in India and the SAARC region, Paul covers both the enterprise and service provider verticals. He has more than 20 years of experience in the telecom and networking industry, working in design, driving technology directions and managing solutions. In his current role, he drives strategic solution initiatives and technology architectures to help organizations build their next-generation network infrastructures.