How has Cisco's emergence as a leader in cybersecurity solutions been?

To keep pace with our customers' business, we've anticipated the security needs of the future and invested in ways that very few others in the industry have. But we realize that simply spending money to acquire or build best-of-breed technology isn't enough. A collection of disjointed solutions isn't the force multiplier our customers need. Neither is a platform combining just two products or one that's just another stand-alone product until you spend the time to integrate it. Since 2007, Cisco has invested in innovating internally, acquiring the best products in the market, built true turnkey interoperability with core infrastructure, including third-party products, and united all these efforts. That's why we've acquired the talent and dedicated several years of engineering to unite our products into one integrated security platform.

Specifically, how is the Indian market when it comes to cyber threats? 

According to a Cisco study, organizations in India are seeing a significant increase in the cybersecurity challenges they face amid the shift to mass remote working.

• 73% of Indian organizations have experienced a 25% or more jump in either cyber threats or alerts since the start of COVID-19 
• 65% of organizations adopted cybersecurity measures during COVID-19 to support remote working 
• Cybersecurity is the top priority for 84% of Indian organizations

With users connecting from outside the corporate walls, secure access – defined as the ability to verify identity and establish trust no matter how, where, or when users log in – is the top cybersecurity challenge faced by the largest proportion of Indian organizations (68%) when supporting remote workers. Other concerns raised by organizations include data privacy (66%) and protection against malware (62%).

Elaborate on some of the measures taken by Cisco to help Indian businesses/SMBs manage cyber threats better

When the pandemic hit early last year, Cisco's priority was to ensure the safety of its employees. As such, a global work-from-home policy was announced in March 2020. Over a short period of time, about 70,000 Cisco employees, and an almost equal number of partners and contractors globally, moved to work from home seamlessly. This included over 12,000 employees in India as well. Remote working was not new to Cisco, and 85% of Cisco employees globally were already enabled for it before COVID.

However, for many of our customers in India, ensuring their employees' safety and security meant a total pivot from their regular work and business models and enabling a productive WFH environment almost overnight. In times like these, experience and knowledge on how to enable this transition is the biggest advantage.

To help the industry and our customers, Cisco made its policies, plans, and processes on remote business continuity available to everyone. This helped several large and small ITeS, FSI, and public sector companies in India to move their workforce to WFH overnight.

In April 2020 alone, we engaged with over 600 customers to help them with business continuity plans in India; during the same time, we enabled over 500,000 knowledge workers in India to work from home securely by extending free licenses of our security solutions for remote work (Duo MFA, AnyConnect VPN, and Umbrella DNS Security). We continue to work with our customers to build a resilient cybersecurity strategy for the new normal.

Elaborate on how AI is a crucial aspect of cybersecurity solutions today, and what are some of your key offerings?

The cyber threat landscape forces organizations to constantly track and correlate millions of external and internal data points across their infrastructure and users. It simply is not feasible to manage this volume of information with only a team of people. This is where AI/ML comes to the rescue. By automating the analysis, cyber teams can rapidly detect threats and isolate situations that need deeper human analysis. Here are some applications of this:

• Keep people safe when browsing: Machine learning can predict "bad neighbourhoods" online to help prevent people from connecting to malicious websites. Machine learning analyses Internet activity to automatically identify attack infrastructures staged for current and emergent threats.
• Provide endpoint malware protection: AI algorithms can detect never-before-seen malware that is trying to run on endpoints. It identifies new malicious files and activity based on the attributes and behaviours of known malware.
• Protect data in the cloud: AI can protect productivity by analysing suspicious cloud app login activity, detecting location-based anomalies, and conducting IP reputation analysis to identify threats and risks in cloud apps and platforms.
• Detect malware in encrypted traffic: AI can detect malware in encrypted traffic by analysing encrypted traffic data elements in common network telemetry. Rather than decrypting, machine learning algorithms pinpoint malicious patterns to find threats hidden with encryption.

To help safeguard organizations in a constantly changing threat landscape, Cisco is using AI and ML to support comprehensive, automated, coordinated responses between various security components.

• Cisco Umbrella is our cloud security platform for the network. Our machine intelligence enables us to uncover malicious domains, IPs, and URLs before they're even used in attacks. Then, we use the power of fleet learning to convert the discovery of a malicious agent on one network to blacklist it on all Cisco Umbrella customers.
• Cisco Advanced Malware Protection (AMP) is built on unmatched collective security intelligence. Its ML engine applies heuristic approaches to detecting malicious software. The solution identifies broad classes of threats based on generic characteristics rather than pinpointing a single threat.
• Cognitive Threat Analytics is a cloud-based product that uses machine learning and statistical modelling of networks. It creates a baseline of the traffic in the network and identifies anomalies. The product also analyses user and device behaviour and web traffic to discover command-and-control communications, data exfiltration, and potentially unwanted applications operating in the infrastructure.
• Cisco Stealthwatch applies intelligence across the network, data centre, and cloud. It uses machine learning to discover advanced threats and malicious communications. Stealthwatch employs multiple layers of processing, where a combination of techniques from artificial intelligence, machine learning, and mathematical statistics helps the network to self-learn its normal activity so that it can identify malicious activity.

How was your company's response to cyber threats in the wake of COVID19? How did you manage these threats throughout the past year? 

In the space of a few weeks in March and April 2020, Cisco's entire workforce began working from home. Our top priority was enabling employees to access the services and data they need to be productive when working from home. To confidently allow remote access, we need to secure the network, mobile devices, servers, applications, and information—and enforce good behaviour. At the same time, we needed to take care that secure security solutions and policies don't make it harder to get work done.

We have implemented a multi-layered approach to remote access security. In addition to using the Cisco AnyConnect VPN client, we use Cisco Umbrella to provide DNS-layer security in the cloud, maintain policy and access control lists (ACLs) on our firewalls, require multi-factor authentication with Cisco Duo Security, and enforce access policies using Cisco Identity Services Engine. We push mobile app updates, which have the latest security fixes, with Cisco Meraki Systems Manager. To minimize risk, we use split tunnelling only for about a dozen cloud services that pass stringent security criteria, including good data hygiene and compatibility with Duo Security.

There is a lot of protection that takes place inside Cisco automatically. This results in an average of only 22 managed incidents per day to which our incident command team has to respond. The best defense is several layers of automated protection because humans can't keep up with the current level of attack.

What are some of the biggest trends you see in threat mitigation today? 

With the world becoming more connected and digitized by the day, safeguarding our employees, customers, and assets requires data privacy and security to be a top priority because the attack surface is becoming far broader and more complex. Mobility, distributed work, and the growing use of cloud solutions have provided huge benefits in scalability and cost. But with a greatly expanded security perimeter, new challenges arise. CISOs are reimagining their IT infrastructure with cybersecurity at its core to secure a hybrid workforce and ensure consumer privacy and data compliance. A few key trends are emerging:

• Secure remote work: Work is getting more distributed and remote. To enable this, organizations are turning towards public cloud and embracing SaaS applications. This is leading to the adoption of cloud-based security controls like DNS, Secure Internet Gateway (SIG), and Secure Access Service Edge (SASE).
• True Zero Trust: Adopting a Zero Trust model reduces the organization's attack surface by segmenting resources and granting only absolute minimum access needed. 
• Password-less: According to Gartner, by 2022, 60% of large and global enterprises, and 90% of midsize enterprises (MSEs), will implement passwordless methods in more than 50% of use cases, an increase from fewer than 5% today.
• Security Platforms: Security is a team sport, and "best-of-breed" solutions make integration complex and leave holes for attackers to exploit. A platform connects all the security tools to unify visibility, enable automation and strengthen security across the network, endpoints, cloud, and applications.

Tell us about Cisco Talos and how it's helping the global cybersecurity ecosystem.

Cisco Talos is one of the largest and most trusted providers of cutting-edge security research globally. They provide the data Cisco Security products and services use to take action. The Cisco Security ecosystem covers email, networks, cloud, web, endpoints, and everything in between. Cisco Talos has more visibility than any other security vendor globally, which delivers greater context from many data points during an occurring incident or campaign. This, along with other resources like open-source communities and internal vulnerability discovery, creates a massive volume of threat data.

The challenge is finding the small percentage of malware that is new to the landscape. Machine learning and AI, overseen by analysts and data scientists, create stronger detection outputs for faster and better results. Talos engineers use those outputs to create protection across vectors and pushed globally as quickly as technologically possible. With a continuous cycle of telemetry and updates across an integrated portfolio encompassing the entire attack continuum — endpoint, network, cloud, edge, data centre, desktop, and mobile — Talos provides actionable intelligence that is fast, effective, and deeply contextual.

Talos is active in more than 185 industry groups and community partnerships. With industry groups like the Cyber Threat Alliance, intelligence gets into the right places faster, enabling broader protection on multiple fronts simultaneously. ISAC programs facilitate intelligence and specific insights in targeted verticals. Through collaboration with users and customers around the globe utilizing our Crete program, Talos can detect regionalised threats as they emerge.

How much has COVID19 changed the cybersecurity landscape? How does it position you for 2021?

With this crisis having accelerated digital transformation across India and the globe, a new world is emerging – contactless, low-touch, and digital. Millions of new devices and users will be connected virtually as the preference for digital alternatives rises exponentially. While this brings incredible opportunity to transform how we work, live, learn, shop, and transact, it also presents the herculean challenge of cybersecurity.

Ensuring the safety and security of individuals and organizations is becoming one of the top priorities in the digital world because the threat landscape has not only widened but become far more complicated. According to Gartner, information security spending was expected to grow 2.4% to reach $123.8 billion in 2020, with cloud security (33.3%) and data security (7.2%) as the highest investment areas.

So far, the focus has been on on-premise security. But, as workforces become more distributed and remote, the traditional approach to security - which assumed a static environment - is a non-starter. As the demand for "as-a-service" models increases and software gets deployed across new fronts such as cloud, mobile, and IoT, application security will be crucial to safeguarding valued assets of the business. Enterprise IT architectures will now have to be re-imagined, considering the new future of work, where the concept of the "Resilient, Distributed Enterprise" becomes critical.

Cisco is bringing the capabilities of a resilient technology infrastructure that can help them work from anywhere, collaborate from any device, manage from anywhere (automation, analytics, assurance, and policy), and maximize experience and productivity by serving distributed workers and things with distributed applications and cloud services, with security at the front and centre of it all.