In an exclusive interaction with Express Computer, Niketan Jadhav, CISO, CDSL ventures ltd (CVL) highlights the integration of AI and ML in threat management, the challenges of cloud adoption under SEBI regulations, technology priorities focusing on risk assessment, addressing zero trust networks, leveraging cybersecurity solutions, post-pandemic security challenges, and using AI and analytics to future-proof security postures.
Here are the edited excerpts:
How has the shift to AI and ML impacted your infrastructure and threat management?
The shift to AI and ML has profoundly impacted our approach to threat management and infrastructure. Previously, our Security Information and Event Management (SIEM) system required 100% manual intervention, which was both complex and time-consuming. Analysts had to sift through large volumes of data and alerts, which often led to delays in identifying and responding to threats.
With the integration of AI and ML, we’ve been able to automate and enhance many aspects of our security operations. AI-powered tools can now analyse data in real time, identifying patterns and anomalies that might indicate potential threats. This shift has allowed us to move from a reactive to a proactive stance in threat detection. For example, AI can prioritise and triage alerts based on their severity and likelihood of being genuine threats, thus reducing alert fatigue and focusing attention on critical incidents.
Machine learning algorithms improve continuously by learning from historical data and adapting to new attack patterns. This dynamic capability means that our systems can now detect emerging threats more accurately and quickly than before. Integrating these technologies into our existing platforms, such as SIEMs, Endpoint Detection and Response (EDRs), and Security Data and Response (SDRs), has not only streamlined our threat management processes but also reduced our dependence on manual interventions.
Overall, AI and ML have significantly enhanced our ability to foresee, detect, and respond to threats, strengthening our cybersecurity posture and enabling a more efficient and effective defense strategy.
How has the move to the cloud affected your cybersecurity posture and vulnerability to attacks?
The transition to the cloud has had a significant impact on our cybersecurity posture and has introduced new challenges, particularly given our regulatory environment under SEBI and our responsibility for managing sensitive Personally Identifiable Information (PII). Moving to the cloud involves complex considerations, especially when handling such critical data.
One of the primary challenges we faced was maintaining compliance with regulatory requirements while leveraging cloud solutions. SEBI’s stringent guidelines on data protection and privacy necessitate a careful approach to cloud adoption. We have had to implement robust controls to ensure that our cloud providers meet these regulatory standards and that sensitive information is adequately protected.
Additionally, the shift to remote work, accelerated by the pandemic, has further complicated our cybersecurity efforts. Ensuring the security of various endpoints, including personal devices used by employees, has become a key focus. We’ve had to establish and enforce strict security policies for Bring Your Own Device (BYOD) scenarios and deploy advanced threat detection and response solutions to mitigate risks from remote access.
The pandemic highlighted the need for effective asset inventory management with a distributed workforce and reliance on cloud tools.Tracking and securing all assets has been challenging, prompting companies to refine their asset management practices for better visibility and documentation. We now conduct regular incident drills to simulate attack scenarios, ensuring our teams are prepared to respond swiftly. By continually updating our incident response strategies and refining security measures, we aim to manage vulnerabilities and strengthen our overall cybersecurity posture in the cloud.
Can you outline your technology priorities over the next two to three years, considering the evolving threat landscape and the global market?
Given the evolving threats, understanding our adversaries, whether second or third parties, is crucial. External perspectives are vital. In the coming period, my focus will be on comprehensive risk assessment. I plan to evaluate the security of our vendors and partners, identifying potential loopholes or entry points through their gateways. This assessment will encompass a broad security landscape, ensuring we understand all possible vulnerabilities. By conducting thorough evaluations, we aim to fortify our defenses against any threats originating from external sources. This proactive approach is essential for maintaining robust cybersecurity and protecting our assets and data from emerging risks.
How do you plan to address challenges related to zero trust networks and evolving cyber threats?
Addressing challenges related to zero trust networks and evolving cyber threats necessitates a comprehensive strategy. Given the complexity and frequency of modern threats, zero trust networks are essential for ensuring security. Our approach involves rigorous preparation and continuous improvement.
First, we conduct thorough assessments of our current security infrastructure to identify vulnerabilities. By implementing zero trust principles, we authenticate and validate every user, device, and application continuously, regardless of their location. This ensures that only authorised entities can access our network.
We also enhance our threat detection capabilities with advanced analytics and machine learning algorithms, allowing us to identify and respond to unusual patterns in real-time. Regular training and drills for our security teams ensure they are prepared to handle incidents effectively.
Improving our incident response strategies and collaborating with external cybersecurity experts are crucial components of our approach. By staying ahead of potential threats, we maintain a robust defense posture and effectively manage evolving cyber risks.
What solutions are you leveraging to ensure cybersecurity and data protection?
Our business involves KYC and API interactions, so we use API security gateways to manage load and ensure security. For data protection, we’ve implemented DLP (Data Loss Prevention) tools and privileged access management. These tools help control access and protect sensitive information. I also conduct audits to ensure our DLP policies are effective.
What are the top challenges security leaders face in the post-pandemic era?
In the post-pandemic era, we have faced numerous challenges. Regulatory requirements have become more complex, with travel restrictions complicating asset documentation and audits. Cyber incidents such as supply chain attacks and phishing have surged, requiring more robust detection and response measures. The swift transition to remote work has further strained incident response capabilities, as securing a dispersed workforce involves new risks and vulnerabilities. Ensuring endpoint security, especially with the increased use of personal devices, has become critical. Leaders must also manage compliance with evolving data protection regulations while adapting to a rapidly changing threat landscape. These challenges necessitate comprehensive cybersecurity strategies, continuous monitoring, and regular updates to incident response plans to protect against emerging threats and maintain regulatory compliance.
How does AI and analytics help in making security postures future-proof?
AI and analytics play a crucial role in future-proofing security postures by enabling advanced behavioural analysis and fraud detection. AI can track the path of a cyberattack, detailing its progression and identifying the attacker’s methods. This insight helps in understanding and mitigating threats more effectively. Additionally, AI can analyse biometric and physical data to detect fraudulent activities, enhancing overall fraud management.
Machine learning algorithms continuously learn from historical data, adapting to new attack patterns and improving threat detection accuracy. Real-time data analysis allows for prompt identification of anomalies and potential threats, enabling proactive security measures. By leveraging AI and analytics, organisations can stay ahead of emerging cyber threats, ensuring a robust and adaptive security posture that evolves with the threat landscape.