Securonix: Revamping Cyber security Platforms for Cloud

<style>.col-md-3 span{font-size:14px;}</style><span>Ramakrishna Murthy,VP - Technology Services & General Manager - India

Ramakrishna Murthy

VP - Technology Services & General Manager - India

Security concerns are no longer a barrier for cloud adoption with the introduction of technologies that provide advanced security controls, detection, prevention, and compliant to stringent regulations like GDPR. Headquartered in Texas with an Indian office in Bangalore, Securonix specializes in cloud based security analytics and management, integrating machine learning and automated response. The Securonix platform provides state-of-the-art analytics with comprehensive SIEM (Security Information and Event Management) and UEBA (User and Entity Behavior Analytics) for detecting both known and unknown security threats on cloud and on premise infrastructure. The GM-India gives a detailed account of how the firm has built its foundation.

In conversation with Ramakrishna Murthy,VP, Technology Services and General Manager(India), Securonix

Today, even though technology empowers companies with an infinite set of innovative ideas, security remains as a major concern. There are many companies who are in doubt when they are questioned about online security. What advancement does Securonix provide in cloud security domain and how do you overcome these challenges?

While cloud infrastructure and service usage provides several benefits for businesses, there is a critical need to secure the cloud services as well as customer data. Legacy on premises monitoring solutions often do not get full visibility of the cloud infrastructure and services. Securonix's SNYPR cloud platform offers UEBA, Security Data Lake and NextGen SIEM services. We use big data security analytics and ML to detect unknown and hidden threats within customers' cloud as well as on premise environments using a single platform which includes log

management, threat hunting, and SOAR (Security Orchestration, Automation and Response). This single platform or solution consumes every type of activity logs,identity or access data, intelligence data, and any contextual data (IT or non IT). Every event /alert is correlated to an entity and super enriched to make it meaningful for a threat analyst to understand and analyze, while reducing the workload of the analyst by consolidating and prioritizing alerts and removing false positives. Securonix's proprietary ML algorithms and techniques are then applied to detect advanced threats. It eliminates the blind spots when on premises data is correlated with cloud data in order to analyze end-to-end activities of the users and detect actionable threats.

Securonix’s SNYPR cloud platform offers UEBA, Security Data Lake and NextGen SIEM services

The Securonix Threat Research team monitors the constantly shifting cyber threat landscape by conducting security investigations, and developing detection methods. We analyze and deconstruct the latest cyberattacks, identifying indicators of compromise and behavior patterns for cyberattacks, insider threats, financial services threats, nation state threats, critical infrastructure threats, and healthcare threats etc.

Our cloud service is SOC2 Type2 certified. In a multitenant architecture, individual tenant IDs and dedicated tenants are used to maintain complete data segregation. Data is kept encrypted while it is in transit, and becomes optional to encrypt at rest. There are additional features like Granular Role Based Access Controls and data masking privacy controls which aids in making the solution GDPR compliant.

Please narrate an exceptional and note worthy implementation story.

Sure. A very large US based pharmaceutical distributor has implemented the Securonix platform to protect against Internal and External threats. We enabled them to gather and store every piece of log intelligence generated within the company, and improved Security Operations Center(SOC) analysts' abilities to detect and mitigate cyber threats. We also used analytics to improve and drive

decision making threat detection, hunting, investigation, and response. They use our platform as the centralized security monitoring solution, a single pane of glass view where the analysts only need to look at one screen to arrive a conclusion instead of switching between multiple screens. Securonix' skill chain identifies threats at various stages of progression, which helps to associate a threat with a risk level.

Also,a major concern for this organization was the storage and retrieval of data for a large period of time for compliance which may have spanned several years. Securonix's Data Lake enabled them to parse any log data, enrich, store, and make it searchable through the Securonix Spotter interface. The results have been significant. In one month, out of 500 insider threat incidents, around 400 (80 percent)were closed after identifying infected endpoints and malicious internal actors.

What further innovation do you plan to include in your Cloud Technology offerings?

One of the important initiatives we are working on is to develop SaaS customer portal that will provide add-on features and services on demand, and usage reports, etc. We have launched Cloud Pods by industry verticals, which will enable us to provide industry specific regulatory controls, lower impact radius, achieve centralized management, and the ability to offer dedicated tenant Pods. We will be providing remote management of the on premise components from our cloud as Remote Ingester Nodes which does not require VPN/VPC. This will also allow remote orchestration, remote monitoring and alerting, configuration and trouble shooting, and iPhone style upgrade of Remote Ingester Nodes. Most importantly, we are optimizing our infrastructure costs to pass on the savings to the customers. A lot to work on in the near future, so we’re keeping our head held high, and focus sharp.

Current Issue
G7  CR - Value Driven Cloud Assistance