SME Times is powered by   
Search News
Just in:   • US stocks rally amid trade optimism, economic data  • HDFC Bank's Q3 net profit up 20%  • Centre may miss divestment, fiscal deficit targets  • CII suggests measures to help MSME sector  • Imran Khan seeks expedition of CPEC projects 
Last updated: 03 May, 2018  

Rahul.9.thmb.jpg Indian SMEs lagging in IT-OT network convergence: Skybox Security

   Top Stories
» Centre may miss divestment, fiscal deficit targets
» CII suggests measures to help MSME sector
» FICCI for housing scheme for women garment workers
» India's debt up 50% to Rs 82 lakh cr under Modi govt
» Big relief to startups, investors as govt liberalises norms
SME Times News Bureau | 03 May, 2018

Most of Indian small and medium enterprises have just started to think about the convergence of IT-OT networks, and among those who have adopted, most are struggling to figure out how to manage it, Skybox Security's Regional Sales Director for India and SAARC, Rahul Arora, said in an exclusive interview with SME Times.

Excerpts of the interview…

Please tell our readers about Skybox Security and its entrepreneurial journey.

Rahul Arora: Founded in 2002 by current CEO Gidi Cohen in partnership with Moshe Meiseles and Eran Reshef, with the vision of combining modeling and simulation technologies, visualization and intelligence in a single platform. Skybox is a privately held company with worldwide sales and support teams serving an international customer base of more than 500 enterprises in over 50 countries. Headquartered in Silicon Valley (San Jose, California), with R&D based in Herzliya, Israel and field offices in the United Kingdom and Western and Central Europe, India, and Singapore; the company has over 275 employees.

In October 2017, after achieving a compound annual growth rate (CAGR) of 46 percent and positive cash flow (2014 - 2016) and proven innovation to meet market demand, Skybox received $150 million investment for a total funding to date of $314 million. Skybox intends to invest in sales and marketing, customer care and R&D. It will also be used for potential M&A activity, to capitalize on the approximately $10 billion market opportunity in cybersecurity management.

Our award-winning Skybox solutions are used by the world’s most security-conscious enterprises, government agencies and organizations for vulnerability management, threat intelligence management and security policy management. Eighty percent of our customer base is enterprise or large enterprise; more than 40 percent is in the Forbes Global 2000. The company serves all industries, from financial services, service providers, government and defense, energy and utilities (critical infrastructure), technology, healthcare, consumer, manufacturing, etc.

What are the product and services Skybox Security offers?
Rahul Arora: Skybox builds best-in-class cybersecurity management software, the Skybox Security Suite, on an integrated platform. Our software reduces security risks that attackers can find and exploit, such as device misconfigurations and policy violations, as well as exposed and unpatched vulnerabilities. We use advanced analytics, automation and threat/vulnerability intelligence, providing technology solutions in three core areas:

Network visibility, which includes visibility of assets, security control, network topology, vulnerabilities and threats

Vulnerability and threat management, which includes the discovery, prioritization, remediation and tracking of vulnerabilities across hybrid networks and diverse environments

Firewall and security policy management across hybrid networks, which includes such things as rule/policy optimization and cleanup, compliance, change management, and rule life cycle management

These capabilities extend across highly complex networks, including those in physical, virtual, cloud and operational technology (OT) environments.

What is the significance of IT-OT security management in today’s world?
Rahul Arora: Industrial and critical infrastructure is becoming a more prevalent attack vector for the modern hacker and cybercriminal. Standard security controls implemented on IT networks often don’t translate or interact with the OT environment. This means that malware or malicious attacks that would be detected through next-generation firewalls, packet inspectors and intrusion prevention systems could slip through into ICS or SCADA networks.  

There are also risks and vulnerabilities present in the software and firmware of control system networks; their development methodology and security practices were designed and implemented for a very different security and threat landscape. These aging technologies lack encryption capabilities, data validation principles and other widely used security best practices that have evolved since their implementation.  

Added to the innate security shortcomings of industrial networks, the threat landscape is rapidly evolving due to the availability of exploits and other attack tools available on the dark web. Cyberattacks can be quickly and easily launched on a global scale. This means future attacks are going to be faster, more frequent and will impact a much broader front and, to top it off, attackers don’t need advanced skills.  

Without visibility of the devices, connections and security posture of industrial networks, critical attack vectors can slip through the cracks. Visibility, consistency and continuity are key to understanding and mapping control systems and integrating them with IT systems for a complete picture of the attack surface. 

Please elaborate how your different range of products can help an enterprise?
Rahul Arora: Today's security professionals are tasked with many things but it all comes down to protecting the organization from attacks and data breaches. This is complicated by many different moving pieces, such as constantly evolving threats, a complex, always-changing network and a toolbox that’s overflowing with products that generate siloes of disconnected, disparate data.

They are also struggling to keep up with the increasing number of global regulations, including the need to report on compliance with those regulations. They simply don’t have enough resources to meet all these demands in a timely fashion.

Without intelligently automated security management processes -- capable of understanding the larger context of the business and network -- enterprises waste precious time, resources and budget on manual efforts, false positives and point products. Skybox helps address all of these challenges with advanced analytics, automation and intelligence.

Everything we do starts with visibility of an enterprise’s attack surface, all the ways in which that organization can be attacked. Security environments today consist of myriad individual technologies: servers, workstations, firewalls and other various security controls, asset and patch management systems, security analytics, threat and vulnerability intelligence, and more. Different vendors lead to disparate systems not talking to each other or sharing common management interfaces.

The Skybox Security Suite is a security management tool. It acts as an orchestration layer, using APIs to automatically integrate these diverse technologies. We import all that data into a central location to create a single record of information about an organization’s network -- wherever it is, on-prem, multi-cloud and even OT. We then turn this into a dynamic, continuously updated model that can that be used to understand and control how data moves throughout the network -- where access is allowed, where it’s blocked, where exposures and security weaknesses exist, etc.

With this model, we use analytics and automation to help streamline core workflows and processes in firewall/security policy management and vulnerability and threat management. This is critical, as security teams are struggling with having too much data to sort through and simply too few people to do it.

The core things we help with are:

  • Total network visibility, including assets, security controls, network topology, vulnerabilities and threats

  • Attack simulation and path analysis (across hybrid networks)

  • Vulnerability management, including the discovery, prioritization, remediation and tracking of vulnerabilities across hybrid networks

  • Firewall rule/security policy optimization and cleanup,

  • Compliance management / unifying policy across hybrid networks, including on-prem, multi-cloud and OT networks

  • Change management for firewall rules/security policies— including risk assessment of changes

  • Life cycle management of firewall rules/security policy across hybrid networks, including on-prem, multi-cloud and OT networks

  • Security–analyst verified, certified threat intelligence from the Skybox Research Lab

Most importantly, our software can scale to meet the needs of the largest, most complex enterprise and government networks in the world. In fact, 20 percent of the Fortune 100 rely on Skybox, including six of the largest NATO countries and seven of the world’s largest banks.

How much are the Indian SMEs aware of IT-OT security?
Rahul Arora: Most enterprises, regardless of size, are only just starting to think about the convergence of IT-OT networks. IT-OT security is now on the radar of many stakeholders, however, they are struggling to figure out how to manage it, for all the reasons stated above — having visibility of the networks (in a single dashboard) and being able to truly understand the pathways/connections, as well as the exposures and security weaknesses.

Are Indian SMEs lagging behind their global peers in this respect?
Rahul Arora: We do not have the data to speculate on the state of SMEs in India. We do know that compliance management is the number one operational challenge for Indian businesses. Without network automation to streamline workflows, data collection and analysis, tracking and reporting, security teams simply can’t keep up with compliance requirements. This is just the tip of the iceberg, however, as security teams must also be concerned with the day-to-day protection of their organization, including identifying exposures due to vulnerabilities and security weaknesses.

Please share your future plans.
Rahul Arora: Skybox will continue to invest in India, and the APAC region in general, as it's a strategic priority for us.The IT market is growing in sophistication, with a lot of companies fitting the profile of our typical customer — enterprises or organizations that are managing very complex networks. Indian companies are serious about compliance and security, but are facing many of the challenges mentioned above. We offer the broadest cybersecurity management platform to help them streamline both.

Since India is such a geographically diverse country, our partners are vital for the Skybox business model. Because of this, we expect to increase not just the breadth but also the depth of our channel network in India. These target partners will range from Indian System Integrators (ISIs), Managed Security Service Providers (MSSPs) to Value Added Resellers (VARs). Currently, we work with many ISIs to assist with customers of any size and scale around the world -- continuing to invest and drive these strategic relationships.

Largely, MSSPs are the preferred partner for Indian companies looking to move from a capital expenditure (CAPex) to an operational expenditure (OPex) model. They can leverage Skybox solutions such as threat-centric vulnerability management (TCVM) along with their primary services. No one else in the market can provide total attack surface visibility to their customers -- our MSSPs partners increase their monthly recurring revenue (MRR) and reduce customer churn with our solutions. Not surprising, Indian SMEs are also frequently compelled to outsource their security to a capable MSSP due to increased threats and lack of resources internally.

Currently, we are launching an improved channel program and partner portal in India which will allow for greater rewards and resources for partners who invest with us. They will be able to register deals and gain access to online or classroom training programs and market development funds (MDF). I am excited for our evolving channel ecosystem, as we strive to engage with our partners in better ways than ever before. Our ability to integrate with more than 120 technologies is paramount because it gives our partners more opportunities to cross-sell and upsell into their existing customer base. This ability to normalize diverse technologies allows our partners to offer a single pane-of-glass view, attracting customers who were out-of-reach before partnering with Skybox.

Print the Page Add to Favorite
Share this on :

Please comment on this story:
Subject :
(Maximum 1500 characters)  Characters left 1500
Your name:

  Customs Exchange Rates
Currency Import Export
US Dollar
UK Pound
Japanese Yen 58.85 56.85
As on 20 Jan, 2019
  Daily Poll
Is counterfeiting a major threat to SMEs?
 Can't say
  Commented Stories
» HostBooks Ltd. offers a seamless GST filling experience: Kapil Rana(3)
» Ashok Leyland to launch 13-seater passenger vehicle, LCV(1)
» CII welcomes GST Council steps as MSME friendly(1)
» Hyperloop start-up Arrivo to shut down: Report(1)
About Us  |   Advertise with Us  
  Useful Links  |   Terms and Conditions  |   Disclaimer  |   Contact Us  
Follow Us : Facebook Twitter