By Sameer Ratolikar, Executive Vice President and CISO, HDFC Bank
We are nearing two years of the pandemic followed by WFH which gave impetus to the cloud adoption especially for customer facing digital initiatives. As we are setting foot into 2022, some of the cyber security considerations from a CISO’s perspective are penned down below:
1. Agility and automation is going to be the key
Tactical and time consuming approach towards vulnerability management. Let us take the recent example of Apache log4j vulnerability. Initially, it was said that the vulnerability is only applicable for log4j version 2.10 to 2.14 . The info-security team went on to change the config setting ( no look up= true) and in parallel talked to the application vendors, ensured the upgrade is made available quickly , tested it and upgraded the application to 2.15 . In less than few days the news article in the media mentioned that even 2.15 was vulnerable and right way is to move it to 2.17 . The cycle of identifying the affected systems, and in parallel taking to the vendors continued. I strongly feel that vulnerability exposure market will grow significantly ( structurally and un-structurally) and we can’t be handling it in a non- intelligent manner like this.
I feel that we need a better intelligent way akin to SAC (Software as a Code ) available on the cloud to the on-premise setup to manage the patches and upgrades in a quickest amount of time . I am sure we will see some action in this domain in 2022
2. Run time self protection (RASP) approach towards application protection
Application security testing today works on SAST and DAST. So, every time when application undergoes an application security scan, it throws some vulnerabilities and it takes from a few days to few weeks to patch the application vulnerability depending upon the criticality.
I see this more as a reactive approach even though some of you might feel that appsec scan is a proactive mechanism to address the vulnerabilities. I strongly feel we might see more innovation here and companies offering and banks adopting run time application self protection (some thing like sensors to fix the vulnerabilities in real-time there by minimising the time-to-fix) . Another use case is for customer transactions. The banking industry is seeing a few frauds wherein fraudsters are luring gullible customers to install remote control apps on their mobile phone, thereby planting a malware and taking full control of the phone to carry out fraudulent transactions. RASP will be able to address this issue significantly.
3. UEBA and AI ML adoption
As the threat landscape is evolving and becoming more complex, it is important to monitor the user behaviour for actions initiated by a user or malware. But legacy applications mostly lags proper logs which dilutes the ability for AI ML models to detect the threats. Hence, presence of proper logs in applications is the key
– This article originally appeared on LinkedIn. This is published here with the author’s permission
Really helpful cybersecurity considerations explained in this blog. Would love to know more, especially on the best DDoS protection for my website from service providers like Mazebolt or Cloudflare, which one is the best?