Romanus R Prabhu and Raj Vijayarangakannan On The Need To Embrace New Technologies To Combat New Threats

Romanus R Prabhu is the Director of Product Support at ManageEngine, a leading provider of IT management and cybersecurity solutions. With over 20 years of experience as the Director of Product Support, Romanus is responsible for ensuring the satisfaction of ManageEngine’s Unified Endpoint Management (UEM) customers, overseeing the onboarding, implementation, training, and support of each customer. He also nurtures community champions within ManageEngine’s product evangelists, professional services, partner certification, and customer success teams.

Rajkumar “Raj” Vijayarangakannan is Lead of the Network Design & DevOps Group at Zoho Corp. Raj has over nine years of experience in the IT industry, having previously helped build and optimize multiple network and application performance monitoring solutions. In his current role within the Hosts, Data Center, and Networking workgroup, Raj is responsible for installing new data centers and all other application stacks—including security services—over each data center, ensuring that each component is secured in order to provide complete protection for customer data.

In the wake of Infosecurity Europe 2023, we spoke to Romanus and Raj to discuss the security and compliance challenges that organizations are facing today, the importance of being able to adapt to new technologies, and how we can expect security tools to expand and evolve in the near future so that they can help businesses detect and respond to unknown unknowns.

ManageEngine offers a wide range of IT management and cybersecurity products. This enables you to offer protection across multiple attack vectors and to gain insight into diverse types of cyber threats. What are some of the main threats that your customers are facing today?

Romanus: Based on a general understanding of the market and our specific customer environment, I can position two things as the most feared threats. The first one is ransomware. Ransomware is available as a commodity now. With Ransomware-as-a-Service, you don’t have to be tech-savvy to launch an attack. And one-third of last year’s ransomware attacks were delivered using Ransomware-as-a-Service. So, that’s something that people fear a lot. And with a ransomware attack, the threat actor usually has a lot of insight into the victim’s network, from recon to the impact. About 90% of the attack involves using tools that are freely available to us—free services, Windows utilities—to recon, to get passwords, and things like that. Then about 9-10% of the attack involves using their own scripts to launch the ransomware itself. The second major threat is phishing. If we don’t know that a password has been leaked, we won’t be in a suspicious mode. This allows the threat actor to lie dormant and unnoticed within the network for a long period, while they try to uncover the “crown jewels” of that organization.

Aside from actual cyber threats, what other challenges are organizations facing when it comes to cybersecurity, and how have those challenges evolved in recent years?

Romanus: During the pandemic, all the endpoints were within a secured perimeter, like a castle and moat. But after the pandemic, everything changed. Remote endpoints present a lot of challenges in the way that you manage them. We managed remote endpoints, I remember it started with systems management (SMS), then it moved to mobile device management (MDM) when the mobile devices were introduced, then enterprise mobility management (EMM), then unified endpoint management (UEM). And now we talk about digital workplace management. It’s all about the same endpoint, but the technology for managing those endpoints has been changing over a period of time. Now, businesses must adapt to these technologies and ensure their modern endpoints are always available for the business, as well as secure. So, adapting to the technology and striking the balance between security and end user experience is one of the challenges that enterprises are facing.

The increasing number (and strictness) of compliance regulations is something that many IT and security teams are finding particularly challenging today—particularly among those handling sensitive data such as PII or PHI. Why are we seeing an increase in compliance challenges?

Romanus: When a threat actor is interested in business or end user info (PHI, PII, or financial insight) and their objective is to get the data, they want to do it with the best possible ROI. The less defense you have, the better the attacker’s ROI when they get the data. When you increase compliance standards, you raise the bar for the protection you have in place; your data is better protected and more difficult to access, so the attacker’s ROI decreases. That’s the basic idea of having compliance from my perspective.

In order to answer the challenges in increase, do you see this as a positive, or is it negative?  I see it as a positive approach in embracing compliance. Today, we’re seeing an increase in compliance discussions because, in the past, compliance would be discussed at the auditor level or at the IT operations and security level—the end users were never part of it. Today, the scenario has changed. End users have become partners in compliance in terms of security and privacy. That’s why there’s more discussion about it across the organization; it’s reached the grass root level. And I think that’s a step in the right direction because that way, it gains better momentum, and everybody becomes responsible for security.

As more organizations migrate to the cloud, a particular struggle when it comes to compliance is data sovereignty—controlling where your data resides. Can you tell us about ManageEngine’s two new data centers, and how they’ll help businesses overcome that challenge?

Romanus: A lot of our UK customers are global, but now they want to move to UK data centers and ensure that the data is stored there locally. So, we’ve built two new data centers in the UK that help businesses to meet complex data security demands, particularly in terms of compliance, privacy, data leak prevention, and endpoint security.

Raj: Since Brexit, data sovereignty—keeping data inside the UK—has become the norm for a lot of cloud operators. Many UK institutions that deal with sensitive data, such as government institutions, want their data to be inside the UK, so that they have more control over it. We are a cloud provider and we’ve been in the market for a long time, and we’ve seen umpteen requests from UK-based organizations to be able to store their data locally so they can benefit from the entire suite of integrated data management and security tools we offer. So, this is one of the prime reasons that we have opened the new two new data centers in London and in Manchester. These two data centers will host ManageEngine’s entire cloud portfolio of applications for new and existing customers. So, if a customer we serve wants to migrate their data to a UK data center, we help them to do that.

Finally, from a compliance standpoint, all our data centers are compliant with all the ISO standards necessary for security and data privacy. One of the key insights here is that we operate the end-to-end aspect of data centers; we install our own servers and cloud software, and we manage the entire network internally, so we’re in complete control in terms of data security. There is no compromise in terms of data sharing or data handling.

How can enterprises globally use these new data centers, for example, to comply with GDPR requirements for data sovereignty?

Raj: Since the pandemic, everything is in the cloud. This means companies can have employees all over the globe, and any business with offices operating within the UK soil must be compliant with the local GDPR rules. As a whole, all our data centers are GDPR compliant. But we also offer a variety of choices for data sovereignty. If a business wants all their data to reside in the UK, they can do that; if they want to have a global footprint, they can have segmented installations within the UK, or they can also use our US data centers. We give to our customers that choice, but from a security and compliance perspective, we offer the same level of compliance all over the world so that the data is secure.

We’ve discussed the current state of the cybersecurity and compliance landscapes, and now I’d like to turn our attention to the future. How can we expect cybersecurity to evolve in the coming years?

Romanus: Organizations have assets—identities, applications, endpoints, and networks—that need to be protected because the threat actors are interested in the data they hold. These assets have known vulnerabilities that we mitigate through things like patching. But there are also unknown vulnerabilities or “blind spots”, such as insider threats where people unknowingly leak data. We need better visibility into and control over those unknown vulnerabilities. However, we’re also increasingly facing unknown unknowns. These are—even with a combination of AI and ML—very complex to detect and respond to, because we don’t know what the vulnerability is, so we don’t know how to tackle it.

So, in spite of protecting your assets, there are gaps where a threat actor might enter. Now, how soon you’re able to detect and respond to such a breach is an area that we’ll continue to see expanding. You’ll hear a lot about Endpoint Detection and Response (EDR). EDR can recognize a malicious behavior based on its historical knowledge of previous attacks. It can also baseline a certain behavior as normal and, if there is any behavior that deviates from the normal behavior, it will be shown as suspicious and then highlighted as malicious.

EDR is now going to the next level—Extended Detection and Response, or XDR. This is where you get security alerts from all assets—identity, data applications, network, and endpoints. When all these are correlated and you’re able to see the whole network from an assets point of view, then you should be able to better identify abnormal behavior and then more easily stop those attacks. There are always going to be attacks, there are always going to be vulnerabilities, there is always going to be exploitation. But by baselining the behavior of your assets, you should be able to detect and respond to unknown unknowns. That’s where we think that the entire game is moving to.

Can you share any plans ManageEngine has in terms of growth or evolution that will enable you to continue to support your customers as we see these changes play out?

Romanus: Whatever technology the customer wants to embrace, we ensure that ManageEngine’s tools enable them to do that. There’s a lot of interest at the moment in MSP platforms, for example—small and medium companies want to outsource everything and have it managed for them. So, we have extended our platform for them. Similarly, there are organizations like financial and healthcare institutions, which need to keep their data on-prem, so prefer to implement on-prem solutions. We want to ensure that these customers have a solution. And finally, we’re also focusing on coexistence. Not every customer is going to have one vendor who supplies all their needs in terms of cybersecurity. They’re going to need multiple vendors and products to meet all their requirements. So, we’re focusing on coexistence in terms of our ability to complement the other product and ensure that we are securing the customer in terms of their holistic cybersecurity requirements. That’s what we’re moving towards.

Thank you to Romanus and Raj for taking part in this interview. You can find out more about ManageEngine’s IT management and cybersecurity solutions via their website.

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.