Mr. Marutheesh Babu, Team Lead Post Sales of Netpoleon Solutions
Divvya:- So to start with, sir, I’ll just start with some general questions. How has your journey been so far as a technical leader?
Mr. Marutheesh Babu:- It has been a great, amazing, and smooth journey. I joined seven years ago when I completed my degree in IT, i.e., information technology. Then I took a break for five years and got back into the technical field, and since then I have been serving in the technology industry, so it has been great so far.
Since the pandemic, there has been an evolution in the IT sector. We have seen a lot of new technology emerge and also new threats coming into the market.
Divvya:- So, sir, as you said that you’ve been in the sector for around seven years, what’s the growth in the sector? Percentage-wise, or even normally, how do people grow?
Mr. Marutheesh Babu:-Usually people grow based on technology; we can see a lot of new technology coming in, so when you are with technology, you will grow with the technology, so you are learning new tech every day.
So usually, technology is not stable; it’s dynamic, and every day you are learning something new in the industry and in the IT field. It’s a very dynamic field, so every day you can see incremental growth in the IT field.
Divvya:- So according to you, as new technology comes into the industry, people tend to grow with it?
Mr. Marutheesh Babu:-Yes.
Divvya:- According to you, what are the advantages and disadvantages of being a technical leader like yourself?
Mr. Marutheesh Babu:- We are providing new technology to the market. And we keep on learning new technology.
Sometimes it’s very useful for the vendor, sometimes it’s very useful for the customer, and even for general people to secure their information data.
So we are helping them and introducing new technology, which is one advantage, as well as upgrading ourselves as a technical advisor.
And we are very happy for that. We are helping. We are here to serve people and help them protect their identity and their data.
Divvya:- So, according to you, there are no disadvantages. There are some challenges you have to face, right?
Mr. Marutheesh Babu:- Challenges; yes, this is common intelligence.
So whatever we try, we learn. At the end of the day, sometimes some triggering parts will try to breach our information, so whatever we have learned, we try to teach our employees and enable it in new software.
Divvya:- What are some of the key challenges you or your company faces associated with securing OT systems?
Mr. Marutheesh Babu:- Okay, so the first challenge in the OT environment is legacy and quality. So as people know, every three or five years in the IT sector, we are changing and updating the technology, whereas in the OT environment,
It is more stable. Even the production cycle is huge.
The main challenge we are facing is the legacy systems, which are around 10 to 12 years old. It’s difficult to cope with them, but with the new legacy systems like Windows and Apple, we are able to cope with them. Some systems are running properly, and they’re bringing automation to the environment.
Divvya:- How can your organisation and other organisations ensure the security of their OT systems while maintaining their availability and reliability?
Mr. Marutheesh Babu:- So, we are IT security providers, and we are providing a couple of solutions. So we do have OT security. So we are providing complete visibility of the infrastructure. So if you take any production environment, for example, any pharma manufacturing industry, where there are complete OT and data systems, an IT system, and smart lighting and smart camera systems, we are providing solutions for visibility of the complete infrastructure, whether it be OT devices of every kind, like smart devices, etc., as well as IT devices like desktops and laptops that are connecting to the OT environment and that are converging between the OT and IT departments. so we are providing complete visibility. Whichever device is communicating through IT to OT or OT to IT, or even when a new device is communicating or any Bluetooth device is connected, we use complete information about the OT environment. So then they can identify what devices are present in the OT environment and what kind of protocol they are using. through an IP address or a Mac address? What is the operating system? What are the code numbers? How are these code numbers connected? what kind of vulnerability that device has. How can we expand these vulnerabilities, and are there any terminated devices (old devices) or even ghost devices? so we need to see the complete environment. and what we can protect. So there is a thumb rule in the security system environment. That is, “What we can see, we can protect.” “What we can’t see, we can’t protect.
So this is regarding visibility; next we are providing access, so if you want to access the devices in the OT environment or the IT environment, we cannot give access without prior permission.
Divvya:–Moving to the next question, What are some of the key technologies and solutions used for securing OT environments?
Mr. Marutheesh Babu:- The main technology we are providing is IDS, so an OT environment contains very sensitive data, so we can’t stop anything. We just have to take the information and start analysing it. So we are providing an IDS solution, which is an OT leader in the market. And lastly, we are providing a simulator for IT and OT environments. These are the solutions we are providing. Our device also protects the information passing through the infrastructure.
Divvya:- How does your organisation effectively manage the risks associated with OT security?
And how do other companies do it?
Mr. Marutheesh Babu:- We have different approaches to managing the risk of securities. The first one is to implement a proper solution in the OT environment. Once we implement the solutions, we need to analyse the complete environment of the infrastructure. In our sector, there are subscriptions and a power grid, which manufactures power and helps transfer it to substations. Sometimes there are some sudden volts to be transferred in the high-voltage line, some 1000 volts.
Maybe 500k, so this is the particular limitation of high tension. We need to monitor this voltage continuously. And, thanks to our services, we can continuously monitor that level of voltage. And with our services, we can continuously monitor that level of voltage. And if anything triggers more than the desired amount, we need to take action immediately. So that’s how security solutions come into the picture.
And providing the complete security solution. So, for these types of situations, we have a playbook where there are every set of possibilities that can occur and a step-by-step solution for them. So, for example, if a situation occurs, we just need to take a look at the playbook, and you will get to know what the next procedure is.
Divvya: Why is it important for organisations?
- Marutheesh Babu:- You may be aware of Mahabharat, Ramayana, or if you even take the world war, if you take any incident, the destruction happens because of the single event. If you take Mahabharat, due to that one incident where they played a game of gambling, which they lost, this was the incident where the fire began, and all other things that happened after that are the consequences of this incident. collapsed everything and ended up in war.
In the case of World War I, there was a king killed, and the consequences of that were World War II.
So, likewise, one incident in the organisation collapsed the complete environment.
So we need to monitor each and every event happening in the organisation. It is very important to monitor the events and take precautions before the whole organisation is destroyed.
Divvya:- What are the key components of a SOC, including SIEM, SOAR, NDR, and UEBA?
Mr. Marutheesh Babu:- These are all key components of the SOK environment, and before all these components, we need to implement the basics, like the basic security of the fire wall, to protect anything from coming in. We need to monitor all the devices, like laptops, Desktops connect to the environment for protection. When you take a look inside the organisation, the major devices like laptops, desktops, and servers are the ones we need to stop as devices that are not acceptable at ground level only. For that, we need to implement software on all the devices. These things are done to prevent anything from happening. Second, we need to protect the inside data, from the helpdesk to the CEO. Everyone is using mail, and everyone is connected through the server. Third, we need to provide awareness and education to the employees about the wrong content. From an employee’s laptop, the virus usually starts and spreads across the environment because the employees are not aware of these things. Then comes the SIEM solution. It collects events from each and every corner of devices in the infrastructure and analyses the events happening.
Next is NDR. It connects to the Firewalls and switches. It sends data in packets. Once we get data in packets, we can understand what is going on, analyse or monitor things going on in the organisation, and by connecting through DNS, we can protect against the basic attacks on the internet.
We need to check that there is something going out apart from DNS traffic, and if there is, we need to block it. This way, we can avoid basic attacks through network communication. Organisations also use shared VPN connections, and once we use shared VPN connections, we don’t know who else is coming in, so we need to avoid these potential hazards of network communication. So all these components help block all these unwanted devices and information from entering the environment. Which cannot further cause damage to the organisation.
Divvya:- What are some of the benefits of having a SOC, including improved threat detection and response times?
Mr. Marutheesh Babu:- Actually, the last question covers this question, but there are another two things I missed: one is threat hunting and another is sole component.
So we have different methods for threat hunting, and we do have solutions if you are implementing them in the organisation, and these solutions are managed by humans.
So whatever solution gives the result, human beings have a higher IQ.
And intelligence to use this solution properly. And effectively, what we do is start observing the alarms that trigger on whatever rules we have implemented.
There are a lot of things happening in the environment.
So we need to go back and do the analysis on the infrastructure. So we provide threat-hunting capabilities. We need to regularly check the IP addresses. and allow only those IP addresses that are present in our organisation. And we try to avoid any communication from our end about any threat, although this is a very basic thing. Even if we do this, we secure the environment of the organisation from potential thoughts and activities in the market.
Once the threat is detected through these methods, we can stop it and prevent it from entering the environment of the organisation, and within minutes, you can protect the data and environment of the organisation.
Divvya:- What are some of the challenges associated with implementing SOCS?
Mr. Marutheesh Babu: The main challenge is hardware; we are collecting logs for each and every device using data, so we need to collect the data and we need to analyse each and every part of the data, and it is a huge amount of data. So it is also real-time data. So we need to procure that hardware, and we need to maintain that hardware, so maintaining the hardware is the key challenge we are facing.
Apart from that, we are procuring the best conversion data, and for security reasons, we are not using secondary data, so that is also a challenge.