Sophos is a leader in cybersecurity protecting organizations and customers in more than 150 countries from advanced cyber attacks. It offers a broad portfolio of the latest products and services providing security against hackers, malware attacks, phishing, ransomware, etc. Sunil Sharma is the Managing Director of Sales, Sophos India & SAARC. Following is an excerpt from the interaction between Team IT-Voice and Sunil Sharma where he has answered various questions related to the cybersecurity domain and company strategies.
Prateek: What is the difference between threat hunting and threat detection? What is the role of threat hunting in the overall security plan?
Threat hunting entails human lead investigation into threats in an organization’s environment by following an initial clue that indicated suspicious activity or searching for threats even when there is no indication that one is present. While this is a relatively broad term, threat detection is used to imply automated detection of threats.
The most sophisticated and evasive attacks leverage multiple access points to gain entry, move laterally to evade detection, and do as much damage as possible as fast as possible. The only way organizations can combat such attacks is by including active threat hunting which is a part of Detection and Response into their cybersecurity operations.
Prateek: Please throw some light on the significance of Managed Detection and Response (MDR), EDR in the security plan of an organization.
Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are important tools for threat hunting. What these essentially do, is help organizations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA).
While EDR are powerful tools, we do need to note that they are limited to detection and response on endpoints and servers. However, having said that, if organizations had to choose one place to focus their detection and response efforts, their endpoints and servers are a great choice.
At the same time, there are things organizations can’t do by working on them in isolation. After all, IT environments are an interconnected web of networks, communication tools, mobile devices, cloud applications, and more.
To defend IT infrastructure more comprehensively an integrated detection and response system is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools, and mobile threat management solutions.
XDR and EDR will detect a lot of the threats, but they can’t prevent an attack from being initiated. These tools detect threats quickly and allow human intelligence to kick in and defend against those threats. Tools like EDR and XDR will also need people and processes to effectively manage security around the clock. Yet, many businesses struggle to put all these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organizations’ security teams, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyze intelligence.
Prateek: How regular audit and compliance can prove effective in reducing the ransomware threat?
Audits help organizations gain in-depth visibility of their IT ecosystem and identify risk areas. This is the first step to formulate a cybersecurity strategy to minimize risks. Compliance adds an additional layer of security which is also aligned to the vertical and size of the organization. Both audit and compliance help organizations understand and put together a roadmap for their cybersecurity plans to combat threats like ransomware.
Prateek: What will be the role of channel partners in formulating strategy? Is there any role in product development too?
Our channel partners play a big role in our business operations. At Sophos, we believe in putting our partners first in all our efforts. This starts with the products that we create. There are features designed specifically for partners, such as the Sophos Central-Partner dashboard that allows partners to centrally manage their customer endpoints and firewalls from a single dashboard. Partners also have clear upsell and cross-sell opportunities with their existing customers, due to the broad portfolio of Sophos products that are available within Sophos Central.
For any such interaction opportunities, you may write to us at [email protected].
