CYBER SECURITY OPPORTUNITIES

AND INDUSTRY OVERVIEW

Subhajit Das
 AGENDA

Cyber Security Overview

Industry Opportunities

Cyber Security Market

Cyber Security Domain Overview

Examples of Industry Requirements

Examples of Industry Tools

Examples of Industry Trends

July 2023 Slide 2

 CYBER SECURITY OVERVIEW

Defensive Security
Offensive Security Common– • Firewall
• Penetration testing • Threat Intelligence • Intrusion detection
• Social Engineering • Vulnerability • Encryption
• Exploit Management • Antivirus/Anti-
Development • Disaster Recovery malware
• Red teaming • Incident Response • Identity & Access
• … • Security Awareness Control
Training • System Hardening
• Application Security • Data Loss Prevention
Testing • …

July 2023 3
 INDUSTRY OPPORTUNITIES

• Security Product Development – Product development, product testing, Release

management, defect fixing and patch management, professional services, sales and
marketing etc.

• Security Consulting – Security posture assessment,

Security road map and strategy, Compliance/framework Enterprise–
driven assessments, Risk assessment, Defining policies • CISO
and standards etc. • Enterprise security
architect
• Security Platform
owner
• Auditor
• Security service – Security tool implementation, • Red team/Blue team
• …
Operations support, shared services support, security tool
fitment assessment, audit and compliance support etc.

July 2023 4
 CYBER SECURITY MARKET

• Market size value in 2022 – US $173.5 billion

• Projected market size in 2027 – US $266.2 billion
• Growth rate – 8.9% CAGR
• Drivers –
o Increased targeted attacks on organizations resulting in data breach,
application down time, business disruption, intellectual property loss,
business loss etc.
o Increased cloud adoption resulting in growth of remote access
technologies, MFA, data security and compliance.
o Increasing BYOD and remote working trend resulting in growth of
endpoint security solutions

July 2023 5
 CYBER SECURITY DOMAIN OVERVIEW

Cyber Security Layers

July 2023 6
 EXAMPLES OF INDUSTRY REQUIREMENTS

July 2023 Slide 7

 EXAMPLE 1: UNDERSTANDING SECURITY SCOPE FOR NEW APP

Security scope during normal web application

development and deployment –

a) DevSecOps
b) SAST/DAST
c) Threat modelling & pen testing
d) Infrastructure Vulnerability assessment
e) IAM (SSO, IGA, PAM etc.)
f) Data privacy requirements
g) Data masking, encryption, certificate, key
management
h) WAF, firewall, IDS/IPS
i) Security monitoring
j) Audit and compliance

Picture reference: https://learn.microsoft.com/en-

us/azure/architecture/solution-ideas/articles/disaster-
Typical application architecture with DR (Azure)
recovery-enterprise-scale-dr

July 2023 Slide 8

 EXAMPLE 2: APPLICATION MIGRATION TO CLOUD

Highlights of the hybrid solution -

a) On-prem AD is user source

b) On-prem AD sync'd with Azure AD
c) Azure AD SSO for accessing cloud hosted
applications
d) Federated SSO for on-prem hosted
applications
e) RBAC for accessing Azure resources

Picture reference: https://learn.microsoft.com/en-

us/azure/active-directory/hybrid/connect/reference-
connect-ports
Typical architecture for hybrid Azure AD

July 2023 Slide 9

 EXAMPLE 3: DIFFERENT MFA USE CASES

A BFSI customer requires multi-factor authentication during login to

supported device, also need support for offline access via MFA

• Microsoft Windows Hello provides MFA authentication using fingerprint, PIN, facial recognition.
However, it has some limitation in terms of MFA using OTP to phone.
• One possible option is to use Cisco Duo MFA solution with agents installed on supported
endpoints/devices.

A Healthcare customer looking for a cost effective solution for lab

workers to authenticate to applications using MFA but without phone

• Using Windows Hello or similar service for device login

• For browser based applications, using WebAuthn and FIDO compliant authenticator for MFA
• Update application code to make them compliant with WebAuthn/FIDO, if any SSO solution is used,
make changes to enable the feature

July 2023 Slide 10

 EXAMPLE 4: COMPLIANCE DRIVEN REQUIREMENTS
Yearly password rotation of service
account or application account,
along with password policy
enforcement, and providing
evidence for audit
• Integrate applications with privileged
access management solution to store
application or service accounts

• Enforce organizational password

policies through centralized PAM
system

• Enforce password rotation through PAM

considering additional integrations and
processes

July 2023 Slide 11

 EXAMPLE 5: FIXING POODLE VULNERABILITY

Vulnerability at SSL v3 protocol, requires switch to TLS 1.2

• All systems and applications within the enterprise using SSL v3 need to switch to TLS 1.2

• This will affect many enterprise applications, perimeter security components, policy and
standards, endpoint devices etc.

• Create enterprise wide plan for the change for all applications at all environments

• Enable TLS 1.2 version at firewall and other endpoint devices

• Enforce TLS 1.2 at browser

July 2023 Slide 12

 EXAMPLE 6: SECURITY OPERATIONS CENTRE
Facilitates collaboration by unifying and coordinating all the security technologies and operations. It can
streamline the security incident handling process as well as help analysts triage and resolve security
incidents more efficiently and effectively.

Key Roles
• Security operations manager
• Compliance Auditor
• Incident Responder
• SOC analyst
• Threat hunter

Reference:
https://www.paloaltonetworks.com/cy
berpedia/what-is-a-soc

Key Tools - SIEM, VM, EDR, UEBA (user and entity behaviour analytics)

July 2023 Slide 13

 EXAMPLES OF INDUSTRY TOOLS

July 2023 Slide 14

 NETWORK SECURITY
• Firewall (network based, host based)
• IDS and IPS (network based, host based)
• Test Access Point (TAP) Palo Alto, Check Point, Fortinet,
• Web Proxy Sophos, Juniper etc.
• NAC (Network Access Control)
• Remove access (VPN)

• Network Vulnerability scanning Qualys, Nexpose Rapid7, Tenable,

• Network Penetration testing Acunetix, Burp Suite, Nessus etc.

• SIEM/SOC service
Microsoft, IBM, Splunk, Sumo Logic,
• Incident detection and response service (SOAR, XSOAR)
Rapid7, Securonix etc.
• Extended detection and response (XDR)

• SASE - Software defined-WAN, Cloud Access Security Broker (CASB),

Zscaler Cloud Security Platform,
Next Gen Firewall (NGFW), Zero Trust Network Access (ZTNA), Secure
Web Gateway (SWG)
Prisma SASE etc.

• Endpoint security – Anti-virus, anti-malware, host-based firewall,

Symantec, McAfee, Sophos, Red
Endpoint Detection and Response (EDR), Managed detection and
Canary, SentinelOne etc.
response (MDR)

July 2023 15
 APPLICATION SECURITY

• Static Application Security Testing (SAST)

Checkmarx, Synopsis, Snyk,
• Dynamic Application Security Testing (DAST)
Burp Suite etc.
• Fuzzing

• Vulnerability scanning Qualys, Nexpose Rapid7,

• Penetration testing Tenable, Acunetix, Burp
• CWE/CVE prevention Suite, Nessus etc.

• Threat modelling STRIDE, DREAD, OWASP

• Aim, Visualisation, Identification, Mitigation, TOP TEN, MITRE ATT&CK
Validation Framework etc.

Cloudflare, AWS, Azure,

• Web Application Firewall Akamai, Barracuda, Fortinet,
Imperva, F5, Citrix etc.

July 2023 16
 DATA SECURITY

• Data discovery & classification

• Data at rest – Encryption and Data Masking Thales, OneTrust, Varonis,
• Key and Secrets Management MicroFocus, ProofPoint,
• Data in motion - PKI and certificate management Microsoft Azure etc.
• Hardware Security Modules

IBM, Sophos, ProofPoint,

• Data Loss Prevention (DLP)
Symantec, Microsoft etc.

Imperva, IBM, ManageEngine

• Database activity monitoring
etc.

Identity and Access Management

• Identity management & Identity Governance SailPoint, Saviynt,
• SSO and MFA ForgeRock, Ping Identity,
• Customer Identity and access management Okta, CyberArk, HashiCorp,
• API Security Microsoft Azure AD, AWS
• Identity as a service Cognito, Cisco Duo etc.
• Privilege Identity Management

July 2023 17
 RISK AND COMPLIANCE

• IT Security Risk Assessment

Common frameworks include – National Institute of Standards and
Technologies (NIST), ISO 27001, Operationally Critical Threat, Asset
and Vulnerability Evaluation (OCTAVE), Control Objectives for
Information and related Technology (COBIT) etc. Archer, OneTrust,
ServiceNow, MetricStream
• Management of Regulatory Compliance etc.
SOC 2, PCI-DSS, GLBA, FISMA, HIPAA, GDPR, country-specific
compliance etc.

• Vendor risk assessment

ProofPoint, Cofense,
• Security awareness and training
KnowBe4, Terranova etc.

Cyber Security Audit Support

• Internal audit
• External audit

July 2023 18
 EXAMPLES OF INDUSTRY TRENDS

July 2023 Slide 19

 CYBER SECURITY TRENDS

• IoT Security
• FIDO (First Identity Online)

• Decentralized Identity • Increasing application of AI and ML

• Identity Wallet

• Machine Identity Management

July 2023 20
 DECENTRALIZED IDENTITY

July 2023 Slide 21

THANK YOU