Interview with an Architect: Vulnerabilities in today's elastic IT environments


cloud-computing security (GraphicStock)

Image (GraphicStock) - Cloud computing security


  Close on the heels of the launch of an SaaS platform touted as the industry's first cloud VM vulnerability platform for the modern IT environment, Computerworld Malaysia set out to conduct a 'rapidfire' interview with a technical architect specialising in ICT security - Dick Bussiere.

He works for the company that unveiled the platform, US cybersecurity company Tenable Network Security. With more than 20 years of experience in ICT security, computer networking and engineering, he assists organisations across sectors, which include financial services, government and managed security service providers.

As Tenable's architect, now technical director, APAC, he is responsible for evangelizing the criticality of vulnerability assessment, vulnerability management and thorough security monitoring.

As well as asking about the new service, this interview's themes also link to some of the issues suggested in this year's Computerworld Security Summit in KL in April.


Photo - Dick Bussiere, Technical Director, Asia Pacific, Tenable Network Security
 Let's start with your 2017 industry local outlook?
As the technological landscape is rapidly evolving, security vendors must also evolve or become obsolete. The importance of cybersecurity in 2017 is clear in every organization - not just to security professionals, but to CEOs, boards of directors, government agencies and customers.

In Malaysia, security teams are starting to think about security more strategically. Senior executives couldn't care less about the better mouse traps our industry is so fond of developing and marketing with great fanfare.

With Malaysian organisations rapidly adopting new technologies in 2017, the questions CISOs and senior executives want answers to are quite foundational: "How exposed is our organization?" "How much risk are we facing?" and "How does that exposure and risk profile change as we make changes to our IT systems and business model?" - meaning vulnerability and risk management are going to look very different this year.

From BYOD to virtual systems, web apps to containers, cloud to DevOps deployments, organizations struggle to achieve visibility, to understand their true exposure, and to determine how best to manage risk. As such, it is critical that Malaysian organisations understand their vulnerabilities holistically.
What SaaS needs are not being met in the local market?

With the proliferation of mobile, public cloud and IoT, there are more endpoints to secure than ever before. As Malaysian organisations embrace SaaS, the modern environment is now interconnected and complex - which is changing the threat surface in new and unanticipated ways, often beyond the purview of the security organisation. 
To visualise the changing risk profile, Malaysian organisations must adapt their security systems to detect and monitor change, and assess the impact of change on their risk profile. As such, Tenable introduced, delivering visibility and insight through an open and elastic platform that addresses the challenges of today's environments.
So, why is the time ripe for this offering?
With the global economic uncertainty - particularly changes in U.S. economic policies and a slower Chinese economy, the emergence of disruptive technologies has the potential to serve as a catalytic game changer to boost the Malaysian economy.

There have been a number of initiatives driving the technology industry in Malaysia. The government's recent investment to improve internet and the increased focus by the national ICT agency Malaysia Digital Economy Corporation (MDEC) to develop the country's digital economy, have enabled more local companies to focus on transforming their business digitally.

Digital initiatives, such as those from the MDEC, require security teams to handle dynamic computing models and rapid development methodologies such as DevOps and containers. Our offering gives organisations the insight they need to identify and prioritise the risks associated with these elastic IT environments. Truly, it is the right product at the right time for this market.

And what returns will this new solution deliver to the business?

Today, every business is an internet business, which means cyber vulnerabilities become business vulnerabilities. Without a detailed understanding of your overall risk position, you're exposed. Without gaining control of vulnerabilities, your business is at risk.

Security teams using other SaaS-based vulnerability management solutions struggle to track assets and vulnerabilities accurately. They suffer with antiquated and disjointed user interfaces, and must license products based on an outdated IP-based approach. With, we are delivering a fresh, asset-based approach that accurately tracks assets and covers more than 30 percent more vulnerabilities - meaning that data reflects the true environment and dramatically improves collaboration between security and IT departments.

We have always focused on vulnerability management; it's in our DNA. Now we are transforming our products and company, and vulnerability management has become the foundational technology for your security program. We are the only company empowering CISOs to gain control across their entire attack surface by giving them the broadest and deepest visibility available to answer the questions, "How vulnerable are we? How can we reduce our risk?"
Another point is we believe we are the only vulnerability management provider offering integrated container security. By integrating with continuous integration and continuous deployment (CI/CD) tools, it enables organizations to remediate container-based vulnerabilities before they reach production, all without slowing innovation cycles.

1  2  Next Page