Publication Name: manufacturingtodayindia.com
Date: July 2021
The threats to data security and integrity are more uncertain than ever
Tata Elxsi's cybersecurity specialists Vivekchandran NV and Prasanna V Balaji talk to Manufacturing Today on cybersecurity challenges in the age of growing usage of Artificial Intelligence.
What is the current state of opportunities and challenges in the cybersecurity space?
In the era of digitization, malicious hackers are getting smarter as threat vectors evolve. Therefore, it is crucial to protect our privacy against threats such as ransomware, sphere phishing, zero-day exploits, attacks over IoT devices, and advanced persistent threats to the system.
The adoption of Artificial Intelligence helps to secure data and can also be used to cause serious damage to the potential victims; deep fake is one such example. AI can learn the anomalies used by threat actors, such as phishing, disinformation, and data manipulation, to execute a cyber-attack. Therefore, companies should ensure maximum security measures while moving sensitive data into the cloud, considering it a shared responsibility.
The most significant ongoing key security concerns are a lack of awareness, a shortage of qualified skills, increasing migration to cloud computing, regulatory compliance requirements, and the persistent evolution of attacks.
What are the latest trends in the field of cybersecurity?
With new threat landscapes emerging daily, data security and integrity threats are more uncertain than ever, particularly for businesses. For firms that aren't security conscious, maintaining industry standards, complying with rules and policies, protecting against growing cyber-attacks, and dealing with greater business continuity risk is becoming a day-to-day issue.
Recent trends and cybersecurity statistics show a significant increase in the number of firms getting hacked and having data breached via sources becoming more popular in the workplace, such as mobile and IoT devices.
Because of the flexibility, shared responsibility, and cost involved, enterprises worldwide embrace cloud solutions or transfer legacy systems to the cloud. However, cloud infrastructure is becoming exposed to the public in many ways thanks to the internet, making it open to various attacks and data breaches. Therefore, cloud security will be crucial in enabling privileged cloud access to business applications.
Moreover, smart devices being available to users might compromise security in multiple ways. Ensuring security over medical devices, automotive vehicles, home appliances, and industrial control systems is becoming harder as attacks evolve rapidly. Integrating security in the development lifecycle will help overcome this challenge.
What is the framework of services in the offerings from Tata Elxsi?
There is a requirement for comprehensive software security and identifying vulnerabilities in the early stages of development, resulting in improved software quality, saving time and money in the long run.
Tata Elxsi Security CoE brings in the industry's best practices that comprise Application & Data Security and Infrastructure security.
Our application & data security service helps to optimize the overall DevSecOps for better accuracy and faster response. We offer automation and orchestration security testing activities customizable for seamless custom test case integration. End-to-end application security testing is a continuous process and is embedded into Software Development Life Cycle. Our service also enables the early identification of vulnerabilities and risks on applications and infrastructure. We provide services for STB, Router, head-end server, mobile/ web app, streaming devices, switches, gateways, Cloud infra, CAS, DRM, among others.
Our infrastructure security service helps to protect the network and endpoint from malicious action. We also design network endpoint security architecture and implement security protocols over devices/ products/ tools & services along with 24X7 support and maintenance. Our offerings adhere to cybersecurity regulatory and compliance standards.
Tell us about the Security Test Automation Framework Solution that is said to address risks associated with networking devices.
Tata Elxsi has developed STAF (Security Test Automation Framework) that can hunt for security vulnerabilities within the network, exploit known security flaws, and provide remediation methods. It also has an integrated dashboard that allows users to view the status and filter results based on requirements. Once the automated testing is complete, STAF generates an executive report to be shared with the client.
Tata Elxsi's Automated testing framework proves to be more efficient in identifying and mitigating risks associated with networking devices. Tata Elxsi's solution has saved many of the industry's best organizations in the number of hours to conduct a security assessment and their business by mitigating potential security risks. Furthermore, the framework constantly evolves along with the trends of cyber-attacks and has proven to be reliable.
What is the infrastructure provided?
STAF allows seamless integration with the user’s infrastructure. It can also be integrated into an existing CI/CD pipeline that allows an organization to eliminate security risks, right from the early stages of development and brings in a cultural shift towards a secure environment. STAF can also be deployed in a cloud environment to ensure availability and reliability.
Can you share any success stories of STAF?
STAF is being used in several platforms to integrate security into an existing pipeline. The tool has established trust and is actively being used by Fortune 500 Companies in multiple sectors such as telecoms, media, automotive, healthcare, etc.
What differentiates Tata Elxis's solutions from others?
Our deep domain experience in communications, media, automotive, and healthcare industries coupled with cybersecurity expertise enables us to ensure and offer digital security services for a wide range of products/devices /appliances.
Tata Elxsi's STAF framework allows seamless integration with the existing infrastructure of the industry-leading customers and allows completely Automated security testing with minimal human interaction. Furthermore, STAF runs its testing scripts in a staged and controlled environment within customer premises to ensure business continuity.
STAF is user-friendly and uses end-to-end encryption with industry-standard protocols to prevent attacks such as sniffing, Man in the Middle, and Eavesdropping. It also has the ability to validate certificates from the CA (Certification Authority). STAF also provides executive reports that contain host information, scan time, list of vulnerabilities, CVSS Scores, remediation methods, and priorities vulnerabilities based on business risk.