We took an opportunity to interview our CEO, Chandra on some of the challenges faced by Information Security industry in general and the philosophy behind SanerNow and what inspired SecPod Engineers to create SanerNow.
Here is an excerpt from that interview which was also the theme for our recently concluded webinar,
What is the biggest contributor to continued cyber-attacks?
The biggest contributor for continued attacks is not having cyber hygiene process in place.
If you look at cyber security industry in the last 5-8 years, it has undergone significant changes in terms of how attacks are performed and how we are perceiving them. There is lot more fear which is justifiable and lot more care too. More attacks are getting reported, targeted attacks are increasing. The IT infrastructure has significantly changed with cloud, containers, mobile devices and traditional IT devices.
Another important trend to notice is, new products are being launched, new layers of security are being introduced. This is good as well as disturbing. Good, because innovations are taking place. Disturbing, because it is not making any difference to the security outcome.
People are afraid to bring in new technology, as it is a big hassle to try anything new. Most of them add to the complexity and do not yield promised result.
Going back on my earlier point, the real miss is not having proper hygiene measures in place, which I believe will significantly improve security posture.
Regarding managing and securing endpoints, what makes it complex?
"We have many products, but very little security." This is a typical complaint when securing and managing an IT environment. Organizations invest in many products but, environments are still subject to attacks and exploitation.
With each release, the footprint of products expands. This leads to a bloated feature set, which increases complexity and training requirements. Then there is the burden of procurement, installation and training. Multiple agents, network and system resource usage, dis-connected view of enterprise endpoint security posture are additional parameters.
This increases complexity along with cost for managing endpoints.
What is the inspiration or a starting point for SanerNow?
Starting point was how risk assessment and mitigation is being performed today and the tool’s and practices’ ineffectiveness in addressing the need. Risk assessment is being done on a periodic basis, an audit driven approach.
There are many problems one would face doing these assessments,
- Scan duration
- Network bandwidth and system resource usage
- Lengthy reports
- Large number of vulnerabilities are being discovered daily
- Time to fix is 3-4 months
The thought was, having one product that can identify vulnerabilities and mitigate them too. And can that process be automated to a daily routine instead of an audit-driven monthly or quarterly assessment.
So, that is the starting point.
How did it lead to SanerNow which is now a platform of tools?
Once we had that built in, we saw similar problem to achieve compliance to regulatory or technical standards. Assessment and mitigation cycle and how do we achieve continuous compliance?
Then we added asset management and endpoint management capabilities as well with similar belief.
If you look at all these in entirety, for a cyber hygiene practice, we need visibility to IT assets, risk assessment capabilities and risk mitigation capabilities. And lot of these activities need to be automated.
We first built a basic platform with ability to talk to systems and make changes to systems. With that being the platform, we keep adding tools to serve different business needs. Thus, was born SanerNow, a platform of tools for managing and securing endpoints.
What is the overall objective or goal of SanerNow?
The objectives are,
1. Platformification; adding tools to manage and secure devices from cyber hygiene point of view to,
a. Reduce complexity
b. Save IT management cost
2. All the tools will be built with remediation or action in mind. We’ll not leave our users with just reports.
The overall goal, however, is to put our users into a cyber hygiene habit. It is a habit for building better cyber security posture.