Siliconindia Creates IT Security Awareness @ Security Conference 2010 Date:   Wednesday , November 03, 2010 At a time when even unborn kids flaunt the web with their own accounts and the cybercrooks globetrot virtually to exploit every network and system, security providers have turned to don the roles of defense forces in the virtual world. A glance in India wherein individuals and corporates turn a blind eye towards the severity of cyber war threats makes it imperative to create more awareness. The attempt of SiliconIndia to enlighten the Indian crowd about cybercrime, malware incidents, data breaches and compliance legislation through the SiliconIndia Security Conference 2010 met with an applaudable response. More than 600 attendees packed the NIMHANS Convention Centre in Bangalore to listen to the experts from Symantec, Novell, McAfee, Wipro, Mindtree, RSA, Niksun, Juniper Networks and Paladion. Securing the Networks Computers and the networks that connect the innumerous computers around the world have gone on from being wondrous innovations to pervasive business necessities in today’s world. The challenge to system and network security is the explosion of Information. Unsecured information has become a liability today. We also see the growth of unstructured data pegging at over 60 percent per year. It is expected that the total volume of digital information will reach 1,773 exabytes by 2011. With increasing business deals being carried over the virtual world, systems are getting more complex and heterogeneous and thus more prone to cyber crime or data breaches. Shantanu Ghosh, Vice President, Enterprise Security & India Product Operations at Symantec immediately pinpoints the solution which lies in a connected enterprise. “It can be done through consumerization of IT, social networking sites, different mobile devices, and cloud and virtualization,” he says. A holistic information approach to security should be taken in this regard that should be risk based and policy driven, information centric with actionable intelligence and well managed infrastructure. And when we say an information centric model, it should compile information governance, information intelligence and information infrastructure. Data-driven Protection Numerous concepts are put on test to understand the data structure. One such concept is Network Forensics. While IDS, IPS, Firewalls and Log Analysis are some of the state of the art cyber defenses available, network forensics is an evolving field in the security landscape. Ajit Pillai the Regional Director of India and Middle East at Niksun explains, “Data is recorded, stored and reconstructed in order to discover the source of security attacks or other problem incidents. This leads us to the unknowns in the security breach and hence to the truth. And the truth is on the wire.” Cost of a data breach amounts to around $204 per compromised record. Nearly 50 percent of information residing in enterprises is sensitive. Competition, compliance and credibility black hole are to be given more importance. It is revealed that all Indian enterprises surveyed lost revenue due to cyber attacks and an average enterprise explores 17 standards and frameworks. Security Standards A Windows-specific computer worm called Stuxnet was discovered on July 13, 2010 which was attempting to take control of industrial infrastructure around the world. It was a Stealthy malware that propagates through USB drives and exploits 4 zero-day vulnerabilities. This is just one of the examples for the sophisticated nature of computer malwares these days. To overcome such flaws there are various strategies and techniques used to design security systems. However there are few, if any, effective strategies to enhance security. Furthermore, by breaking the system up into smaller components, the complexity of individual components is reduced. In doing so we can maintain the system’s quality attributes, among them confidentiality, integrity, availability, accountability and assurance,“ Security is at breach when you have Intel inside but intelligence outside. Security systems are to be standardized in India. Otherwise, misuse of resources will damage reputation of the company, loss of business and revenue is affected. It sends out a wrong signal to other staffs. It slows down the availability of resources and ultimately the productivity of the company is hit,” said Thiruvadinathan Annadorai (Thiru), who is the Principal Consultant for Risk & Compliance, Security services at MindTree. On similar lines, Bikram Barman, Senior Manager, Engineering, Products at RSA points that to address these challenges, virtual infrastructure architectures need to have specific security policies and well-defined procedures. Throwing more light on how to design a secured system, Rajiv Motwani who is the Manager, Product Security Engineering at Citrix R&D India says, “Server virtualization, virtual storage solutions and patch management is very important to have real security of information and consolidation of data." Attendees Thrilled The event with the support of security bellwethers like Symantec, Loglogic, eEye Digital Security, Paladion and QuickHeal drew attention of many IT managers. Harsha Thennarasu E the IT Head of ISKCON maintained that monitoring networks is a major headache to the IT heads across organizations and network forensics will surely take care of that. There was a common agreement that the conference had insights for every attendee, whether he is an IT expert or an amateur technology user. “It was quite useful and helped me in gaining very wide knowledge on the Information warfare, which I wasn’t aware of,” says Virendra Yadav from Wipro. Security has always been looked over as a tax. Embedding security in the culture of the company’s thought process will reduce the cost and will help to create more value for customers.