Enterprise Security Challenges and Issues Date:   Wednesday , May 04, 2011 Cybercrime. Malware incidents. Data breaches. Compliance legislation. Today’s changing security landscape means you can’t leave anything to chance and new threats have kept us on our toes. What are some more of the unsettling things that need to be addressed? And how do you survive and advance in your career? SiliconIndia‘s Security Conference 2011 which was held in Mumbai on 9th of April addressed all these questions and the challenges and issues at the forefront of enterprise security. Web attacks are becoming extremely sophisticated and lethal for corporate environment and attackers end up finding exploitable entries on open surface. It is imperative to understand the associated threats and attack vectors to defend your assets by deploying software security measures, policies and controls across applications. During the conference, Shreeraj Shah, Director, Blueinfy & SecurityExposure said “In last few days we have seen lethal web hacks in the form of Comodo hack, Lizamoon and Zeus/Spyeye on mobile. Applications running on web or mobile are prime target for attackers, worms and hackers. Make no mistake in detecting these vulnerabilities on your applications before going live on Internet. World is getting hostile and these vulnerabilities can be exploited at ease, SQL injection and Cross Site Scripting are critical threat in current landscape. It is time we put security in Software Development Life Cycle and protect our application layer at source.” Addressing the topic on ‘When Encryption Isn’t Enough’, Kamal Sharma, Technical Sales Consultant - India & SAARC, Trend Micro India said “Protecting proprietary information and intellectual property is vital to the success of any organization. Although security measures have been taken to secure these critical data from the outside world, the fact is that the greatest threat to data security comes from the inside from the very users who have access to corporate data resources. While many enterprises have successfully deployed or are in the process of implementing an encryption solution, protection against both outsiders and insiders requires a solution which is a combination of strong encryption technology and has DLP (Data Loss Prevention) functionality”. After Encryption being discussed at length the event moved on to how to detect Identity fraud- Its Evolution and Solutions. Speaking on this, Tejas Lagad, Director of Product Management, BFSI, Nexus Technology said “Cyber fraud continues to be the top security risk faced by enterprises, especially in banking and other financial services sector. The recent RSA data breach shows that old technologies like hardware tokens are no longer effective in countering advanced threats. The only definitive way for countering phishing, pharming and man-in-the-middle attacks is to implement software tokens that can be used for both two-factor authentication and signing transactions. Versatile authentication systems help enforce risk-appropriate security that allows you to balance security with usability. Further, to counter modern malware such as banking Trojans an authentication suite must include an endpoint security assessment solution”. Endpoint security Endpoint security is a strategy where software is distributed to end-user devices but centrally managed for virus and spyware detection, full disk encryption, remote access VPN. As more of our networks become endpoint devices, managing the network is now managing the endpoint. Access Control, Identity Management, Hygiene, and Intrusion Detection are now part of a more comprehensive endpoint security strategy. While addressing the topic on ‘The Changing Face of Endpoint Security’, K. K. Mookhey, Principal Consultant, Network Intelligence India said “Loss of customer’s private data by large corporations is becoming a serious concern now. The weak regulatory mechanisms for data protection contribute to the fact that you and I can’t do much if my mobile operator discloses my information to one of its group companies.The legal framework does not assist the common man to sue a large company for leaking his or her personal data.Outside of the financial sector, most other sectors are very weakly regulated with regards to data protection”. The other speakers at the event were Vaidyanathan Iyer, Sales Leader, IBM Security Solutions; Abhilash Sonwane, Sr. Vice President, Cyberoam; Parag Deshpande, Principal eGRC Consultant, RSA; Kartik Shinde, Senior Manager - Advisory Services, Ernst & Young & Jaimon Jose, Distinguished Engineer, Novell Vijay Mahajani, Sr. Manager, Wipro Consulting Services said, “The event not only met but exceeded its objectives as the seminar helped the participants to align their thought process to the appropriate path taking guidance from the speakers on various current challenges that they are facing every day”. The conference was sponsored by Trend Micro and ESET India. This conference provided an excellent opportunity to learn from experts in leading companies like Novell Inc, RSA, Trend Micro India, IBM Security Solutions & others. It was a rare and one of its kind opportunity for the Security professionals to enhance their practical skills. Around 150 Security professionals attended this event to make it successful.