Nation's cyber-defence needs holistic approach: Applied Intelligence
By Gabey Goh April 17, 2014
- Growing demand for securing national defences at DSA2014
- Mobile solution focuses on securing networks rather than devices
CYBER-security was the centrepiece of BAE Systems’ showing at the Defence Asia Services (DSA) 2014 exhibition and conference this week, which took place at the Putra World Trade Centre in Kuala Lumpur.
During the Cyber Security Conference portion of the event on April 16, Richard Watson (pic), managing director of Asia Pacific for BAE Systems Applied Intelligence, the company's cyber-security division, delivered a keynote speech on the importance of a holistic approach to any 'cyber-defence' mission.
He said that the four key elements in a cyber-defence mission are to “prepare, protect, monitor and respond.
"The fusion of the cyber-defence mission and extension to broader intelligence missions is critical to enable future-proof and efficient operations-effective production and sharing of intelligence, and agility in the face of the evolving threat.”
Speaking to Digital News Asia (DNA) on the sidelines of DSA2014, Watson said that countries recognise that they can’t contain the Internet or control the flow of data.
And that cyber-security is a “global problem that can’t managed by any single geographic entity.”
“What there is an increasing desire to do though, is to build up national defences by increasing [the] monitoring of national critical infrastructure assets and to make sure that the technology architecture is resilient and not being compromised,” he said.
Upside to Heartbleed?
BAE Systems' decision to showcase its cyber-security solutions during DSA2014 was a timely one, set against the backdrop of high profile breaches over the last 12 months, with rising concerns over data privacy and protection.
More recently, public disclosure of the Heartbleed bug that undermined the common security software for Internet connections called OpenSSL has cast renewed attention on the issue.
Watson said that something like Heartbled happening was “inevitable”, and should be viewed as “just another story on the journey of cyber awareness.”
While there were huge efficiencies costs to organisation when the story broke, he feels it remains a positive development as it helps companies improve their defences.
“Sometimes we need big stories like this, or Snake, to get organisations to do something about the problem,” he added.
Just last month, Applied Intelligence had unveiled the extent of the venomous nature of the complex cyber-espionage ‘Snake’ operation, which had been in development since 2005.
“We’ve gone past the need for awareness -- many now know that cyber-security is the business of risk and what these larger incidences are doing is helping create a platform for change,” said Watson.
Applied Intelligence has already issued a customer advisory notice, with a threat assessment and has been advising its customers on best practises in tackling the Heartbleed issue.
If anything, Watson believes Heartbleed has reinforced the need for businesses to continue to monitor their infrastructure and be prepared in the event that they do become victims.
“In this case, the vulnerability came via the open source route, but it could have as easily come from other sources. The fact that it blew up into a big story shows the lack of preparedness in mainstream online businesses.
“Who would have thought that major online properties such as Gmail and Facebook would be the victims of something as relatively innocuous as this,” he said.
According to a research report by Advanced Technologies, the global cyber-security market is expected to witness robust growth from 2013-2023. The Asia Pacific region is expected to grow at a CAGR (compound annual growth rate) of 9% and is projected to spend an estimated US$23.2 billion on cyber-security during the forecast period
Network security will account for the largest share of the market during the forecast period and is expected to register a CAGR of 4.3% to 2023. The data security market is also set to experience robust growth, with the identity and access segment to account for 23% of the global market, while the cloud security segment is espected to grow at a CAGR of 8.4% to 2023.
Scrub the network, not the device
In February last year, Applied Intelligence launched MobileProtect, a carrier-grade cloud-based service for enterprises and governments which need to secure smart devices within an existing corporate network and when accessing web services.
The solution takes a unique approach to handling malicious activity, leveraging on cleaning hubs that scan inbound and outbound traffic on a network.
It then filters traffic, scans for malware and known security threats, and blocks inappropriate, insecure, or illegal content. The offering also ensures that employee mobile browser usage is aligned with corporate IT policy.
At its launch, the service was deployed on Vodafone’s network as part of Applied Intelligence’s larger strategic partnership with the British telecommunications company.
Applied Intelligence’s philosophy towards security brought on by the Bring Your Own Device (BYOD) trend focuses on network over endpoint security, and is an approach, according to Watson, that recognises the proliferation of mobile devices on networks today.
“In addition, the total cost of ownership for customers is significantly reduced as you are maintaining the security of the network and not the devices.
“You can’t have one-on-one mapping between security protocols and devices. For example, in any given household, there are at least five different devices connected to the network and five different variations of software to consider.
“If the network itself is intelligent and secure, then that whole need to protect the device is settled,” Watson said.
Applied Intelligence’s target for its MobileProtect solution is to have it deployed and covering 100,000 customers by the end of 2014.
Watson claimed that the company is seeing a “huge” amount of interest in the solution with its approach of cleaning up the network as opposed to the devices. It is currently engaging in a “significant number of conversations” globally with potential telco customers.
When asked about potential hurdles or challenges in the path to commercial buy-ins, Watson highlighted one area, which the company is taking an active role in addressing with customers.
“The demand in the market is increasing, with customers recognising that security could be leveraged as a differentiator but the question is – what’s the price point?
“There are also number of market studies underway to establish what the price point is in multiple markets that will support this. Telcos have a decision to make, to absorb the cost or pass it on to consumers, establishing its marketable value,” he said.