Kanesan Pandi On Cybersecurity Trends: A Veteran’s Perspective

   August 28, 2024  Posted in DarkReading


In a recent chat with The Cyber Express, Kanesan Pandi shared the story of his 25-year journey through the world of information security. Starting his career in the UAE, Pandi has seen the IT and security landscape evolve dramatically, adapting and thriving through each change.

When he’s not navigating the complexities of cybersecurity, Pandi enjoys spending time with his family. He’s a proud father of two—one son is deep into a master’s program in Business Analytics, while the other is carving out his own path in Cybersecurity.

Today, Pandi is the Head of Information Security at Galadaribrothers, where he draws on his extensive experience from the retail and financial sectors to lead and innovate.

Kanesan Pandi Interview Excerpts

TCE: Can you share your journey into the field of information security? What initially sparked your interest in cybersecurity? 

My journey into information security began with a fascination for technology and problem-solving. Initially, I was drawn to the field through my interest in how systems work and the challenge of protecting them from bad actors. My early experiences in IT and exposure to security incidents deepened my curiosity, leading me to specialize in cybersecurity. Over time, I developed a passion for staying ahead of emerging threats and continuously improving security measures, which has driven my career in this dynamic and critical field. 

TCE: With your extensive experience, what have been some of the most significant challenges you’ve faced in securing an organization’s digital assets? 

Some of the most significant challenges in securing an organization’s digital assets include: 

  • Evolving Threat Landscape: Constantly adapting to new and sophisticated cyber threats. 
  • Balancing Security and Usability: Ensuring robust security without hindering business operations. 
  • Managing Legacy Systems: Securing outdated systems that may not support modern security measures. 
  • Compliance with Diverse Regulations: Navigating complex and varying legal requirements across regions. 
  • Employee Awareness: Addressing human error through continuous training and awareness programs. 
  • Resource Constraints: Managing limited budgets and resources while maintaining strong security defenses. 

These challenges require ongoing vigilance, adaptability, and strategic planning to effectively protect digital assets. 

TCE: When a company operates in a diverse range of industries, how do you tailor your cybersecurity strategies to meet the unique requirements of each sector? 

When operating across diverse industries, cybersecurity strategies are tailored by: 

  • Industry-Specific Risk Assessments: Identifying unique risks and compliance requirements for each sector. 
  • Customized Security Controls: Implementing controls that address the specific threats and regulations relevant to each industry. 
  • Flexible Security Frameworks: Adapting frameworks to fit the varying needs while maintaining a strong overall security posture. 
  • Specialized Training: Providing sector-specific security awareness training for staff. 
  • Collaboration with Industry Experts: Engaging with experts to stay informed on industry-specific threats and best practices. 

This approach ensures that security measures are both effective and aligned with the distinct needs of each industry. 

TCE: In your opinion, what are the key components of an effective threat intelligence program, and how do you ensure it remains relevant in the face of evolving threats? 

Key components of an effective threat intelligence program include: 

  • Real-Time Data Collection: Continuously gathering threat data from diverse sources. 
  • Analysis and Correlation: Using tools to analyze and correlate data to identify actionable insights. 
  • Integration with Security Operations: Embedding intelligence into daily operations for proactive defense. 
  • Collaboration: Sharing intelligence with industry peers and participating in threat-sharing communities. 
  • Continuous Update and Adaptation: Regularly updating intelligence to reflect the latest threat landscape and adjusting strategies accordingly. 

To ensure relevance, the program must be dynamic, incorporating feedback and lessons learned from ongoing threats and emerging trends. 

TCE: Could you describe the most complex security incident you’ve encountered in your career? How did you and your team manage the situation? 

I managed a complex ransomware attack that started with a perimeter breach, a supply chain attack, and phishing emails, impacting multiple departments and encrypting critical files. We swiftly isolated the affected systems through our 24/7 SOC, assessed the situation, and engaged forensic experts.

We identified Patient Zero and the root cause, cleaned the infected systems, restored data from backups, and rebuilt the compromised infrastructure. After the incident, we strengthened our security measures, updated response protocols and lessons learned, and conducted staff training. The attack was effectively controlled with minimal long-term impact, leading to a stronger overall security posture. 

TCE: With the rise of AI and machine learning in cybersecurity, how do you see these technologies impacting threat detection and response? Are there any specific use cases you’ve explored? 

We have chosen an AI-based endpoint protection solution that focuses on PPDR (Predict, Prevent, Detect, and Respond) rather than just AI feature sets. AI and machine learning significantly enhance threat detection and response by enabling accurate anomaly detection, predictive analytics, and automated incident responses. These technologies identify unusual patterns and potential threats more rapidly, automate routine tasks, and improve threat intelligence. 

Specific use cases include: 

  • Malware Detection: Using ML to identify and block new malware. 
  • Phishing Prevention: Analysing emails to detect and filter phishing attempts. 
  • Network Security Monitoring: Monitoring traffic for signs of malicious activity. 
  • User Behaviour Analytics: Detecting abnormal user behaviors that may indicate insider threats. 

While AI and ML provide substantial benefits, they also require ongoing training and careful management to reduce false positives and ensure effectiveness 

TCE: Threat intelligence and dark web monitoring are becoming crucial in preempting cyber threats. How have you integrated these elements into your overall security posture? 

Digital Risk Protection is a key element of our security strategy. We’ve incorporated threat intelligence and dark web monitoring into our approach by utilizing real-time data feeds, threat intelligence platforms, and dark web monitoring tools. This enables us to quickly detect and respond to emerging threats. 

Our approach includes: 

  • Proactive Threat Hunting: Actively seeking out potential threats before they impact the organization. 
  • Enhanced Incident Response: Improving our ability to manage and mitigate incidents effectively. 
  • Continuous Monitoring: Monitoring for compromised credentials, defamation, and leaked data. 

By integrating these components with our security operations, including SIEM systems, we bolster our ability to anticipate, detect, and address potential threats, ensuring our defenses are robust and up-to-date 

TCE: With the increasing reliance on cloud services, what are the most critical security measures you’ve implemented to protect cloud-based assets? 

To protect cloud-based assets, we’ve implemented several critical security measures: 

  • Zero Trust Architecture: Ensures all access requests are thoroughly verified. 
  • Strong Identity and Access Management (IAM): Includes multi-factor authentication and role-based access controls. 
  • Data Encryption: Protects sensitive data both at rest and in transit. 
  • Continuous Monitoring: Detects and responds to unusual activities in real-time. 
  • Regular Security Audits: Ensures compliance with industry standards. 
  • Secure Configuration Management: Prevents misconfigurations through automated tools. 
  • Backup and Disaster Recovery: Ensures quick data restoration if needed. 
  • Vendor Risk Management: Assesses the security practices of third-party providers. 
  • Security Awareness Training: Keeps staff informed about cloud security risks. 

These measures collectively enhance the security of our cloud environment. 

TCE: In a region like Dubai, where regulations and policies play a crucial role, how do you ensure that your cybersecurity policies align with local and international standards? What challenges do you face in maintaining compliance? 

In Dubai, we ensure our cybersecurity policies align with local and international standards by staying up-to-date with regulations, conducting regular compliance audits, and adapting our security practices accordingly. We also engage with legal and regulatory experts to ensure adherence to frameworks like GDPR and local laws, if needed.

Challenges include keeping pace with evolving regulations, managing diverse compliance requirements across regions, and ensuring that our policies are consistently applied across the organization while balancing operational efficiency. 

TCE: Looking ahead, what do you see as the biggest cybersecurity challenges, and how are you preparing to address them? 

Looking ahead, the major cybersecurity challenges include evolving threats such as ransomware, AI-driven attacks, supply chain vulnerabilities, and maintaining compliance with local and international regulations, all within a minimal budget. To address these challenges, we are: 

  • Investing in Advanced Threat Detection Technologies: To enhance our ability to identify and respond to threats. 
  • Enhancing Incident Response Capabilities: To manage and mitigate incidents more effectively. 
  • Adopting Zero Trust Architecture: To strengthen security by verifying every access request. 
  • Continuously Training Staff: To keep our team informed about the latest threats and best practices. 
  • Improving Threat Intelligence: To better anticipate and address emerging risks. 
  • Collaborating with Industry Peers: To stay ahead of evolving threats and share insights. 

These steps will help us ensure robust defense mechanisms while navigating budget constraints. 

 TCE: What is the most recent project that impressed you and why?

Recently, I’ve been concentrating on Zero Trust, a key topic among every security vendor and professional, and one that has captured my interest as well. After a thorough evaluation over the past three years, I’ve determined that Zero Trust offers more significant budgetary benefits than simply replacing VPNs.

Zero Trust is a framework that incorporates various processes and technologies to create a unified network, cloaked infrastructure, and effective lateral movement prevention(ring-fencing), which are crucial for today’s security landscape. It operates under the assumption of malicious guys within us irrespective of internally and externally. I have reviewed several products and identified three primary types of zero-trust technologies:

  • SASE-Based
  • SDP-Based
  • Firewall-Based

I selected the best-in-class from SASE and SDP as a combination, along with PAM and EPAM, to ensure effective integration and deliverables. This approach has led to substantial cost savings and an optimized security stack.



Source link