As enterprises look for always-on, customizable security solutions to deal with increasing cyber attacks, Security as a Service (SECaaS) models will gain more popularity
Security-as-a-service (SECaaS) will be the biggest value added “service innovation” that service providers will be forced to make in 2015, predicts Indusface, a leading provider of application security solutions for web and mobile applications. With multiple industry experts predicting 200-300% increase in SMB breach incidences, vendors will have to offer more customizable, flexible and cost effective solutions, says the company.
In its recently released security predictions for 2015, Indusface emphasized the need for fully managed integrated security solutions that can effectively monitor and detect online vulnerabilities and defend against them anytime, anywhere. The year 2014 witnessed some of the most notorious security breaches with major attacks from Heartbleed, Bash, Poodle and Drupal core SQL injection vulnerabilities. Such incidents cannot be handled by just issuing random software patches. They have to be prevented or fixed immediately through a proactive defense mechanism, asserts the company in its report.
Mr Ashish Tandon, Chairman and CEO, Indusface says, “We cannot see how SMBs and large enterprises will be able to protect their web assets without a solid security-as-a-service vendor protecting their perimeters.When thinking about IT as a whole, and security specifically, ‘as-a-service’ models are going to rule the checkbook. It’s difficult to keep updating your security posture, unless you have experts to take care of them.”
According to industry estimates, about 300,000 website owners have not been able to fix Heartbleed even after eight months of the vulnerability being widely reported and fixed. A large number of these websites are possibly owned by SMBs who tend to act only “if” they get attacked. But such an approach may not work any longer. With incidents of security breaches at an all-time high, there is a greater need for security-as-a-service vendors.
Indusface’s security experts assert that CISOs will have to look beyond their current reactive approach to managing security. Organizations need to have proactive security systems with a step-by-step approach that clearly defines “when we get attacked, this is how we will protect ourselves” be it for DDoS attacks at application layer or mass data breach attempts using one of the vulnerabilities.
Mr Tandon explains, “Using generic security solutions can only help perform periodic checks which are proving insufficient in the present security landscape. We, at Indusface, customize our solutions to provide on-demand scanning which includes proactive vulnerability assessment, malware monitoring and application audit. This helps us provide ‘always-on’ security for all web assets. During the recent cyber attacks, for instance, we ensured that all our customers were patched within 24 hours.”
Indusface provides its customer with an in-depth analysis of issues with ‘proof of concept’ of vulnerabilities in a dynamic central dashboard, as opposed to the traditional static reports. Indusface’s fully managed WAF, is industry’s first SECaaS WAF with integrated application DDoS protection capabilities. It combines an ability to detect vulnerabilities using IndusGuard Web, the ability to defend using IndusGuard WAF and industry leading monitoring services to offer “Total Application Security” for its customers.