Michael Kader holds the title of Distinguished Systems Engineer, Cisco, and he is the first employee of the company in Russia and the CIS to receive this title. The title of Honored System Engineer is awarded
professionals who determine the technical development of the company, implement the latest technology in business processes and invent original technical solutions for major innovative products
Cisco. We spoke with Michael about the company’s IT and IB balance, risks and business protection, and whether information security can not only retain existing data but also multiply it.
Tell us about yourself and how your professional career has changed over time.
I started IT in 1986. My first job was servicing large mainframe machines – what was then called the EU Computer. Then I studied at the IMU Oil and Gas (NSU)
Gubkin specializes in “automated control systems”, while working as a programmer and engaged in the automation of financial activities of the Gazprom concern. After my training
successfully completed, I changed jobs, and since 1993 began to be engaged in network technologies. Initially, these were Novell-based technology, and that’s when I began to question
routing and remote access systems.
Since 1994 I have been working with Cisco equipment: for example, I was a participant of the first technical training company held in the Russian Federation. Further, until 1997
years, worked at Russian integrator companies, where, again, implemented network projects and basic information security projects, including based on Cisco solutions. In 1997
moved to Cisco, where he began to address routing, remote access and information security. Over time, information security technologies have become rapid
to develop, and the volume of products and information turned out to be so large that gradually this direction displaced all others. So since the early 2000s, I have been specializing in IB only.
Technologies and products are too complex today, too many. Our task is to quickly monitor the situation of different products, each of which uses a huge
number of both average and unique technologies.
How does the IT department balance – to use automation tools but not to endanger infrastructure?
At the time of designing any system, including the process control system, or when planning its modernization, it is necessary to put a complex of technologies first into it
and solutions for IB. In addition, it is important to have regulations for auditing and analyzing the functioning of the IB system, its modernization in line with the modernization of automated systems. Need to take in
calculation that there is methodological assistance from the Federal Service for Technical and Export Control, which publishes regulatory documents for the provision of IB in critical
IT infrastructures and, accordingly, there are requirements for the design and implementation of a certain set of information security mechanisms. frequency of holding
the audit depends on the organization’s policy, the standard recommendation is once a year or every six months. At the same time, of course, analysis should be carried out when introducing new ones or upgrading existing ones
Why is it important to develop the necessary regulations, even with modern and efficient IB equipment? What should they contain in the first place?
To put it bluntly, modern IB equipment remains relevant for about two minutes after installation. Two minutes later, thousands of new malicious variants appear in the world
The software, there are several hundred new vulnerabilities, the attackers invent new methods of bypassing the IB systems. So, first of all, when we talk about organizational activities that exist on
enterprise, they must also cover the issues of timely modernization of software and hardware. For example, installing appropriate updates that close one or the other
security vulnerabilities, installing upgrade modules for intrusion detection and prevention systems, timely support for newly installed firewall applications
generation, etc. That’s why, now that it’s a daunting task, many modern products are interacting directly with the threat analysis centers of the developers to quickly and effectively
Automatically retrieve information about new threats and, accordingly, data for the security mechanisms of these products that contain ways to protect against existing threats. But anyway
there must be a firmware management policy for the enterprise if the company wants to effectively counter attacks.
The second important point is that, no matter how modern and high-quality technical means are, in any case, a weak element is a person. That is why there are so many
attacks are conducted using web resources or email resources. And in order for people to use the tools they need to work, but not to put their organization at risk,
enterprise security policies, and appropriate employee training and incident management techniques – all these organizational measures of the security and management process
information security at the enterprise.
How can an IT manager be assisted by the enterprise-grade analytics reports prepared by corporations and the risk and threat analytics provided by their own data protection system?
General analytical reports provide experts with an understanding of where their business is from a risk perspective. For example, if it is a small and medium business that grows cucumbers and does not
sells them through the Internet, then the risks to his business are rather small. And if it is a bank that is actively developing its remote service system, then the risks to it may be enormous.
Thus, the general analytical reports make it possible to understand how the current threat landscape is located and in which area from the risk point of view the enterprise is located, and then to identify the risks
the company wants to minimize. And already on this basis it is possible to plan necessary both organizational, and technical measures, because in any case those and other measures require and
human resources and budget. If we do not control the overall analytical reports, then we can assume a new class of threats. In this case, we will not evaluate, protect or apply
we have products from this class of threats, and as a result, may be vulnerable.
Its own data protection system actually allows you to “land” a general view of the situation. That is, you not only understand that there is a particular threat in the world, but you can find out,
there is a specific threat in your organization’s network. Maybe the company is spreading malware right now, maybe some of the employees are stealing data, etc.
The company’s own enterprise information analytics system gives you an understanding of whether or not there are any topical threats at some point.
What should I look for? First, to ensure that we deploy IB products quickly receive new information on possible attacks and be able to stop the most current threats,
which big analytics companies write in their reports. Further, when we monitor and control the operation of these products, we receive information about what is happening directly on our
enterprise. How can I get the introductions I received in practice? Very easy. For example, our products should support the prompt retrieval of analytical information from external sources
threat analysts – both from one company and from several.
It is no coincidence that many companies are now building Security Operations Centers (SOC). With their help, they, on the one hand, receive information about the functioning of all their own
information security products, and on the other – receive automated analytics from external threat analytics systems.
At what stage of starting a new business / startup should an entrepreneur take care of building an IB system? What mandatory components should it contain initially? how to evaluate
the ability to scale its components as the business grows?
At the time of starting a startup and at the time of its development, up to the level of a large enterprise, the company must analyze what risks from the point of view of information security this startup or
the enterprise is exposed, and to lay the necessary set of safety mechanisms as the company develops, and, again, to lay them at the design stage. For example, a company says, “I do
– startup, I need to write software very quickly, but I do not want my software stolen. ” In this case, she needs to reflect on the security issues of the developed software
providing, protecting remote access to its employees and reliable authentication and authorization of these employees.
Then, at some point, the company starts offering new services, for example, in the form of a cloud service. Therefore, it should be concerned with the reliable authentication of users of this
service, the continuity of its operation and the confidentiality of the information processed by them. And again the next class of information security challenges and technical tools to solve
these tasks should be set not after the incident, but at the design stage of the system. The functioning of such tools should be checked at the stage of system entry in
industrial operation. You need to think about data protection from the beginning, as it may turn out to be an incident related to a breach in the IB system and prevented companies from growing.
Often, a source of high vulnerability is the imperfect information security system, and the behavior of users, who, despite numerous explanations, continue to follow
on malicious links. Are there any new methods of influencing employees other than training, phishing tests, etc.?
Unfortunately no. Globally, we are moving in two directions. On the one hand, we definitely need to increase the level of competence of our employees, familiarize them with the politicians, conduct trainings,
phishing tests and more. On the other hand, they must continue to improve the effectiveness of information security mechanisms and solutions. This is both multifactor authentication and a system
protection against known threats, and a system for protection against specialized malware, and systems for analyzing user and application behavior. And now we can talk about
that due to the rapid increase in the number of threats, there are readily available mechanisms for modifying attackers. That is why the development of analytical tools is of great importance
detecting unauthorized actions. That is, the detection of an intruder intruder or unauthorized employee actions based on certain extraordinary situations or atypical moments in
their behavior. Special place is occupied by analysts, including analysts using artificial intelligence systems and machine learning. It is needed for a variety of factors
try to identify one or the other attempt at harmful influence.
Can information security not only retain existing data, and therefore resources, but also multiply it? Due to what functionality?
This is an eternal question that has been debated for many years – to calculate the investment return on the implementation of information security solutions. It’s really simple. We can consider
information security on both sides. We are implementing some business processes that allow us to optimize production or something else that is relevant to our direct business. AND
accordingly, we implement information security solutions because without them there would be a risk that all the newly implemented systems and processes would collapse instead of optimization. Accordingly, we could
would receive direct losses, not efficiency gains.
On the other hand, this can be viewed as follows. Previously, we could not implement additional or new processes in production management, but due to the development of information technology
security we can do. In essence, this is the reverse of the coin. Investing in information security systems allows us to implement new business processes and solutions into our
in turn, they make a profit that we would not have gotten without it.
What do you think about the repeated cycles of repeated attacks? How do abusers mask the same methods repeatedly? For what reason a business can
re-suffer from the same threat that hurt him before?
And again we are talking about the human factor. It is very interesting to look at the cycle of modern attack. For example, a company has found out about a vulnerability in its product, it has learned about it from external ones
good researchers or when processing a user’s request for technical support – not in principle. What does the company do? Analyzes the identified vulnerability, after that
releases an update that covers this vulnerability and then publishes official information to alert its users that they need to install a previously released one
software version. The vast majority of users will not deliver this software update. And the intruders will have information that is vulnerable. Rather fast
a code will be developed or found to exploit such a vulnerability and, accordingly, we will encounter another shaft of attacks. We saw this on the example of the WannaCry epidemic that used
SMB protocol. In any company, it simply does not have to “glow” on the Internet, and in the meantime, in the vast majority of companies it can be easily found online. That is, people did not adhere to the basic
hygienic rules in terms of information security.
Again, we return to the importance of having policies and procedures in place, as well as implementing them. If they are not, then people will not implement even the basic principles of IB until they are hurt. Or they will
implement them on a residual basis, in which case they will again be exposed to the same threats that have already been made. The other day I read about the fact that the WannaCry epidemic had happened
two years ago, variants of WannaCry are still walking around the world, and people are still suffering from them.
You should also remember that modern malware is written very well. It is modular and the modules themselves are sold on the so-called open black market that wears
the name DarkNet. There are numerous damage modules, various fraud detection systems and intrusion prevention systems, and various penetration modules. there is a process
automated generation of new malware variants. Therefore, during our conversation, using such means, there were several dozen known variants
malware that data protection systems do not yet know about. That is why the proposed solutions have to provide the necessary level of information security
effectively protect the entire “path” of data flow – from any user’s workplace to any point of processing and storage. That’s what our company is working on.
cybersecurity, external threats
IT-Manager Magazine [№ 12/2019],