Friday, November 4, 2016

Torrid Networks’ Top 10 Cyber Security Predictions For 2017

The technology is evolving at a much higher pace than ever and so are the cyber security threats. Everyone is curious to learn, what is next in cyber security. Well, no offense, I could even use the term “information security” here which is more acceptable to friends, but “cyber security” sells. May be, it has that FUD factor but industry needs to come out of being sold due to this factor and apply a wise thought on security investments. Unpleasant part is that even after so much of security awareness floating all around us, industry is still learning through hard and costly ways.

Before predicting the future, lets review our past. We could somehow come-out of our obsession about APT term which has later been replaced by ransomware. Eventually, ransomware was not a new threat anyways and came into mainstream with the evolution of digital currencies like Bitcoin, though many still miss Liberty Reserve. Likewise, “bigdata” is no longer that big as we initially thought few years ago. “SoC” has become a must for organizations and actually has lately been deployed by more companies than in the past. Even though, wannabe SIEM products like Splunk existed ever since the beginning of it.

We have already seen a “bang bang” show on anti-state hactivism (well, we can even call it state-sponsored shadow hactivism) this year with many disclosures not requiring special mention here. Not to forget, banking sector and SWIFT was not spared and then blockchain is already under active adoption.

Artificial Intelligence and machine learning has been able to add that “wow” factor and again it “sells”, obviously it also solves some challenges which are beyond the human capabilities. Companies like DarkTrace, with all due respect, is doing really good and could eventually become a case study for rest of the cyber security companies. It was not just worth mentioning in this post, but its truly inspiring for companies like us and many more those care for innovation.

In 2017, we are certainly going to see a rapid landscape shift and few of those should be worth mentioning:

1. Most leading security product companies will add machine learning twist to their products, and so are we already doing at Torrid Networks.

2. At the same time, world will witness next-gen malware with an ability to bypass machine learning algos. There are already many case studies to fool the machines or so called AI.

3. We will even witness a surge in anti-state hacktivism and cyber security power-play among the nations. Furthermore, the journey towards smart cities shall be adventurous.

4. Blockchain for obvious reasons will actively be adopted at a much faster pace than we can predict.

5. Well, IOTs – how can we miss it! With Mirai botnet source code published by its kickin’ author, its already under mutation by many IOT botnet authors. It will add more to the DDoS threats and then threats from insecure deployments of IOTs exist even today. Securing Drones, Self-Driving Cars, wearable, home appliances, robots, will be termed as “security of things” and expertise shall be utilized more than before.

6. As companies attain maturity in SoC, demand for more is certain, obviously from the companies with a cyber security vision. Which will require inclusion of machine learning techniques in their SoC initiatives to increase their response capabilities.

7. Rising shift towards mobile exploitation has already been noted in 2016 and it will continue even further in 2017, with the cost of 0-day exploits acquisition going further up and targeting of mobile devices gaining momentum.

8. With adoption of cloud services reaching more than 70% by the businesses in near future, cloud security will attract more attention.

9. Cyber Extortion? – We have already sensed it and trend should further increase with world becoming smarter. Likewise, cyber insurance will also be significantly used than before.

10. Cyber security is evolving nearly everyday and we can’t predict everything! This point is left open for our evolution and learning from 2017!

Torrid Networks is a specialized cyber security company ……….………., cutting down the sales pitches! Say us “hi” and explore more on what we can do for your organization: 

Friday, October 21, 2016

World is mutating, so should we!

In my last write-up, I mentioned about the digital industrialization which should certainly pick up its pace in early 2020s. Innovation can't revolve around time-space, it has to go beyond the theories of physics and that's what human race has been trying since last century. What we see today was just the beginning!
Most of it already existed but we kept on living in ignorance, tagging it as a bliss! The last decade has been dedicated to computing, internet and telecom and there is still a lot of work going on, to get it to the masses. What next? Do we really need a pause for the masses or keep innovating?
Obviously, masses will be the consumers for the next innovation so it has to find its balance which is clearly visible in terms of how the world is evolving. The last decade went with the evolution of the mankind and the next generation belongs to the evolution of machines.
I have an admission on Eugene Kaspersky's views in his write up on Artificial Intelligence, where he has correctly mentioned it as a soap bubble that existed since 1980s, and in my personal opinion, most investors relying on this bubble will face the reality soon.
As strongly as I agree to the technology facts what Eugene mentioned in his write-up, I also see the automation part which is strengthening utilizing machine learning algorithms. Its not that great, nor that stupid, but it is coming, or partially is already there.
Coming from a cyber security background, I clearly see that industry can be secured in much better ways utilizing machine learning than lousy humans. Theory did exist long ago, but then as I highlighted earlier, everything existed much ago, but we were left into ignorance. A simple machine learning algorithm which was worth nothing few years ago could today predict results for US elections, machines love Trump, don't you?
We need to understand that human race has evolved beyond the mathematics and we can now apply those old school algorithms and statistics to solve the real world problems. Bayesian algorithm existed many years ago, but with the online presence, big data, it can today be utilized much better than before, for sentiment analysis or cyber security threats or whatever.
I don't have an answer on when exactly the real or super AI would come into existence as that's the subject of research, its not so far away anyways. But what is coming for sure is automation, with or without machine learning. Cloud computing is very much part of automation which is not so dependent upon machine learning but has already proved its benefits over the legacy.
The next 10 years belong to automation and we do need to automate because it doesn't make sense for not utilizing our learning and withholding our intelligence into repetitive tasks which machines can handle well. Automation will obviously mean over 60% of job cuts over the next decade but then human evolution seek intelligence, and machines will ensure the "survival of the fittest".
The human race has been mutating ever since its inception and this mutation cycle will empower the machines to get us into the realm of singularity.

Saturday, October 1, 2016

10 years of entrepreneurship at Torrid Networks

Exactly 10 years ago, I had a usual day at my work place, Fidelity Investments. I reached office in the morning, picked up a cup of coffee and kept watching the computer monitor which was in switched-off state for about 15-20 mins. I was introspecting, estimating the risk, thinking about society and family, calculating available finances and much more. This 20 minutes of silence confused me enough on my decision of kick-starting entrepreneurship journey. I thought to call my friends and family to come out of this situation, but somewhere I knew, its not going to help either.
Infact, I was few of those luckiest people to be able to work in a domain where I had the greatest passion. It was early 2000s during my Bachelors, and I remember hacking computers in university labs, writing the bad code which today people call "ransomware", and much more but no evil. I was banned from entering into our university computer lab when department head came to know about my hidden sins. It was not a good feeling during those days, but definitely helped me feel different than others. And during this silent introspection at my workplace, my old passion was my confidence to begin the new journey.
I took a deep breadth and tried to listen to my heart which was full of frustration and fury, it had a vision to manifest the future, but mind was not supporting it due to fear of failure. My heart asked a simple question to the mind, are you currently investing into a long term vision and goal? And it didn't take another fraction to find the answer. There we go, I offered my resignation to my manager with no business plan, financial plan and the most safest "backup plan" either. I convinced myself that if I can't manage such challenges today, entrepreneurship journey is not going to be easy anyways. It could be an ambitious and high risk way, but that was the only way I had at that time, I didn't want to waste even a single minute in doing something which I did't want to do in a longer run. My co-workers, family, friends were shocked on hearing the news, few tried to showcase their agreement to my decision but their eyes weren't supporting it.
I was full of excitement as I knew it was going to be an adventurous ride of being a young entrepreneur. High level of business ethics and integrity were the basic principles I was not ready to compromise upon, whatever may be the situation. It came out of legacy from my mentor, Sunil Goyal - COO Sopra Group, who supported me all through this journey and helped me find balance in every situation. I never had a vision to seek external investments or VC funding, nor did I try for it at any point of time which helped later when we started working towards national security programs. Initial 3 years were full of turbulence, challenges and a lot of learning. And after that, either everything got settled or I got used to it.
As it happens to all, we too had good, bad, ugly and bitter experiences during this journey. Obviously, bitter experiences contributed the highest level of learning and we are thankful for having those experience at early stages. After all, life is about learning and evolving from our existing conscious levels and bad experiences are more important than good ones.
Within short time, establishing strong relationship and credibility was quite easy as that was the basic principle for our growth, we can't just hit and run over a customer for business. Out of the solid credibility, we were offered a chance to participate in a national security program to develop some innovative product for the defense and security establishments. It was fun and a new set of learning altogether, which went pretty well and we gained quite a good experience in product development. After which we fueled quite a lot of investments into product development and services business was moving at its own pace along with.
I was always fascinated towards innovation and started devoting more time and energy towards overseeing research and development. This research also helped in scaling up the level of our consulting services and staying ahead of our competitors. After 10 years of this journey, over 700+ global brands are using our expert consulting services to secure their business. We have successfully created over 6 bleeding-edge products which are being used by defense forces across multiple continents.
On completing 10 years, I would like to thank our mentors, team members, alumni, customers for their contribution to this journey. We are committed to scale up our contribution to the society by bringing innovative technologies into existence. Entrepreneurship is a journey, innovation is an addiction and I love this addicted journey!

Monday, June 20, 2016

2020 - Beginning of Digital Industrialization!

World has already witnessed and well accepted the industrialization phase during the past centuries. Although it affected a lot of skilled blue collar workers, as majority of their jobs were automated by machines for better quality, quantity, production speed, returns on investment, response time, etc. and at the same time introduced new jobs which eventually aligned the society to the revolution, and today we like the way we are, than ever before the industrialization.
'Internet' can be called as a digital revolution but that was possibly the first phase of the larger revolution that is yet to be seen. We have been hearing about machine learning (ML) and artificial intelligence (AI) all this time and it has already entered our lives. Be it Google search suggestions, Apple's Siri, Microsoft's bot framework, Facebook's latest messenger bot, self-driving cars, and the list goes on and on, we have already started liking, rather are becoming dependent on ML day-by-day.
AI is not just exciting but it makes a lot of sense like industrialization made years ago, it will change the way we think or live today. Think about customer care being totally AI driven, our expectations from customer care would become 24X7 uninterrupted and quick response. No more unprofessional tones, language barriers, long holds, holidays, shifts, insane replies etc. etc. Similarly, virtual assistants, HR dept, accounts dept, software engineers, testers, etc. Its nearly possible to automate most of the tasks but yes, it will take time and tremendous efforts but at the same time, we humans want it today or tomorrow!
The revolution will certainly hurt many existing white collar jobs but also attract new skilled workers, and the way society aligned itself in the past, adjustment will be made this time as well. With software giants like Microsoft, Facebook, Google, etc pushing new AI/ML driven platforms, we anticipate more talent and awareness among the businesses to leave the legacy and join the revolution. 
It will certainly be some effort for the businesses to transition from legacy to AI ready systems or environment but it should be worth the effort today and will become a necessity tomorrow. By 2020 most of the businesses should move towards AI/ML based technologies, will build their corporate strategy to make AI friendly computing and automate some of their business processes utilizing AI/ML. 
After developing some niche cyber security products and solving some complex challenges of the trade, we are participating in the upcoming digital revolution by entering into the virtual world of AI. Over the past few years, we have been stealthily working on some futuristic AI technologies and evaluating business models to revolutionize the world and we aim to introduce our AI based products very soon...

Saturday, May 14, 2016

Future Dimensions Of Cyber Security

Human life will keep on evolving and so will be the cyber security world. We are today surrounded by the technologies those we used to dream or watch in the sci-fi movies. Similarly, the unforeseen threats of the past are today's top challenges. Innovation is happening on both the sides which is quite natural. Afterall, we are living in a world of duality so every good is meant to have its dark side as well.
Life transformation and technology innovation are the factors behind the very existence of cyber security threats, but at the same time, rising social imbalance across the societies, economy concentration and the political power-plays are the major driving forces to it. 
Threats to systems, applications, mobile apps, ICS, IoTs are the things of the past, we have already studied many real-world case studies. Be it Windows, Android, Apple, or whatever, everything is meant to be hacked. Worms, Malware, APT, Ransom-ware are new terms for the old threats. Cyber espionage for political, economic, social, defense and industrial gains has become a common game of today, and will continue forever. 
We have already entered into the machine era where our conscious resides longer in the devices than our physical body. A lot of work is still happening in the space of nano-technology to make these devices become our body accessories and eventually organs. Wearable glasses, watches already exist making it possible to wear, wave hand and say "Aabra-Ka-Dabra" to take down the critical systems. It will be even more magical as we evolve, may be in the blink of an eye. There are technologies like TDCS and TENS already into existence to be able to change our mood and we will soon be able to hack the human consciousness remotely. 
Smart cities of the future are still being developed, we are yet to see a perfect smart city and a deadly cyber attack will also certainly be seen along with. Self-driving cars have started riding us and car hacking has already been demonstrated which can easily be utilized for abducting or contract killing to eventually become part of the future case-studies.
Self-flying planes (drones) are heavily in use and they will soon ride us as well. Again, drone hacking is not a new subject for us and there are 'n' number of possibilities for criminal minds. Robots have been developed and perfect robots are yet to arrive, followed by the humanoids who will live with us, work for us, many of us will even fall in love with them. Its not so difficult to imagine the possibilities by hacking the robots or humanoids. 
Human brain has already been partially developed and is not yet out for hackers to try their hands at it. We are soon to be converted into immortal cyborgs, it may take another generation but it has to become reality some day and further increase the possibilities in the cyber security research. Artificial intelligence will evolve into super-intelligence in next few decades and it will be an uncontrolled war-game then, but by that time we possibly might not be there to play it. 
Are we really prepared to protect, what we are busy developing? Perhaps not, because innovation can never be perfect from all the aspects. Every innovation has direct or indirect, short-term or long-term side effects. At the same time, human race has to keep evolving in order to achieve the goal of its existence and once that goal is achieved, it will be a perfect world with the silence and peace all over.

Saturday, June 15, 2013

Operation PRISM - Do we need a cyber border?

Lately, there started news about operation PRISM everywhere and I find everyone discussing the buzz word in my day to day routine. I do not see any thing serious about this operation since the agenda used to be discussed in a closed group years ago and didn't come as a surprise when the information got leaked officially.

Nearly a decade ago, it was a time when both democratic and dictatorial form of governments used to be concerned about citizens, their opinion and understood their power of bringing any change to the system. But in today's time, I think governments across the world are more concerned about privacy of its citizens in the name of terrorism and national security.

"Top Secret" projects have exclusions from many constitutional interference and tend to go beyond the defined boundaries, which is very natural. So even if the intelligence is being gathered on foreigners under a close court supervision, we can't deny the access to the linked information which belonged to citizens and many of such links can be false positives or intentional. Or even if the intelligence is linked or unlinked, who cares, would someone dare to investigate linked-unlinked factor from Petabytes of data? Cyber operations are hard to investigate and easy to justify or disown, we know this rule. 

Just after operation PRISM was picked up by the mainstream media, many of the government officials across the world started criticizing PRISM on or off the record, but they actually weren't criticizing US operation, but criticizing the companies including Google, Facebook, Microsoft, etc which participated in the operation and are not willing to coordinate with their country even in the case of criminal activities. 

It has been a moot point from long time that Facebook, Google, Microsoft and many other such companies share the private data of users with US Feds. Foreigners can't do much about it due to addiction and dependency on such online portals, so even if they know about this, it won't matter since there are no local options. 

So, if my private data is being accessed by my local government that could be threat to my privacy and I can still do something about it as per the law of the land, but if the data belonging to majority of the citizens is accessible to the other countries, it becomes national security issue, can be utilized to cause political and economic instability and even governments can't do much about it. However, both cases are considered to be a threat for rights to privacy but the impact differs.

It the current age of information, whosoever has information, has the power and currently US has most of it. In such situation, it appears we are heading towards an era where we will need localized versions of all online resources to safeguard the national interest. Most of such important portals are Email, VOIP, Social Media portals, Search Engines, Smart phones and apps. Chinese carry the right vision and they already have localized portals, restricting their country's information within their border to act as a cyber border.

Wednesday, April 10, 2013

Critical Information Infrastructure - Next in Hacktivism!

Hacktivism has gained considerable popularity and dominance both in the internet and society. Lately, “anonymous” hacking group added more popularity to this word, “hacktivism”, by launching series of cyber attacks against various governments worldwide compromising and publicly disclosing the classified data. Government officials recognize hacktivism as a form of cyber terrorism but many call it a non-violent way of protest, no blood, no tear gas while protesting against weak government policies.

Tuesday, March 26, 2013

Cyber Command Center - Honeypots or the Underground Honey?

After the USA established its cyber command center (USCYBERCOM) to counter cyber-attacks and protect its cyber space, it became the next project for most of the governments across the world. Russia and South Korea lately announced to have their own cyber command center and many other countries are also pursuing the project. Both the cyber offensive and defensive operations are vital part of cyber command center. At many instances, teams engaged in offensive and defensive operations are required to work together and share the intelligence to carry out joint operations.

Friday, March 22, 2013

Cyber Warfare - "Return on Investment"

Most of the CIOs talk about ROI ("Return On Investment") before initiating any project for their organization. Risk vs Mitigation cost metrics helps them deriving the ROSI ("Return On Security Investment") in a simplest form and the calculation can be made more complex and accurate by adding more parameters to the metrics, often single dimensional. The ROI is often calculated for each information security project that is floated out from the private sector or government departments.

Information security projects are meant to safeguard CIA (Confidentiality, Integrity and Availability) of owned information assets and it is much straight forward to calculate and justify the ROI at early stages of such projects with great level of accuracy.

Thursday, March 14, 2013

Chinese Hackers or Cyber Monarchs!

It’s high time to learn that the last cyber espionage or attack came from China and I wonder why it’s always China? Are Chinese so smart, well organized, funded, equipped Or most of the intelligence agencies from across the world just believe into it for the sake of it? Being a security professional, I never trust media briefings or expert views, just like most of the others like me “don’t”. My point of view on cyber warfare might be pretty different than fellas, but my belief into it doesn’t disappoint me often. Be it terrorism or cyber terrorism I always commend the strategy originating from one of the countries, I know you know which country and I feel sorry when I sound so bitter but the truth ain’t sweet either. I met a few intel folks from across the world and the discussion on a cyber attack originating from Russia is mostly considered to be a proxied attack but China is always a scapegoat by default.
There was an error in this gadget