The Escalating Cyber Siege: A Conversation with Trend Micro's Sharda Tickoo

To glean valuable insights into the current threat landscape, Dataquest recently engaged in an exclusive conversation with Sharda Tickoo, Country Manager for India & SAARC at Trend Micro.  Ms. Tickoo sheds light on the prevailing cybersecurity trends, the imperative for a platform-based approach to security, and how Trend Micro is harnessing the power of Artificial Intelligence (AI) to combat the ever-evolving threat landscape. Excerpts:

How has Trend Micro evolved over the last two decades in India?

Trend Micro has been a significant player in the Indian cybersecurity market for over two decades. Since I joined the industry, I've seen the landscape evolve from dealing with simple virus outbreaks like Slammer to sophisticated ransomware and nation-state attacks. Initially, we were primarily a content security provider, focusing on antivirus, email security, and web security. Over the years, we have expanded our portfolio to include server security, virtualization, cloud security, and advanced endpoint protection. We've adapted from basic antivirus to advanced EDR solutions, staying relevant in a dynamic threat landscape.

Can you elaborate on how Trend Micro has maintained its relevance in such a competitive market?

One of the key factors has been our ability to adapt and evolve with changing technology landscapes and security threats. While many of our early competitors have either been acquired or faded away, Trend Micro has continually innovated. We've transitioned from basic antivirus solutions to comprehensive endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions. Our ability to evolve our offerings—from virtual patching and exploit prevention to machine learning and behavior monitoring—has kept us relevant.

How has the perception of endpoint security changed among your clients?

When I started, endpoint security was often seen as a checkbox item—something you needed but didn’t necessarily focus on. However, with the rise of advanced persistent threats (APTs) and the increasing complexity of attacks, there's a growing realization that robust endpoint security is crucial. Customers now understand that antivirus alone isn’t enough. This shift in mindset has driven the adoption of more sophisticated EDR solutions, which provide deeper visibility and faster detection capabilities.

We have a sizable market share in India when it comes to endpoint security. Our clients appreciate the comprehensive visibility that our EDR solutions provide, not just for endpoints but also for email, web, and server security. This holistic approach helps them manage risks more effectively. Our integration capabilities, allowing us to pull in data from other security solutions, have further enhanced the value we offer.

What is Trend Vision One, and how does it fit into Trend Micro’s future strategy?

Trend Vision One is our strategic platform aimed at providing comprehensive detection and response capabilities across various security domains. It integrates telemetry from endpoints, emails, web, and cloud environments to create a unified security data lake. This platform-based approach allows us to offer advanced analytics, risk scoring, and deeper insights into potential threats. Vision One represents our commitment to helping enterprises manage and mitigate risks more effectively. It's a key focus area for us over the next three years, and we believe it will significantly enhance our clients' security postures.

What differentiates Trend Micro’s Trend Vision One from other security platforms?

The main differentiator is the breadth and depth of integration. Trend Vision One not only provides comprehensive detection and response across multiple security layers but also integrates seamlessly with other security solutions that customers may already be using. This allows us to provide a more accurate risk assessment and deeper insights. Additionally, our long-standing experience and innovation in endpoint security give us a solid foundation to build on, ensuring that our clients receive the most advanced and effective security solutions. This has led us to build a strong, loyal customer base over the years. Many of our clients have been with us for over 15 years, evolving their security strategies alongside us. Our ability to stay ahead of emerging threats and technology trends has helped us retain these clients and attract new ones. We cater to a diverse range of industries, providing tailored solutions that meet their unique security needs.

Could you elaborate on Trend Micro’s new approach to attack surface risk management?

We recognized that many organizations have become so digital that they often lack a clear understanding of their entire attack surface. Knowing your attack surface is crucial for implementing effective prevention and control measures. During our proof-of-concept (POC) trials, we uncovered several eye-opening findings for our clients. For instance, some organizations had expired digital certificates on websites they weren’t even aware of. This highlighted the need for a more comprehensive approach to managing attack surfaces.

Trend Vision One allows us to provide a detailed view of both internal and external risks. Internally, we leverage our existing controls to monitor and manage risks. Externally, we scan for any visible vulnerabilities and provide risk scoring based on the findings. The platform is continuously evolving, and we've incorporated AI to simplify the process for security analysts. Our AI companion can answer queries and assist with threat detection, making the analyst's job easier and more efficient.

How is AI being integrated into Trend Vision One, and what impact does it have on threat management?

AI plays a significant role in our Trend Vision One platform. Initially, we introduced a generative AI chatbot to assist analysts with queries and threat hunting. This makes it easier for them to find specific threats and understand the syntax required for various tasks. Our CEO, Eva Chen, is very passionate about technology and has emphasized the importance of AI in our strategy. We are continually enhancing our AI capabilities to ensure that our platform remains at the forefront of cybersecurity innovation.

What challenges do organizations face with AI and cloud security, and how does Trend Micro help?

One major challenge is the blind spots created by the rapid adoption of AI tools within enterprises. These tools can potentially leak sensitive information, posing privacy risks. Our platform helps identify which AI tools are in use and monitors the data being transferred through them. Similarly, with cloud security, many security officers were initially unaware of the extent of their organization's cloud and container usage. Our POC scans often reveal unexpected findings, prompting necessary security measures.

What deployment options are available for Trend Vision One, and how does this flexibility benefit your customers?

Flexibility in deployment is a key strength of Trend Vision One. We offer full SaaS deployment, hybrid deployment, and even on-premises deployment for specific sectors like defense, where data sovereignty and security are paramount. Hybrid deployment has proven to be particularly popular in India, where many organizations are still cautious about moving entirely to SaaS. By offering multiple deployment options, we can cater to the unique needs of each customer and ensure they receive the best possible security solutions. We intend to get everyone on the Trend Vision One platform. By providing existing Trend Micro users with access to the base platform, we encourage them to explore its capabilities. Once they see the value, we can discuss adding advanced features tailored to their needs. This platform-centric approach ensures that all our customers can benefit from the comprehensive security that Trend Vision One offers.

How do you see the future of hybrid security, and what role will it play in Trend Micro’s strategy?

Hybrid security is here to stay, especially in India. Many large customers prefer a phased approach to transitioning to SaaS, and our platform supports this by offering both SaaS and hybrid deployment options. This flexibility allows us to meet our customers' diverse requirements and ensures that they can adopt our solutions at their own pace. Our commitment to hybrid security will continue to be a core part of our strategy, enabling us to provide robust and adaptable security solutions to our customers.

What about securing operational technology (OT) systems, especially in the manufacturing sector?

In the manufacturing sector, OT systems are business-critical, and we've noticed that customers are becoming more open to addressing OT security. However, it's still a very cautious space. Many manufacturers have strictly segregated their IT and OT environments to minimize risk. Despite this, some manufacturers are beginning to leverage analytics and modern techniques, which require some level of connectivity between OT and IT systems. This inevitably raises security concerns. However, the adoption of security measures in OT systems is not yet a widespread trend in India. There are two primary reasons for this. First, manufacturers of OT systems, such as Schneider Electric and Siemens, often provide their own security solutions. Second, these systems are highly critical to business operations, and manufacturers sometimes warn clients that any modifications or additions, including third-party security solutions, could void the warranty. This makes the adoption of additional security solutions a delicate issue.

How is Trend Micro addressing these security challenges in OT environments?

We have developed our TXOne product line specifically for OT environments. This product line is designed to secure OT systems, whether they are air-gapped or connected to a network. Our solutions are capable of understanding OT protocols, which are different from IT protocols, ensuring that the unique requirements of OT systems are met. This means that the security solutions we use for IT cannot simply be replicated or transferred to OT environments. Our sector-focused approach emphasizes the distinct needs of these systems.

Besides manufacturing, which other sectors are you focusing on?

Apart from manufacturing, the government sector is a key focus for us. Additionally, we are seeing significant growth in digital native enterprises (DNEs). These are companies that are cloud-native, often born in the cloud and ready to operate in a SaaS environment from day one. They prefer pay-as-you-go models and often do business through marketplaces like AWS, Azure, or Google Cloud. This sector is quick to adopt new technologies and has started to represent a sizable portion of our market.

What makes digital native enterprises an emerging focus for Trend Micro?

Digital native enterprises are agile and quick to embrace new technology trends. They are typically cloud-ready and prefer SaaS solutions, making them ideal candidates for our security solutions. Our focus on DNEs is driven by their readiness to adopt cloud security measures and the growing value they represent in our market. We are committed to providing them with the security solutions they need to thrive in a digital-first world.

With this continued focus what we're experiencing is a double-digit growth, which is very promising. This space is relatively new, much like how e-commerce saw a rapid rise. As digital native enterprises (DNEs) scale, their security needs grow, and their security expenditures scale with them. This "pay-as-you-go" model means our business grows as they do. We initially referred to this as "white space," but now we see DNEs as a distinct and important segment that needs dedicated focus and nurturing.

Are there specific strategies or focus areas that you have identified for this year to sustain this growth?

Yes, India has consistently outperformed expectations, setting high benchmarks for ourselves. We anticipate maintaining a decent double-digit growth rate. To achieve this, we are focusing on two main strategies: First, we want to onboard all our customers onto our Trend Vision One platform. Second, we are heavily investing in enhancing our AI capabilities to provide more comprehensive security solutions. Our approach involves leveraging AI to deliver security and providing security for AI tools. For instance, tools like ChatGPT raise significant security concerns, such as data flow and access control. We aim to help customers understand these risks and manage them effectively.

How do Trend Micro's solutions integrate with existing solutions from large hardware vendors and service providers?

When hardware vendors provide AI solutions, their focus is usually on optimizing compute resources and agility. Our focus, from a security standpoint, is twofold: leveraging AI to enhance security measures and providing security for AI tools. For instance, enterprise-level AI tools might handle sensitive data, and our solutions offer the necessary guardrails to protect that data. This involves integrating with these tools to monitor data flow and access, ensuring compliance with corporate policies, and preventing potential security breaches.

What trends have you observed in terms of cyber-attacks this year?

Ransomware continues to be a prevalent threat. We are seeing more sophisticated campaigns with multi-faceted extortion tactics, including data encryption, ransom demands, and threats of DDoS attacks. Additionally, vulnerabilities in systems remain a major concern. Despite good patching processes, business-critical systems sometimes stay unpatched due to operational constraints, making them targets for exploitation. Critical infrastructure is also increasingly under attack, which is why regulatory bodies are focusing on proactive measures. We are actively working on leveraging AI for deepfake detection and plan to announce our solutions soon. This involves using AI to detect and mitigate risks from deepfakes. Our Trend Vision One platform will play a crucial role in this, providing comprehensive security measures to tackle these emerging threats.

What are the typical challenges that CISOs face today, and how is Trend Micro helping them overcome these challenges?

The biggest challenge for CISOs is visibility. Security investments have led to a stack of solutions that often create silos, making it hard to get a unified view of the enterprise security posture. Our platform-based approach with Trend Vision One aims to mitigate this by providing a single pane of glass for security operations. Additionally, there is a shift towards being more proactive rather than reactive. Investments in Extended Detection and Response (XDR) and Attack Surface Risk Management are helping organizations identify and mitigate threats before they unfold.

Are there any significant investments or expansions Trend Micro is making in India?

Yes, we have made substantial investments in India over the last two years. We established a complete support center in Ahmedabad and expanded our R&D center in Bangalore. We also acquired an India-based company, Anlyz, enhancing our R&D capabilities. Additionally, we are integrating more APAC initiatives from India, indicating the growing importance of this region in our global strategy.

It's an exciting time to be in this field, especially in India. The innovative solutions deployed here often become global case studies. The unique challenges we face in India provide valuable feedback to our global teams, helping us develop solutions that can be replicated worldwide. The volume of transactions and the scale of security solutions required here are unmatched, making it a dynamic and rewarding environment to work in.