Bryan Li, Founder, Cyber Tech & Risk

Panel Discussion — Network Security in a Hybrid Work World

Industry Voices SecurityTrending
Bryan Li Headshot
Title slide that says, “NETWORK SECURITY IN A HYBRID WORK WORLD,” and “THURSDAY, JANUARY 27, 2022, 6 PM–8 PM, EST.” Below that are three photos of the speakers: Ameet Naik, Senior Product Marketing Manager, Cloudflare, Agnidipta Sarkar, Group CISO, Biocon, and Jay Howie, Senior Director, Network Security, RBC.

Nuggets of golden advice on security hybrid networks

Listen as this highly experienced panel of security practitioners shares their big ideas for the new world of hybrid work — and the accelerated security vulnerabilities it creates. This panel stemmed from the Cyber Tech & Risk virtual event on January 27, 2022. 

Show more

You’ll learn

  • The ways the COVID-19 pandemic accelerated existing trends toward remote work

  • What the enterprise network means today with so many not physically connected to the enterprise network

  • Examples of the new major security requirements for modern enterprise network

Who is this for?

Security Professionals Network Professionals

Host

Bryan Li Headshot
Bryan Li
Founder, Cyber Tech & Risk

Guest speakers

Ameet Naik
Senior Product Marketing Manager, Cloudflare
Agnidipta Sarka
Group CISO, Biocon
Jay Howie
Senior Director, Network Security, RBC
Transcript

00:00 [Music]

00:07 so we now move to our panel discussion

00:11 we will start the panel with a quick

00:13 self introduction so jay let you go

00:16 first then after that agony sure hi

00:18 everyone i'm jay howie as brian just

00:20 pointed out

00:21 um

00:22 i'm a senior director at rbc and i have

00:25 the fortunate pleasure of leading a

00:28 group of very talented subject matter

00:30 experts that are involved in designing

00:32 all things related to network security

00:34 for rbc globally

00:36 um

00:37 i've been at rbc for almost 25 years and

00:41 all in the network security space so

00:42 i've been uh i've kind of seen the

00:45 network security

00:46 space grow from its uh infancy to what

00:49 it is now so um it's been quite a

00:51 journey

00:52 and brian thank you for inviting me i'm

00:54 really looking forward to the

00:56 conversation thank you very much jay for

00:59 your support and i like jay introduced

01:02 he has been uh with the bank for so many

01:04 years and especially in the network's

01:07 network network security field so what

01:10 uh uh actually

01:12 me describe the history and uh jay has a

01:15 first-hand experience to have all those

01:17 things right so that's a great uh angle

01:20 we have actually i meet and i go back uh

01:23 probably about at least 10 years

01:25 i've known him i mean back in the day

01:27 when he

01:28 he used to be toronto based as well so

01:30 uh um he's definitely got part of that

01:33 part of that history with him as well

01:35 it's a small world yes it is

01:38 yeah excellent um

01:41 agony

01:43 can you

01:44 can you give me another try

01:46 yeah hello okay yeah we can hear you

01:48 know good very cool

01:50 okay so hi my name is agni uh good

01:52 evening from

01:54 india and i mean it's morning here but

01:56 good evening to everyone who's on the

01:58 call

01:59 um yeah i am currently engaged as the

02:02 group's ceo for biocon and pyocon is a

02:06 pharmaceutical company and

02:09 apart from this i do a little bit of

02:13 pro bono

02:15 working with

02:16 standards bodies

02:18 my experience spans about

02:20 30 years in cyber security business

02:23 continuity data privacy

02:25 and risk management and i've been

02:27 contributing to standards on iso i'm

02:29 part of three

02:31 forums on iso

02:33 one for security and privacy the second

02:35 for continuity and resilience and the

02:38 third is for risk management

02:40 i am also part of business continent

02:42 institute and i work with them for cyber

02:44 resilience

02:46 i am a speaker at various events

02:48 especially the global forums from

02:51 uh ec council and ismg and uh

02:55 business continuity institute and now

02:56 i'm here i'm happy for you know brian

02:59 calling me on online and

03:02 thank you brian for calling me here i'm

03:04 also part of cloud security alliance um

03:06 i've been contributing to

03:08 the cloud control matrix version 4 and

03:11 the auditing guidelines that came right

03:13 after

03:14 so

03:15 that's in short who i am i'm currently

03:18 working on a standard for cyber

03:20 resilience for the bureau of indian

03:22 standards

03:23 thank you brian

03:25 all right thank you very much again as

03:27 we can see you have a broad

03:29 industry experience a rich also you you

03:32 have it involved with the the the

03:35 standard the definition standard

03:37 establish all those

03:39 uh cloud risk standards so that's great

03:42 we are very honored to have you join the

03:44 panel today in fact i'm hoping that one

03:47 of these days i will be invited to

03:49 contribute to the sassy as a standard

03:52 who knows

03:53 it's coming

03:55 all right cool uh i mean we actually

03:58 introduce you but if you can add like a

04:00 30 seconds uh any perspective from you

04:03 from no not the official introduction

04:05 but to yourself

04:07 sure so like jay pointed out i'm

04:09 actually originally from toronto uh

04:11 spent most of my life there before

04:13 moving out to california

04:15 so i had the opportunity to work with a

04:17 number of organizations in canada uh

04:20 along with along with the bank and uh

04:23 started talking about this shift to the

04:25 cloud over a decade ago with jay and his

04:27 team right so uh it's it's things you

04:30 know trent when we see trends we start

04:33 sort of discussing them and planning for

04:35 the changes and sometimes i'm trying to

04:37 take longer to uh to sort of solidify

04:40 right

04:41 and sassy is definitely one of those

04:42 that's sort of on the scene but it's

04:44 still evolving and still crystallizing

04:46 and uh and you know

04:48 it may morph a little bit by the time

04:50 it's fully baked and we'd love to have

04:52 uh looks like agni help can i contribute

04:54 to that

04:56 excellent thank you very much

04:58 and uh

04:59 at least you escape the the winter time

05:01 here so you get a little bit warmer in

05:04 california

05:05 and all right cool uh let's start our

05:08 panel discussion uh for people online i

05:10 also encourage you to submit your

05:12 questions through chat or q a we

05:15 actually got some questions already

05:17 in the meantime i have prepared some

05:20 questions to ask our panels so let's

05:22 start first with that question

05:25 and just to give some reason why we need

05:29 to look at today's topic network

05:31 security because a network security kind

05:33 of in the industry for a long long time

05:36 like from day one the firewall all those

05:38 things right but recently especially

05:41 last two years kobe 19 dynamic changed

05:45 the whole landscape

05:47 which caused that we call it a hybrid

05:49 work world right hybrid work environment

05:52 so i'd like to ask our panel members

05:56 how does a hybrid work environment

05:58 impact the security landscape today

06:02 i want to hear your perspective from

06:04 there

06:05 um

06:06 maybe who wants to be first

06:09 i'll i'll jump in okay jay yeah um so

06:12 brian as you pointed out like for sure

06:14 the uh

06:15 the pandemic

06:16 was a game changer right um and really

06:19 put a lot a lot of focus on certain

06:22 parts of the network um

06:24 you know remote access being one for

06:26 sure

06:28 uh so a lot of our employee you know a

06:30 lot of our internet egress services a

06:32 lot of our third party um connectivity

06:35 um you know just the amount of data

06:37 we're pushing now

06:38 um is just through through the roof

06:41 right um

06:42 you know what i would say about hybrid

06:46 hybrid uh um the hybrid work environment

06:49 is

06:49 you know without a doubt no it's not one

06:52 size fits all you know i think i think

06:54 hybrid me hybrid for me means

06:56 flexibility

06:57 and in the network uh in the network

06:59 security pieces need to kind of adapt

07:03 and and provide and enable that

07:04 flexibility

07:06 um i think it puts more and more

07:08 pressure on the network on network

07:09 security around protecting employees

07:12 um and assets and data

07:14 especially with us having you know

07:16 considerably more people working

07:18 remotely and all over the place

07:20 um i think it really comes down to

07:21 rethinking a lot of our network security

07:24 infrastructures and the tools we use you

07:26 know i know me talks about sassy you

07:28 know i'm sure we'll get into things like

07:30 zero trust network access

07:32 concepts and a few other things but

07:34 these things are really um

07:35 you know coming to the forefront

07:38 um you know at this critical time and i

07:40 and for me

07:41 um i know i'm probably jumping a little

07:43 bit ahead here but you know if i if i

07:45 look at what it means talking about he's

07:46 talking about you know the power and the

07:49 promise of of cloud computing and how

07:51 that's how that's translating across

07:54 into providing solutions in the network

07:56 security space and i think that's uh

07:58 that's definitely something um you know

08:00 we're we're keeping our eye on and

08:02 seeing seeing that uh that transpire

08:06 very cool

08:07 so the transformation the the actually

08:10 the covalent accelerated digital

08:12 transformation without a doubt in a way

08:15 to push us to accelerate and we need to

08:19 bring a lot of flexibility to our staffs

08:23 and also the cloud computing all those

08:25 latest technology push this great uh

08:28 agony want to add anything on that one

08:31 yeah so um

08:33 this sassy is not new it didn't happen

08:35 because of the pandemic

08:38 right but it it definitely like you said

08:42 it was brought forward it was

08:44 accelerated because

08:46 of the pandemic because of the situation

08:48 that we are in this

08:50 uh right now where a lot of people are

08:51 working from home

08:53 and you have a lot of stress from valid

08:57 users coming from outside the network

08:59 unlike earlier where most of the valid

09:01 users were inside the network

09:03 so

09:04 i think it was developed in 2019 and

09:07 zero trust i think was somewhere in 2010

09:11 so uh all these concepts have been

09:13 around for quite some time it's just

09:15 that

09:17 the real development of the tools the

09:20 the technology

09:22 and the use cases uh most importantly

09:25 that has evolved due to the pandemic so

09:29 uh

09:30 what you know in before we we got onto

09:32 the pandemic i think somewhere in march

09:34 2020 i wrote a small note on what i

09:37 believe will change over time and though

09:40 i didn't call out sassy by its name but

09:43 i did say that the security and network

09:46 are going to merge and

09:48 one of the key challenges

09:50 that we have in today's pandemic is

09:53 really not network and not security it's

09:56 more about people so there is a sizable

09:58 amount of work that's going on that's

10:00 trying to make sure that

10:02 when people get connected to your

10:03 enterprise

10:05 the human aspect is taken care of but

10:07 let me come back to what we are

10:08 discussing today the reason that the

10:10 human aspect becomes a huge thing is

10:13 because you're no longer connected

10:15 physically to the enterprise and i'm by

10:18 connected physically i don't mean by

10:19 wires i mean the human human interaction

10:22 being in an office and and and therefore

10:26 the focus of the whole world is now

10:28 moving from

10:30 a perimeter-based network to

10:32 a more decentralized network where the

10:35 perimeter is moving on to

10:37 the guy who's trying to connect into

10:39 your enterprise so there's a

10:41 transformation that has happened due to

10:42 the pandemic and

10:44 and given the situation that we are in

10:46 and given the fact that

10:48 the network is transforming through

10:50 sassy through other mechanisms

10:52 i think it's a good uh space to be for

10:55 uh

10:56 those who are innovating those who are

10:59 bringing newer things

11:00 and the best part is that the whole

11:01 world is contributing to make things

11:03 better

11:05 yeah so

11:07 the world is different now and the way

11:09 people are working are totally different

11:12 and i like what you mentioned it's not

11:14 just a centralized it's more like a

11:16 distributed now you have a bigger

11:18 network to manage and how do you deal

11:21 with the classic network model so that's

11:24 the definitely the impact

11:26 i mean you want to uh share more on that

11:29 one

11:30 yeah so you know hybrid work and the

11:32 pandemic has certainly changed a lot of

11:34 things for the industry right but the

11:36 one question i ask myself every few days

11:40 and i love to debate is what does the

11:42 enterprise network even mean today right

11:44 all of us are at home you know um

11:47 presumably managed laptops connecting to

11:49 sas applications doing our work right

11:52 like uh we're not touching the firewall

11:55 that exists out in the corporate network

11:56 at all right traffic's going straight on

11:58 over the internet to uh to the sas

12:01 vendor right so what does it even mean

12:03 to have an enterprise network and then

12:06 as a security as a person responsible

12:08 for security in my organization right

12:10 how do i like what sort of controls can

12:12 i put in place to make sure that i can

12:14 still manage our cyber risk and keep my

12:16 employees safe and keep uh keep my data

12:19 safe

12:21 that's that's really what it boils down

12:22 to

12:23 yeah that's a very fundamental

12:26 fundamental question what does the

12:28 enterprise network mean to us right so

12:30 if

12:31 everything change i'm sitting at my

12:33 basement work remotely to access the

12:36 enterprise every one of uh like dynamic

12:39 locations so what does that mean

12:42 um which actually lead our next question

12:45 right so we talk about hybrid

12:48 environment to definitely impact our

12:50 security and the way we are working

12:53 now let's narrow down a little bit to

12:56 network security or enterprise network i

12:59 mean mentioned

13:00 so based on the current situation what

13:03 do you see

13:05 from from that requirement side what are

13:08 some like a key requirements for the uh

13:11 or pressure to the enterprise uh like a

13:14 large organization like a bank like a

13:15 global company or even small media

13:18 customers or small media

13:21 companies what kind of a

13:23 major requirements for a modern

13:26 enterprise network so what do you see

13:29 must we must achieve

13:34 anyone can jump uh maybe a me first so

13:36 we can we can kind of switch now yeah i

13:39 can i can give you a bit of a

13:40 perspective i'm hearing that i'm hearing

13:41 from our customers right and and the

13:43 folks we talk to right so

13:46 there's a few different things so the

13:48 cyber threat landscape is constantly

13:50 changing right every few every so often

13:52 we're seeing new threats pop up on the

13:54 scene

13:55 uh last year we all saw kind of what

13:57 happened with ransomware and all the

13:58 negative effects that that came out of

14:00 that right that's a big that's a big

14:02 shift that we're seeing and these things

14:04 are turning over a lot faster for now

14:07 right there's other problems in the

14:08 industry like you know email fraud and

14:10 business email compromise uh there's

14:13 ddos threats on the network right every

14:15 uh every quarter or so we're seeing a

14:18 new bar set in the site in terms of a

14:20 volumetric ddos attack that somebody's

14:22 experienced or some networks experience

14:24 but these are the changing sort of

14:26 threat landscape requirements that we

14:28 see but the biggest one that we see is

14:30 the need for flexibility right because

14:32 uh folks are not able to kind of

14:35 like have a crystal ball looking three

14:37 years in the future to understand okay

14:39 what percentage of my users are going to

14:41 be in the office versus at home right so

14:44 uh so so just having that like that

14:46 number could be 100

14:47 could be five percent right

14:49 and based on that they want to keep

14:51 their options open and uh and be

14:54 prepared to shift and adapt as

14:55 conditions

14:56 change

14:58 excellent

14:59 so that's the insight from amit

15:02 from his observation with his clients

15:05 and the industry

15:07 what about

15:08 jay and agony so you're both managing a

15:11 large organization the network so what

15:14 do you see from the requirements side

15:17 let me start okay okay yeah go ahead

15:20 so um

15:22 there are multiple areas and i'll let

15:24 jay talk about the topics that i think

15:27 he wanted to

15:28 but

15:29 i'm going to give a very simplistic

15:30 example of what the network is evolving

15:34 and i'm going to relate it to our lives

15:36 imagine you go into a museum so you buy

15:38 a ticket and then you enter a hall and

15:41 now you're at liberty to select

15:43 which one of those halls you want to go

15:46 into there's no one to check you and you

15:47 can go to

15:49 go and see any part of the museum at any

15:51 point of time upon your leisure

15:54 compare that to visiting someone in a

15:56 government facility depending on how

15:59 and who you are visiting

16:01 broadly you would have to go to the gate

16:04 announce yourself show some kind of

16:07 evidence that proves who you are

16:10 and then you get called into to meet the

16:13 person that you're trying to meet and

16:15 then you've got to wait in the lobby

16:17 before that person makes sure that

16:18 you're the person who's going to meet

16:20 and there would be a secretary who would

16:21 probably come and ask you a few

16:23 questions or a security guard who's

16:25 going to pose a few more questions and

16:26 once everything is validated you would

16:28 be ushered in to meet that person that

16:31 you you're that you're out to meet

16:33 today's network an earlier network

16:35 has been like these two things

16:38 earlier the network was all about like

16:40 amit said in his uh in his speech in the

16:43 beginning

16:44 it was all about making

16:46 computing systems available and it was

16:49 more like a museum

16:51 as long as you landed on the network you

16:53 had the liberty to choose which computer

16:55 system you would want to connect to

16:57 and what would you do next

16:59 today's network requirements are more

17:01 like visiting that government officer

17:03 right

17:04 you need to be validated because you

17:07 don't know who the valid user is and who

17:09 the perpetrator is

17:11 jay

17:13 yeah i mean

17:15 i i'll kind of build on what you're

17:17 saying and what a meat's saying right i

17:18 think i think it means right flexibility

17:22 scalability is a huge piece like we've

17:25 got you know and uh and resiliency are

17:27 are really key concepts

17:29 in the in the modern enterprise network

17:31 i'm not saying they weren't in the past

17:32 but i'm just i think that i think the

17:34 games kind of you know really uh you

17:36 know really

17:38 upped itself

17:39 um i think you're seeing a lot more um

17:42 focus on on um you know what whether you

17:45 want to call it micro segmentation or

17:47 workload segmentation concepts in the

17:49 network as well that that kind of tie

17:51 together

17:52 access and identity concepts together as

17:55 well um you know and and

17:58 you know putting more controls around

18:00 uh flows within the network um

18:04 now to enable a lot of this stuff you

18:06 know you're i think you're seeing a lot

18:07 of focus on things like software-defined

18:08 networks um program programmable

18:11 networks

18:12 um you know the use of apis for internet

18:15 connect inter interconnectivity

18:17 um you know and again i think that i

18:20 think you're also seeing now the

18:21 extension of your network

18:24 you know either you know not only to the

18:26 cloud

18:27 um but also you know in in many cases to

18:29 people's

18:31 you know people's homes

18:33 and and that that's the you know it's

18:34 just you know that whole i think amit

18:37 had had a had a diagram in his

18:39 presentation around the whole uh you

18:41 know castle moat paradigm that's that's

18:44 long gone right it's

18:46 it's uh there's a ton of holes and and

18:48 access points coming out of that castle

18:50 that we need to consider and factor into

18:52 things and that's why some of these uh

18:54 some of these concepts and so what what

18:56 what agni was talking about around this

18:59 permissioning as you move throughout the

19:01 network is becoming a bigger and bigger

19:03 concept

19:06 wonderful

19:07 all right so those are some uh key

19:09 requirements you can see so like a

19:11 flexibility

19:13 uh like a check

19:15 it's not like a older

19:17 perimeter-based security you have to

19:19 implement all those zero trusts we will

19:22 touch on that a little bit later and

19:24 access control and also really need to

19:27 meet the current

19:29 the work environment people work from

19:31 everywhere and also you want to make the

19:34 system agile flexible

19:37 scalable it's not just okay you put it

19:39 there and forget about it right so those

19:42 are some key requirements that we can

19:44 observe

19:45 um all right so since we have this

19:48 requirements

19:49 the so the logic

19:51 the question next is

19:53 how do we do it

19:54 right so especially not everyone from

19:57 scratch right so if i uh like i say i'm

20:00 running a startup that's okay i just buy

20:02 the latest one the cloud-based

20:04 everything cloud and native but for a

20:07 large organization doesn't matter as a

20:08 bank the global company or the you

20:10 already have the years of infrastructure

20:14 and the network model the people get

20:16 used to that

20:17 so what do you see some what's your

20:20 recommendation to transform a

20:22 traditional i'm sure a lot of companies

20:25 still own

20:26 traditional or kind of a halfway there

20:28 right so to transform a traditional

20:31 network model to the modern network

20:34 architecture

20:35 so what's your recommendation there

20:39 maybe i can you you start first

20:42 so um

20:44 in in my view there are three kinds of

20:47 organizations today

20:49 those who will not move to cloud right

20:52 now

20:53 probably because of

20:54 the way they are connected and the

20:56 reliance on connectivity being lower

20:59 and they will come to cloud probably

21:01 later not not right now

21:03 then there are those who are born on the

21:05 cloud like you said right they they've

21:08 never seen an infrastructure problem

21:10 because for them

21:11 infrastructure is a given

21:13 it is not supposed to fail

21:15 so that's the second kind of

21:18 organization and then the largest part

21:20 of the world are all those who are

21:22 migrating into the cloud like you said

21:24 traditional

21:25 migrating into the cloud

21:27 now

21:29 when you are traditional and migrating

21:31 into the cloud this migration could be

21:33 called a transformation and and so and

21:36 so forth

21:37 it has to be driven by

21:39 the organization's need to go digital

21:43 and there are a lot of organizations who

21:45 are going digital and there is a

21:47 sizeable amount of organization also if

21:50 i were to split those who are

21:52 transforming into two parts those who

21:54 are already

21:55 somewhere closer to the target of

21:56 digitalization of their enterprise and

21:59 those who are beginning

22:01 because there's a huge amount of digital

22:03 information that is needed before

22:07 a network like i mean the cloud

22:09 facilities could really be used

22:11 right because unless you have the data

22:13 that you want to use for

22:15 business purposes

22:17 there is no need for them to go digital

22:20 for them to use cloud

22:21 so

22:22 the whole thing will then break you know

22:25 depend upon

22:26 the movement and the need and and and

22:29 and the impetus of

22:31 the market that every organization will

22:34 work with

22:35 uh to to bring them onto the cloud

22:37 because they would want to be more

22:39 available they would want the data to be

22:42 more

22:43 usable and i'm going to bring a little

22:45 bit of

22:46 a few of those ables from the standards

22:48 perspective right

22:50 um

22:51 you need to be able to

22:53 have your

22:54 network

22:57 structured in such a manner that

23:00 you are that your your business

23:02 functions are repeatable

23:04 and

23:05 comparable and therefore predictable

23:10 all right so that's a agony so point of

23:13 views we really need to look at

23:15 i i love what you described there's a

23:17 everybody is different right so you

23:19 cannot just using one solution to fit

23:22 all the organizations you really need to

23:24 tailor and that's why i liked i liked

23:26 what amit showed at the end a roadmap

23:30 it may be different for all these

23:32 different organizations but there has to

23:34 be a map for even those who are on the

23:37 cloud they need to get used to the fact

23:39 that tomorrow

23:41 infrastructure can fail and you need to

23:43 be prepared for that but that's a

23:44 different story i'm not going there but

23:47 i was just trying to contribute to your

23:49 conclusion that yes no

23:51 no one is saying you need a different

23:53 solution for everybody

23:55 right so you need to tailor the the

23:58 strategy or approach for your

23:59 organization all right uh

24:02 maybe uh amy what what you want to add

24:05 on that yeah yeah i can chime in like

24:07 agni said right the road match map

24:09 approach is really key uh i think

24:11 there's some of we talked about

24:13 segmentation we talked about micro

24:15 segmentation and putting sort of these

24:17 zero trust controls in place couple

24:19 things you can do as as a sort of a

24:23 strategy right one is kind of weaving

24:25 identity more closely into that equation

24:28 uh just having identity aware controls

24:30 and policies right and this could be

24:33 kind of like working with your existing

24:34 identity platform or or using a new

24:37 platform but

24:38 i think that needs to be a big part of

24:40 the security controls and and uh and

24:43 zero trust the second is

24:45 awareness of the endpoint

24:47 right like what device is this how clean

24:50 is this device is this a managed device

24:52 or not uh that's a very useful context

24:55 to kind of help start and and some of

24:57 these things you can start rolling out

24:58 using your existing uh platforms

25:01 existing controls right there's

25:02 integrations available and or you could

25:05 move to a new security control platform

25:07 but i think bringing these two elements

25:09 into the equation this really helps

25:12 move you further along on the sassy

25:14 journey

25:15 excellent so that's a great add-on

25:18 and jay what's your view on this one

25:21 yeah this is a tough one um especially

25:23 in the enterprise space um you know

25:27 i i think if you have the opportunity

25:30 a green field opportunity

25:32 um you know it's a it's a much easier

25:34 transition because you can build a lot

25:36 of this right in from the ground up

25:38 um but like i said in the enterprise

25:40 space you know you're always going to

25:41 have that hybrid of kind of some green

25:44 field maybe with public cloud or private

25:46 cloud and then you're going to have have

25:47 your traditional um you know data

25:49 centers and your in your network

25:51 um that you need to figure out uh a big

25:54 part of this for me would be

25:56 um you know really being able to map out

25:59 business application flow and

26:01 understanding what that is you need to

26:02 have some level of visibility you need

26:04 to know

26:05 um

26:06 what's good traffic versus i'll call it

26:09 non-good

26:11 and be able to you know be able to look

26:12 at that kind of stuff in order to help

26:14 you you know define

26:16 policy i think you'd need to have an

26:18 understanding of

26:19 um you know what

26:21 what you're what you're trying to

26:22 protect um

26:24 you know whether it be your crown jewels

26:25 or or other parts of your organization

26:28 and start there i think if you were to

26:30 if you were to look at it

26:32 if you're trying to attempt this you

26:34 know kind of at a large scale i i don't

26:36 think you're going to be successful i

26:38 think you've got to start small and uh

26:40 and build into it um that'd be my two

26:42 cents i i guess the other piece i would

26:44 add i mean there's a bunch of things

26:46 happening

26:47 you know in the network space

26:49 that are trying to help

26:51 you know this journey you know you're

26:53 seeing a lot of stuff you know a lot of

26:55 companies are are well on their journey

26:57 if not faster you know completed their

27:00 journey on moving away from i guess i'd

27:02 call it like layer three networks

27:04 into more

27:06 leaf spine networks

27:08 that kind of help support some of this

27:09 stuff there's a lot more um you know me

27:12 talked about uh

27:13 software-defined networking there's a

27:15 lot of preval you know a lot of that

27:16 stuff happening in the enterprise space

27:18 um adoption of virtualization things

27:21 like that that can really help you

27:24 you know kind of you know do things at

27:26 the network level but you know whether

27:28 it be at the overlay level or the

27:29 underlay level but you know you can help

27:31 define and break zones out a little bit

27:36 all right

27:36 i really like what you said about the

27:37 crown jewel model earlier right which i

27:39 mean if you're in a large organization

27:41 you can't do it all right it's just too

27:43 complex and too hard it really helps to

27:45 kind of have that understanding of what

27:47 are the important things you need to

27:48 protect

27:49 start there right build a plan around

27:51 those and then and kind of phase it out

27:54 yeah excellent so at the end of the day

27:57 you really need to know what you have

27:59 first

28:00 before you do any change right so

28:01 otherwise you don't know how do you

28:04 measure the success i know how do you

28:06 know one you you you complete some

28:09 transformation percentage-wise so you

28:11 need to know what do you have and this

28:13 also dynamically change you need to

28:15 always update that one

28:18 all right cool

28:19 i do see quite many questions online

28:22 already on the chat and on on the q a

28:26 some of them are quite specific or tied

28:30 to some solutions so i would encourage

28:33 our panelists

28:35 maybe later to to respond to that

28:37 especially if it's a technical question

28:39 so you may want to comment on that but

28:42 here i just pick up some general ones

28:44 so for example i think davey david

28:48 mentioned that zero trust which actually

28:51 related to our next question so xero

28:54 trust become kind of a very popular

28:56 concept in the industry so he wonders

28:59 how that works with our network security

29:02 and how that

29:03 zero trust how do you implement zero

29:05 trust in network security architecture

29:09 maybe uh i mean first i mean

29:13 take a stab at it right zero trust as a

29:15 concept has been been around for you

29:17 know some time right that uh started

29:20 using this term almost a decade ago but

29:22 the real gist of it is is uh that you

29:25 know in far and network security and

29:26 firewalls right we have this notion of

29:28 like implicit deny right

29:30 at the end right which is you know not

29:33 you block everything unless you

29:34 explicitly allow it right and that's

29:36 really the foundation of zero trust it's

29:38 default in eye mode right and uh but in

29:41 practice what we ended up doing is

29:44 we didn't know what all the traffic

29:45 flows were and very often like the

29:47 default deny model didn't work and then

29:50 uh

29:51 and there was this allow any any that's

29:52 not going to do firewall policies

29:55 and it just sort of stayed there right

29:57 and uh

29:58 i think the the the key with zero trust

30:01 is uh some things like network

30:03 segmentation right segmenting and that

30:05 works more and more finely so that it's

30:07 like agni was mentioning right the

30:09 analogy between a museum versus an

30:11 office right

30:12 the other other analysis similar very

30:14 similar analogy i like to use as a hotel

30:16 right in the hotel you have your key

30:18 card and you can walk into the lobby but

30:20 you can't go anywhere else unless your

30:22 key card is authorized right you can't

30:24 just walk into anybody's room you can't

30:25 go to the gym unless you have the your

30:28 your guests there you can't go to the uh

30:30 the the premium lounge in the top floor

30:32 unless you're a premium member right

30:35 and that's the type of model we need to

30:37 move towards

30:38 and that's really the gist of zero trust

30:41 and and like i mentioned like weaving in

30:43 elements like identity and endpoint

30:45 awareness

30:46 are really key to to that picture right

30:48 so making sure that

30:50 the firewall the network security device

30:52 knows who you are and what device your

30:54 com what type of device you're coming

30:56 from is a device safe at this point in

30:58 time right

30:59 those are additional context pieces that

31:01 that are needed to

31:03 to make that access decision

31:05 all right very cool

31:07 i think

31:10 that the network is

31:12 in between

31:14 the real guru here is the application

31:16 so when you're talking zero trust it's

31:19 really about

31:21 whether you are you all those components

31:23 that you can control before someone

31:25 reaches the application

31:27 are they

31:29 ready to trust that connection like amit

31:32 said and i think that hotel example is

31:35 very very relevant because

31:37 if you have a key card

31:39 does the elevator trust you

31:41 and if it does

31:42 i mean can i take your key card and go

31:44 up i could right that's one element

31:47 that's not controlled so if you had a an

31:49 elevator also complemented by the video

31:52 camera that says

31:54 this person with this card is not

31:56 is allowed while this person with the

31:58 same card is not allowed so that

32:00 probably could be zero trust

32:02 i just thought i would add on to what

32:03 amity was saying

32:07 all right so that's actually add on to

32:09 the the hotel story and uh so jay and do

32:13 you want to add anything on that one

32:15 sure i i i won't add on to the hotel

32:17 story i don't i'm not as creative as

32:19 those as the other two guys but um

32:22 i've just got a couple comments so one

32:24 is just make sure that everyone

32:25 understands zero trust is is it's a

32:27 security model um i think sometimes

32:29 people think it's a a product or

32:32 solution but it's really a it's a model

32:34 on how to apply security and yeah

32:36 everyone's right it's really around

32:38 um you know the concept of least

32:40 privileged access it ties to what

32:42 together contextual

32:44 um you know information whether it be so

32:47 it's usually application and user right

32:49 um as far as how to adopt it

32:52 um again i think um i think

32:55 risk appetite and security policies play

32:57 a big role in in helping you

32:59 at least give giving you some framework

33:01 to on how you're going to approach up

33:03 creating a policy

33:05 i i think it's really important to start

33:07 small

33:08 because again it's this is going to be

33:09 it's it's going to be a journey

33:11 um it's especially the enterprise space

33:13 is not something you're going to turn on

33:14 overnight

33:15 um

33:16 i would reiterate what i said before i

33:18 think it's incredibly important to

33:20 understand

33:21 your users and and and the in their

33:24 application traffic flows

33:26 um and really mapping those flows out

33:28 and understanding that in some cases

33:30 there's some tools that help with that

33:32 but sometimes it also requires some uh

33:35 some you know data mining and and things

33:38 like that uh to really understand where

33:39 i go that is um it's really important to

33:42 understand intent

33:43 uh in this situation right like if

33:45 you're just gonna map out flows you

33:46 don't know if the flows are are good

33:48 flows or bad flows right so if you're

33:50 gonna create a policy based on what you

33:52 see

33:52 it may not be

33:54 the ideal policy right um i think you

33:57 have to factor in things like

33:58 multi-factor authentication

34:00 into it usage tracking brian you brought

34:03 that up i mean this is going to be

34:04 something that requires continuous

34:06 monitoring and learning i think you're

34:08 always flipping between what i would

34:10 call learn mode and enforcement mode

34:12 because you're you know a lot of times

34:14 unless you've got a very very static

34:16 environment things are going to change

34:17 and you're going to need to adapt to it

34:20 and hopefully you can build in some

34:21 level of automation or orchestration to

34:24 assist with that so those would be my uh

34:26 my big things

34:28 excellent all right so like a xero trust

34:32 working with network security there are

34:34 actually quite many things happening in

34:36 the industry and so maybe we can recap a

34:40 little bit and from your point of view

34:42 what are some like current industry

34:45 trends or emerging technology or

34:48 emerging trends for the network security

34:51 we mentioned several things already but

34:53 here i just want to take opportunity

34:55 kind of like a recap

34:57 or may not be just a technology maybe a

35:00 compliance or maybe a standard or maybe

35:02 a

35:03 model or architecture so some of the

35:06 quest some of the our audience also

35:08 asked this question so

35:10 i'd like to hear your insights the

35:12 current industry trends about network

35:15 security

35:17 um

35:18 anyway i want to start i'll do it i'll

35:20 jump in on this one

35:21 um definitely what we're seeing um

35:25 a huge increase in in uh threatened

35:27 attacks

35:29 like it's just it's it's crazy

35:31 um we're seeing huge obviously the large

35:34 volumes of uh of remote access workers

35:37 you know in our case you know we we went

35:40 from

35:41 having

35:43 you know probably

35:44 probably our our global solution for

35:46 remote access pre-pandemic you know

35:48 probably supported somewhere around

35:51 maybe 25 or 30 percent of our of our

35:54 overall work workforce

35:56 and you know within a matter of weeks we

35:58 were now supporting like 95

36:01 um uh i i talked about this earlier uh

36:04 the amount of network traffic we're

36:06 pushing today is is

36:09 lar is is more than we've ever seen um

36:12 you know agni talked about it was a

36:13 really cool thing he brought up around

36:15 people and collaboration and obviously

36:18 that those that you know with us now not

36:20 being face to face or

36:22 um you know working in the same

36:24 environment where

36:25 all our collaborations happening over

36:27 the network

36:28 you know whereas probably a portion of

36:29 it was only happening over the network

36:31 so we're seeing that video content

36:33 um you know the business is moving

36:36 you know uh

36:37 moving more and more out to you know to

36:40 leveraging public cloud leveraging sas

36:43 um applications so again that's all

36:44 putting strains on on on the network and

36:47 the network security infrastructure

36:49 um the increase i already talked about

36:51 the increase of cloud adoption and one

36:53 thing i'm we're seeing a lot of um i

36:55 mean this has been building for years

36:56 but

36:57 more and more use of encryption i mean

36:59 probably when i look at our

37:02 um our

37:03 egress traffic flows i'm gonna guess

37:06 we're probably somewhere around 97

37:09 percent of our flows are now encrypted

37:12 so those are the are the big trends that

37:14 we're seeing

37:15 wonderful that's a great firsthand

37:17 experience

37:19 and anyone else want to add on that

37:25 yeah uh so

37:27 i i i was actually looking up my

37:29 previous notes that

37:31 i had from uh from a meeting that we're

37:34 talking about what's emerging and what

37:36 is going to be probably big thing in the

37:38 future and there's one thing that struck

37:40 me very very

37:41 um

37:43 very very unique it's called as moving

37:45 target defense and that's probably

37:47 something that's going to come up in a

37:50 large way in the future currently a few

37:53 vendors are doing something about it but

37:55 i think moving target defense is going

37:58 to become a big thing in network

38:00 security in the future

38:01 this was based upon a paper that was

38:03 written by a department of homeland

38:05 security

38:06 some time ago on how you can keep

38:09 shifting your your your targets uh

38:12 constantly uh on the network and if

38:14 you're able to do that whether you do

38:16 that via decoys whether you do that via

38:20 uh you know a particular network

38:22 architecture or a design or or a switch

38:26 or a router or any other box that that

38:28 comes in in front of your network and

38:30 constantly keeps moving

38:32 the the targets that's going to become

38:34 something very interesting in incoming

38:37 times

38:38 and i believe

38:39 there's a lot of research that is going

38:41 on in that area

38:43 so so the way that works is very simple

38:45 so imagine you're trying to shoot a

38:47 target and the target shifts by

38:50 two inches

38:52 you are definitely going to miss that

38:53 target and it shifted it shifts two

38:56 inches every time you shoot so that's

38:58 the concept of moving target defense but

39:01 a concept

39:02 coming down to reality in terms of how

39:05 it manifests

39:06 itself on the network how how cloud

39:09 service providers are going to bring

39:10 that like you know someone like

39:12 cloudflare is probably going to bring

39:14 that to

39:15 our tables is something that is yet to

39:17 be seen

39:20 all right moving target so that that's

39:22 the uh

39:23 one thing i actually first time here

39:25 this wonderful answer that's really

39:27 interesting

39:28 uh amit you want to

39:30 share anything

39:31 yeah that's that's a very yeah i agree

39:33 that's a very interesting sort of way of

39:35 looking at the problem right it's like a

39:37 little bit of the whack-a-mole game

39:38 right it's

39:40 anytime

39:41 you feel like you've saw you fixed one

39:43 this year the new one pops up but

39:47 if i really sort of step back uh the big

39:50 big macro shift that we're seeing right

39:52 now is mj alluded to this a little bit

39:55 right is this whole thing that i call

39:57 the consumerization of enterprise id

39:59 there's a whole host there's a whole

40:01 ecosystem of sas applications out there

40:04 the new one popping up every week right

40:06 they're geared at solving or digitizing

40:09 some business process something that you

40:11 used to do that was it was and

40:15 smart software engineers trying to

40:16 figure out okay how do i do this better

40:18 and make it more efficient for you and

40:20 save you time and money and i'm going to

40:22 deliver it to you as a sas application

40:24 right either through the web or as a

40:26 mobile app and i'm going to deliver it

40:27 over the internet

40:29 and that's the way i want users to

40:31 consume it

40:32 and our sort of

40:34 challenges on the vendor side is how do

40:36 we ensure that

40:38 we connect the user and that application

40:41 it could be sitting in like aws or gcp

40:44 whatever it is right how do we connect

40:46 it

40:46 over the most efficient path but at the

40:49 same time give enterprises the security

40:52 controls they need to uh to ensure that

40:54 the users and data is safe right so uh

40:57 that's that's really kind of what we're

40:59 working on on the vendor side and trying

41:02 to sort of minimize the number of

41:04 inspections minimize the number of round

41:06 trips minimize any any sort of traffic

41:08 tromboning that could be happening right

41:10 that's kind of what we're focused on in

41:12 delivering a sassy platform

41:15 very cool

41:16 so that's actually also reflects what we

41:18 mentioned today it's a

41:20 different world right now the

41:22 requirements hybrid decentralized and

41:25 people wants a lot of choice flexibility

41:29 in the meantime you have to deliver in

41:31 the agile way it's just like a pandemic

41:34 you have to overnight like almost like

41:36 overnight like a json

41:39 from 25 all of a sudden become a 95 or

41:42 even more so that's actually reflected

41:45 the speed and the scale of

41:48 of your network security to meet the

41:50 current

41:51 industry requirements

41:53 okay um all right so i want to switch

41:56 gear a little bit

41:58 uh i'm sure there are quite many people

42:00 online

42:01 today

42:02 they are interesting cyber security or

42:05 network security they also want to tap

42:07 into some latest technology

42:10 or career opportunities

42:12 since uh network security also changed a

42:14 lot and

42:16 we we talk about quite many technologies

42:19 people ask okay uh if i'm interested in

42:22 this field what kind of things i should

42:24 learn what kind of standard i need to

42:26 kind of understand what kind of

42:28 compliance or

42:30 what kind of things i need to kind of

42:32 start to pay attention to

42:34 so my next question for you is

42:36 from your point of view uh when you

42:38 build a successful from hiring company

42:41 point of view when you build a

42:42 successful security team for a hybrid

42:45 work working work environment what kind

42:48 of a key

42:50 skills or capabilities

42:52 you are looking for

42:54 so which give us some guidance to our

42:56 audience if they're interesting career

42:58 opportunities

43:01 all right jay you want to start sure

43:03 i'll jump in um

43:05 my some of my answers might surprise you

43:07 um it's not i'm not going to focus so

43:09 much on the technical side i actually

43:11 think

43:12 you know the whole this whole

43:14 presentation's just been taught we've

43:15 talked about flexibility and and the you

43:18 know the speeds and scale and uh that

43:20 that we need you know basically we have

43:22 to move at the speed of the business

43:24 right

43:25 some of the key key skills i think

43:26 people need to have is adaptability um i

43:30 think the right aptitude uh

43:32 i think people have to have this

43:34 continually continuous learning mindset

43:37 um because things are changing so

43:38 quickly um you need to be you need to be

43:41 prepared for that

43:42 uh i think

43:44 collaboration i mean who knows you know

43:46 where i don't think the world's ever

43:48 going back to the way it was

43:49 pre-pandemic you know i think i think

43:51 we're you know a lot of a lot of things

43:53 are going to be very hybrid so having

43:54 really strong collaboration skills um

43:57 being able to have strong written and

43:58 verbal communication communication

44:00 skills is incredibly important

44:02 i also think having um you know for a

44:04 lot of people in the technical space for

44:06 the longest time you know it was all

44:09 about the product or the solution that

44:11 they supported and i'm not i'm not

44:13 trying to um

44:14 [Music]

44:15 uh

44:16 say that's

44:18 not important what i'm trying to say

44:19 though is understanding what the

44:21 business

44:22 wants understanding how

44:24 how

44:25 how you or as an employee or or how

44:28 network security

44:29 security solutions can create value is

44:33 very very important so i put down like

44:35 business um focus or or business acumen

44:38 trying to understand kind of where the

44:40 business is headed and how you can play

44:42 a part in that um is really really

44:45 important so those would be mine

44:48 actually you actually talk about human

44:50 network right so you talk about

44:52 collaboration adaptability and also to

44:55 learn speak other people's language to

44:58 to for the purpose of a better

45:00 communication so that's great inside

45:04 uh acne you want to share any insights

45:07 from your end i'm

45:09 i'm

45:10 going to try and connect what amit said

45:12 last to what jay said now

45:15 so by the way i fully agree with jay

45:17 the technology part is the easier part

45:20 it's the other parts of the difficult

45:22 but let me go over to what jay said

45:24 there are five uh

45:26 things that are going to come to all

45:29 enterprises and they're going to seek

45:30 connectivity through the cloud or

45:33 through the standard mechanisms one are

45:36 your internal employees who are sitting

45:38 in

45:39 on a local area network in your offices

45:42 uh

45:43 hybrid is not going away right so there

45:44 are going to be some people in office

45:47 two those people who are trusted

45:49 employees and who are outside for trying

45:52 to come in

45:53 uh three are going to be suppliers and

45:55 partners and they would seek

45:58 newer more flexible options to come in

46:00 especially those who are going to fix

46:02 your problem right so you your machine

46:05 went down you need someone across the

46:07 world who's got the right skill sets and

46:09 the right tool sets to come and fix that

46:12 problem you're going to allow them to

46:13 come in

46:14 uh four is your data center itself right

46:17 so the data center is probably moving to

46:20 the cloud but it still is an element

46:23 that you need to connect

46:24 and and lastly our instruments ot iot

46:30 industrial control systems cada plc's

46:34 all these are soon going to require

46:37 connectivity to the network not only to

46:40 the network but also to the cloud

46:42 directly and indirectly the reason i

46:44 said all these things is to enforce upon

46:47 the point about what we need from the

46:49 people so while you may have some people

46:52 who are focusing on the technology

46:54 someone would understand iot better than

46:56 someone else but

46:59 in the end the people that we need in

47:01 the cyber security part of the world are

47:04 those who understand the business

47:07 or who have the willingness to

47:09 understand the business

47:11 and those who have the patience to go

47:14 through and be adaptable based upon

47:17 whatever new things that throw are

47:19 thrown upon them and lastly those who

47:22 have the hunger

47:24 to learn new things as they happen and

47:26 to use that knowledge to fulfill all

47:29 these five kind of

47:31 connectivity requirements of the future

47:35 very cool i really appreciate your input

47:38 and

47:39 people right so the

47:41 people to understand the business that's

47:44 actually in a way is to understand the

47:46 needs why we need to do it right so

47:50 back to the targets although there's

47:52 moving targets but we want to focus on

47:55 the major tactic

47:56 to to satisfy the business needs rather

47:59 than you just randomly add another piece

48:02 of technology to feels very cool or

48:06 showcased so that's also very important

48:09 all right i mean one of the questions

48:11 that i always have sorry one of the

48:13 questions that i am always having to ask

48:17 my teams is guess

48:19 it's why

48:21 someone comes and tells me they they

48:23 want firewall as a service why

48:26 and i i need this this big thing on the

48:28 firewall management system why and the

48:31 moment you ask those questions you go

48:33 back to what the business wants to do

48:35 because cyber security is no longer

48:39 something that you use to protect your

48:41 business cyber security is going to be

48:44 the cornerstone of your next business

48:48 transition transformation totally it's

48:50 all about enablement i couldn't agree

48:52 more

48:53 absolutely that's the biggest thing i

48:55 talked about started to jump in on this

48:56 but i talked about my history like way

48:58 back in the day

49:00 it was it was a cyber security well it

49:02 wasn't even cyber security at the time

49:04 but it was about protecting it was about

49:06 defending or or you know detect you know

49:09 detection and maybe a little bit of

49:10 prevention

49:11 cyber security now is all about business

49:14 on business enablement that's the piece

49:17 it's a jump it's a it's a it is a jump

49:19 from some people

49:20 but that's what it's about it's about

49:22 identifying how cyber security and how

49:25 the network security solutions or

49:26 whatever security solutions we're

49:28 talking about

49:29 are creating value for the business

49:30 otherwise it doesn't matter

49:34 i i couldn't agree more with with uh

49:36 both of you right it's absolutely about

49:39 enabling the business enabling

49:40 transformation right yeah but going back

49:43 to what jake said a little bit earlier

49:45 right this whole notion of uh

49:48 uh skills being sort of more or bounded

49:50 and finite and technology driven right

49:53 like 20 years ago and i you know 20 25

49:56 years ago when i started dabbling in

49:57 networks and security it was it was

49:59 about learning the platform or learning

50:01 a particular brand of appliance from a

50:04 vendor right and and

50:06 that brand of appliance and that model

50:08 model would probably stick around for

50:10 five six seven years and today's in a

50:12 cloud scenic world we're seeing new

50:14 capabilities and new features being

50:16 released every week right so i think

50:18 it's more important to have a skill

50:21 think of skills in terms of concepts

50:23 rather than individual technologies or

50:26 individual vendors right so so those

50:28 concepts are and then you made a point

50:30 about adaptability aj which is i think

50:32 really key right if you have that if you

50:34 have that skill then you can take that

50:36 concept and apply it to different

50:38 scenarios and different domains and

50:41 and sort of

50:43 find your way through it right

50:45 one foot

50:47 and as you can see three of our panel

50:49 members they have

50:51 years of experience and they observe all

50:54 those transition or probably many

50:58 generations of uh

51:00 network things right so this is not the

51:02 first time this actually definitely not

51:05 the last time so this is just a part of

51:07 it

51:08 although this is quite big but

51:10 uh from their years of experience what

51:12 they

51:13 share with you really is all those

51:16 focus on people focus on uh business

51:19 also focus on the big picture concept

51:22 and how to putting the things together

51:24 so really you need to establish that big

51:26 picture rather than just focus on one

51:28 two or the other all right cool

51:32 and this pretty much come to our end of

51:34 our final discussion we we have a

51:36 calculator almost like uh 50 minutes

51:39 um

51:41 before we go

51:42 actually i want to ask our panel members

51:45 before we

51:46 finish this panel

51:48 if you can make one recommendation to

51:51 our audience uh regarding network

51:54 security or regarding the best practice

51:56 for hybrid uh like a working environment

52:00 what would you like to say to them

52:02 so you can only share one

52:04 due to the time uh what would you what's

52:07 your top uh recommendation

52:10 let's start with a meet

52:13 i would say like don't be too attached

52:15 to the how

52:17 right you may be you may be used to a

52:19 certain way of doing things but think

52:20 about really what is a business need

52:23 what do you what are you what is the end

52:24 goal what are you trying to achieve

52:26 and think more broadly in terms of like

52:29 what are the different ways i can

52:30 achieve this objective right and and the

52:32 way that you're most comfortable with

52:34 may not be the best way right so like

52:36 that's that would be one recommendation

52:38 i'll leave the audience with

52:40 excellent starting with the business

52:42 needs

52:43 all right for anywhere else

52:45 go next um uh it may be along a similar

52:48 line but i i think it's it's all about

52:50 being outcome focused

52:52 focus on the outcome

52:55 right that that should be your your

52:56 where your all your focus is and then

52:59 you know as me mentions there there's

53:00 there could be many different ways to

53:02 achieve that outcome

53:03 and you know but in in it's working

53:06 through those right through whether it

53:07 be through

53:08 iterative processes or or whatnot but

53:11 it's all about being outcome focused

53:14 no no what know what you're know what

53:15 your outcomes are that you're going

53:17 after and what are going to drive the

53:19 business forwards

53:21 in other words it's objectives your

53:23 your goals right so

53:25 don't lose the big picture

53:28 excellent agony you want to add

53:30 yeah i think um we've talked about this

53:33 many times and there's one area that we

53:36 did not and that's an area of focus that

53:39 i would advise everybody to no matter

53:42 what you do how diverse your network is

53:45 whatever that you're planning

53:46 don't forget the governance and

53:48 oversight you need to have complete

53:51 visibility of everything in your

53:54 enterprise in the network

53:57 gives you that visibility if you have

53:59 the mechanism to stand guard on every

54:02 traffic that is going through your

54:03 network do it because that's going to

54:06 give you value to build cyber security

54:09 in addition to enabling the network

54:12 so the visibility is very very important

54:15 so it's not just for practitioners to

54:18 defend but also for auditor like for

54:22 compliance for governance

54:24 like three lines of defense even for

54:27 operations you need visibility because

54:29 if you don't know

54:31 what's going on

54:32 you wouldn't have get those early

54:34 indicators which you will use to respond

54:37 to a future attack

54:40 very true

54:41 and the visibility actually is the key

54:43 components of all the what we talk about

54:47 all right so uh thank you very much uh

54:49 everyone a hour panel members again a

54:53 meet from cloudflare

54:56 jay from rbc and agony from biocon so i

55:00 like to ask everybody online to give

55:03 them a virtual applause of pat to thank

55:07 you very much for coming to speak to us

55:11 all right thank you thank you very much

55:13 love to do this again

Show more