Join us for a deep dive into cybersecurity insights with Nanhi Singh from Imperva at the RSA conference.
In the buzzing atmosphere of the RSA conference in San Francisco, key players in the cybersecurity industry gathered to discuss the evolving landscape of technology and data security. Among them was Nanhi Singh, the General Manager for the application security business of Imperva, who shared insights on how organizations are redefining cybersecurity to achieve better business outcomes.
Embracing Technology for Business Success
The theme of this year's conference, "The Art of Possible," resonated with Nahnhi Singh as she highlighted the shifting perspectives of executives and organizations towards leveraging technology and cybersecurity to drive business growth. In a conversation with Sean Martin, host of the Redefining Cybersecurity podcast on ITSP magazine, Nanhi discussed the critical role of CIOs and CISOs in not only securing digital experiences but also enabling business innovations.
Navigating the Complexities of Application Environments
As organizations embark on their digital transformation journeys, the complexities of modern application environments come to the forefront. Nanhi emphasized the prevalence of APIs in connecting various systems and the challenges of securing these connections amidst cloud migrations and hybrid infrastructures. Imperva's API security solutions were highlighted as essential tools in providing visibility and protection against potential threats.
Addressing Concerns of API-Driven Attacks
The conversation delved into the rising concern of API-driven attacks, with Nanhi underscoring the importance of identifying and mitigating threats posed by advanced bots targeting organizations across different industries. By leveraging Imperva's advanced bot protection solutions and a comprehensive security portfolio, organizations can fortify their defenses against evolving cyber threats.
Empowering Organizations with Comprehensive Security Solutions
With the recent acquisition of Imperva by Thales, Nanhi Singh showcased the combined strength of their security offerings, encompassing application security, API security, advanced bot protection, data security, encryption, key management, and identity and access management solutions. This holistic approach enables organizations to protect their data and applications across diverse environments and technologies.
Driving Operational Efficiency and Focus
In a landscape where security teams are stretched thin and faced with cost constraints, Imperva's solutions aim to enhance operational efficiency and empower teams to concentrate on strategic security initiatives. By automating security controls and collaborating closely with customers to mitigate threats, Imperva ensures that organizations can operate securely and effectively in a rapidly evolving digital ecosystem.
Securing Applications Anywhere
As applications are deployed across multiple cloud providers and environments, the need to secure them anywhere becomes paramount. Imperva's commitment to safeguarding applications and APIs regardless of their deployment location reinforces the idea that security should be intrinsic to every aspect of an organization's digital infrastructure.
Conclusion
The engaging dialogue between Nanhi Singh and Sean Martin offered valuable insights into the current cybersecurity landscape and the imperative for organizations to adapt proactively to emerging threats. By embracing the art of what is possible in cybersecurity, businesses can not only safeguard their digital assets but also unlock new opportunities for growth and innovation. Imperva's comprehensive security solutions stand as a beacon of trust and efficacy in an ever-evolving cybersecurity landscape.
Stay tuned for more insightful conversations and updates from Imperva at the RSA Conference, and continue following our coverage to stay abreast of the latest trends and developments in cybersecurity.
Thank you for joining us in this exploration of cybersecurity and business resilience.
Learn more about Imperva: https://itspm.ag/imperva277117988
Note: This story contains promotional content. Learn more.
Guest: Nanhi Singh, Chief Customer Officer and GM Application Security at Imperva [@Imperva]
On LinkedIn | https://www.linkedin.com/in/nanhi-singh-aa51371
On Twitter | https://twitter.com/NanhiSingh14
Resources
Learn more and catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva
View all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Embracing the Art of Possible | A Brand Story Conversation From RSA Conference 2024 | An Imperva Story with Nanhi Singh | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
00:00:00] Sean Martin: And hello everybody, you're very welcome to our actual real on location from RSA conference. This is Sean Martin, host of the Redefining Cybersecurity podcast on ITSP magazine. And uh, Mark and I are here in San Francisco getting to talk about all kinds of cool things cyber, uh, in related, in relation to the business.
Uh, I think the, the theme this year is the Art of Possible. And I think we're seeing a lot of shift in how executives and organizations are viewing technology and cyber security more specifically to help them achieve better things with their businesses and, uh, I'm thrilled to have Nani Singh on with me today.
Nani, it's good to have you back again.
[00:00:40] Nanhi Singh: It's great to be here.
[00:00:41] Sean Martin: Yes, and, uh, hopefully a good week in San Francisco, uh, brewing for you. I'm sure a lot of great conversations, uh, with executives and, and practitioners. All things data. For Imperva, of course, securing that data wherever it lives. And, uh, for those who haven't heard our other chat, where I think Marco joined us, if I'm not mistaken, um, a few words about what you're up to now at Imperva.
[00:01:08] Nanhi Singh: , so I have recently taken on the role of, uh, GM for the application security business of Imperva. Um, and it's, uh, it's been a whirlwind, uh, and it has actually been, uh, already a very busy morning here at RSA, uh, meeting with several CISOs, uh, and I've actually also had the opportunity to meet with some CIOs as well.
Um, so I think there is, um, there is a shift that is happening and there is some energy that you can feel here at RSA, uh, that I think is quite different from what we've seen in previous years.
[00:01:45] Sean Martin: Yeah, I would concur, even just the bit of time that we've been rumbling around here. And I'd like that you mention the CIO conversation you're having as well, because I'm also hearing that as I talk to folks out and about, that organizations, CIO, CTO, COO, CSO, they're trying to figure out how to Do things better for the business, right?
Kind of redefining how they interact with each other and achieve better things.
[00:02:16] Nanhi Singh: Um, I think what happened with the whole discussion around, um, the, you know, digital transformation is that it really accelerated during the pandemic and companies were forced to become digital. Even if you look at, um, how our experience changed.
in terms of going to a restaurant, you almost now never see a paper menu. You pull out your phone, and you scan a QR code, and you, um, look at a menu on your phone. And what that phone is doing is making an API call to a backend that is presenting that menu. And when you make your selection, that is then again connecting to another backend and that is probably conducting a digital banking transaction.
And so now every business is a technology business. And so CIOs care about that digital experience and they have to make sure that that digital experience is secure. And that's where the CISO comes in. And if you're a publicly traded company, which a lot of our customers at, uh, Imporva Then, you are accountable to the board, and security is now a board level discussion.
[00:03:45] Sean Martin: And so for, the conversations that you're hearing, um, I think it's easy, easy as certainly me as a security person to lean in on security to start, here's how we. Identify the risk. Here's how we put controls to mitigate the risk and ultimately that sets up a series of no's, you can't do that, right?
Uh, responses to potential opportunities that business puts forth. So I'm wondering how, how have those conversations changed, if they have changed, to, to CIOs saying here, here's how we need to present our data as we build our apps.
But to do so in a way that's more secure.
[00:04:26] Nanhi Singh: Yeah. So I think CIOs, um, are definitely talking about the customer experience and CISOs are recognizing that they have to be business enablers and not just the people who say no, but at the same time, they are accountable to the company for the risks that they secure against.
So it has to be a very informed, um, decision on what is, um, what must be protected, and, uh, how does that protection happen without getting in the way of doing business. So I think the conversations have shifted from just being, you know, CIO says no, you can't do this, to here's how you can do this. That makes sense.
[00:05:17] Sean Martin: Yeah, absolutely. Absolutely. So when, so talk to me a little bit about how they are strategizing their application environment. Because you mentioned an application, a menu application that feeds data to it, and a purchasing piece that's calling another API that supports that process, piece of the process.
So, It's not just building an app from end to end. It's building an app using commercial services, open source pieces, a lot of these interfaces that some of them you don't have control over in terms of what they're doing on their end, necessarily. So you have to understand that whole view. So how do organizations kind of get their hands wrapped around that as they're building their apps?
[00:06:05] Nanhi Singh: Yeah, I think organizations are struggling to get their arms around everything right now. Um, I, I think that we have, uh, very distributed environments in most, most, uh, companies, especially large enterprises, are, um, either, uh, halfway to the cloud or almost all the way to the cloud and then maybe thinking that they need to pull back and put some things on prem.
So, there's a combination of hybrid, on prem, pre prem. Cloud native versus just a lift and shift of applications. So there's a whole mix of things, but what is common in all of these is, um, how they're all connected and, uh, it's through APIs. So there is a proliferation of APIs in this, you know, um, very distributed environment where, uh, companies are at different stages of their.
App modernization journey. Um, some of them are, you know, they're talking about being in the cloud, but they really haven't taken advantage of the, you know, real cloud environments and elasticity and so on. They've just moved applications to the cloud and they're just managing it there. Whereas there are others who've built applications that are cloud native or are somewhere in the middle of it.
But really what's common amongst all of them is, um, The heavy use of APIs to make everything work.
[00:07:34] Sean Martin: And in terms of, because you kind of touched on here, right, multiple clouds, certainly companies acquire other companies and buy off the shelf stuff that only works in certain environments and things like that as well.
So how do, how do they navigate, How they build their applications to support these different environments, different cloud service providers, different container environments, different maturity levels in terms of the apps. Sometimes they build their own API services, they use shared services in their own company, sometimes they outsource some of that.
[00:08:09] Nanhi Singh: Yeah, I think, uh, we had recently released, uh, our API security report, and, um, there is a statistic in there about, uh, 46 percent of API developers conceive, implement, uh, test and deliver API to production in one week. So, I think that is telling in that, uh, Was security top of mind when they were building that, right?
Um, so I think API security is really key right now. And, uh, the Imperva API security as an example is a solution that helps you, you know, discover all the APIs that, that are, that are out there. Because a lot of our customers actually don't even know what's out there.
[00:08:59] Sean Martin: Yeah. Visibility, of course. You have to have, uh, An idea of what's going on.
So how does that piece work? How do, how do organizations embrace that to get that view of what's happening?
[00:09:11] Nanhi Singh: I think how organizations are embracing that is takes me, it takes it back to the first point I made about, um, this is a board level discussion. So I think board members are also very familiar now of attacks that have happened through APIs.
And so they ask the question, they ask, are you sure we are secure? Right? And the CISO has got to have an answer for that. So API threats are top of mind. Uh, I definitely hear about that at every customer meeting I'm at. Um, everyone is talking about, you know, what, what can we do that we haven't done already to secure, um, against API driven threats.
[00:09:52] Sean Martin: And is it, I would imagine it's, they are vulnerable to things and they don't know it until they have this view. Um, And is it specific threats and attacks that they're worried about, depending on industry or sector, or is it just that we don't know and we need the help to get that big picture?
[00:10:11] Nanhi Singh: Yeah, I think threats are, um, different by different sectors.
Um, so for instance, uh, we have a lot of customers who are in the hospitality and the travel industry, and we see that they are in particular under attack by, you know, Persistent bots, really advanced bots that, um, are targeting their, their sites and their APIs. Um, so it, it does differ by industry. Um, but, um, I think, um, bots, which is, you know, now again, uh, almost 50 percent of internet traffic is bots.
And about 30 percent is bad bots, so it's bad actors really going after doing something that either takes down the business or steals data or steals, you know, important assets of the company. So, yeah, it does differ by industry, but the solutions to prevent these attacks are pretty similar.
[00:11:19] Sean Martin: Let's talk a bit about that.
How, how does an organization, um, I don't know, maybe what's the first step they take? I think we talked a little bit about visibility. Maybe that is the first step. But how, how do organizations work with Imperva to kind of get the visibility to an identification of here's how we move forward with this to gain some control that we can then report back and say we're making some, some progress on this.
[00:11:46] Nanhi Singh: Absolutely. So, with, um, the acquisition of Imperva by Thales, um, I think that we now have a really, uh, very well rounded and complete portfolio. Um, so the Imperva side brought application security, which includes, you know, the WAF that we are most famous for, our API security, our advanced bot protection solutions, and, And, um, and then our data security, which was really around database access monitoring, uh, and data risk analytics.
Uh, but what the Thales side had already and, you know, has been a leader in for a while is all of the encryption and key management and HSMs. Uh, and then with the, uh, an acquisition that they made prior to, uh, the, the acquisition of Imperva, the identity and access management solutions. So, I think that.
It's, it's about, you know, you said about protecting data and we've always said at Imperva it's about protecting data and all paths to it and those paths come through applications and they come through identities. And with this complete portfolio now with the IAM solutions and the application security and then our data security solutions that give access to, you know, custom Who's been accessing the data, give visibility into that.
Uh, so I think that we are now, uh, able to come to our customers with a complete, uh, portfolio of offerings.
[00:13:19] Sean Martin: Yeah, I love it. Cause you, you mentioned the, um, the bots, which, uh, obviously those are applications pretending to be humans sometimes, but a lot of times they're working on behalf of companies in a positive way.
Um, How does that connect to the API piece? Because I'm thinking about, those are clearly machine entities or identities in some cases, right?
[00:13:45] Nanhi Singh: Yes.
[00:13:46] Sean Martin: Um, so we want to build applications that have some of that, where we're not trying to keep the human in the middle to, and may slow things down. So we build machine to machine, application to application, things to kind of speed things up, make decisions on our behalf.
[00:14:02] Nanhi Singh: Right.
[00:14:03] Sean Martin: So how does that picture look?
[00:14:06] Nanhi Singh: So what it looks like is actually that most of the traffic on the internet is actually API driven now, right? It's the machine to machine thing. And um, APIs are often not able, not often, most of the time, not able to actually tell the difference between the bot, uh, and the human.
And so a lot of API, APIs are being compromised by bots. And that is really where the bad bots are focusing on right now. So that's kind of what it looks like is, um, everything is automated. And, um, a lot of it is bad bots.
[00:14:48] Sean Martin: So how does Imperva help overcome some of that? I'm presuming a bit of identity stuff in there, the API security.
How does that work?
[00:14:57] Nanhi Singh: So, um, we have a really good advanced bot protection solution. And a lot of our customers, uh, who are most susceptible to, um, uh, bot attacks are using our advanced bot protection solution. And we have always taken great pride in, uh, our security efficacy. I think that, uh, over and above everything else, different from some of our, uh, competitors who focus on other things, We have always been a security company.
One of the things that we are really proud of is that on our Cloud WAF solution, um, more than 90 percent of our customers are using us in blocking mode and without exceptions to policies, right? And that's the level of trust in our security. We carry that same efficacy focus on ABP as well, on Advanced Bot Protection.
www. And one of the ways in which we do that is, uh, a combination of obviously the product, right, which, which does a great job, but also a team of security analyst services who work with our customers on the most difficult bot attacks. And then we fine tune based on what we learn as we fight those bad actors building these.
And they are continually evolving them to try and, you know, uh, get past all the controls that we are putting in. So our security analyst services team works with our product team to very quickly make those adjustments. Very similar to how on the WAF side we have a really good threat research team. Uh, who work on, you know, using machine learning, understanding what kinds of threats are evolving, and making those changes really quickly to our rules that protect our customers out of the box.
The customers don't need to do anything there. It's already, they're already protected. Yeah.
[00:17:05] Sean Martin: And this is, for me anyway, super important. So I want to make sure everybody who's listening hones in on what Navneet just said, because it's about being able to scale. Right? But not at the expense of, of accuracy, and not at the expense of, uh, leaving.
So you don't want to be too controlled, and you don't want to be too loose. You want to have that nice mix, and that, that's only possible when you have the knowledge for how to tune the rules, and the settings, and the, and the protection capabilities supplemented with really smart people. And uh, 90 percent is a huge, huge number.
That's the point I wanted people to hone in on is. Think about putting protections in place where you're relying and trusting. I don't think many people can do that for a lot of a lot of solutions out there. So 90 percent is huge. And I think that's an important piece because that as a security team takes a lot of a lot of angst off of off the team for how to deal with a lot of stuff.
If you're if you're more focused on what really matters with the support of Improva too. Kind of help fine tune those last, those last little bits, I think, much, much better shape.
[00:18:17] Nanhi Singh: Absolutely, and I think, uh, another thing a lot of our CISOs, uh, customers tell us is that, um, their teams are stretched too thin.
So, and increasingly they have, um, you know, cost reductions that impact their teams. So they need our solutions to be. Really efficient and helping them with their operational efficiency so that they can focus on the stuff that You know really matters and leave the rest to Two companies like Imperva.
[00:18:52] Sean Martin: Yeah making their food and selling it Nani is there anything else You think organizations should know before we wrap here anything there? They might not be thinking about that you want maybe to shed some light on for them
[00:19:09] Nanhi Singh: Um, so I think, uh, the only thing I will say that we haven't talked about already, kind of goes back to, you know, we talked about the distributed environments and how applications are everywhere, right?
On multiple different cloud service providers, on prem, and some are containerized applications, some are just the typical lift and shift. Uh, I think what's really important is that, um, We at Imperva believe that we need to secure applications anywhere. And that is a key part of our strategy, is about protecting applications and APIs anywhere.
So customers can choose to deploy them where they choose to deploy them, but they can have the same security efficacy that they've learned to trust available no matter where their applications are deployed.
[00:19:58] Sean Martin: Fantastic. Alright, well Nani, thank you so much for this, for this chat, and I I hope everybody listening, uh, picked up a few points to look, look differently at how they, uh, secure their applications, secure their APIs, and, and build a, a business process that, uh, that enables business growth and allows revenue to be generated in a safe and, safe and secure fashion.
So, Nani, thank you so much.
[00:20:24] Nanhi Singh: Thank you so much, Sean. Great to speak with you.
[00:20:26] Sean Martin: Absolutely. And, uh, hopefully we'll do more of that as well. And, uh, more coming from Imperva at RSA Conference. Uh, so stay tuned for that. And, uh, please do follow all of our coverage here at RSA. And, uh, thanks everybody for listening.