Goutam Pudota, CISO and Group Head of Information Security at IFFCO discusses how it – a leading manufacturer in the food and beverages industry based in the United Arab Emirates – worked with Secureworks to securely simplify and streamline its operations. Pudota explains how the company leverages Secureworks’ XDR and VDR platforms to support cybersecurity across its cloud and IT infrastructure.
Secureworks has been working with IFFCO since the beginning of this year. IFFCO selected Secureworks based on its ability to provide a managed service that complements IFFCO’s in-house capabilities. Secureworks’ Taegis XDR platform and MDR services went live in February. It has bolstered IFFCO’s defensive posture, provided it with proactive cybersecurity capabilities and given it a unified view of its cloud and IT infrastructure. Secureworks provides IFFCO with monitoring capabilities, risk analysis and contextualised guidance to mitigate threat alerts. Should the need arise, Secureworks is always on hand to provide IFFCO with a deeper level of investigation through its incident response capabilities. IFFCO has a dedicated customer success manager that maintains a regular dialogue with the CISO’s office to discuss the latest threat intelligence and help IFFCO to constantly improve its cybersecurity infrastructure.
What does a typical working day look like for you and what’s the scope of your responsibility at IFFCO?
I head the entire information security department as a CISO for IFFCO. My remit includes global operations which spans the 17 different countries we operate in, across 33 different plants.
My typical working day begins by looking at the latest threat intelligence reports, which provides me with an update of what’s happening across the security industry. Then I review our internal logs and SOC reports to see if there are any incidents or actions that require my attention. This is all extremely useful because it gives me a balanced view on what’s happening inside and outside the organisation.
Typically, this would be followed by meetings with various business stakeholders. We’re a multinational business, which means we have different management teams in each country and it’s important that I’m able to talk with them on a regular basis to discuss their latest business initiatives and how we can best align our security efforts to support them. This could involve anything from third-party risk assessment, to helping them to drive security awareness across their business units.
In addition, I review and manage our ongoing security awareness campaign to ensure that everything is in line for the coming weeks and months, and that internal comms can go out as planned. I also make sure I’m available to help my technical teams architect security solutions and provide them with any other support and guidance they need.
Finally, I regularly meet with vendors to understand what new solutions and innovations are available on the market and the potential impact they could have on strategy and future roadmaps.
I feel it’s important to emphasise our ongoing partnership with Secureworks. We consult with it and it works closely with us to ensure that we have the right solutions in place. Secureworks is a primary vendor because its managed services solution integrates all our security log sources in one place, which takes away the need to manage them all individually.
Can you tell us about IFFCO’s work with Secureworks and why you selected it as the technology provider?
One of the key issues we had was the fact that we have a range of different devices, application systems, ERP systems and database systems – both in the cloud and on-premises – all logging different security information. There was a lot of complexity and trying to find the right information was like looking for a needle in a haystack. So, we looked for a partner that could solve that problem for us.
We needed a tool that could provide us with the contextual information about these logs that used techniques like AI and automation. This level of enrichment and context is typically beyond a traditional SIEM system. However, our criteria wasn’t based on tools alone, we wanted to work with a managed service partner. This was because we realised that we needed SOC expertise and one of the practical challenges we faced was recruiting and retaining some of the best talent for those roles, particularly in the manufacturing space. Secureworks fit the bill, because it showed it could help to assure us, provide more reliability and high levels of service. Now that we have a managed service partner in place, my team can focus on the real issues and our internal resource focus has shifted. Secureworks checks in with us every two weeks to review our goals and track progress.
How do Secureworks’ Taegis XDR and VDR platforms support cybersecurity across IFFCO’s cloud and IT infrastructure?
The one question I get asked every day as a CISO is ‘How secure are we?’
Taegis correlates all of our logs in near real time and captures the relevant information on a single dashboard that I can refer to at any moment to check our security status. It’s thanks to this highly accurate tool and the managed service behind it that I’m able to say, ‘this is where we currently stand’. What’s more, Taegis provides a contextual view of the logs and our security posture, which allows us to make more informed decisions about how to respond, or how to manage specific events, based on their severity.
We’re able to leverage both XDR and VDR platforms to detect unusual activity, while also constantly scanning different IT tools and applications across the cloud and IT stack to check for updates, patches and potential vulnerabilities.
In addition, Secureworks runs different playbooks every month to help us practically identify any known threats. It helps us to assure our infrastructure and prioritise what measures we want to deploy that month depending on what activity we see across the cybersecurity space.
Taegis is constantly being improved. Customer feedback is taken seriously. We’ve seen lots of changes over the last six months alone and new implementations being delivered. We’re looking forward to receiving the latest version of the Taegis agent, when it’s released.
As one of the largest producers of processed food and agricultural commodities in the Middle East, what are some of the common cyberthreats you face?
Phishing and credential harvesting are among the biggest challenges we face right now. Our integrations with Office 365 and Secureworks help us to spot any issues. Like many organisations, we’re expanding our digital footprint right now. We are mindful that as we grow and embrace new business opportunities, we risk exposure to new malware and even supply chain threats. That’s where it becomes increasingly important to maintain high levels of third-party management of vendors to ensure there are no inherent vulnerabilities that can be exploited. Fortunately, Secureworks provides us with total visibility to the threats we constantly face and recommends what preventive and corrective actions we can take to mitigate those threats.
How important is having a Disaster Recovery plan in place when managing the security of a major Middle East enterprise?
Extremely important. There’s an old saying in security, ‘it’s not a question of if, but when’. So, it’s necessary that we’re able to identify and protect our critical assets and prepare for any eventuality. This is achieved by conducting business impact analysis and having agreements in place with business stakeholders about recovery time and point objectives. Any recovery strategy requires the support of the wider business – they need to be involved in the process.
It’s reached the point that even cyber insurers are looking for Disaster Recovery plans to demonstrate how resilient your organisation is against threats, particularly considering the rise in ransomware threats.
How do you ensure you equally and successfully manage the cybersecurity of IFFCO’s various global locations?
A key priority for me is to ensure that security priorities are aligned with business priorities. Security should no longer be treated as an IT issue, it’s a business issue. That’s why I invest time talking to the business about security to help them understand that it’s a benefit, not a burden. Technology alone cannot solve the problem. You need the people and process to go along with it. I can bring in the likes of Secureworks to bolster our security posture but a change in culture is equally important. That’s when the experience of running a global enterprise comes into play.
Finding the right governance model and risk security approach are also key when it comes to managing security equally across so many different countries. We’re a large manufacturing organisation and the dissemination of security comms is vital. When it comes to management issues, we converse in English, but we also provide comms in Hindi and Arabic for workers on the shop floor.
What are some of the cybersecurity trends taking place across the Middle East and how are you adapting and evolving alongside them?
Key trends include data digitalisation, data privacy and consumer protection. The processing of personal data and the importance of securing data is a top government priority and we’re seeing the introduction of new regulations to address this. This year, we’ve seen a significant increase in phishing attacks across the region. This is, in part, due to so many people working remotely because of the pandemic. The shift to remote working placed a lot of emphasis on security awareness. Employees are in a more relaxed environment and more prone to clicking on links and downloading attachments. It’s important we address this as an industry.
What would you say is the silver bullet to success when managing the security of a Middle Eastern organisation?
There is no ‘silver bullet’ as such when it comes to security. A successful cybersecurity programme is based on a combination of technologies, people and policies, all working in harmony together. However, a step in the right direction is helping to move away from a mindset of security monitoring to cyber-risk monitoring. That’s because looking at security events individually without understanding the business impact isn’t viable anymore. For example, you shouldn’t ignore a security alert on your website log without realising the potential impact it can cause in your loyalty programmes. The business impact of security events should be considered and dealt with accordingly. Security is so embedded into business these days that the responsibility can’t be left solely on the shoulders of the IT department. It’s a collective responsibility. The business needs to move forward together to define the risks and drive the security agenda.