Praveen Kumar Yeleswarapu, BluSapphire: “It isn’t really the number of tools you implement that matters, but the mindset around cybersecurity itself.”

With cyberattacks not ceasing any time soon, businesses scramble to purchase numerous cybersecurity tools in order to protect themselves. But some say that the ‘less is more’ approach to cyber defense may be a better idea.

With a number of various cybersecurity tools, companies have to monitor them all, and they might not always work well with each other. There’s always the chance that a potential vulnerability has been left exposed. This creates perfect opportunities for threat actors to find these vulnerable points and exploit them, hurting big and small businesses alike.

To tackle this problem, a single cybersecurity solution that includes everything necessary to detect and prevent cyberattacks is needed.

CyberNews invited Praveen Kumar Yeleswarapu, the head of client engagement at BluSapphire, a cyber defense stack product, to tell us about how they help big and small enterprises deal with the everyday cybersecurity challenges.

Tell us a little bit about your story. How did BluSapphire originate?

With over a couple of decades of experience in managing large cybersecurity teams, for enterprises of varied scales, our founder and CEO; Kiran Vangaveti had constantly observed the degree of silos that exist in cybersecurity tools and large armies of teams employed to manage the show. Research shows that on average, an enterprise deploys 25+ cybersecurity tools, and ironically, the more the number of tools deployed, the worse the security posture becomes. What if there was one product that could cover the entire cybersecurity lifecycle, and it could be deployed in a modular form to best suit an organization’s current needs? And so, BluSapphire was born!

Can you tell us a little bit about your platform? What are its key features?

BluSapphire is the industry’s first unified, agent-less advanced cybersecurity platform built for companies of all sizes. At BluSapphire, we harness the power of Big Data utilizing Machine Learning functions in reducing the mean time to detect (MTTD) an advanced cyber attack. Say, for example, a Zero Day or a Ransomware from several months to under three minutes, and with automation, the mean time to respond (MTTR) is just under two seconds. 

Given that cybersecurity is a sensitive domain, we understand that different enterprises would want to deploy their solutions differently. We offer seamless integration with the existing tool stack, while also letting the client choose between Cloud-based (SaaS) or On-Premises deployment.

As a solution, it is available in three tiers- Basic, Advanced, and Elite, based on the areas of functionality, as well as the desired cybersecurity maturity that an organization needs at a specific point in time. We have record onboarding times- a large enterprise with close to 10K users was onboarded in less than 7 working days, which is really quick for an enterprise cybersecurity solution. 

What technologies do you use to detect malicious behavior before it is too late?

BluSapphire Elite is our most advanced offering today which has beyond XDR capabilities. The platform encompasses SIEM, Threat Intelligence, User and Entity Behavior Analysis (UEBA), Endpoint Detection and Response (EDR), Network Behavior Anomaly Detection (NBAD), Sandboxing, Endpoint Protection, Threat Hunting, Deception, Threat Triage and Response, all while remaining fully agentless. BluSapphire Basic and Advanced offer a careful selection of functions that help organizations meet their cybersecurity compliance requirements, and increase their cyber resilience, respectively.

Have you noticed any new threats emerge during the pandemic?

It is safe to say that a cyber threat pandemic has panned out in parallel with the Covid pandemic. We saw a huge supply chain disruption during the Fourth of July holiday of 2021. The REvil attack was one of a kind in how it targeted supply chains that could bring businesses, even countries, to their knees. 

In December 2021, we saw the emergence of the Log4Shell vulnerability, and its ramifications are still emerging as we speak. We also saw several hospitals and healthcare institutions being subject to cyberattacks, and in one case, the data of past treatments for cancer survivors had been put at risk.

Broadly, we are observing a more structured approach instead of random threat actors from a few years ago. Ransomware as a Service (RaaS) and state-sponsored cyberterrorism are on the rise, and this means one thing - threat actors are getting smarter, and so should we.

Since cyberattacks are becoming a common occurrence, do you think small businesses and big enterprises should rely on the same security measures?

Security measures are universal because human behavior is universal. The fact is that employees of organizations large and small are shuttling between hybrid work models. Likewise, threat actors tend to target smaller businesses more frequently due to the fact that such businesses lack adequate technology and people in-house. Also, there is a belief that these businesses would be more willing to comply with the ransom demands set forth after an attack.

Therefore, every entity needs all of the coverage it can get. We have hence built BluSapphire to be org-friendly, which means that our platform is as agile as it is diverse. A BluSapphire solution can be used by small or medium companies and large organizations alike, with similar outcomes and the potential to mitigate and manage more cyberattacks than before.

You often stress the importance of threat hunting. Can you briefly explain what the process looks like, and what are the benefits? 

The Threat Hunt functionality enables an organization to proactively look out for cyberattacks that have surfaced in the world. Threat hunt as a process enables an organization’s ability to uncover hidden, established threats and clinically respond before the attacker causes damage, hence reducing incident losses, and loss of reputation.

Threat hunt is a combative procedure in uncovering hidden adversaries with the presumption that the attacker may be present inside an organization’s network for days, weeks, and even months, preparing and executing attacks such as Zero Day, Advanced Persistent Threats, and unknown threats.

Threat hunt as a process is broadly categorized as IOC (Indicators of Compromises) Driven and Behavior-driven hunts respectively. 

IOC-driven hunts are more dependent on the insights associated with data obtained from Threat Intelligence, whereas in Behavior Driven hunts, the focus area is more on the TTP’s (Tools, Techniques, Practices) that attackers operate with. The readers may refer to the MITRE ATT&CK framework for insights on what TTP essentially looks like.

In both cases, a hypothesis is drawn, and a constant check is carried out within an organization’s environment with a proactive lookout to see if there is a match of either an IOC or a TTP. Traditionally, organizations have been under the belief that threat hunts are subjective to logs being collected; but that is only partially true.

Dependence on log data for hunts- I would rather term it as Log Mining and not a Hunt. As a practitioner, hunts should never be log dependent; hypothesis and associated identification should happen on live machines, such as user laptop, server,  etc. which is where attackers are hidden and there is every chance that an organization is not collecting significant log(s) to identify an attack activity via Log Mining alone.

With remote work becoming the new normal, what are some of the worst cybersecurity habits that can expose an organization to serious risks?

We are all new to working remotely- and none of us know precisely what is and isn’t safe. This is because we have never had to think about the consequences of being on an unsafe network - we’ve always been on one. Or, the potential price of using a home laptop instead of the work-assigned system because it was readily available when the IT admin was unreachable. In other words, some of our worst cybersecurity habits are ones that we didn’t even know were bad. In general, we recommend robust training to account for the new challenges of hybrid work. 

As an individual, you can avoid connecting to non-trusted networks, using plug-ins and add-ons from unknown developers and hardware sources, and using systems on which at least an Advanced Endpoint protection along with antivirus has been installed. 

What new threats do you think the general public should be prepared for as we move into 2022? What security tools should be implemented?

Several potential threats today indicate that they will most likely depend on the cascading effect to affect larger swathes of people. Supply chain attacks shall exponentially grow. So far at the individual level, the impact of data breaches has been limited to exposed passwords that need to be changed. At the organization’s level, however, we have added instances where a single known/ unknown compromise led to sensitive data being held for ransom or being manipulated.

As newer technology interventions emerge, such as the metaverse, identity theft is a very real concern both for individuals and companies. 

It isn’t really the number of tools you implement that matters, but the mindset around cybersecurity itself. We must now assume that a cyber attack is imminent and possible, and work to proactively prevent, mitigate, or manage it. Gone are the days of assuming that cyberattacks do not happen to us, or happen only sporadically.

Share with us what’s next for BluSapphire?

From a business perspective, our financial books have been very healthy with a constant surge in ARR year on year, and the focus this new year is to grow existing businesses in the US and the Middle East. We are therefore working positively to raise capital in accelerating our growth story. 

From a Product standpoint, we just released our Beta 3.0 version of the BluSapphire platform to our customers with some exciting features such as Unlimited Storage. The next is to bring in SASE (Secure Access & Service Edge) functionality into the platform which can further enable delivering secure connectivity. optimal performance and smart infra management to enterprises that have embraced a work-from-anywhere future along with addressing their end-to-end cyber security needs.