Executive Q&A: Phil Dunlop, VP EMEA at Progress

Phil Dunlop, VP EMEA at Progress, spoke to Cyber Magazine about the best practices when trying to keep data safe

Can you tell me about Progress?

Progress provides leading products for customers to develop the applications they need, deploy where and how they want, empower their customers, and manage everything safely and securely with the comprehensive Progress software infrastructure stack.

As more enterprise and service providers are embracing the cloud, digital leaders realise their applications must always be available and highly performant, to enable them to develop, deploy and manage high-impact applications safely and securely.

We have a portfolio of market-leading products in DevOps, application development, data connectivity, application experience and digital experience. Our application experience suite focuses on securing organisations’ physical assets and our platforms allow network admins and security pros to secure their physical environments. Some core vertical markets in the UK include financial services, blue light government (ambulance fire and police), and utilities and critical infrastructure. Particular industries are championing application experience, such as users of telemetry technology e.g. subsea defence organisations.

Progress’ acquisition of Kemp in late 2021 completes our always-on application experience (AX) suite. This helps enterprises deliver, optimise and secure applications and networks across any cloud or hybrid environment through best-in-class network performance monitoring, application delivery control and anomaly detection. The suite includes WhatsUp Gold, a market leader in easy-to-use network management, and offers a complete application experience solution that delivers for customers’ evolving needs.

What is your role and responsibilities at the company?

I am the VP for EMEA and my role is to focus on two solution sets for Progress – firstly the digital experience (DX) suite which centres around our Sitefinity DX product, and secondly the application experience (AX) suite, which includes ITOps and network security solutions, such as our Kemp, Loadmaster, Flowmon and WhatsUp Gold network software. I work with internal teams and channel partners to enable organisations to digitally transform and get closer to their customers.

What are the best practices for companies to keep their data safe and secure?

With 2021 purported to be “the year of Ransomware”, breaches dominated the headlines and impacted both traditional IT services and physical infrastructures. To be forewarned is to be prepared, and the cybercrime trends in 2021 have given us insight in how CISOs and business leaders can minimise risk and protect what’s theirs.

Last year, cybercriminals employed a range of attack types such as malware, phishing, business email compromise (BEC) attacks, data theft, cryptocurrency miners, and more. But Ransomware was the number one attack vector by a large margin.

Defending against current and future cyberattacks requires a range of cybersecurity tools and techniques deployed at all levels across people and technology. But even with the best tools, highly informed staff, and expert business cybersecurity experts in place, there cannot be a 100% guarantee of protection. People make mistakes (we all do), and company cybersecurity planning needs to account for this and assume a network breach will occur at some point. The question becomes what to do when this happens.

Using a security solution that uses machine learning to detect anomalies hidden in the network traffic will complement conventional security tools and create a multi-layered protection system capable of uncovering threats at every stage of compromise.

The secret is the earliest detection of anomalous behaviour, through continual monitoring of the network. If the anomaly is due to cybercriminals, their activity can be isolated and analysed. The goal must be to expel threat actors from the network before any spread or damage has occurred and have a robust recovery plan in place to ensure you can return to a few hours before the attack took place.

Recommended best practices include:

·   Patching - System updating to apply patches will be as important as ever. Business cybersecurity teams will need to be ready to deploy newly released updates and security patches as soon as they are made public.

·   Security posture of partners - Cybersecurity strategies will need to consider the cybersecurity posture of business partners. Just focusing on your own infrastructure and endpoint devices will not be enough.

·   Deployment of zero-trust networking and frequent company cybersecurity awareness training must increase to improve security in our new world of work, which continues the adoption of more mobile endpoint technology solutions as a primary work device.

·   Controlling what apps can be installed on devices that access corporate networks has always been essential, and in 2022 and beyond will only become more crucial. These devices hold a lot of information valuable to attackers.

·   Penetration testing - Many cybersecurity defence organisations use tools to do penetration tests to find vulnerabilities and security gaps in their client’s networks. Many of these tools are similar to those that the criminals use, and criminals have started to use suites created for defenders.

·   Machine learning-based security - Just as machine learning (ML) has become common in all IT and business analytics sectors, the bad actors also use it. Business cybersecurity professionals will need to keep pace with the attackers and deploy rapid ML-based security tools to augment their human cybersecurity. 

·   Cyber-insurance - The number and financial impact of ransomware attacks up to 2021 will change the market for cyber insurance in 2022. Companies looking to obtain or renew their insurance against cyberattacks will need to demonstrate that they have taken all the precautions they can and be prepared for an insurance audit.

What do you see as one of the biggest challenges in the cyber industry at the moment?

In terms of customer-facing security, securing your digital infrastructure continues to be the number one challenge, so that organisations and government can offer online services and products to customers and citizens. Customers need a very secure digital platform in the cloud, that protects all information and builds trust so that they can confidently use their data without fear of loss or misuse.

In terms of ITOps, and cloud managed service providers – they are trying to give confidence to the users of their systems that they have the technology to be able to block threats on the network and take remedial action as necessary.

Securing the cloud is a big issue for organisations – which means being able to monitor cloud and on-prem apps in their environments is critical. We are able to add additional layers of security to ensure that they have the technology that gives 24/7 visibility into traffic on the google cloud and the company’s on-prem network. With organisations expanding their infrastructure it’s important to have security covered from the core right to the edge. Where companies are partly in the cloud and on-prem, we help them to patch any gaps in visibility so that they have complete control.

What can we expect from Progress in 2022?

We have experienced 100% growth year on year and hope to achieve a strong result this year, onboarding some more customers in our key areas. In the digital experience space, the robustness and security elements of our Sitefinity product continue to make this a popular platform in allowing customers to build using Microsoft Azure. Our focus on application experience (AX) is set to grow to cover our customers’ evolving needs to optimise and secure their technology ecosystems. We are researching the potential to integrate all three Progress AX products into a platform that will provide a holistic view to monitoring the overall IT infrastructure.

 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security