How Indusface’s AppTrana Cloud WAF helped NASSCOM adapt to the changes in security landscape amidst the global pandemic
As the apex body for the $194-billion Indian technology industry, the biggest challenge for NASSCOM has been its high online visibility that translates into higher risk of being subjected to security attacks and threats. And, the onset of the COVID-19 pandemic coupled with the drastic change in the security landscape brought in a huge volume of unwanted traffic. Anirban Mandal, Deputy Director, Technology, NASSCOM, says, “While we had just one or two incidents of security breach, it prompted us to rethink our security posture, especially with regards to applications security. We did not want NASSCOM to be the subject of a high risk security breach to strengthen our cyber security.”
Anirban says they arrived at the decision to strengthen their security even though they knew it would not be an easy task considering there were 15 different applications with more than 15 partners working on them. “So, we needed to align with our partners and get them onboarded,” he says. The other focus area and concern for NASSCOM was a security solution that could be managed by its lean IT team. He explains, “When we decided to look for a security solution, we realised that the solution should be robust and at the same time easy to manage. We didn’t want a dependency on the solution provider to tell what our risk appetite was. Because, at the end of the day, as an organisation, we know it better than an external organisation on what our risks are.” Anirban says in order to manage their security risks sustainability, they realised they needed a security solution that would provide NASSCOM the freedom to manage and run the application on a daily basis.
AppTrana: How and why it fit
Evaluating the many solutions in the market, NASSCOM’s IT team decided to go ahead with Bengaluru-based SaaS security startup Indusface. AppTrana, the startup’s flagship product, detects application-layer vulnerabilities with web application scanning, protects them instantly with a web application firewall and monitors traffic continuously through proprietary machine learning algorithms with its in-house security experts blocking emerging threats and DDoS and bot attacks. In addition to the robustness of the platform and the fact that it translates into a one-stop solution for security needs, another key reason why NASSCOM’s IT team chose AppTrana was that the solution was simple and easy to map the offering to the business use cases.
“With AppTrana, you don’t need to go to a security expert to understand what the solution can do and how. Moreover, it offers both managed and non-managed services on the platform. This was very critical for us because the 15 applications that we managed were in different stages of maturity. The flexibility offered by the platform would enable the more mature applications to leverage the managed services and the others could be via non-managed services,” says Anirban.
Onboarding AppTrana saw NASSCOM being able to reap immediate benefits. “Earlier, scanning the web and the application was a humongous task. And, if there were issues, there was a heavy dependency on the development team. AppTrana helped us to bridge these gaps,” he says. Anirban explains that AppTrana continuously identified the application security posture and the vulnerabilities and also enabled the NASSCOM’s IT team to fix the gap by leveraging a feature called custom rules. “We also started getting very in-depth visibility on the in-coming traffic. I could now accurately filter and even stop traffic if need be based on region-wise traffic data on attacks,” Anirban shares. This was instrumental in NASSCOM witnessing a drastic dip in unwanted traffic which was earlier hitting the site.
Witnessing the impact almost instantaneously saw NASSCOM expand the scope of the engagement of AppTrana. “Initially, we onboarded AppTrana for one of the 15 applications. But seeing the evident benefits and realising that we wouldn’t need to make any changes to the applications to strengthen the security posture, we were able to convince some of our partners to onboard. Today, AppTrana manages security for seven of 15 applications managed by NASSCOM and its partners,” he says.
Anirban says that as a SaaS security solution from India, AppTrana holds a global appeal. “The ease of use, excellent-user interface, easy implementation and security features are at par with global solution providers. But, what makes it stand apart is that it is a global solution with a human touch. Given that security incidents happen unannounced, there may be times when you need to reach out to the creators of the security solutions. And, we have been able to reach out to Indusface whenever we needed immediate assistance,” he says.
An evolving security landscape
The last 15-18 months have brought about a dramatic change in the security landscape. “Today, you no longer have the luxury of time. Your security roadmap can no longer have a long implementation cycle. Because the security threats are continuously evolving, the implementation cycles need to be extremely fast enough so that you can address the new cyber threats,” says Anirban. He adds, “And, your security solution that you implement needs to evolve parallely and at pace to shield you from newer threats.”