Exclusive: SonicWall's Suroop Chandran on why security basics still fail

Cyber security failures are still being driven by basic mistakes, according to SonicWall, as businesses and their IT partners struggle with configuration, skills shortages, and proving the value of managed security services.

"A misconception people have with security products is that they are plug and play," said Suroop Chandran, Associate Vice President of Product Management at SonicWall.

"People think that, 'Hey, I bought a product, I apply a licence key, or I install something, maybe I connect it to the network, put it in front of my assets, and that's it.' But it's not like that at all."

Suroop said the majority of successful breaches are not caused by product failures, but by human error. "More than 95% of breaches are actually driven by configuration problems," he said. "People don't know how to configure them correctly, or they configure them incorrectly."

He added that the industry's focus on advanced analytics and artificial intelligence often distracts from fundamentals. "People will talk all day long about using AI and analytics and all the fancy terms out there, but if you don't do your basic one, two, three, it's all lost," Suroop said.

Skills gap

Small and mid-sized organisations increasingly rely on managed service providers (MSPs) to run IT and security, but Suroop said many of those partners face the same limitations as their customers.

"Their core business may be retail, consulting, law, or finance," Suroop said. "They're not experts in IT or security. They like to use technology, absolutely - they're a digital workforce - but they don't know how to set it up, they don't know how to install it, they don't know how to configure it, and they don't know how to secure it."

While MSPs are typically strong in desktops, servers, and cloud, security expertise remains scarce. "They too are struggling with the same skills shortage when it comes to finding security experts who know how to configure, set up, and monitor for security threats," he said.

That shortage is pushing the market towards more specialised managed security services providers (MSSPs). "Managed service providers say, 'Well, I can handle desktops, networking, and IT, but I really don't know security well enough,'" Suroop said. "'Let me get help from somebody else - a more specialised provider.'"

Choosing providers

For organisations selecting an MSSP, Suroop said depth of expertise and operational coverage matter more than marketing claims.

"They have to be looking at someone who can install and configure security products to start with," he said. "Do they have breadth and depth in terms of the different types of security technology?"

Round-the-clock operations are also critical. "You'll find a lot of service providers are really good at providing capability, but their business operations are nine to five, Monday to Friday - and that's not good enough," Suroop said. "What happens if someone tries to break into your network on Saturday morning at 3am?"

Beyond monitoring, Suroop said customers should expect proactive guidance. "Are they going to tell you every week or every month that they've noticed a drift in the way your network works, or a change in the baseline," he said, "and say, 'Here are some of the newer threats, so we think you should be making these kinds of changes'?"

Proof of value

Demonstrating return on investment remains a persistent challenge in cyber security, particularly when nothing visibly goes wrong.

"When everything's going well, you don't hear anything, you don't get an alert, nobody calls you, and everything's fine," Suroop said. "So you think, 'What did I really pay for?'"

He said meaningful reporting should show attempted attacks and how they were handled. "People are getting hit by hundreds or thousands of attacks every day," Suroop said. "Probably upwards of 85% of those attacks are automatically thwarted."

Effective MSSPs, he added, reduce noise for customers. "The objective of the managed security services provider is to get the customer involved only in what would be called emergency situations - a real incident," Suroop said.

Regular reports and human engagement are essential. "It's very easy to just generate a report and send it to somebody," he said. "That human relationship is what actually makes the service much more valuable."

Managed firewalls

SonicWall's Managed Protection Security Suite (MPSS) applies this approach to its firewall portfolio, combining technology with managed operations.

"It is essentially a managed firewall offering," Suroop said.

"We become the MSSP to make sure that you get not just protection, but what we call active protection."

The service is delivered through SonicWall's 24/7 network operations centre, with monthly service and health reports. "We have about 156 different configurations that we actually check, and we give you a report with a grade," Suroop said, ranging from A to F.

Suroop said moving from a failing grade to full compliance is usually straightforward. "For us, it'll take 60 seconds to get you back to an A, but the customer has to agree," he said. "These are the fundamentals of how you configure a firewall."

MPSS also includes a cyber warranty of up to USD $200,000 per firewall.

"If an attack does get through and you get compromised - it's not impossible," Suroop said. "There is no security technology today that is 100% bulletproof."

The warranty is intended to support incident response and recovery costs. "This $200,000 can be used for a variety of things to get you back to a recovered situation," he said.