9 minute read
SECURITY AT SPEED
from SMART HOTEL
by cxoinsightme
THE MERGER BETWEEN MCAFEE AND FIREEYE HAS YIELDED TRELLIX. RAJ SAMANI, CHIEF SCIENTIST AT TRELLIX, TELLS US WHAT THIS NEW CYBERSECURITY GIANT IS BRINGING TO THE TABLE.
Your tagline says ‘Living Security’. What does it mean?
Advertisement
If we think about how threats have evolved, it’s a lot more dynamic than it’s ever been. Historically, security used to be quite static. We were able to put in static approaches to address a static threatscape. But now we are seeing an evolution from threat actors. A really good example that we see today is ransomware. Most recently, with this variant called BlackCat, there are so many different samples. And if you are a person operating this ransomware, you’ve got so many options to configure it. The static approach to security will not combat an attack like this. So if you think about the construct of ‘Living Security’, it is the ability to be able to dynamically keep pace with how threats are evolving and changing all the time.
Is Trellix basically an XDR platform?
No, I think that oversimplifies it. Historically, in the past, you could turn around and say, “We’ve got a point product with a point solution”. But taking the ransomware example, threat actors today have highly skilled affiliates. They’ve got a business model that encourages or allows other people the opportunity to find a way in. And these affiliates aren’t people who are just sending emails. They are using weaknesses in the configuration or architecture of systems; they are looking for unpatched systems; they are also directly phishing people and using open source intelligence. Today, we’ve got threat actors actively going after people on LinkedIn. So if you think there is a single product you can install that can protect against everything, that’s a misconception. When we think about XDR, it is a wider construct where the X that stands for Extended would mean our ability to take inputs from various systems and develop a detection and response strategy accordingly. And, of course, there is a
strong partner ecosystem. So it’s not that we say we have all of the answers, but we have partners that help develop that solution.
With this merger, is there any overlap in the portfolio given that both companies are into endpoint security?
From an outsider’s point of view, you could say there could be. But fundamentally what the opportunity it brings is a customer base and sensor network that complement one another. I don’t think you are going to see conflicts. You are going to see opportunities to collaborate, opportunities to be able to get a better purview of things. McAfee Enterprise is, and was, one of the largest dedicated enterprise security companies, and FireEye equally the same. The benefit is that we have a wide customer base on both sides, and being able to leverage that is a unique opportunity.
Are you leveraging AI/ML and analytics in your XDR platform?
The easy answer would be yes. You’ll hear many people talking about ML & AI as the ‘silver bullet’, but we have to recognise and appreciate that these Machine Learning models constantly have to adapt and evolve. And so absolutely! AI and ML will be a central part of everything that we do. But equally, making sure that we incorporate the best intelligence to make those models as effective as possible will be the heart of what we do. The focus of what we do is understanding the
threatscape instead of the specific technology that we use. We, of course, will be using machine learning. But that machine learning will be built upon a strong intelligence function that understands what those models need to do and regular testing to determine the efficacy of those models.
What role would your threat intelligence labs play in the new company?
So ATR (Advanced Threat Research) is my team. We’ve been very successful in not only understanding what bad actors are doing but also, more importantly, making sure we incorporate that intelligence into every single thing that we do. So as long as there are criminals out there, we will always need to understand what they are doing. We talk about innovation. But we fail to acknowledge that criminals themselves are innovating at a rate and pace that is just remarkable. Four of five years ago, ransomware was a consumer issue that was charging $300. Now we are talking about triple extortion attacks targeting companies and demanding upwards of tens of millions of dollars. A lot of that is because they have improved.
Do you have any idea about the average ransom being paid today?
The term ‘average’ is a little misleading. Because there are so many different variants, let’s say about $130,000 to $140,000 is the average ransom demand. That incorporates no-end ransomware as well as human operated ransomware. The mean average is US$ 136,000. The mode average is completely different. If we turn to a company and say, ‘You need to be worried about ransomware because it might cost you US$ 130,000, some companies might go, ‘We’ll pay it’. But the reality is that if you get hit by a specific variant, and they know that they’ve compromised you, and they know your P&L, and how much money you make, chances are you are certainly going to get a higher demand.
The first step to mitigate ransomware is to backup data. But cybercriminals are now going after backup data as well. What can users do in this scenario?
Here is the challenge. Even if they compromise your backups, even if you have offline backups and even if you can restore the data in your environment, the truth of the matter is that the bad guys are doing triple extortions. They’ll leak the data. So even if you have a backup, it doesn’t really matter because they will expose all of your information. Or what they might do is conduct a DDoS attack. Or they might have their own PR department. Fundamentally this is not ransomware anymore. We are talking about data breach, data exposure, DDoS, negative PR, and the encryption is just one component. So organisations need to acknowledge that building bigger walls is no longer the case; it’s about having individual defenders inside those walls to detect nefarious activity.
CREATING VALUE
WALEED RASSULI, HEAD OF TEZOS GULF, ON WHY TOKENS WILL TRANSFORM THE WAY WE INVEST IN REAL ESTATE
Nearly two decades have passed since the Dubai government issued a decree that allowed expatriates and foreigners to own freehold property in the Emirates.
But ask anyone what the market was like back in 2002, and they will tell you stories about investors waiting for hours, cheque books in hand, to buy their dream home in a city of abundant potential.
The visionary regulation created a multi-billion dollar sector that saw local developers jumping at the chance to cash in on new investment and fill the skyline with more cranes than anywhere in the world —all to build projects that put our tiny desert state on the world map.
Today, another new regulation is set to dramatically disrupt Dubai’s real estate industry and perhaps forever change how we invest in the real estate market.
Democratising real estate investment
In October, the Dubai Financial Services Authority (DFSA) launched a comprehensive and innovative framework to regulate security tokens. The approach was designed to capture a range of activities relating to digital assets.
The Investment Tokens regulatory framework applies to persons or entities interested to market, issue, trade or hold investment tokens in or from the Dubai International Financial Centre. This also includes authorised firms wishing to undertake financial services relating to investment tokens, such as dealing in, advising on, or arranging transactions relating to investment tokens, or managing discretionary portfolios or collective funds investing in tokens.
Of course, the benefits of tokenisation in real estate are massive.
Traditionally fixed, illiquid assets such as real estate can be divided into multiple tokens, fractionalising the asset to offer investment opportunities to demographics who cannot afford to buy large assets on their own – a move that could truly democratise access to property ownership while improving market liquidity.
Partial investment in real estate is not a new concept. However, digital investment tokens have drawn scrutiny and mistrust due to regulatory ambiguity. Currently, anyone can issue tokens without clear and enforceable accountability because token creators are not regulated financial institutions.
The concern remains that a token might not even have a legal document linking it to a real asset, which is why advances in legislation propel an environment of comfort in the market.
Trillions to tokens
In a 2021 report, London-based advisory firm Moore Global predicted that $1.4 trillion of international property assets will be converted to digital tokens by 2026, representing only 0.5% of the current $280 trillion global property market.
In Dubai, there are many reasons to be bullish on this trend because real estate is among the most popular areas for foreign direct investment and undoubtedly one of the most significant asset classes.
The sector achieved 2.4% growth in the first quarter of this year, contributing nearly 9% of the real GDP. It has been a key factor in helping Dubai’s economy overcome the effects of the global Covid-19 pandemic.
The wider UAE and neighboring Gulf nations are also key players in the real estate sector with multiple opportunities for tokenisation across landmark residential, commercial, and industrial developments.
Numerous startups in the region and around the world are already getting ahead of the trend.
New pools of capital
In addition to expanding financial inclusion by lowering minimum investment thresholds, the added convenience of exchanging tokens on a blockchain provides greater transparency, speed, and efficiency in transactions – which, in turn, will reduce transaction costs associated with real estate investment.
Yet, while tokens lower the barriers to property investment, it’s important to recognise that the rise of investment platforms is also driven by surging interest among millennials who are independently comfortable with financial technology and often prefer alternative investing paths due to their mistrust in the status quo of traditional financial systems.
Emerging markets are home to 86% of the world’s millennials. Even more so, in Gulf countries, Arab millennials, who make up the majority of the region’s population, enjoy huge shares of family wealth accumulated over multiple generations.
Tokenisation of real estate could become increasingly popular among millenials— opening up new pools of capital as this digitally native generation enters their peak spending years. Change is coming, one token at a time.
