10 minute read
PLUGGING THE GAPS
RAHIL GHAFFAR, REGIONAL DIRECTOR, MEA AT VIRSEC, ON WHY IT IS IMPORTANT TO DETECT AND STOP ATTACKS DURING RUNTIME
What’s Virsec’s approach to cybersecurity?
Advertisement
Virsec has been creating a lot of buzz globally, primarily because of our approach to making cyber threats irrelevant. We make sure we understand the enterprise software running within enterprises at all levels – host, memory, or Web. As a result, we can ensure that existing vulnerabilities – both known and unknown ones – don’t get exploited. This is why customers have started adopting us and realise the legacy approach to cybersecurity isn’t working. They need a solution that can detect and prevent attacks that occur during runtime.
How do you define runtime protection?
Today, if you look at the recent breaches, cybercriminals exploit runtime in the application infrastructure and corrupt legitimate processes. Most of the other cybersecurity tools can’t see threats at this level and protect you from the deep, vulnerable, blind spots in your applications or software. What makes us fundamentally different from others in this space is we look at it in real-time when the application is executing in process memory. We can look at the code execution in memory, control-flow integrity and ensure it does not get detailed. I will give you an example of a large government organisation here. They were dependent on legacy solutions and got breached even after having multiple layers of security. They reached out to us after the attack and wanted a solution to protect against unknown zero-day attacks. Today’s fileless attacks make memory the new battleground, and bad guys are trying to exploit vulnerabilities during runtime. The other security vendors treat this runtime – process memory- as a black box. In our case, due to our patented technology, we can look into memory, focus on what applications should be doing, and catch any deviation to the execution flow of legitimate code in milliseconds.
How does your platform work? Do you deploy agents?
We would like to call them memory sensors, not agents, because it is so lightweight and reside on memory, protecting system software from memory-based, binary attacks. At the same time, it does look at the file system. Our approach is to focus on the good rather than the bad. So the signatures are basically formed within the customer environment and tailormade for that particular customer. It’s all automated in real-time. This lightweight agent can detect threats in real-time during runtime because we primarily know the application’s DNA and anything outside of it such as files, MSI, libraries, and scripts.
If users have a solution like an XDR, do they still need a platform like Virsec’s?
XDR is definitely good for endpoint protection, but it is not meant for servers. XDR was extended to servers because of the lack of solutions tailor-made for servers – and it can’t protect against memory-level attacks, which happen now and then. However, we can complement XDR and provide front-line protection for mission-critical apps and infrastructure. Even if you don’t have an XDR, the Virsec platform alone is enough for server security.
Are you seeing more and more server-side attacks?
There might be more than a million threats being created every day. But most of these are commodity, and what makes news is primarily those few hundreds, which are going undetected. These are primarily fileless attacks that launch malicious code directly from memory and get in without placing any malware on the system. Cybercriminals are spending weeks and months crafting such malicious code and are not going to target endpoints. Instead, they are targeting the crown jewels of the organisation; they use very sophisticated methods to move laterally to infiltrate the most highvalue server assets. And this is where you need security the most
THE POWER OF PREDICTIVE ANALYTICS
RESILIENCE AND RELIABILITY ARE MORE IMPORTANT THAN EVER IN THE POWER GENERATION AND UTILITY SECTOR. AS ORGANISATIONS LOOK TO DIGITAL TRANSFORMATION TO REDUCE RISK IN TODAY, THEY’RE DISCOVERING THE BENEFITS PREDICTIVE ANALYTICS CAN BRING TO THEIR OPERATIONS, SAYS DAVID THOMASON, INDUSTRY PRINCIPAL – POWER GENERATION AT AVEVA.
Power generation companies are facing a growing number of challenges, from increased market complexity and demand, through to regulatory compliance, sustainability objectives and a rise in uncertainty spurred by Covid-19.
The pandemic caused the industry to accelerate remote working, and to deal with maintenance gaps created by supply chain disruptions. This highlighted the need for operational resiliency and agility in order to ensure the delivery of power, and Gartner has reported that resilient delivery is one of 2021’s top utility trends due to the industry’s underlying belief that this volatility will continue.
Power plants are becoming ever more digital, and the combination of assets with connected devices – and most importantly the data captured from these assets – supports the sector’s growing focus on resilience, agility and reliability.
The benefits of digital transformation
The use of artificial intelligence (AI) and machine learning (ML) enables organizations to have full visibility of operations, and create insights that can help overcome some of the sector’s most disruptive challenges.
The amount of big data produced by power generation companies means that forward-thinking businesses are investing in monitoring and predictive analytics tools that help leverage this data to its full capacity.
By supporting agility, organizations can more quickly respond to change. Predictive maintenance allows the power industry to identify malfunctions before they happen, ensuring the reliability of their operations. This better positions them for growth in the uncertain times ahead.
What does predictive analytics offer?
Predictive analytics enables operations and maintenance personnel to be more proactive in their work. In addition, the reliability and performance of assets are improved through early warning notifications and diagnosis of equipment problems days, weeks or months before failure.
It can even forecast the remaining useful life of assets to help provide deep insights into operations and maintenance risk.
Using predictive analytics, companies are able to implement asset strategies designed to avoid unplanned downtime for their most critical assets, while also deciding which preventative or corrective asset strategy is the best option for less vital equipment.
But benefits go far beyond optimizing maintenance schedules to ensure reliability of operations. As risk assessment becomes more exact, prioritization of capital and operational expenditures can be optimised, and companies can also realise financial savings by avoiding costs related to loss of power and/or productivity, replacement equipment and additional man hours accrued when a fault occurs.
Tangible business benefits
A great example of the benefits of predictive analytics in the power sector comes from EDF. The French utility company uses predictive analytics for fleet-wide asset monitoring (coal, gas, renewable – wind and solar – and the world’s largest fleet of nuclear assets), and to check equipment health and performance and identify failures before they occur.
To date this has helped the company to not only optimise power production, which in turn improves energy security, but also ensure resiliency and continued sustainable delivery of critical services by avoiding downtime. For example, just one single early warning catch saved the company an estimated €1.5m.
Knowledge capture and transfer
Knowledge capture and transfer is another key benefit of predictive analytics, an area of huge importance to a sector which is seeing many of its experienced staff reaching retirement age.
Accumulated knowledge stays available to new staff as they join the business, ensuring best practices, operating procedures and maintenance processes are passed on to the next generation, again reducing risk and therefore improving reliability.
The power generation and utility sector is grappling with a world that’s more volatile and complex, but demands greater speed, agility and resilience.
In response it’s undergoing a digital transformation that enhances the way power is produced and delivered.
Predictive analytics has a key role in this transformation, as it enables organizations to become more resilient, reliable and efficient by moving from a reactive to a proactive way of working.
WHY 5G NEEDS TO BE EVERYONE’S BUSINESS
5G CAN ADDRESS MANY OF THE WORLD’S PROBLEMS. BUT ONLY IF ALL SECTORS JOIN FORCES WITH TELCO TO MAKE IT HAPPEN, SAYS SUSAN JAMES, SENIOR DIRECTOR OF TELECOMMUNICATIONS STRATEGY, RED HAT
It feels like the world is spiralling from crisis to crisis. The basic things we take for granted are now subject to doubt. Empty supermarket shelves, mile-long queues at petrol stations and closed borders are clues to the fragility of many supply chains. The causes — take your pick from COVID, stiffer immigration policies, an over-reliance on a few oil producers, dislocated climate strategies, low-paid jobs, poor working conditions — have exposed chronic under-investment in many industries.
It has also illustrated how deeply integrated industries are. For example,
CO2 is used widely in food production and packaging, which is a byproduct of manufacturing farm-grade fertilizers, which is dependent on supplies of natural gas, as is the transportation of food from source to shelf. One complication sets off a chain reaction.
The 40% of food that the U.S wastes every year costs $218 billion to grow and produce, unnecessarily contributes 2.6% of the country’s greenhouse gas emissions, and fills up more than one-fifth of the country’s landfill sites.
Everyone suffers. So it’s everyone’s responsibility to fix things.
The solution, just like the cause, is multifaceted. 5G should be a big part of the conversation as an enabling technology, along with other key pieces like edge computing, blockchain and
AI. These have now matured enough — cheaper, more secure, more global in reach — that we have a real window of opportunity to make a dent in what have been considered insurmountable problems. The use cases are almost limitless. IoT sensors that determine the optimum harvesting time will save crops going to waste. Driverless trucks that deliver factory components, which are offloaded and assembled robotically, takes the availability (and willingness) of humans out of the equation. Remote connectivity can give communities access to education and financial services for the first time.
Businesses that take a reactive stance are missing the point; and the profits too. People are increasingly judging prospective employers by the role they play in building a better world. It is no longer enough to lure the best talent by offering the biggest salaries. Doing good matters too. Consumers are also inclined to judge brands through the same lens.
Neither is this about making 5G a zero-sum game. Competitive instincts that seek to protect a position and destroy others are more likely to stifle innovation than spark it. Industries must foster a more collegiate spirit of competition. Better for everyone to grow the pie, than squabble over the slices left on the plate.
The telecommunications sector already has a good track record of this. Leading telcos are comfortable collaborating with each other on everything from licensing agreements, technical standards, interoperability testing and patents. When wider collaboration happens, it is typically with technology vendors, governments and research institutions, such as 5G-VINNI and FUDGE-5G.
Much can be learned from the way that open source technology communities act. Collaboration provides the fundamental standards, tools and frameworks, which then enable innovation to happen faster and more effectively. There’s no better example than the breakneck speed that COVID-19 vaccines were produced and distributed when pharma, governments, regulators and health services joined forces. It also demonstrates how entrenched and unproductive ways of working can be ripped up overnight, when the will is there.
To address these major global issues, the whole ecosystem needs to work together. Telcos bring more value than just enabling connectivity, and will do a better job of 5G with other industries guiding them. So businesses must be clear what new commercial opportunities and customer experiences they want to create with scalable edge computing, as well as be willing to share the gains with service providers.
It may sound like hyperbole to compare the scale and severity of the COVID crisis to the potential of 5G. But let us consider how 5G can bring about better healthcare, increase education standards, enable greener production processes, deploy robots and machines to do dangerous jobs, and connect the disconnected. How it can shore up supply chains and embed resilience so that crises are averted. That’s a prize we should all get behind.
