ISSUE 02 | OCTOBER 2021
SECURING THE FUTURE Tips from top industry experts to protect your business
OCTOBER 2021
1
EDITOR’S NOTE
RETHINKING CYBERSECURITY FOR A POST-PANDEMIC WORLD C
ybersecurity is the hottest boardroom discussion today, and with good reason too. With cybercrime set to emerge as the third-largest economy after the US and China, the threat scale has never been so large before. Moreover, the rapid acceleration in digital transformation during the pandemic has expanded the attack surface, and cybercriminals are exploiting the pandemic-induced changes to perpetrate fraud. As a result, we have seen an alarming spike in phishing and malware attacks in the last 18 months, and unfortunately, corporate spending on cybersecurity is nowhere near where it needs to be. It is time to rethink traditional models and adopt new ways to keep threat actors at bay, such as zero-trust access. This special supplement contains advice from leading security experts on the best ways to protect your business against cyber risks.
04
CONTENTS 04 06 07 08 09
CLOUD BOX TECHNOLOGIES
10 12
FORTINET
13
AVEVA
MICRO FOCUS SANS INSTITUTE
14 15
SOPHOS
06
08
09
15
TENABLE
VIRSEC VISIONTECH SYSTEMS WESTERN DIGITAL
OCTOBER 2021
3
AVEVA
bypass conventional barriers to software adoption, in the process empowering industries to leverage leading technologies and respond quickly to evolving market demands. 3. Deploy AI technology against cyber threats: By using ML and AI to provide a holistic and centralised view of systems across the enterprise, decisionmaking is streamlined so that even the slightest anomaly is detected early, well before it can escalate into something bigger and more damaging. Businesses must take a systematic, multilayer approach that anticipates cyber-attacks and protects data and other critical assets before they are exploited.
Tim Grieveson, CISO, AVEVA
H
ow can organisations address cybersecurity concerns amid industrial digital transformation? For industrial organisations on the road to digitalisation, cybersecurity concerns can be addressed in three broad ways: intelligent design, cloud computing, and machine learning. 1. Embed security across software solutions: Cybersecurity must be placed at the forefront of digitalised processes and baked into any solutions being deployed across the enterprise. Industrial security solutions must incorporate protection across the system design and development processes, from the start through to rigorous testing and validation to eliminate any vulnerabilities and address cybersecurity challenges. 2. Automated software upgrades: Keeping security infrastructure up-to-date patches critical vulnerabilities and strengthens industrial assets against cybercriminals. Automated upgrades equip industrial IT infrastructure with the latest security capabilities and
4
OCTOBER 2021
How do your help your customers to adhere to security compliance requirements? Organisations looking to create a holistic digital ecosystem need to know how to conduct proper risk conversations within the company. Historically, the general approach to cybersecurity has been reactive, that is dealing with a threat when it arises, rather than proactively taking steps to prevent and avoid such attacks in the first place. Organisations need to move their focus away from a reactive mindset to one of proactiveness and predictability by using technology to help make decisions based on actionable real-time intelligence. The scale and technical complexity of recent high-profile attacks have highlighted that as these threats evolve, it will no longer be enough to be reactive or on standby. When designing systems or technology platforms for businesses and organisations, AVEVA advises that security measures should be built in structurally from scratch, whether that be by restricting access to sensitive data or employing the ability to consistently monitor user activity and behavior. AVEVA’s structured secure development
lifecycle has security at the heart of everything it builds for customers so that they can trust in the software that they receive – industry leading in not only content, functionality, and operability but also in terms of security compliance. Companies looking to overhaul their systems or make improvements should take time to evaluate and assess their current measures, and importantly, prioritise investment in this space. Although technology is becoming increasingly dominant, the human workforce is still fundamental to the workings of many organisations that are at risk from cyber-attacks. Ensuring cybersecurity is part of an organisation’s culture and DNA enables it to build solutions that are secure by design, as opposed to security being an add-on or extra feature. How can users mitigate threats resulting from IT and OT convergence? While the convergence between information technology (IT) and operational technology (OT) has led to exponential business benefits, such as optimised efficiencies and lower operational costs, this growing systemic integration also increases the digital attack surface. As such, digitised industrials including oil and gas, utilities, transport and logistics, manufacturing and nuclear are now more vulnerable to cyberattacks. In this vein, the successful convergence of IT and OT is now increasingly part of the board’s agenda, but they need guidance on how to tackle this issue. Security professionals often talk about speeds and feeds – instead they need to articulate themselves in a language the board can understand. Therefore, cybersecurity should be quantified in terms of risk, value, contribution, revenue protection, and regulatory compliance in order for the senior leads to relate and be able to make informed decisions on where investment in cybersecurity is required.
CLOUD BOX TECHNOLOGIES H
ow do you see cloud security evolving? This pandemic has brought about the biggest ever cloud migration. We saw organisations quickly migrating to cloud-based business operations, which is easy to deploy and manage business and work from anywhere in the world; we saw employees operating from multiple remote locations and adaption the cloud architecture. This has transformed the way businesses are run and allowed them for business continuity. Going forward, this migration will continue to grow. But such fast changes also come with lots of security challenges. Cloud security is a responsibility shared between the cloud provider and the end-user, so there are many grey areas to it. This is highly attractive for hackers who exploit poorly secured cloud services to access and disrupt services in the cloud. Zero-Day attacks, Malware, Account Takeovers and many more such threats. Hence cloud security has become even more important than ever before, and hence cloud security is also evolving and several multi-cloud security frameworks allow organisations to work freely and securely on ever-changing distributed workloads. Here are some of the best practices an organization can consider to have secured cloud infrastructure: • Safeguarding all cloud-based applications • Ground-level policy-based IAM solution • Advanced threat intelligence and real-time mitigation. • Zero-trust cloud network security controls • Virtual Infrastructure protection policies
6
OCTOBER 2021
access privileges to assets to individual to carry out its specified tasks. The more extensive privileges, the higher the levels of authentication, which strengthens digital identity security. IAM system can provide assurances and help keep track of employee activity. Knowing that only certain employees can view programs and applications will strengthen both security, and it is good to have IAM hygiene, to have strong password policies, and permission-based time-outs. What are the trends to consider while formulating a plan for endpoint security? Here are some of the key trends for effective and robust endpoint security:
Sajith Kumar, General Manager, Cloud Box Technologies
• Enhanced data encryption at every point of connectivity, secured file shares, and communications, • Regular checks of compliance risk management. Why is it essential for organisations to embrace IAM processes? IAM solutions help organisations meet industry compliance requirements and help save time and money while reducing risk to the business. It is so important to have a policy based IAM solution in a distributed multi-cloud workload environment, which is easier to manage or give access to only few in the organisation to the sensitive data and the minimal
* Managed Detection and Response (MDR) is an advanced managed security service that provides threat intelligence, threat hunting, security monitoring, incident analysis, and incident response. * AI and ML integration - This analyses millions of data sets to provide threat intelligence, reduce response times, and ensure swift decision-making * Cloud-based security, which is instant protection against emerging threats, unlike the conventional method. * Multi-layered defence - Multilayered defence is a security approach that uses several components to protect multiple levels or layers of your system. * Endpoint Controls - Maintain a ground-level view of device controls, implementation of personal firewalls, and enforcement of whole disk encryption across a range of device
FORTINET W
hat are your tips to prevent ransomware attacks? According to the latest FortiGuard Labs Global Threat Landscape Report, the average weekly ransomware activity in June 2021 was more than tenfold higher than levels from one year ago. This demonstrates a consistent and overall steady increase over a year period. Here are few tips organisations should follow to avoid ransomware attacks: • Deploy email gateway security and sandboxing solutions as well as a Web application security/ firewall technology • Share Threat Intelligence. Organisations must have realtime actionable intelligence to help mitigate unseen threats • Protect endpoint devices using an endpoint discovery and response (EDR) solution • Perform backups of the all systems and data and store it off the network. These backups should also be tested to ensure you can properly recover • Implement Zero Trust model. With a zero-trust approach, every individual or device that attempts to access the network or application must undergo strict identity verification before access is granted • Use network segmentation • Provide trainings and practice good basic cyber hygiene to ensure all systems are properly updated and patched • Consider deception technology strategy How are you leveraging artificial intelligence technology to beat cybercriminals? As AI grows in adoption and sophistication, cybercriminals
are looking for ways to seize upon its potential. Cybersecurity professionals must confidently employ that same advanced technology to protect networks from bad actors. A security strategy that uses AI-enhanced technologies is vital. Fortinet’s Machine Learning and AI-driven Security Operations go well beyond the simple tasks most intelligent solutions have been designed for. The ML systems woven into our global FortiGuard Labs services constantly assess new files, web sites, and network infrastructures to identify malicious components of cybercrime campaigns, as well as dynamically generate new threat intelligence that allow organizations to predict and prevent cyber threats. By building an AI security functionality directly into Fortinet’s security solutions, they can be integrated and deployed across a highly distributed network in a variety of form factors to create a unified and intelligent security fabric. How can security chiefs protect digitally connected OT-IT networks? The convergence of IT and OT has revealed significant security risks and complexities that organizations must actively address to avoid the consequences of a cybersecurity event. The stakes in protecting cyber physical assets and intellectual property are high as the rate of OT breaches continue to grow and costly OT business disruption impact revenue, brand reputation and safe operations. FortiGuard Labs has recently documented steady interest from threat actors in identifying OT vulnerabilities and then building them into exploit tools. To effectively address these challenges, IT and OT leaders must stay abreast of the latest trends and threat intelligence to gain situational awareness and confidence. They must also deploy the right solutions such as a
Alain Penel, Regional VP-ME, Fortinet
compact, rugged, SD-WAN solution that will protect their critical assets from any potential threats. What are the key fundamentals of an effective cybersecurity design? In order for organisations to have an effective security design in today’s increasingly complex and evolving network, a unified security fabric is essential to establish and maintain control over every edge. This security fabric needs to be able to rapidly launch a coordinated threat response across the entire ecosystem the moment a threat is detected. Leveraging machine learning (ML) and artificial intelligence (AI) tied to dynamically generated playbooks makes this possible without introducing slowdowns or human error. And the security fabric needs to be dynamic, meaning that it must be designed to scale up and out as the network it is securing evolves and adapts. This requires deep integration between security and the network components and functions so organisations can continually innovate and expand networking and operations ecosystems without a lag in protections.
OCTOBER 2021
7
MICRO FOCUS A
n IT Operations Management (ITOM) platform is critical for organisations to help achieve digital business outcomes in fast and effective ways. Customers are seeking end-to-end visibility and simplicity when overseeing expansive IT estates. An ideal platform enhances the user experience and offers valuable insights through shared data and analytics while simultaneously reducing the need to build and maintain integrations. With the objective to revolutionize the ITOM space to align with the demands of the digital era, global enterprise software provider Micro Focus has recently rebranded its ITOM offering. The company’s new platform is known as OPTIC (The Operations Platform for Transformation, Intelligence, and Cloud) and is strengthened with convergence capabilities. Toufic Derbass, Managing Director, MEA, Micro Focus, says, “In 2017, we had launched our initial ITOM Platform to help simplify installation and updates of Micro Focus products using containers. However, this technology has continued to evolve over the years. Last year the theme was convergence, and this resulted in radical enhancement of customer experiences. This is why we decided to rename our ITOM Platform. “The biggest value proposition of the OPTIC platform is that it ensures customers can transform without any complexities and effortlessly harness built-in, infinite intelligence at the core. Additionally, organisations can optimise their use of cloud to its complete potential.” Through Micro Focus’ OPTIC,
8
OCTOBER 2021
Toufic Derbass, Managing Director, MEA, Micro Focus
customers can fast-track their transformation journeys without having to replace legacy systems. “The platform allows customers to build on their existing systems, such as Business Intelligence (BI) tools for reporting without any added complexity. This is possible thanks to our feature-rich capabilities.” This includes strengths such as – • Unified process automation with embedded best-practices content that improves productivity without requiring brittle custom code. • Discovery and topology mapping for both cloud and on-premises environments that allows efficient management based on current configurations.
• A single interface for user selfservice, supported by smart virtual agents, that eases user frustration while advancing response times and staff efficiency. • Flexible deployment options—in the cloud, in containers, as a service, or on premises—and the ability to switch as needed. Derbass reiterates that unlike competitors, the company’s ITOM platform does not compel customers to invest in AI/ML tools only to be charged extra for its use. He adds, “OPTIC features integrated infinite-use intelligence at the core to store and glean insights from all the data generated across the IT environment. This not only helps customers save on costs but also provides improved analysis through embedded intelligence.” In addition to all these features, what truly makes OPTIC a classapart is its ability to help customers leverage the extensive benefits of cloud together with their onpremises approach. Derbass says, “Customers have the flexibility and agility to switch across both cloud and onpremises architectures anytime they wish. With OPTIC, they can unify performance and availability management across all hybrid cloud and on-premises applications and infrastructure. They are also able to consider new possibilities with multicloud deployment options. Micro Focus’ unique OPTIC platform enables customers to introduce innovative services and power autonomous IT. “OPTIC is an automation engine that helps customers build on existing architecture with advanced technologies without any hassles, unify business user experiences, greatly enhance operational efficiency and optimise customers’ use of cloud. OPTIC empowers digital transformation through simplicity and resilience,” he concludes.
SANS INSTITUTE
Ned Baltagi, Managing Director, Middle East and Africa, SANS Institute
H
ow are you addressing the cybersecurity skills gap in the region? SANS has been working closely with different government entities across many nations in the GCC region, as well as globally on setting up programs that help narrow the cybersecurity skills gap. We aim to organize as many training events per year as possible for the region, bringing our expert instructors over to upskill local cybersecurity practitioners where possible. Over the years, the number of training events we host in region has grown steadily and our SANS Gulf Region event that takes places in November has evolved to our largest annual training event with over 10 courses on offer each year now. We offer training both in-person and via online classes, and host courses in many different fields. There is a vast and comprehensive array of lessons, ranging from standardized foundational skills, detecting and responding to threats, assessing deficiencies
in an organization’s security architectures, to conducting successful penetration testing and ethical hacking projects. At SANS, training is available for cybersecurity practitioners of all levels, from existing cybersecurity professionals to those who have just stepped into the industry. Apart from our standard training events, SANS also offers several other programs for those looking to enter the field of cybersecurity. CyberStart and SANS Foundations (SEC275) are initiatives we have brought to the region to encourage students, as well as novices who are looking to start a new career in the exciting world of cybersecurity. How do you help non-technical professions to enter the cybersecurity field? We have several ways of helping non-technical professions enter the cybersecurity field. This includes our paid programs for beginners, such as CyberStart and SANS Foundations, but we simultaneously provide an abundance of free resources to the cybersecurity community which all aim to improve people’s skills and prospects of entering the industry. CyberStart is a tool we developed to specifically target youngsters and get them engaged in and enthused about a promising career in cybersecurity. It offers cybersecurity training through a gamified approach. The program is developed to help young students discover their untapped talent, advance their skills and knowledge, and has so far helped hundreds of thousands of scholars uncover their potential in the cybersecurity industry. Whilst the program itself is subscription based, we also offer governments the possibility
of working together and setting up extra-curricular activities which work with CyberStart. SANS Foundations: Computers, Technology & Security is the latest addition to our solutions for those who are looking to enter the cybersecurity field. Whilst many people in the industry know us for our more advanced courses, we felt that there was still a bit of a threshold for those new to SANS to experience our quality of learning and training. SANS Foundations solves this as it took our learnings from CyberStart, added a gamified training approach to the learning experience and provides over 120 hours of material that will keep you engaged until the last drop of content. Additionally, along with these two initiatives, we have been steadily expanding the free resources we offer the community. Our virtual Summits have grown to become the gathering grounds for thousands of like-minded individuals who all get to hear and learn from the best and brightest in their areas of interest. Moreover, the pandemic has also fastened the way SANS incorporates new media into our resource toolkit. Next to our virtual Summits, we further offer different Podcasts such as BluePrint and Trust Me, I’m Certified, and our different curricula now host different live-streams at regular intervals. What are some of top cybersecurity skills in demand now? There is no specific cybersecurity skill that is not in demand right now. Historically, we have always found that Offensive Operations skills were in high demand across the GCC region, but this has gradually shifted and at the moment, all types of skills are in high demand. Presently, there is a huge and growing need for trained and certified professionals, especially as organizations are looking to upskill their workforces and take proactive steps to protecting their businesses against cybercrime.
OCTOBER 2021
9
SOPHOS W
hat are the security challenges of hybrid working? One challenge is that some of the systems and tools organizations were using were not as effective in a remote working scenario as they were in-house. For example, systems monitoring, and patching issues were exacerbated when offices were inaccessible. Some businesses found it difficult to provide connectivity while others were not prepared to shift to remote working seamlessly. All these reasons, and more, meant that some businesses were taking temporary shortcuts to enable remote working which led to a worsening of their security posture. Sophos is addressing these challenges by not only providing organizations with industry-leading, cloud-native protection products but also making investments in ever more capable AI systems to help security teams be both more effective and proactive, launching products that enable organizations to embrace Zero Trust, and providing help for organizations who lack dedicated security teams through our Managed Threat Response team. Why has XDR emerged as an important security trend? Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are important tools for threat hunting. What these essentially do, is help organizations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA). While EDR are powerful tools, they are limited to detection and response on endpoints and servers. To defend IT infrastructure more comprehensively an integrated detection and response system
10
OCTOBER 2021
Harish Chib, vice president, Middle East & Africa, Sophos
is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools and mobile threat management solutions. Are ransomware attacks getting more dangerous and how can you mitigate these attacks? Ransomware is the biggest cybersecurity threat. Unfortunately, ransomware is often a symptom of an underlying security weakness. The reasons for ransomware’s success are varied and speak to a broader set of causes. We find ourselves in a world where many cybercriminals have specialised and offer their unique services to others. Some focus their efforts on initial access by breaching companies with weak security on their externally facing services. Others are skilled at phishing which nets them valuable network credentials. Both these groups can resell their ill-gotten information to other criminals who are skilled at hands-on attacks and data exfiltration. We also see malware,
mostly in the form of droppers, that provide this initial foothold and offer compromised hosts to other malware crews, like banking trojans. These banking trojans will, in turn, sell their access to ransomware crews once they have everything they need for financial fraud. Much of this world is automated, but it is supported by well-resourced criminals who have the time, money, and skill to deal with setbacks. What’s worse are the groups that offer everythingcriminal-as-a-service to unskilled, wannabe-cybercriminals. Sophos recommends the following best practices to help defend against ransomware: • Be Prepared in Advance for a Ransomware Attack. Ransomware remains highly prevalent. No sector, country or organization size is immune from the risk. The best way, to stop a fullblown ransomware attack, is to prepare in advance. A proactive incident response plan that includes 24x7 threat hunting, can help organizations prevent a sophisticated ransomware attack. • Deploy layered protection. As more ransomware attacks also involve extortion, it is more important than ever to keep adversaries out in the first place. Use layered protection to block attackers at as many points as possible across an estate • Combine human experts and antiransomware technology. The key to stopping ransomware is defense in depth that combines dedicated anti-ransomware technology and human-led threat hunting. • Don’t pay the ransom. Easy to say, but far less easy to do when an organization has ground to a halt due to a ransomware attack. Independent of any ethical considerations, paying the ransom is an ineffective way to get data back. If you do decide to pay, bear in mind that the adversaries will restore, on average, only around three quarters of your files.
FOR A SMARTER WORLD
See More.
Purpose-Built for Smart Video
Learn Faster.
Act Smarter.
Western Digital’s Smart Video Storage Solutions are ready to empower and accelerate the explosion in real-time video data and AI. The proven and trusted WD Purple™ portfolio is purpose-built for smart video systems that operate 7/24, providing ultra-reliable and durable smart video recording from camera to cloud.
Learn more at westerndigital.com Available at ©2021 Western Digital Corporation or its affiliates. All rights reserved. Western Digital, the Western Digital logo, WD, the WD logo, iNAND, WD Gold, WD Purple and Ultrastar are registered trademarks or trademarks of Western Digital Corporation or its affiliates in the US and/or other countries. The microSD mark and logo and SD mark and logo are trademarks of SD-3C, LLC. The NVMe™ mark is a registered trademark of NVM Express, Inc. All other marks are the property of their respective owners.
TENABLE
Maher Jadallah, Senior Director Middle East & North Africa, Tenable
W
hy do we need to rethink cybersecurity in the new normal? The pandemic forced organisations to change working practices to adhere to work from home mandates, in some cases overnight. Employees were allowed to work at home, in some cases using personal devices that may be unsecured. This acceleration of digital transformation and remote work models resulted in a surge of cybercrime. Attackers thrive during times of uncertainty and there’s plenty for them to target at the moment. A recent study, conducted by Forrester Consulting on behalf of Tenable, found that 92% of global organisations experienced a business-impacting
12
OCTOBER 2021
cyberattack or compromise within the past 12 months, with 70% falling victim to three or more attacks. Sixty-seven percent say these attacks targeted remote workers, and 74% say at least one attack resulted from vulnerabilities in systems put in place as a response to the COVID-19 pandemic. Traditional perimeter security simply isn’t enough to protect multiple environments against today’s cybercriminals. This presents an opportunity for security leaders to rethink how they define risk, looking beyond software flaws and device compliance to achieve a holistic view of their dynamic and disparate environments. In tandem, they need to invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud and step up security based on changing conditions, behaviors or locations. Finally, they must take a hard look at the limits of traditional, perimeter-based security architectures, to consider more sophisticated options that continuously monitor and verify every attempt to request access to corporate data at all levels, whether that’s a device, app, user, or network attempting to make that connection. Do you think security leaders have to spend more on vulnerability management and cloud security? Hybrid work models and a digitalfirst economy have brought cybersecurity front and center as a critical investment that can make or break short- and longterm business strategies. The Forrester study found that, to address this demand, two thirds
or more of security leaders plan to increase their cybersecurity investments over the next 12 to 24 months, with roughly threequarters planning to spend more on vulnerability management and cloud security. What’s more, understanding the profound risks created by talent shortages, 64% of leaders lacking staff plan to invest within by increasing their teams’ headcount over the next 12 months. What are your tips for CISOs to assess and reduce their attack surface? The elastic nature of cloud environments allows organisations to be agile, responding to external factors by introducing new services quickly, making it possible to outpace competitors and/or offer competitive advantage. This has been evident in the last twelve months as organisations responded to work from home mandates, in some cases within hours, due to the pandemic. When it comes to cloud security, one key challenge is the driver. While the IT team is focused on functionality, speed and efficiency. In contrast, the security team is looking to make sure that this ability doesn’t introduce unnecessary or unacceptable levels of risk. Security teams must return to the basics of cyber hygiene by leveraging vulnerability management and honest assessment of the challenges they face. This way they can understand where the risks exist within their infrastructure, however dynamic, remote or short lived they may be, as well as establish an efficient process to measure overall risk and secure the network.
VIRSEC W
hy isn’t network or endpoint security enough against today’s threats? We have all seen a surge of attacks like SolarWinds, Colonial Pipeline, Kaseya, the Microsoft Exchange Server Remote Code Execution attack and many others which breached more than 50,000 organisations and shook everyone’s confidence. In most of these organisations, there were multi-layer defenses at the network and endpoint level. This clearly means something was not working right. A quick analysis will reveal that more than 90 percent traffic is encrypted and most of it cannot be decrypted for compliance reasons. This clearly means the data is landing on the endpoints without inspection. Most of the zero-day sophisticated attacks which make news are file-less in nature, which cannot be identified by any form of signature and that’s the exact reason the traditional approach to security is not working. The traditional approach is good at detecting Known threats, but miserably fails to detect the unknowns. If you use multiple locks on a door which opens with the same key, it won’t make you more secure. Clearly a different approach is required to combat sophisticated zero-day attacks, which are weaponising at runtime. It’s required to protect the knowns, but the focus should be to protect against the unknowns. Understanding the endless possibilities of unknowns or the hacker mindset isn’t going to help. Instead, we need to understand what is good -- the DNA of our application and operating system or, in more technical
terms, the awareness of the files, and libraries which make up the application -- and the exact execution flow or at least the behavior of the application. To summarize, we need a solution which is deterministic and has enough automation to identify and protect against advanced an zero day attacks without human intervention with minimal false positives. What are your tips to eliminate ransomware threats? Ransomware is rampant these days with literally thousands of attacks happening daily. A ransomware attack can encrypt valuable data and cause serious disruption to an organisation in seconds. Banking, Government,
Rahil Ghaffar, Director, Sales for Middle East & Africa, Virsec
Oil & Gas, Higher Education and large enterprises in many sectors are the prime targets. One of the most effective and ideal ways to protect against ransomware is to adopt a solution, which is strongest in protecting against such attacks at runtime; this is where all the action happens. Attackers have made memory
their battleground. Traditional security tools cannot prevent exploitation of cyber weaknesses after the access is gained inside the network and/or application, in particular. It is important to detect and protect while the vulnerability is being exploited -- not after the exploitation. Its important to gain deep visibility during runtime and have granular control of interactions between users, machines, apps and even data on individual basis. It has to be implemented across the various environments of the organisation. Ideally, we should look for automation in protection so that we could avoid the human intervention in identifying and responding to attacks since humans are prone to errors. What is the difference between runtime protection and traditional security measures? Traditional security today identifies threats based on various signature-based and non-signature-based ways like Artificial Intelligence, heuristics, and machine learning. These approaches identify the bad actor activity after the attack succeeds, which means after the damage is done. This approach does not protect in runtime, which is during execution. Instead, the focus should be on protection. To do so, we first need to focus on understanding how the application is supposed to run during runtime rather than chasing the endless possibilities of the unknown bad. We need to protect the application during runtime when the vulnerability is being exploited -- not after the exploitation. It’s important to move away from the traditional reactive way of thinking about security and make the attacker dwell time non-existent, rather than looking at just reducing it. We can make cybersecurity attacks irrelevant – we just need to take the right approach.
OCTOBER 2021
13
VISIONTECH SYSTEMS the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust, and XDR (extended detection and response) to ensure remote users and their data are protected. Recent trends to focus on security include the expanding cyber-attack surface, using advanced threat protection tools, protection against ransomware attacks, and threats to critical infrastructure via ICS, OT/IT cyber-threat convergence.
Aliasgar Dohadwala, CEO, Visiontech
W
hat are some of the key cybersecurity trends to watch for? Companies are considering cloud adaption strategies. Information and data security are vital in selecting the models to leverage the public, private, and on-premise cloud benefits. Cloud security is the new focus trend required to ensure that data and applications are readily available to authorised users. Security Solutions need to have a reliable method to access cloud applications and information, helping quickly take action on any potential security issues. Also, with work-from-home scenarios, the threats follow you at home. A flood of new threats, technologies, and business models have emerged in the cybersecurity space as the world shifted to a remote work model in response to
14
OCTOBER 2021
How can users address the challenges of ransomware? Ransomware attacks are everywhere. It’s up to all of us to help prevent them from being successful. Some ways organisations can help prevent and reduce the effects of ransomware are: Keep Systems up-to-date – Make sure all of your organisation’s operating systems, applications, and software are updated regularly. Applying the latest updates will help close the security gaps that attackers are looking to exploit. In addition, ensure auto-updates so you’ll automatically have the latest security patches. Maintain backups – thoughtfully and verify that your backups aren’t infected before rolling back. Also, ensure a good data recovery plan is in place. System Hardening – Ensure your systems are configured with security in mind. Secure configuration settings can help limit your organisation’s threat surface and close security gaps leftover from default configurations.
Develop plans and policies – Identify an incident response plan, so your IT security team knows what to do during a ransomware event. The plan should include defined roles and communications to be shared during an attack. You should also include a list of contacts, such as any partners or vendors that would need to be notified. Review the configurations – Many ransomware variants take advantage of Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. Consider whether your organisation needs to leave these ports open, and consider limiting connections to only trusted hosts. Be sure to review these settings for both on-premises and cloud environments, working with your cloud service provider to disable unused RDP ports. Implement an IDS – A robust IDS will update signatures often and alert your organisation quickly if it detects potential malicious activity. What is your advice for CISOs in the region? Information security cannot work in silos. CISOs and Information Security managers need to have a holistic approach to ensure that the security is embedded to the organisation’s core, starting from selecting the right compliance and risk management strategy and tailoring it down to risk assessment and selection sensible solutions for mitigation of cyber risk. Choosing the right security auditor and implementation team is now more important than simply selecting a product or solution. They should focus on qualified partners and not just certified solution providers.
WESTERN DIGITAL D
o you think traditional storage systems are sufficient for data protection? As our world becomes more datacentric, the landscape of data protection is changing rapidly. Data can’t be held back at any tier or for any workload, and recovery times are becoming shorter and critical. As the volume and value of data continues to grow, so does the need to keep data safe and secure. As a leading data infrastructure company, we strive to innovate and enhance our products to provide increased privacy and security. We recognise that security must be a core design principle that permeates every aspect of our product design, as well as our internal policies and procedures. We believe there are a range of data solutions available to address this challenge. Modern data protection is indeed changing, and enterprises are faced with a number of options that can help to meet data availability requirements. Data needs to be on the right storage tier at the right time, to meet access requests without breaking the bank. What are the best practices for data security in hybrid IT environments? No matter the working location, the most secure solutions are based on open and inspectable implementations combined with transparent policies and security practices. Specifically, this means that the best security architectures will be those that are, to the greatest extent possible, open to and inspectable by everyone. To ensure data is protected, device systems, hardware, and software applications all have to be analysed thoroughly in order to
see where improvements can be made to existing infrastructures. Furthermore, new state-of-the-art security techniques need to feel virtually seamless for end users to help ensure the best results. Encryption is important to both the confidentiality of data and the drive where that data resides. Strong hardware-based encryption can help to increase security without impacting speed. The good news is that businesses have a broader choice than ever to construct varying performance and capacity capabilities to meet exact security needs and ensure flexibility as infrastructure evolves to address risk. No matter the technology, data security should, first and foremost, support the business strategy and tactical needs of the organisation. What is more safer – flash or cloud storage? Flash and cloud are playing a transformative role in shaping data infrastructure and architecture. Both offer varying degrees of protection and security. The time is right to leverage both the power of flash and cloud to modernize your data protection environment. There are clear advantages to using flash for data security over solely relying on secure networks. Enterprise flash devices have been engineered with unprecedented reliability, end to end protection, temperature throttling technology, and groundbreaking Quality of Service (QoS). In fact, they are far more reliable and offers greater performance than the HDDs our industry has relied on for years. But for organisations dealing with terabytes and petabytes of data, most advanced IT organisations in the world are
Saifuddin Khwaja, Senior Sales Director at Western Digital
turning to cloud storage. Cloud storage is a relatively cost-effective archive solution that leverages extreme high-capacity HDDs and erasure coding techniques for data reliability. It’s what powers at-scale cloud providers and many customers are leveraging these efficiencies by adopting objectbased storage in their on-premises data center. Cloud object storage provides rapid restores of data from high-speed disk, very efficient and cost-effective storage for longterm retention. To call one solution safer than the other is entirely subjective to the environmental needs of each business entity. What works for one infrastructure may be entirely different for another. Ultimately, by weaving concepts together, a next-generation architecture can be created to help provide security over many technology layers.
OCTOBER 2021
15
Things work better together when they work better together.
Firewall
Wireless
Web
Encryption
Mobile
Server
Endpoint
Sophos Central
Our products are fully integrated to share information in real time, providing a unified, coordinated defense.
Learn more at sophos.com
© Copyright 2021. Sophos Ltd. All rights reserved. Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK. Sophos is the registered trademark of Sophos Ltd.
210203 EN (DD)
For more information, contact: salesmea@sophos.com