GUARDIANS OF THE DIGITAL REALM

GUARDIANS OF THE DIGITAL REALM

Navigating the Cybersecurity Landscape

05 06 08

MD’s message

Bulwark Technologies MD Jose Thomas Menacherry imparts his profound expertise regarding the organization’s endeavors, intricate strategies, and profound insights into the domains of cybersecurity and business objectives. Through his comprehensive knowledge, he sheds light on the meticulous planning and execution of strategies that encompass the intricate realm of cybersecurity and the multifaceted landscape of business objectives.

Appknox

Harshit Agarwal, the Co-Founder and CEO of Appknox, discusses the enhancement of security for a nation’s healthcare apps by the government in the GCC region through the utilization of Appknox’s on-premise security platform.

Votiro

Leading the charge in Zero Trust Content Security, Votiro is changing the way organizations protect their files from malware and those looking to circumvent traditional defenses.

11 13 15 17 18 20 21 22 25

SendQuick

The Synergy of Multi-Factor Authentication (MFA) and Real-Time IT Alerts

Mimecast

Hany George, Sales Engineering Manager, Mimecast discusses the financial impact of cyber risk on overall business and the strategies to mitigate this risk.

Director’s note

Jessy Jose, Director at Bulwark Technologies, discusses the company’s commitment to a channel-centric approach, emphasizing strategic partnerships and continuous innovation. Bulwark’s comprehensive partner engagement cycle includes tailored training, financial incentives, and advanced certifications, ensuring partners are equipped to excel in the dynamic cybersecurity landscape.

News

Enhancing Mobile App Security in the Middle East: Appknox Partners with Bulwark

The Team

The people behind the success of Bulwark Technologies

Testimonials

Hear it from our Vendors

Blog

Varkeychan Davis, Technical Manager, Bulwark Technologies discusses the importance and benefits of implementing a zero-trust approach in cybersecurity to enhance protection against insider and outsider threats.

SecurEnvoy

5 reasons why organisations need data discovery tools

Ekran

Keeping an eye on what’s happening in global cybersecurity is a must if your organization wants to get ahead of new threats and keep up with the latest cybersecurity technologies..

Iam filled with immense pride and gratitude for the remarkable journey that we have accomplished as a team at Bulwark during the last 24 years, defining our commitment to cybersecurity excellence. In an era that has been posing numerous challenges and ever-increasing cybersecurity threats, we’ve not only persevered but thrived, thanks to our commitment to innovation, resilience, and collaboration.

The importance of cybersecurity cannot be overstated in this increasingly interconnected world. The threats we face are dynamic and sophisticated, requiring innovative solutions and unwavering vigilance. At Bulwark, we have embraced these challenges as opportunities to fortify our dedication to safeguarding digital landscapes.

Our role as a Value-Added Distributor of Cybersecurity solutions goes beyond just supplying products, we are your partners in securing the digital realm. Our success is grounded in collaboration and partnership. We are deeply grateful for the trust and support that our valued clients, channel partners, and vendors have bestowed upon us. Together, we have forged strong alliances into true strategic partnerships that drive mutual growth and success.

The cybersecurity landscape is everchanging, and this year was no exception. From the rise of ransomware attacks to the increasing sophistication of social engineering schemes, the industry faced an uphill battle. However, these challenges present us with the opportunity to innovate and lead.

Spearheading Cybersecurity

Jose Menacherry, the Managing Director of Bulwark Technologies, imparts his profound expertise regarding the organization’s endeavors, intricate strategies, and profound insights into the domains of cybersecurity and business objectives. Through his comprehensive knowledge, he sheds light on the meticulous planning and execution of strategies that encompass the intricate realm of cybersecurity and the multifaceted landscape of business objectives.

Our team has diligently curated a portfolio of cutting-edge cybersecurity solutions that address the latest trends in the industry. Here are some of the key technologies we signed for during this year to address and tackle the latest challenges in Zero Trust Architecture, Ransomware Resilience, Supply Chain Security, and regional Regulatory Compliance.

The new vendors onboarded with Bulwark this year are Continuity Software for backup vulnerability, Holm Security for network vulnerability, Appknox for mobile application security, Votiro for real-time content protection, and ReSecurity for digital risk protection.

We will be strengthening our team further with more resources in the region, especially in KSA. We continue to participate in Trade shows like GISEC, GITEX, Blackhat MEA, and other third-party security events in the region in association with our partners for better customer interactions, introducing the latest technology solutions.

As we look ahead, the path to a secure digital future continues to be both challenging and exciting. The proliferation of new technologies and the ever-shifting tactics of cybercriminals compel us to remain steadfast in our pursuit of excellence. Rest assured, Bulwark will continue to be at the forefront of bringing together innovative products addressing the evolving threat landscape, offering unparalleled solutions and expertise to navigate the complexities of cybersecurity.

We extend our heartfelt gratitude to all who have contributed to Bulwark’s journey all these years. A huge thank you to our channel

“The proliferation of new technologies and the ever-shifting tactics of cybercriminals compel us to remain steadfast in our pursuit of excellence. Rest assured, Bulwark will continue to be at the forefront of bringing together innovative products addressing the evolving threat landscape, offering unparalleled solutions and expertise to navigate the complexities of cybersecurity.”

partners for extending our reach in the Middle East region and India, and to the security vendors for their state-of-the-art technology contributions. Special thanks to Bulwark’s dedicated strong team for their relentless contributions and those who were part of this journey in various stages, shaping us into what we are today. As we turn the pages of this annual magazine, let us be reminded of the remarkable strides we have made and the limitless potential that lies ahead.

Again, let’s remember that cybersecurity is not a choice; it’s a necessity. Our collective efforts in providing top-notch security solutions contribute to the stability and trust of today’s digital world.

Government Improves Security of the Nation’s Healthcare Apps with Appknox On-premise Vulnerability Assessment

Harshit Agarwal, the Co-Founder and CEO of Appknox, discusses the enhancement of security for a nation’s healthcare apps by the government in the GCC region through the utilization of Appknox’s on-premise security platform.

Our customer country’s healthcare sector is committed to leveraging the latest technology and systems in order to provide better medical services for patients. With this comes an equally vital need for robust cybersecurity; any organization dealing with sensitive medical information must ensure adequate protection from potential cyber threats. As such, digital healthcare has become an increasingly important tool for them, allowing for secure data collection and treatments.

Customer’s Company Overview

Industry: Healthcare

HQ Region: GCC

Service Location: Global Company Type: Government

Problem Statement

Our customer had previously adopted a range of technologies, including open-source software, to improve digital healthcare solutions and bolster patient outcomes. Unfortunately, such solutions are not sufficient when it comes to security analysis, as open source often does not provide enough protection for sensitive medical data. Thus, a more dependable and effective solution was required to guarantee the secure handling of sensitive information.

Finding a reliable security solution was of the utmost importance; open source alone is insufficient given its lack of assurance when it comes to safeguarding confidential medical data.

To this end, the healthcare system in our customer’s nation needed to institute stringent measures to prevent security breaches and privacy violations by increasing the level of security analysis beyond what could be offered by open-source solutions.

Solution Employed

Automated Testing with Appknox Vulnerability Assessment (VA) Tool

How

Cloud Service On-Premise

Appknox helped by deploying its on-premise security solution that offers a higher level of control over the confidentiality of the data.

The timing of this deployment was crucial, as it was done during the COVID-19 pandemic. The sudden increase in the use of mobile healthcare apps, combined with travel restrictions, presented new challenges for deployment at the client’s location.

Here’s an account of how Appknox made an impact for them:

BEFORE APPKNOX (Open Source) WITH APPKNOX Testing Process

If the tool broke down during testing, the issue could not be addressed.

Automation in Dynamic assessment with Appknox stood out.

Quality Of Reports

The SAST report was satisfactory; however, there were questions regarding the tool�s accountability.

Zero-false positives report eliminated the primary concern of reliability

Impact On Mitigation

Multiple requests were raised for clarity on data in reports. This could delay the Mitigation process.

Clear reports reduced the need for time and effort for clarification before the Mitigation process.

*information based on a feedback conversation for this particular case.

The client appreciated the set-up process as, despite these new obstacles, Appknox could improvise and implement the solution smoothly for them.

When inquired about the overall value of the solution, they confirmed that it fulfilled the expectations of management and it served as a one-stop solution for entire mobile app security needs. Additionally, they appreciated the tool’s capability to consolidate all aspects. Within it, the Appknox DAST automation was highlighted as one of the remarkable features. The senior specialist also noted that Appknox continuously evolves, expressing excitement about exploring the new Store Monitoring feature.

Peer Review for Appknox

Submitted Jul 19, 2023

Overall Comment: “we are able to efficiently prioritise and handle security vulnerabilities, thanks to Appknox’s comprehensive and actionable detailed reports.”

*Firm size: Gov’t/PS/ED <5,000 Employees

“One Of The Best Security Testing Tools Out There”

Revolutionizing Content Security: The Zero Trust Approach of Votiro

Leading the charge in Zero Trust Content Security, Votiro is changing the way organizations protect their files from malware and those looking to circumvent traditional defenses.

At Votiro, the stance on threat prevention is clear: assume every file is malicious – no matter what user, device, or application it comes from. Speaking recently with Ravi Srinivasan, CEO of Votiro, we asked him to dive deeper into Votiro’s take on Zero Trust and why they feel it’s key to protecting organizations today.

‘Zero Trust’ has become a bit of a buzzword. What makes Votiro stand apart?

While Zero Trust has certainly become a buzzword within the security space, especially when it comes to things like PII, it’s evolved to be much more than that. That’s why we call it Zero Trust Content Security. Because, as important as it is to protect personal information and remain compliant in doing so, it’s equally as important, if not more so, to ensure that no outside actors get access to this information via malicious content or file-borne threats.

Whether it’s via rootkits, malicious scripts, threats buried within PDFS, malspam, or any number of methods – these security breaches render many PII practices moot. Meanwhile, we use Zero Trust Content Security to help ensure these breaches never occur in the first place by treating all files as zero-day threats. We then

sanitize every file, whether it comes from an internal team member, a third-party vendor, or via a web application before passing it along to the end-user.

What would you say to CISOs not looking to add another tool to an already large tech stack?

You know, we hear that concern a lot, and for good reason. There are a lot of options for cybersecurity on the market, from AV to firewalls, network proxies, intrusion detection systems, basic CDR (content disarm and reconstruction), and the list goes on. However, what’s great about our solution is our ability to advance traditional content disarm and reconstruction (CDR) by going a number of steps further than the competition, allowing us to replace many tools altogether and reduce the overall tech stack.

Our advanced CDR does that by A, ensuring that all files are sanitized whether they’re known or unknown, B, ensuring that end-users don’t lose any of the original file’s functionality in the process, and C, by providing analytics to the CISO and IT teams so they can better understand their organization’s risk surface. It’s a combination of real-time detection, disarming, reconstruction, and analysis.

Speaking of sanitizing known and unknown threats; if a threat is known, what’s the benefit in treating it as malware?

It has to do with trust. At Votiro, we sanitize every file because zero-day threats rely on user trust. In today’s digital landscape where data flows in from all directions and in all shapes and sizes, the routes that threat actors can take are endless. This is surprising because Verizon just reported in their 2023 DBIR that 66 percent of malware is still being delivered via PDF. They also mention that a good portion of malware is still being hidden within productivity documents that contain macros – which are known to be popular vectors for malware because of their ability to run code.

Because of this high risk, Votiro Cloud sanitizes macros and rebuilds them so that Excel files work as intended, that documents don’t become unusable images, and that complex documents work just as well as when they were sent. Essentially, if we can ensure customers that the content they receive is free of threats, that they still work as intended, and the process won’t slow down their productivity, then that’s exactly what we’ll continue to do.

Why CDR and not widely accepted methods like AV or sandboxing?

At Votiro, we don’t really see it as an either-or scenario. In fact, we find that organizations find their best success when CDR, like Votiro, works together with antivirus (AV) and other security measures. In the case of one of our banking clients, our technology worked alongside a leading mail relay server and sandboxing solution to create a secure environment for the institution.

But, to put it bluntly, AV and sandboxing just don’t get the job done. They’re good at what they can detect, and for some businesses that’s enough. However, when you’re handling classified information, financial forms, and patient data, you need more. Time and time again we’ve seen zero days breach an endpoint because there were no known signatures to detect. And even in cases where the threat was detected and sent to a sandbox, sophisticated malware has been designed in such a way that it circumvents that closed environment and still makes its way to the end-user.

In fact, these methods haven’t been able to prevent some of the most recent and devastating attacks perpetrated on businesses, including

LokiBot, Casbaneiro, and the recent ransomware attacks that have crippled major healthcare networks. We’ve been fortunate enough to help major healthcare systems in the past, from family hospitals like ALYN Woldenberg to major medical cloud platforms, protect their environments from zero-day attacks.

You mentioned productivity earlier. How does Votiro do all this without impacting business?

Votiro Cloud is able to detect, disarm, reconstruct, and deliver fully functional files

almost instantaneously. And to go back to a previous point, while methods like sandboxing can drain resources and bring business to a crawl – Votiro Cloud allows organizations to continue on as normal. No more waiting for IT to release a time-sensitive file or get backlogged due to an increase in file ingestion. And while it can make for an awkward renewal discussion, we’ve seen clients use our platform so effortlessly – and that’s a testament to its effectiveness in preventing threats that need to be managed – that they often forget Votiro Cloud is there at all.

Are there benefits to Votiro Cloud beyond applications like email?

Absolutely. While email environments remain a top vector for cyberattacks, content collaboration platforms like Microsoft OneDrive, Dropbox, Slack, Google Workspace, and similar tools have paved new pathways for cyberattacks, while also creating a much larger risk surface. Our proactive approach allows teams to continue working as normal while still engaging via email and across these tools that have been paramount to modern, hybrid workforces.

How does Votiro handle complex content, like zip files and embedded macros?

Today, our platform is capable of supporting over 180 file types and extensions, and our engineers are always working to grow that list to keep organizations as safe as possible. In the case of content with multiple layers, like zip files, Votiro Cloud still detects, disarms, and reconstructs all elements in near real-time. Even files that are password-protected are sanitized in just seconds – which is something unheard of in the market.

And while macros have proven to be common threat vectors for hidden malware, our team has been training its own AI for years to intelligently detect macros and any malware hidden within. And it’s always learning and perfecting its detection and prevention algorithm, putting us at the breaking edge of proactive content security.

“What’s great about our solution is our ability to advance traditional content disarm and reconstruction (CDR) by going a number of steps further than the competition, allowing us to replace many tools altogether and reduce the overall tech stack.”

Multi-factor authentication (MFA) and IT alerts unified for robust digital security

In this era marked by relentless cyber threats and ever-evolving hacking techniques, organizations are leaving no stone unturned in their quest to strengthen their digital defenses.

Recognizing the need for a comprehensive approach to cybersecurity, businesses across industries are taking a giant leap forward by integrating MFA with real-time IT alerts.

This unified strategy seeks to strengthen protection against cyber threats, safeguard sensitive data, and elevate overall resilience against an array of malicious attacks. As cybercrime continues to pose significant challenges to individuals and enterprises alike, the adoption of this cutting-edge approach marks a pivotal moment in securing the digital landscape.

MFA: An Indispensable Layer of Security

MFA is a powerful security solution that necessitates users to provide multiple authentication factors before gaining access to an account or system.

Typically, these factors include something the user knows (such as a password or PIN), something they have (such as a smartphone or hardware token), and something they are (biometric factors like fingerprints or facial recognition).

Over the years, MFA has emerged as a potent deterrent against password-related breaches, phishing attacks, and identity theft. Its widespread adoption has been fuelled by its simplicity and user-friendliness, making it an accessible security option for individuals and businesses alike.

Enhancing Digital Security

The Synergy of Multi-Factor Authentication (MFA) and Real-Time IT Alerts

To further strengthen cyber defense, SendQuick’s CEO Mr JS Wong says, “By combining a choice of MFA features such as built-in SMS OTP, soft token, push authentication, Digital ID e.g. Yoti and Singpass, email OTP, passwordless biometric authentication and FIDO2-capable Yubikey, which is a phishing-resistant hardware security key, our SendQuick Conexa provides customers with a robust cybersecurity solution. With multiple layers of security, this significantly reduces the risk of unauthorized access even if one factor is compromised.”

Instant IT Alerts: Real-Time Cyber Threat Notification

The modern cyber landscape demands a proactive defense strategy that can swiftly detect, notify and mitigate potential threats. Real-time IT alerts serve as a crucial component in any organization’s cybersecurity infrastructure. These alerts act as early warning systems, instantly notifying IT teams of suspicious activities, potential breaches, or anomalous behaviour within the network.

This real-time visibility empowers cybersecurity experts to respond promptly, reducing the impact of cyber incidents and preventing them from escalating into full-scale data breaches.

The Power of Synergy: MFA and IT Alerts Unite

The integration of MFA and IT alerts brings forth a powerful synergy that enhances overall cybersecurity measures. When an unusual login attempt is detected, an instant alert is triggered, alerting IT personnel of the potential security threat.

By correlating these alerts with MFA data, security teams can determine the legitimacy of the login attempt, allowing them to take immediate action to block unauthorized access if necessary.

Moreover, this unified approach enables security teams to distinguish between legitimate user activities and suspicious login attempts, minimizing the likelihood of false positives and reducing unnecessary disruptions for users.

“The seamless collaboration between MFA and IT alerts empowers organizations to identify potential threats in real-time and respond promptly, significantly strengthening their cyber defense capabilities,” Mr Wong added.

Adoption Across Industries: From Finance to Healthcare

From financial institutions handling sensitive transactions to healthcare providers safeguarding confidential patient data, the need for robust cybersecurity is universal across industries.

By synergizing the strengths of MFA’s multilayered authentication and IT alerts’ proactive threat notification, organizations are better equipped to face the challenges posed by cybercriminals.

As the digital landscape continues to evolve, the integration of MFA and IT alerts will undoubtedly play a pivotal role in securing a safer digital future for businesses and individuals alike. This unified strategy embodies a proactive and coordinated response to potential threats, fostering a resilient digital ecosystem where businesses can thrive.

How has the perception of cyber risk evolved in recent years?

We are living in a technology dominant world. Hybrid working models have transformed the way organisations operate, changing how people communicate, share data, and collaborate. Teams can work from virtually anywhere, thanks to email and more recently, collaboration tools such as Microsoft Teams and Slack.

Email and collaboration tools are where work happens, but they are also where risk is concentrated – technology is fallible and human error is inevitable, making organisations more vulnerable than ever. This risk used to be an issue the IT department dealt with, but our changing workplace dynamic forces business leaders to see cyber security risks as a business risk and not just an IT issue.

What are the key factors that make cyber risk equivalent to business risk?

The modern work surface has resulted in an elevated cyber risk, and thanks to wellpublicised cyberattacks, the C-suite and board have taken notice. Cyber risk isn’t just an IT problem – it’s a critical vulnerability that directly equates to overall business risk. Fundamental business decisions — such as mergers and acquisitions, third-party vendor contracts, rightsizing and supply chain partnerships — are now being shaped around levels of cyber risk.

To learn more about current perceptions of cyber risk by the C-suite and board, Mimecast spoke with 78 leaders, to dig deeper into their efforts to articulate risk and what

Cyber Risk Equals Business Risk

leadership must do to work protected, even as cyberattacks proliferate. The Behind the Screens: The Board’s Evolving Perceptions of Cyber Risk report shared feedback from CISOs who said that:

• Cybersecurity – and the notion that cyber risk is business risk – must permeate employee behavior.

• Cybersecurity is everyone’s responsibility, and CISOs must drive this message forth to the board to recognise and react.

• Corporate boards are finally paying attention to cybersecurity, but they still have many other big priorities, such as a likely recession, climate change, and geopolitical uncertainty. So, more attention doesn’t automatically translate into more money or benefits for cyber defenses. But the opportunity to highlight cyber risk as business risk is here.

What strategies can businesses implement to mitigate the increasing cyber risk and its impact on their operations?

Unfortunately, rising cyber awareness has not yet resulted in cybersecurity budgets that can keep pace with today’s rising threat level. 82% of UK organisations say they need to spend more on cybersecurity (Mimecast State of Email Security 2023 report) . Cybersecurity budgets are not recession proof and organisations need to do more with less. IT spend is being heavily scrutinised and security leaders are looking to reduce cost and complexity. But it’s important that they don’t cut corners and face consequences later by not having multi-layered protection in place.

The concern is that organisations will turn to highly attacked monolithic security platforms in order to reduce costs. But 94% of UK organisations think they need stronger protections than those that come with their Microsoft 365 and Google Workspace applications (Mimecast State of Email Security 2023 report) . To address this, the temptation is for organisations to add security point solutions on top of their IT infrastructure. But this only adds to the complexity and there’s a strong likelihood that attacks will still get through.

In order to reduce business risk, organisations need to protect the work surface by layering it with a security platform that integrates with best-of-breed security solutions. Establishing and following a reliable procedure for security events such as breaches and data loss is a critical step in mitigating consequences. Reaction, recovery, and analysis are all crucial towards strengthening an organisation’s security posture.

Also, effective employee awareness training programs must be focused on. Every employee, from interns to C-levels, can be a potential threat if they are not following security practices and policies. Employees as well as external stakeholders such as partners and service providers, are the first and strongest line of defence against cyber risk, so its imperative to build a corporate culture that embraces cyber-resiliency. Robust security policies, practices, and processes, along with ongoing training and cyber risk awareness, will majorly help mitigating the cyber risks.

Hany George, Sales Engineering Manager, Mimecast discusses the financial impact of cyber risk on overall business and the strategies to mitigate this risk.

As a forward-thinking value-added distributor, we’re fully committed to a channel-centric sales model, continually innovating to elevate our relationships with key system integrators and reseller partners. Strategic partnerships form another pivotal pillar of success. Our enhanced channel enablement activities and shared commitments form the foundation of these partnerships, and we’re adding new dimensions by embracing the security solutions based on latest industry trends.

The cycle of value addition in our partner engagement is continuous and comprehensive. Pre-sales consultations, tailored partner training programs, and deployment support are just the beginning. Our partner support framework is driven by a seasoned team of sales and technical experts, with advanced certifications in various technologies. These professionals offer nuanced assistance through each critical phase of customer interaction, identifying and deploying the most fitting solutions for customer challenges, offering a spectrum of support, ranging from interactive demos and Proof of Concept (PoC) testing to comprehensive implementation guidance.

Elevating Cybersecurity Partner Success

Jessy Jose, Director at Bulwark Technologies, discusses the company’s commitment to a channel-centric approach, emphasizing strategic partnerships and continuous innovation. Bulwark’s comprehensive partner engagement cycle includes tailored training, financial incentives, and advanced certifications, ensuring partners are equipped to excel in the dynamic cybersecurity landscape.

We aim to not only provide the tools and products necessary for partners to succeed but also to offer the financial flexibility and incentives that make their journey with us mutually rewarding. For deserving partners who show consistent performance and commitment, we’ve also enhanced our credit facilities. These augmented credit facilities and our comprehensive Partner Loyalty Program are designed to demonstrate our commitment to our channel partners.

With a strong belief in fostering a partnercentric ecosystem, we’re consistently investing in channel advancements. Our latest channel investments are geared towards ensuring our partners stay ahead of the market curve while dealing with cybersecurity solutions addressing various concerns of the end customers. Our robust partner enablement programs focus on transparency and clarity, enabling channel partners to seamlessly benefit from a variety of advantages. These include streamlined deal registrations, lucrative rebate programs, collaborative marketing initiatives, and cuttingedge technical and sales enablement activities.

Our multifaceted support for channel partners goes far beyond the conventional. We’re not just assisting with lead generation and partner onboarding; we’re diving deeper into competency development by offering advanced certifications for the solutions we offer. In this era where the cybersecurity landscape is constantly changing with new threats emerging

regularly, employees must stay updated with the latest threats and countermeasures to effectively protect their clients’ networks. This requires a deep understanding of various technologies, something that can only be assured through regular training and skill development. At Bulwark, we always ensure adequate expertise before positioning any solution in front of partners and customers. This approach helps us to maintain the reputation as a trusted authority in the data security domain. By combining traditional channel support with emerging trends and technologies, we’re ensuring that our partners are not only able to meet but exceed customer expectations in an increasingly complex and dynamic cybersecurity landscape.

“At Bulwark, we always ensure adequate expertise before positioning any solution in front of partners and customers. This approach helps us to maintain our reputation as a trusted authority in the data security domain.”

Enhancing Mobile App Security in the Middle East: Appknox Partners with Bulwark

Appknox, at the forefront of mobile security testing, joins forces with Bulwark Distribution FZCO, the premier provider of advanced IT Security solutions in the Middle East, marking a significant milestone in the industry.

This strategic collaboration amalgamates Appknox’s innovative mobile security solutions with Bulwark’s extensive expertise in delivering advanced security offerings to the dynamic Middle East market.

As part of Appknox’s continuous commitment to enhancing mobile app security, they have recently talked about introducing a groundbreaking upcoming feature, the Mobile Software Level Bill of Materials (SBOM). The Mobile SBOM empowers organizations with invaluable visibility into potential threats lurking within their software supply chain. By providing a comprehensive overview of all components, including third-party libraries and frameworks, the SBOM enables developers and security teams to comprehensively understand the associated risks for mobile apps.

Through Bulwark’s profound knowledge of the region’s security landscape, customers leveraging Appknox’s up-to-date capabilities, like the SBOM can confidently secure their mobile applications, gaining insights into the components used and any known vulnerabilities (CVEs) associated with them.

“We’re excited to team up with Bulwark, aiming to enhance mobile app security in the ME region. This partnership combines our cutting-edge technology and experience with government bodies and banks, amplifying our commitment to deliver superior products and exceptional support. Together, we are excited and sure to shape a safer digital landscape in the region.” commented Harshit Agarwal, Co-founder, and CEO of Appknox.

Expressing their views on the collaboration, Vaidya, Sales Executive Director at Appknox, said,

“This engagement is a strategic move towards our global expansion plans adding value across BFSI, Government, Retail and ONGC verticals where Appknox has played a pivotal role in ensuring proactive mobile application security!”

‘’The prevailing crisis has paved the way for new innovations and coming-of-age technologies. We at Bulwark foresee a spike in demand for mobile app security solutions in the current market scenario. With Appknox, we can monitor & reduce cyber risks to provide complete and round-theclock cybersecurity requirements of customers in the region”, said Jose Menacherry, Managing Director, Bulwark Distribution.

The strategic partnership between Appknox and Bulwark represents a significant leap forward in the realm of cybersecurity for the Middle East region. Together, these industry-leading organizations are equipping businesses with the necessary tools and expertise to combat the evolving threats in today’s digital landscape.

Bulwark Partners with Continuity to Secure Enterprise Storage & Backup Systems

Continuity, a leading provider of cyber resilience solutions today announced its partnership with Bulwark Distribution FZCO. Together, the two companies are dedicated to securing organizations’ storage and backup systems, to withstand ransomware and other cyberattacks.

The partnership is based on Continuity’s StorageGuard, a security posture management solution that will enable Bulwark’s channel partners and system integrators across United Arab Emirates and other GCC countries & the Indian sub-continent regions, to automatically detect, prioritize and remediate vulnerabilities and security misconfigurations in their clients’ storage and backup systems. This will help them protect their data and ensure recoverability.

Enterprise storage and backup systems are becoming a growing target for ransomware. Cybercriminals realize that an attack on a single storage or backup system is the biggest determining factor to show if an organization will pay the ransom.

According to the Gartner Report: Hype Cycle for Storage and Data Protection Technologies, 2022, “network-attached storage (NAS) and scale-out file system storage provides inadequate protection from malicious deletion or encryption of data. Cyberstorage provides active defense against cyber-attack on unstructured data.”

BULWARK AWARDS

CXO Insight ME Channel Insights

Summit & Awards 2023: Channel Lifetime Achievement Award – Jose Menacherry, Managing Director, Bulwark Technologies

SME Tech Innovation Summit & Awards 2023: Information Security Distributor of the Year – Bulwark Technologies

CXO DX Future Workspace Summit & Awards 2023 (KSA): Cybersecurity Distributor of the Year – Bulwark Technologies

CXO DX Future Workspace Summit & Awards 2023 (Dubai): Cybersecurity Solutions Distributor of the Year – Bulwark Technologies

“Ransomware has pushed storage, backup and data recovery back onto the corporate agenda.” said Gil Hecht, CEO of Continuity.

“We are thrilled to partner with Bulwark to help provide greater security confidence for their partners, by eliminating security risks across their clients’ data storage & backup systems.” Hecht said.

“StorageGuard is an exciting innovation that fills a gap for our customers. For the first time, our partners can help their clients harden their storage and backup systems, to improve cyber resiliency and data protection. Organizations will be able to automatically detect all security risks, and prioritize them in order of urgency and business impact.” said Jose Menacherry, Managing Director at Bulwark Technologies.

Bulwark-Your Valued Partner In Cyber Security

Bulwark Chronicles: In-Depth Exploration of Our Achievements

ENTITIES OF BULWARK:

• Bulwark Distribution

• Bulwark Technologies

• Bulwark Technologies India Pvt. Ltd

• Bulwark Saudi for Information Technology

OUR DEDICATED TEAM, COMMITTED TO REALISING YOUR VISION AND ENSURING YOUR SUCCESS:

• Sales & Business Development: Continuous Emphasis on Business Growth and Generating Revenue.

• Pre-Sales Support: Provide Consultative Services via Proof of Concept (POC) and 24/7 Technical Support.

• Technical Trainers: Dedicated to Training for the Cultivation of Precise Technical Skills, Knowledge and Expertise.

• Marketing: Ongoing Emphasis on Branding,

Exposure, and Demand Generation via Marketing Communications (MARCOM) Initiatives Across Diverse Channels.

• Renewals: Assists in Sustaining Current Customer Connections and Renewing Agreements.

• Accounts & Logistics: Providing Targeted and Time-Effective Assistance for Project Fulfillment and Delivery.

OUR EDGE:

• Comprehensive, Top-Tier Professional Services Spanning Solution Architecture, Sales, Marketing, Implementation, and Support, All Delivered by a Team of Certified Security Experts.

• Highly Innovative and Lucrative Loyalty Programs for Our Valued Partners.

• Training Labs Offering Advanced Solution Training and Partner Empowerment.

A Vigorous and Committed Partner/Reseller Network of Over 1000 Members Spanning the Region, Encompassing:

• An Active and Committed Reseller Network of Over 1000 Partners in the Region

• Our Varied Customer Experiences Provide Us with a Competitive Advantage in Grasping Various Industry Verticals and Their Unique Needs.

Impact of Ransomware Revolution

Varkeychan Davis, Technical Manager, Bulwark: Ransomware attacks are one of the most common and malicious forms of cyberattacks in recent years. When ransomware infects a computer or network, it either blocks access to the system or encrypts its data. For the release of the data, cybercriminals demand ransom money from their victims. Ransomware attacks on businesses can come from a variety of sources, including phishing emails, infected software, and even through remote access to unsecured networks.

• Monitoring your network activity and detecting anomalies

• Having a contingency plan and a reliable backup solution

Ibrahim ShabanCountry Head

Murali Vellat, Division Manager, Bulwark Technologies: Ransomware has evolved significantly over the years, becoming more sophisticated and damaging, impacting IT, OT, and IoT environments. Modern ransomware often employs advanced encryption, stealthy delivery methods, covert reconnaissance, and tailored attacks, making them harder to detect and mitigate. Ransomwareas-a-Service (RaaS) models have also emerged, enabling less skilled attackers to participate. The evolving tactics, techniques, and procedures (TTPs) of ransomware groups have made it challenging for organizations to defend against attacks effectively. This has led to increased financial losses, operational disruptions, and reputational damage. To counter these threats, organizations have had to allocate substantial resources towards cybersecurity measures, including strategies to reduce the attack surface, advanced threat detection, zero trust approach, strong authentication techniques, encryption of critical information, employee training, and robust data backup systems. The evolving threat landscape has also forced organizations to enhance incident response plans and collaborate with law enforcement and cybersecurity experts. Overall, the rapid ransomware evolution has necessitated a more proactive, adaptive, and comprehensive approach to cybersecurity for organizations to safeguard their operations and data.

Organizations are focusing proactively on reducing the chances of a ransomware attack by integrating with security tools to improve threat detection capabilities and responses. The common measures that they follow are Regular Backups, Patching software regularly, Proper Endpoint protection, Advanced email protection, End-user Security Awareness training, MFA, and Limited user privileges. The evolution of ransomware has forced organizations to adapt their strategies by investing in advanced security measures and enhancing data protection practices.

Prakash Anthony, Regional Sales Head - India: Some of the impacts of ransomware on the organization’s strategies are:

• Loss of revenue, reputation, productivity, and customer trust

• Increased spending on security, recovery, and legal fees

• Need to implement stronger authentication, backup and encryption mechanisms.

• Risk of regulatory fines, lawsuits, and breach of contracts

To protect your organization from ransomware, you should follow some defensive strategies such as:

• Educating your employees about phishing and other attack vectors

• Updating your software and systems regularly

• Segregating your network and limiting access privileges

- KSA: Ransomware attacks have become one of the most common and dangerous forms of cyberattacks in recent years. These attacks involve hackers encrypting a victim’s data and demanding a ransom payment in exchange for the decryption key. The impact of these attacks can be devastating for both businesses and individuals, leading to significant financial losses, reputational damage, and even personal data breaches.

The impacts of a ransomware attack to your company could include the following:

• temporary, and conceivably endless, loss of your company’s data

• conceivably a complete arrestment of your company’s operations

• fiscal loss as a result of profit generating operations being shut down

• fiscal loss associated with remediation sweats

• damage to your company’s reputation

Sonali Basu Roy, Marketing Manager, Bulwark Technologies: Marketing plays an important role during the evolution of ransomware attacks. The marketing team needs to create a robust communication plan by identifying individuals and groups who will need to be informed of the cybersecurity event. Designating an authorized spokesperson for crisis communication enables to preserve and control messaging. We need to develop messaging that is appropriate to the organization communication platforms like email marketing, website management, social media marketing and other media platforms. Creation of an efficient internal & external communication platform plays a key role & an efficient part of our marketing strategies when an organization is impacted due to ransomware.

Hear it from our Vendors

“With Bulwark, we’ve found more than just a distributor; we’ve identified a strategic ally who is deeply attuned to the Middle East’s unique channel ecosystem and who understands the intricacies of IT security and remote work solutions. Their commitment to delivering only the best to their clients resonates powerfully with our own values. It’s a partnership built on trust, expertise, and a shared vision for a more secure and sustainable future.”

‘Bulwark sets a standard of excellence. We truly value their team’s work quality and transparent approach, which has cultivated a sense of trust in our partnership. We eagerly anticipate the continuation of our collaboration and mutual growth’.

The Zero Trust model is a security architecture that does exactly what its name implies: it trusts no one, not even those inside the network. The zero-trust approach (ZTA) is a cybersecurity concept that emphasizes the need to eliminate the default assumption of trust, both inside and outside an organization’s network perimeter. Instead of relying on traditional perimeter-based security measures, a zero-trust approach advocates for continuous verification and authentication of all users, devices, and activities, regardless of their location within the network. This approach helps enhance protection against cyber threats by minimizing the attack surface and reducing the potential impact of breaches. Here are some of the key importance and benefits of implementing a zero-trust approach in cybersecurity:

1Minimizing the Attack Surface: The traditional network boundary has become more open as remote work, cloud services, and mobile devices have flourished. ZTA enforces the principle of least privilege, ensuring that users and devices only have access to the resources they truly need. This significantly reduces the attack surface available to potential attackers, making it harder for them to move laterally within the network.

2Enhanced Data Protection: By treating traffic as untrusted, a zero-trust approach

Empowering Cybersecurity with the Zero-Trust Approach

helps protect sensitive data from unauthorized access. Even if a hacker manages to breach a certain point of entry, they would face continuous authentication and authorization challenges as they attempt to access more critical resources, thus limiting their ability to exfiltrate data.

3Adaptive Security: Zero-trust emphasizes the importance of continuous monitoring and analysis of user behavior and device activities. This allows security systems to adapt dynamically to changing patterns and anomalies. The system can trigger alerts or demand additional verification if a legitimate user’s behavior unexpectedly deviates from their normal patterns, helping detect and prevent internal threats or compromised accounts.

4Mitigating Insider Threats: Insider threats, pose a serious risk to organizations. These Threats may be intentional or unintentional. A zero-trust approach acknowledges that even trusted employees could be compromised or make mistakes. Organizations can identify suspicious behaviors and potential threats from both internal and external sources by implementing strict access controls and continuous monitoring.

5Simplified Compliance: Many industry regulations and data protection laws require organizations to implement strong security measures and restrict access to sensitive data. A zero-trust approach can simplify compliance efforts by ensuring that access controls and data protection mechanisms are consistently applied across the network.

6Securing Cloud Environments: The concept of a traditional perimeter becomes obsolete when organizations shift their infrastructure and applications to the cloud. Zero-trust principles align well with cloud security, enabling organizations to secure their data and applications in distributed and dynamic environments.

7Better Incident Response: With continuous monitoring and fine-grained access controls, a zero-trust approach provides organizations with more detailed insights into potential security incidents. This enables faster detection, containment, and remediation of threats.

8Future-Ready Security: As technology evolves and new threats emerge, a zero-trust approach provides a flexible framework that can adapt to changing circumstances. This ensures that organizations are well-prepared to handle the security challenges of the future.

In conclusion, implementing a zero-trust approach in cybersecurity is crucial for modern organizations aiming to strengthen their defenses against a diverse range of cyber threats. In the event of a cyberattack, the hacker won’t be able to connect across the network or critical assets due to the network’s restrictions on movement. In terms of security, this thorough, defined method is an excellent concept.

By assuming a “never trust, always verify” mindset, organizations can significantly enhance their security posture, protect sensitive data, and mitigate the potential impact of breaches.

Varkeychan Davis, Technical Manager, Bulwark Technologies discusses the importance and benefits of implementing a zero-trust approach in cybersecurity to enhance protection against insider and outsider threats.

5 reasons why organisations need data discovery tools

Data discovery tools help provide:

• Visibility – understand the value of your data

• Classification labels and tagging

• Storage management and digital transformation – e.g. data can be consolidated, deleted or moved to the cloud.

• Cost reduction

• Audit and reporting for regulatory compliance – including GDPR, CCPA, HIPPA, SOX, PCI-DSS, etc.

2. To gain visibility of data on-premise and in the cloud.

3. To handle DSARs. With the rise in data subject access requests (DSARs), smaller organisations will be greatly impacted. These can be timeconsuming, resource heavy and expensive for smaller organisations as these requests need to be responded to within 30 days to comply with UK GDPR rules. If an organisation holds large amounts of data across multiple databases, collaboration software, file servers and cloud storage, data discovery tools are the most costeffective and efficient way to respond to DSARs. The personal data held can then be forwarded to the requester or deleted as part of right-to-beforgotten requests.

4. To analyse data at rest both on-premise or in the cloud.

Every organisation needs to protect their data against breaches. However, as data continues to grow daily, how does an organisation keep track of this data? In today’s digital world, with organisations using multiple applications including Office 365 and Atlassian, data is shared throughout. How can you ensure the data doesn’t get compromised?

A few reasons why organisations might need to protect data include:

• Increasing cybercriminals and insider threats.

• Sensitive data needs to be monitored to fulfil DSARs and avoid fines.

• To meet compliance regulations.

• To avoid financial and reputational damage.

Budget and resource limitations may pose challenges to SMBs when looking for solutions to monitor and protect their data.

Enter data discovery tools.

What is data discovery?

Data discovery tools enable organisations to understand the sensitive data they have and provide visibility on where it resides across the digital estate. This replaces the need for timeconsuming manual data searches, the first step in

determining which data protection policies are best suited to the organisation.

Discover data on-premise, in the cloud, on endpoints, servers and network file shares using data discovery tools, within structured and unstructured data in Microsoft 365, Google Workspace, Atlassian, Alfresco, etc.

Data discovery tools enable automatic scanning for data at rest which can provide an understanding of the data risk profile. Data needs to first be discovered and understood, followed by classification and finally, policies can be set for the different data types to either protect or remove the data.

Organisations need to first understand what sensitive data it holds and where it resides before creating a plan to protect this data. Once organisations have visibility and understanding of the data it holds, the next stage is classifying the data into various categories including confidential, regulatory (GDPR, PCI, etc.) or public, after which a data classification policy can be created.

5 reasons for data discovery:

1. To understand whether an organisation’s current and future data meets data governance and regulatory compliance requirements – all data needs to first be discovered.

5. To quickly understand the risk profile. Understanding an organisation’s current risk profile including where sensitive information resides can be achieved quickly with data discovery tools. These tools can be launched in minutes to locate and extract data prior to cloud migration, respond to DSARs and meet regulatory compliance standards. It can be set up in 30 minutes, a few endpoints can be scanned in minutes and scanning Atlassian and Microsoft O365 can be completed in under 2 hours.

Data discovery tools are necessary to protect an organisation’s sensitive data. The above benefits highlight the importance of these tools especially for SMBs where budget and resources could be limited.

Data discovery tools: a quick and simple solution to secure your organisations’ data.

Learn more about Data Discovery

Try Data Discovery

Limited time offer: 10% off when you purchase SecurEnvoy Data Discovery*

*Terms and Conditions apply.

The Essential Guide to Access Management Solutions: Ensuring Security and Efficiency

Access management is the practice of controlling and governing access to digital resources, systems, and information within an organisation. It involves establishing policies, procedures, and technologies to ensure that only authorised individuals or entities are granted appropriate access privileges, while unauthorised access attempts are prevented or detected.

Key benefits of Access Management

1 Enhanced Security: By implementing strong authentication methods, access controls, and authorisation mechanisms, organisations can prevent unauthorised access attempts, reduce data breaches, and safeguard valuable information.

2 Improved Regulatory Compliance: Many industries are subject to strict regulations regarding data protection and access controls. Access management solutions help organisations meet these regulatory requirements by implementing proper access controls, auditing access activities, and maintaining compliance with data protection laws such as GDPR.

3 Streamlined User Management: With features like role-based access control and user provisioning, organisations can easily manage user accounts, assign appropriate access privileges based on job roles, and streamline the onboarding and offboarding processes.

4 Increased Productivity and Collaboration: With single sign-on (SSO) capabilities, users can access multiple systems and applications with a single set of credentials, eliminating the need for remembering and managing multiple passwords. This improves productivity, reduces friction in accessing resources, and enables efficient teamwork and knowledge sharing.

5 Mitigation of Insider Threats: By limiting access privileges to only what is necessary for job functions and implementing finegrained permissions, organisations can

minimise the risk of internal data breaches and unauthorised access by employees or contractors.

6 Centralised Control and Auditing: Administrators can manage access policies, monitor access attempts, and generate audit logs to track user activities. This centralised control enhances security, simplifies compliance reporting, and enables efficient monitoring and response to security incidents.

Choosing the right Access Management solution

1 Identify Your Needs: Consider factors such as organisation size, type of resources to protect (e.g data, systems, applications), number of users and any industry-specific compliance regulations. This will help you prioritise the features and functionalities you need.

2 Define Objectives and Goals: For example, you might aim to enhance security, improve user experience, streamline user provisioning, or meet specific compliance requirements.

3 Assess Authentication and Authorisation Mechanisms: Consider whether the solution supports a wide range of authentication methods to ensure coverage for the entire workforce with multi-factor authentication (MFA). A popular MFA option is a one-timepasscode (OTP) mobile authenticator app or SMS delivered OTP, however for users without access to a mobile device, explore authenticator apps for the desktop or hardware tokens. For security-conscious organisations, evaluate authentication mechanisms that provide additional security options leveraging user biometrics and accurate location metrics. Additionally, assess the granularity of authorisation controls and the flexibility to define access policies based on roles, attributes, or other criteria.

4 Consider Integration Capabilities: Compatibility with your current technology stack is crucial for smooth implementation and ongoing operations. Check if the solution supports industry-standard protocols like

Radius to integrate with legacy on-premise technologies as well as Security Assertion Markup Language (SAML) to facilitate integration with third-party applications. If you need to protect console access to desktop servers, investigate vendors who offer agents to enforce (MFA) both directly and remotely via Remote Desktop Protocol (RDP).

5 Evaluate Deployment Options: The vast majority of access management solutions are offered as public SaaS. Some organisations may require alternative deployment options due to regulatory compliance, data sovereignty, or security concerns. In such cases, you may seek a vendor delivering the solution in a private cloud environment, such as AWS, Azure, or Google. Alternatively, some vendors can offer a solution which can deployed as a container on a server within a data centre.

6 User Experience and Administrative Ease: The access management solution should provide a seamless and intuitive experience for users with easy and secure access to resources. Enabling SSO and passwordless authentication ensure a frictionless user experience. Administrators should have a user-friendly interface for managing access policies, provisioning/deprovisioning users, and generating audit reports.

By selecting an access management solution tailored to their unique needs, organisations can establish a strong security foundation, optimise efficiency, and effectively manage access to their valuable resources and protect their sensitive information while driving success in today’s interconnected world.

Learn more about Access Management

Try Access Management

Limited time offer: 10% off when you purchase SecurEnvoy Access Management*

*Terms and Conditions apply.

S T E E M E D V E N D O R S