Sponsored by
CyberKnight
THE EVOLUTION OF CYBERSECURITY TO CYBER RESILIENCE
SUPPLEMENT OF ENTERPRISE CHANNELS
Brought to you by
CONTENTS
THE EVOLUTION OF CYBERSECURITY TO CYBER RESILIENCE
03
Foreword
By CyberKnight Co-Founder and COO
04
RiskIQ
Security intelligence solution for the digital world
05
Lookout
Securing data from endpoint to the cloud
06
Immersive Labs
Helping security leaders in bridging cyber skills gap
08
EclecticIQ
Integrating intelligence to the core of cyber defence
09
Group-IB
Innovative approach to effective response and mitigation
10
RedSeal
Protecting network through dynamic visualisation
PRODUCED BY # 203 , 2nd Floor G2 Circular Building , Dubai Production City (IMPZ) Phone : +971 4 564 8684
02
GISEC WELCOME NOTE
NEVER TRUST. ALWAYS VERIFY. Welcome to GISEC 2021! This is technically CyberKnight’s first GISEC as a Strategic Sponsor and as we emerge from the global pandemic, we are excited to meet you all in-person at our stand, B10. During the conference, we will showcase our Zero Trust Security methodology, The ZTX Framework, while participating along with seven market-leading cybersecurity vendors from our portfolio. The theme for this year is ‘The evolution of Cybersecurity to Cyber Resilience’. We must admit to ourselves that achieving 100% cybersecurity is impossible. As we should know by now, the issue is not whether our defences will be breached, but when this will happen. Therefore, it is of paramount importance to shift from a reactive approach to a more proactive stance. A cyber-resilient company is one that can predict, prevent, detect, contain, and recover, minimising exposure to an attack and its impact on the business, against countless threats to data, applications, and IT infrastructure. Cyber resilience is all about anticipating. We believe that being ready for anything and Zero Trust is at the heart of cyber resilience. Nowadays, considering the limitations of a perimeter centric security approach, customers are advised to implement a Zero Trust Security model, as well as a data centric and identity driven model to secure their environments. The technologies we will be showcasing at GISEC enable regional organisations to accelerate their incident response and achieve cyber resilience: n EDR, EPP, Threat Intelligence and IR (CrowdStrike) n Active Directory Security, Cloud Security and Deception (Attivo Networks) n Threat Intelligence Platform (EclecticIQ) n AI-Driven Virtual Analyst and Attack Simulation Platform (StrikeReady) n Mobile Threat Defense and Mobile App Security; CASB, SASE and Zero Trust Network Access (Lookout) n Digital Rights Management & Data Classification (Seclore) n aiSIEM / aiXDR (Seceon) Also, please read further to explore exciting information about Attack Surface Management, Leveraging Threat Intelligence to Go Beyond IOCs, Developing Cybersecurity Skills, Securing the Data from the Endpoint to the Cloud, and Cyber Risk Modeling. We look forward to meeting all of you at the stand. Enjoy the show!
VIVEK GUPTA, Co-Founder and COO at CyberKnight.
03
CYBERKNIGHT SUPPLMENT 2021
SECURITY INTELLIGENCE SOLUTION FOR THE DIGITAL WORLD Digital transformation and cloud adoption have created hidden risks for organisations, security leaders need to proactively assess relevance of emerging threats.
HENRY STAVELEY, Regional Sales Director – META.
RISKIQ ILLUMINATE IS AN IDEAL SOLUTION FOR ANY COMMERCIAL OR PUBLIC SECTOR ORGANISATION WHICH HAS MANY INTERNET-EXPOSED ASSETS TO PROTECT
04
RiskIQ Illuminate Internet Intelligence highlights cyber threats relevant to critical assets through connected digital relationships. It is the only security intelligence solution with tailored attack surface intelligence to uncover exposures, risks, and threats against the unique digital footprint, pinpointing what is relevant to you, all in one place. RiskIQ Illuminate is an ideal solution for any commercial or public sector organisation which has many Internet-exposed assets to protect and has a mature security team that includes individuals responsible for investigating and responding to cyber threats and defending their organisation from Internetbased attacks. Relevant, actionable security intelligence is hard to come by. Pairing attack surface intelligence with unique identifiers for threat systems gives security teams better results. By combining attack surface context with deep investigative capabilities, RiskIQ Illuminate helps security teams understand and contextualise threats unique to their organisations. This next-gen platform provides definitive security intelligence about who is attacking them, which assets are at risk, and where their most significant exposures are hiding across their digital ecosystem. Illuminate goes further by extending visibility to incorporate the attack surfaces of nominated third-party organisations, allowing security teams to see their extended supply chain attack surface. While there is no set up or configuration needed on behalf of the partner, RiskIQ partners should have expertise in cyber threat intelligence and attack surface management to act as a trusted advisor during the sale cycle. Both sales and technical training are available at no cost to new partners. Digital transformation and cloud adop-
SECURITY LEADERS NEED TO PROACTIVELY IDENTIFY, REMEDIATE WEAKNESSES IN ATACK SURFACE, HAVE DEEP ISIGHTS INTO THE THREAT ACTORS
tion have created hidden risks for most organisations. To keep on top of an evolving threat landscape, security leaders need to proactively identify and remediate weaknesses in their attack surface, assess the relevance of emerging threats to their organisation and have deep insights into the threat actors behind those threats. RiskIQ Illuminate addresses both challenges, providing incident responders with the Internet context behind indicator of compromise and related malicious infrastructure to enable a rapid and complete response to internet threats, and providing an outside-looking-in approach to the organisation’s exposure on the Internet and the weaknesses in their attack surface to enable proactive remediation. Working closely with its regional distributor, CyberKnight Technology, RiskIQ is building on a very successful year in the region despite the pandemic. RiskIQ has added local resources, increased its marketing activities, and allocated additional regional development funds to support joint GTM activities with MENA partners.
CYBERKNIGHT SUPPLMENT 2021
SECURING DATA FROM ENDPOINT TO THE CLOUD
With everything now in the cloud, it is critical that cybersecurity follows you wherever you go, securing data from the endpoint all the way to the cloud.
BAHAA HUDAIRI, Regional Sales Director – META.
LOOKOUT GIVES ORGANISATIONS THE COMPLETE VISIBILITY AND INSIGHTS INTO THEIR DATA FROM ENDPOINT TO CLOUD
Among the new cybersecurity innovations, Lookout will be highlighting Lookout Secure Access Service Edge Solution at GISEC 2021. Lookout integrates endpoint security with secure access service edge, SASE, to secure data in a manner that respects user privacy. Lookout gives organisations the complete visibility and insights into their data from endpoint to cloud so they can dial in precise and dynamic Zero Trust access and hunt for threats. Employees are working from anywhere, using networks, devices and software that are not managed by IT. Organisations also have countless apps, from datacenters to the cloud. Existing SASE technologies deliver perimeter security from the cloud but are privacy invasive. Lookout integrates endpoint security with SASE to protect data while respecting privacy. If you want security from endpoint to cloud, you need to buy standalone tools that solve specific problems. But that creates complexity and inefficiency. Lookout delivers a single security platform that protects your data from endpoint to cloud in a manner that respects personal privacy. Lookout offers: n Precise controls that provide dynamic access based on full insights n Full visibility into your users, endpoints, apps, and data n Protect your data regardless of where it goes or how it is being handled n A single place to implement precise policies, hunt for threats and conduct investigations n Respect personal privacy Lookout addresses both the enterprise and SMB markets across multiple industries including oil and gas, automotive, retail, media, financial services, logistics and government With everything now in the cloud, it is critical that cybersecurity follows you wherever you go, securing your data from the endpoint
all the way to the cloud. As most of us continue to work remotely, organisations need to secure their data regardless of where their employees are working, what device they use or how they are connecting to apps and data. Lookout solution can assist in simplifying incident response and achieving compliance. With the Lookout security platform organisations can achieve regulatory compliance without impeding productivity. It provides complete visibility into users’ behaviour, the endpoints, and apps they use, the type of data they own and how they are being handled. Lookout announced the industry’s first comprehensive endpoint detection and response, EDR, solution at the end of last year. Having EDR for mobile means organisations can thoroughly investigate cyberattacks that involve mobile devices and stop breaches. Lookout’s channel programme is with two levels: Select and Elite. The programme has been designed to ease and accelerate partners’ ability to sell the industry’s first integrated platform that secures an organisation’s entire data path from endpoint to cloud. The Lookout Partner Academy offers sales and pre-sales training modules to train and qualify partners, helping them to differentiate themselves from competition. For channel strategy in 2021-22, Lookout will focus on a few partners who are in a unique position to deliver our full endpoint-to-cloud solution. Working closely with each focus partner to develop an ambitious business plan including target revenue, joint GTM activities as well as a structured enablement plan. Key countries include UAE, Saudia Arabia, Qatar, Kuwait, and Oman.
05
CYBERKNIGHT SUPPLMENT 2021
HELPING SECURITY LEADERS IN BRIDGING CYBER SKILLS GAP As the cyber skills gap grows, focus needs to be on real, practical skills, not on expensive certifications.
JAMES HADLEY, CEO.
THE IMMERSIVE LABS PLATFORM ADDRESSES THE CYBER SKILLS GAP BY PROVIDING CHALLENGEBASED CYBERSECURITY CONTENT
06
Security leaders need to consider where and how they mine for cybersecurity talent. As the cyber skills gap grows, their focus needs to be on real, practical skills, not on expensive certifications. This will help bolster their overall security, ensure they have the best people for the job, and improve diversity. The Immersive Labs platform addresses the cyber skills gap by providing challengebased cybersecurity content which is developed by experts and powered by the latest threat research. With its unique technology, businesses can battle-test and evidence their preparedness to face the ever-changing threat landscape. Immersive Labs has created modules that help business leaders, cybersecurity teams, development and engineering teams, and security hiring teams to stand prepared for every cyber threat. Its browser-based platform offers over 1,000 gamified labs and simulations that align with MITRE ATT&CK and NIST NICE frameworks, allowing teams to identify where cyber skill gaps lie. Immersive Labs simplifies incident response by keeping cybersecurity teams up to speed with the latest vulnerabilities, techniques, and threats. It also offers business leaders the chance to exercise their crisis response plans with a range of real-world scenarios. At GISEC 2021, Immersive Labs is excited to reveal how it empowers businesses to increase, measure and demonstrate human capabilities in every part of their cybersecurity. By equipping, exercising, and evidencing, humans are put at the centre of an ongoing strategy to improve organisations’ preparedness to face emerging cyber threats. Immersive Labs releases new labs every
IMMERSIVE LABS OFFERS BUSINESS LEADERS THE CHANCE TO EXERCISE THEIR CRISIS RESPONSE PLANS WITH A RANGE OF REAL-WORLD SCENARIOS week, with access to brand new threat content often hours after attacks emerge in the wild. The platform allows businesses to invest in their teams by upskilling existing talent and removing cognitive bias during the hiring process. Immersive Labs works with both enterprise and commercial accounts and is vertical agnostic. The platform is suitable for any organisation that is looking to upskill their security team, refine their incident response plans, build secure applications, and hire talent based on true, demonstrable cyber capabilities. Immersive Labs guides its partners through module demos and provide them with not for resale, NFR, access to our entire product suite, making it easy to learn and showcase to end customers. In early 2021, Immersive Labs announced its channel-first strategy and tier-free partner programme. It is working diligently to expand its channel partnerships and reach across Europe, Middle East, Latin America, US, South Africa, and Australia.
PASS BY CROWDSTRIKE AT GISEC
SS2-B10
CYBERKNIGHT SUPPLMENT 2021
INTEGRATING INTELLIGENCE TO THE CORE OF CYBER DEFENCE The pandemic has changed the cyber security landscape and security leaders need to adopt an intelligence-led and collaborative approach to tackle threats. The pandemic taught us about the loss of boundaries. From perimeter protection to cloud and work from home, we saw a rise in threat volume, complexity and pace with no region exempted. EclecticIQ’s mission is helping societies raise the bar against threats by bringing intelligence into the core of their cyber defence in cooperation with local partners and by growing its own team in the region. EclecticIQ believes security leaders need to: n Bring business and threat intelligence to
HERRO ZOUTENDIJK, Regional Director.
SECURITY LEADERS NEED TO ADOPT AN INTELLIGENCE-LED APPROACH TO ENSURE SECURITY TEAMS ARE RESPONDING TO THE RIGHT SIGNALS
08
gether to make smart decisions n Evaluate existing security stack for effectiveness and RoI n Adopt an intelligence-led approach to ensure security teams are responding to the right signals n Take a collaborative approach to solving emerging threats and defending the business The EclecticIQ platform improves resiliency in the face of targeted attacks. It enhances cyber defenders’ effectiveness and efficiency with easy integration into existing SOC environments, cross-OS coverage with a wide array of telemetry options, live investigation and fast response for reduced dwell time, and a lightweight, flexible, and customisable endpoint agent. EclecticIQ is in the midst of an exciting transformation into an open intelligence-led platform with extended ecosystem support to provide detection, hunting and response capabilities to governments, enterprises, and service providers for next-gen cyber defence. Its innovative platform and modules are near completion and will be unveiled over the coming months. The new EclecticIQ Platform provides solutions in the following areas: n Endpoint Security: Secure workstation entry-points against exploitation by malicious
actors and campaigns n Intel-led SecOps: Operationalise threat intelligence to detect, hunt and respond to threats more effectively and efficiently n Threat Intelligence: Acquire actionable knowledge about threat actors to
prevent and mitigate cyberattacks Today, EclecticIQ provides a leading analyst-centric threat intelligence platform which powers state-of-the-art Cyber Threat Intelligence, CTI, practices or enables SOC teams to operationalise threat intelligence beyond the Indicator of Compromise, IOC, by uniting machine-powered threat data processing and dissemination with human-led data analysis, without compromising on analyst control, freedom, or flexibility. The intelligence-led platform transformation provides unified visibility and management of multiple threat investigation and detection and response vectors, leveraging relevant data from multiple sources like endpoints, network, IoT, mobile to understand what is happening in the environment and enabling security teams to mount a fast and efficient defence of the organisation. EclecticIQ provides solutions to segments including central government, critical infrastructure, financials, large enterprises, service providers such as Digital Forensics and Incident Response or Incident Response consultants, MSSPs, etc. and pharmaceuticals. EclecticIQ works with different types of partners with different levels of ambitions. It provides sales trainings to partners’ commercial team. Depending on partners’ ambition they can do the EclecticIQ CTI Fundamentals training including certification. This training combines CTI tradecraft with using the technology.
CYBERKNIGHT SUPPLMENT 2021
INNOVATIVE APPROACH TO EFFECTIVE RESPONSE AND MITIGATION
This year has proven that fundamentals are key, such as digital hygiene, regular checkups, performance measurements, and cyber risk insurance.
ASHRAF KOHEIL, Regional Sales Director MEA and Turkey.
GROUP-IB THF SIMPLIFIES INCIDENT RESPONSE WITH PATENTED TECHNOLOGICAL STACK TO AUTOMATE PARTS OF IR LIKE FORENSIC REPORTS COLLECTION
Group-IB has developed a unified proprietary platform of intelligent detection technologies which is recognised and considered as an innovative approach to effective response and mitigation - Threat Hunting Framework, THF. The solution includes the following modules: n Sensor – Network Research & Protection n Sensor Industrial – Industrial control systems analysis n Polygon – Malware Detonation & Research n Huntpoint – Behaviour Inspection & Host Forensics n Huntbox – Collaborative Hunting & Response Platform n Decryptor – Decryption of the SSL traffic Group-IB THF provides security within the perimeter and threat hunting outside of its bounds. This includes separate solution for email protection, modules to guard network, services, and user workstations from malware, exclude the possibility of infrastructure being controlled by attackers. Additionally, it exposes attackers’ external infrastructure and covert interactions with it from the network as well as detects any unwanted apps or devices on workstations and servers. The system is quick to deploy and powered by unique intelligent tech, which guarantees lower response and investigation time with the automation of routine tasks, event correlation and threat attribution. All notifications, incidents and threats are displayed in custom widgets and visualised in reports tailored to regions needs and specifics. When a security teams needs any assistance including remote incident response, IR, of forensics, there is 24/7 monitoring and support and an opportunity to engage with experts, analysts, and cybersecurity community in a shared environment. It is a flexible solution with a unified approach to IT and OT security, ready-to-use integrations with Security Information and Event Management, SIEM, event and log storage and other systems. Finally, proven low false-positive rate
guarantees non-stop business continuity. Group-IB THF simplifies incident response with patented technological stack to automate parts of IR like forensic reports collection. It also provides a remote console for IR actions on a protected endpoint. Regarding the compliance simplification, Group-IB THF covers all possible attack vectors disrupting the spread of malware. Group-IB’s customer portfolio on a global scale consists mainly of the top enterprises in the following industries: finance, manufacturing, gas and oil, retail, public sector, medical sector. Yet, the modular approach provides a solution for key information security challenges in any industry. Group-IB provides partners with instructor-led training course during which participants learn how to plan and pre-sale Group-IB’s Threat Hunting Framework. Upon completing the course, participants obtain the certificate of Certified Professional for Threat Hunting Framework. The Middle East and Africa is one of the targeted regions for conducting cybercrime fighting operations and Group-IB is broadening its security expertise. This includes launching analytical centre and implementing all the best practices to better understands regional threats and challenges. It is also launching a cloudbased Email Security Solution and aiming at simplifying deployment and integration of Group-IB THF modules to end users. This year has proven that fundamentals are key, such as digital hygiene, regular checkups, performance measurements, and cyber risk insurance. After those are mastered, another area of interest is Threat hunting and Proactive defence. Finally, it is important to trust MSSPs and partners and to keep in touch with your competitors to counter shared threats.
09
CYBERKNIGHT SUPPLMENT 2021
PROTECTING NETWORK THROUGH DYNAMIC VISUALISATION RedSeal identifies defensive gaps and runs continuous penetration tests to measure readiness across all network environments.
ABDUL MOHSIN, Regional Sales Engineer.
REDSEAL’S CLOUD CYBERSECURITY SOLUTION ACCURATELY LOCATES RESOURCES EXPOSED TO THE INTERNET
10
RedSeal’s cloud cybersecurity solution accurately locates resources exposed to the Internet and brings all network environments, public clouds, private clouds and on premise, into one comprehensive, dynamic visualisation. It interprets access controls across cloud native and third-party virtual firewalls and validates network segmentation policies automatically. RedSeal’s cloud cybersecurity solution continuously verifies that you are in compliance with policies and regulations. Resilient organisations must focus on three main areas, being hard to hit, being ready for the attack when it comes, and being able to recover quickly. RedSeal identifies defensive gaps and runs continuous penetration tests to measure their readiness across public cloud, private cloud and on premise infrastructure. RedSeal’s Digital Resilience Score turns these capabilities into measurements, gives managers, boards of directors and executive management the understandable and actionable metrics they need to drive towards digital resilience. RedSeal solutions are available across all verticals and market sectors. If one needs to understand what network looks like, how secure it is and the associated risks, then one needs RedSeal. RedSeal accelerates and simplifies incident response by providing key information about Indicators of Compromise. RedSeal will tell you: n What is being attacked n Where it is located physically and logically n Where can the attacker reach from there n How would the attacker get there
RESILIENT ORGANISATIONS MUST FOCUS ON THREE MAIN AREAS, BEING HARD TO HIT, BEING READY FOR THE ATTACK WHEN IT COMES, AND BEING ABLE TO RECOVER QUICKLY n Valuable information for containing threats RedSeal can help organisations with configuration compliance audits using industry benchmarks, CIS, STIG/SRG and RedSeal Checks in the first few hours of deployment. RedSeal supports several industry well-known regulatory standards like PCI, NIST, NERC-CIP, HIPPA, GDPR, ISO 27001, etc. with customisation available to add Middle East local standards to the list. RedSeal’s post pandemic regional plan is based around working with CyberKnight as its distributor and strategic valued partners. Below are RedSeal Certifications available with Digital Badges, offered to RedSeal partners: n RS Associate: Enables a person to administer a RedSeal system n RS Professional: Target network, security, vulnerability team, reveal actionable findings n RS Expert: Manage compliance, risks and change manage management with RedSeal findings