With the attacks on rise, we prepared to prevent an attack” is no longer the right question to ask. organizations must play offense, be ready to quickly identify have the right protocols in place for
Instead,
a breach and
“Are
immediate action.....14 OFFENSIVE PLAY
V O L U M E 0 4 | I S S U E 1 3 | AUGUST 2 0 1 8 SPECIAL SUPPLEMENT BY
A ENTERPRISESFORBLUEPRINTSECURITYTHEDIGITALBECAUSESECURITYISNEVERANAFTERMATH! OFFICIAL MEDIA PARTNER BROUGHT BY FOR MORE VISIT: gecmediagroup.com CONTACT: ronak@gecmediagroup.com,anushree@gecmediagroup.com,divsha@gecmediagroup.com FOLLOW US: Enterprise Channels MEA - Magazine EC_MEAEnterprise Channels MEA www.ec-mea.com 5SEPth 2018 AND CISO AWARDS 2018 GEC SYMPOSIUMSECURTYWHOTEL,DUBAI
04 AUGUST 2018
PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, PHONEUAE:+971 (0) 4368 8523 31 FOXTAIL MONMOUTHLAN,JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS WHILERESERVED.THEPUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN. PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE INFO MEDIA ANUSHREE DIXIT anushree@gecmediagroup.comEditor MANAGING DIRECTOR: TUSHAR SAHOO CEO: RONAK SAMANTARAY EDITOR: ANUSHREE BUSINESSMOHAMMEDKRISHNASALESEVENTSJR.SUBanushree@gecmediagroup.comDIXITEDITOR:DIVSHABHATdivsha@gecmediagroup.comREPORTER:CVARYADEVIarya@gecmediagroup.comEXECUTIVE:SHRIYANAIRshriya@gecmediagroup.comEXECUTIVES:THANKIkrishna@gecmediagroup.comMUBINmubin@gecmediagroup.comDEVELOPMENTEXECUTIVE: SUSAN PAUL GROUPsusan@gecmediagroup.comSALESHEAD:RICHASricha@gecmediagroup.com + 971 529 943 982 VISUALIZER: MANAS RANJAN LEAD VISUALIZER: DPR CHOUDHARY DESIGNER: AJAY ARYA ASSISTANT DESIGNER: RAHUL ARYA SOCIALINFO@GECMEDIAGROUP.COMSUBSCRIPTIONSMARKETING&DIGITAL COMMUNICATION YASOBANT DESIGNEDyasobant@gecmediagroup.comMISHRABY
ë EDITORIAL UNDER
The visual that comes to my mind as I am penning down this is of CISOs and Security vendors armed up in their best gears with a hazard board in front of the companies saying ‘Drive slow! Security personnel at work.’ Digital transformation, or DX as the world fondly calls it, will not come the easy way for anybody or any organizations. Certain norms have to be revisited and some rulebooks rewritten. As we say, a messy kitchen signifies a great dish in the making, security or regula tion chaos that exist today can be considered as a runway towards a comprehensive security Intomorrow.thisissue of Cyber Sentinels we are explor ing the various facets of digital transformation and how it is redefining security for the vendors and end users. Our cover story on Cyber Security hovers around the trend and art of playing offensive rather than defensive; how CISOs need to step up the game if they want digital transformation to do good to their business. Featuring four leading CISOs in this issue, we have tried to capture their mindset in what next-gen security means for them as security thought leaders and how they are planning to prepare their organizations. Let’s say that the journey to security co-existing with DX has just begun. Few hiccups are certain to surface. We are setting the stage for the GEC Security Symposium & CISO Awards 2018 to be held on 5th September 2018 at the W Hotel in Dubai, UAE. Stay tuned for an amazing line up of speakers as they take center stage in dissecting what end-to-end security means for the digital transformation. INCONVENIENCETRANSFORMATION!REGRETTED.
PLAY OFFENSIVE14 THREAT RANSOMWAREDECODED 28 CISO THESPEAKFINE ART OF BALANCING 12 BE MACHINESTHESAFELITERATE 20 SPECIAL CONVENIENCESTORY OR COMPROMISE? 24 05AUGUST 2018
COVER STORY CONTENTS
With the attacks on rise, “Are we prepared to prevent an attack” is no longer the right question to ask. Instead, organizations must play offense, be ready to quickly identify a breach and have the right protocols in place for immediate action.
Symantec launched VPNFil ter Check, a free online tool designed to help individuals and organizations quickly and simply determine if a router may be impacted by VPNFilter“VPNFiltermalware.poses a very serious threat to both consumers and businesses including injecting malware and the stealing of passwords and other confidential data,” said Greg Clark, Symantec CEO. “More than half a million routers are suspected to have been infected with VPNFilter and we urge the public to take action to determine if their own home router has been infected.”
CHECKVPNFILTERLAUNCHESSYMANTEC
Centrify bought out the results of a commissioned study conducted by Forrester Consulting on behalf of Centrify, which finds that organizations powering Zero Trust Security with Next-Gen Access solutions reported twice the confidence to accelerate new business models and customer experiences. The study of 311 IT decision-makers in North America and the UK finds that 67 percent of all enterprise resources are exposed to access-related risk, and that a Zero Trust Security approach is the best strategy to control access to enterprise resources. The study revealed that Next-Gen Access is the engine that powers Zero Trust Security, stating that, “NGA technologies enable the layers necessary for a successful Zero Trust strategy.” Organizations using NextGen Access solutions – including Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM), and Privileged Access Management (PAM) – also reported topline benefits including being 66 percent more confident in adopting mobile work models, and 44 percent more confident in securing DevOps environments.
DarkMatter to Protect Expo 2020’s Digital Network
Those same respondents reported bottom line benefits of mitigating overall risk by 37 percent and reducing security costs by 31 percent.
VPNFilter installs a plugin which monitors and modifies web traffic sent through the infected router, allowing cyber criminals to inject malicious content, render routers inoperable or steal passwords and other sensitive user information. Symantec’s VPNFilter Check determines if traffic in your home or your company is being altered by a router infected with the threat.
Expo 2020 Dubai is teaming up with DarkMatter to deploy advanced cyber security technologies that will help safeguard Expo’s digital experience for millions of visitors and 180 country participants. As Expo 2020 Dubai’s Official Cyber Security Provider, DarkMatter is responsible for overseeing the cyber security of Expo 2020’s entire digital platform, as well as the applications and data it supports. With the data and applications of visitors, participating countries, partners, employees and volunteers all supported and inter-connected on its digital platform, Expo 2020 will deploy some of the most advanced and secure technology solutions available.
STREETCHANNEL
CENTRIFY BRINGS OUT COMMISSIONED STUDY
06 AUGUST 2018
First reported in May, VPNFilter targets a wide range of IoT devices such as routers and network-attached storage (NAS) devices.
DarkMatter will provide a wide range of services, from security management and monitoring, to risk assess ments, incident response and technical forensics before, during and after Expo 2020. Mohammed Alhashmi, Senior Vice President of Innovation and Future Technology at Expo 2020 Dubai, said: “Cyber security is a fast evolving field, so it is important that we collaborate with industry experts like DarkMatter to develop solutions that keep Expo 2020’s digital infrastructure safe and secure.” Rabih Dabboussi, Senior Vice President of Busi ness Development, Sales and Marketing at DarkMatter, said: “With innovation and technology at the heart of Expo 2020, we are delighted to partner with Expo as its Official Provider.
Thales and Device Authority jointly developed solution to ensure the authentication of IoT devices and the confidentiality and integrity of the data they rely on – giving both healthcare professionals and their patients the confidence to adopt these new technologies. The IoT market in healthcare, otherwise known as ‘Connected Health’, has boomed in recent years with forecasts predicting it will reach $612bn by 2024. IoT devices have enabled new services from remote diagnosis to disease and lifestyle management via mobile apps to medical device integration. The healthcare industry is regularly targeted by cybercriminals, with 70 per cent of healthcare organizations around the world having experienced a data breach according to the 2018 Thales Data Threat Report.
“The report highlights a real disparity across organisations in the level of confidence as to how secure the IIoT really is,” said Barbara Filkins, SANS Analyst Programme Research Director and survey report author.
Organisations hold disparate and unrealistic views on protecting the Industrial Internet of Things (IIoT), in which endpoints are considered to be the most vulnerable aspects, despite confusion over what actually constitutes an endpoint. These are the key findings of the 2018 SANS Industrial IoT Security Survey report, which examines the security concerns around the rapidly growing use of IIoT. IIoT is the subset of the Internet of Things that focuses specifically on the industrial applica tion of connected physical devices within critical infrastructure such as electricity, manufacturing, oil and gas, transportation and healthcare. The installed base of IoT devices is forecast to triple from 23.14bn in 2018 to 75.44bn in 2025.
SOPHOS INTERCEPT X FOR ATTACKERSBLOCKSSERVERCYBER THALES, DEVICE AUTHORITY LAUNCH SOLUTION TO SECURE IOT DEVICES Endpoints Most Vulnerable Aspect of IIoT – SANS Survey BARBARA FILKINS, SANS ANALYST RESEARCHPROGRAMMEDIRECTOR AND SURVEY REPORT AUTHOR KNOW?DIDYOU Ransomware damage costs will rise to $11.5 Bn in 2019: Cybersecurity Ventures
08 AUGUST 2018
Sophos launched the Sophos Intercept X for server, next-generation server protection with predictive deep learning technology that provides constantly evolv ing security against cyber threats. Sophos’ deep learning neural networks are trained on hundreds of millions of samples to look for suspicious attributes of malicious code and prevent never-before-seen malware attacks. SophosLabs research indicates that 75 percent of malware found in an organization is unique to that organiza tion, indicating the majority of malware is previously unknown.
The SANS report found that most organisations globally are forecasting 10 to 25% growth in their connected devices. This growth rate will cause the systems connected to IIoT devices to double in size roughly every three to seven years. Of over 200 respondents surveyed, more than half reported the most vulnerable aspects of their IIoT infrastructure as data, firmware, embedded sys tems, or general endpoints.
A recent Sophos survey reveals that two-thirds of IT managers worldwide don’t understand what anti-exploit technology is, leaving their organizations vulnerable to data breaches. Once inside a network, cybercriminals can use persistent and lateral moves to target and takeover servers to access the high-value data stored there, such as personally-identifiable informa tion (PII), banking, tax, payroll and other financial records, proprietary intellectual properties, shared applications – all of which can be sold on the Dark Web or used for other types of attacks and monetary gain. Servers can also suffer collateral damage from ransomware and run-of-themill cyberattacks. Attacks reaching servers can be more devastating to a business than attacks on endpoints, due to the critical data they hold.
ORGANISED BY BROUGHT BY FOR MORE VISIT gecmediagroup.com CONTACT divsha@gecmediagroup.comronak@gecmediagroup.comanushree@gecmediagroup.com NOMINATE NOW FOR AWARDS IN TOP SYSTEM INTEGRATORS TOP PROJECT EXECUTION INNOVATIVE VENDORS TOPTOPDISTRIBUTORSRESELLERS OCTOBER092018HONORING THE BEST
KANAIYA VASANI, VP - SAAS & BUSINESS DEVELOPMENT, INFOBLOX
10 AUGUST 2018
Orchestration on this level groups devices into services to intelligently decrypt and steer traffic, allowing for independent monitoring, load balancing, and scaling to adapt to changing network conditions and increasing traffic demands. This marks a vast improvement over the industry’s legacy security model, where piecemeal inspection devices perform decryption independently, frequently leaving gaps for attackers.
EARLY MOMENTUM FOR AKAMAI
TELECOM AND SECURITY SOLUTIONS AT RIYADH
Matrix will be showcasing its latest trends and technologies from Secu rity and Telecom domain, including the new NVRX Series and PRASAR UCS for Modern Enterprises. We will demonstrate our Enterprise Telecom and Security solutions that cater the need of SMEs, SOHOs and Large Enterprises.
Matrix will be hosting Matrix Insight on 26th July from 8:30 am onwards at Marriott Hotel, Riyadh in Saudi Arabia. We welcome everyone in the Telecom and Security industry from new pros pects, strategic partners to existing customers and suppliers. Matrix will showcase enterprise grade Time-Attendance solution engineered with features such as Auto Push Events to Server, Auto matic Fingerprint Distribution, Instant Notification, 200+ Custom ized Reports Generation, Scheduler Services including Backup, and more. Furthermore, Access Control being the prime requirement in terms of security, Matrix will present its Standalone Access Control solution with License Free Environment, whereby a single panel can handle up to 255 doors and 25,000 users. Get a glimpse into the cutting-edge Matrix biometric solutions with multiple credentials option at Riyadh.
F5 Networks introduced new offerings that provide advanced access controls and dedicated SSL visibility with orchestration capabilities to help thwart today’s most sophisticated cyber attacks.
While most traffic and data handled by applications is now encrypted, many security stack service offerings (e.g., firewalls and IPS) are unable to efficiently process SSL encrypted traffic at the scale and speed businesses demand. Beyond mere SSL awareness and offload, F5 SSL Orchestrator provides policy-based orchestration capabilities across the full security service chain for any network topology, device, or application.
Akamai Technologies made significant early momentum for its API Gateway, including successful customer adoption across a number of markets and geographies. Launched in April, the Akamai API Gateway is designed to eliminate the common challenges in scale, secure access and delivery that developers face when publishing their APIs. Early customer deployments on the Akamai Intelligent Platform, which delivers more than 445 billion API hits and 2.4 petabytes of API traffic daily, underscore Akamai’s ongoing commit ment to enabling DevOps initiatives to achieve digital success. Among customers that deployed the Akamai API Gateway, several use cases have emerged that demonstrate its far-reaching value. As businesses continue to seek ways to make deliver ing, securing and managing APIs easier, they are using the API Gateway to: Manage external APIs at peak demand: An international retailer deployed the Akamai API Gateway to manage external APIs, helping it to accom modate peak demand for applications that run across its website, mobile app and in-store kiosks. The retailer leverages Akamai’s administrative APIs to integrate the Gateway within existing workflows and to maximize application security for API endpoints using Akamai’s Kona Site Defender; Streamline app interactions: A global logistics provider has adopted the Akamai API Gateway to streamline customer ecommerce application interactions and realize the benefits of Akamai’s unparalleled availability and security. Infoblox, enables new updates to its Network Identity Operating System (NIOS) platform for organizations to automate core services and data centers such as Red Hat Ansible in order to rapidly deploy network and security services via the cloud. Connecting your on-premise NIOS based solutions with Infoblox ActiveTrust Cloud, a SaaS based DNS security solution, extends protection against the loss of data or the spread of malware for devices everywhere. This native integration eliminates the need for endpoint agents or separate virtual machines to integrate with Infoblox cloud security services, making it a seamless solution for our customers.
APP PROTECTION MATRIX TO
“As more organizations look to the cloud to achieve operational efficiency and scale, Infob lox is connecting its network platform for core services directly to the cloud. With these latest enhancements, Infoblox is offering a true hybrid model for security, without having to deploy proxies everywhere or use endpoint agents. The enhancements enable faster response to incidents detected by ActiveTrust® Cloud, APISECURITY PRODUCTS ENHANCE HOST EXCLUSIVE through on-premises ecosystem integrations for network wide remediation,” said Kanaiya Vasani, vice president of SaaS and Business Development at Infoblox. For organizations that are investing in cloud and embracing data center automation, Red Hat Ansible Automation includes Infoblox NIOS modules that help enable customers to automate additional workflows and management processes.
GATEWAY INFOBLOX ENABLES RAPID AUTOMATION OF CORE NETWORK SERVICES NEW F5
Big on numbers. Bigger opportunities.on At the centre of the global tech revolution and the region’s digital transformation, GITEX Technology Week brings together the most powerful innovations influencing the future – right from AI to Smart Cities to Blockchain. EXHIBITORS4.700+ 100.000+VISITORSGOVT&CORPBUYERS16.000+ MEETINGS6.238SET SECUREDEXHIBITORSOVER 2 BUSINESS80%DEALS VERTICAL CONFERENCES WITH 100+ HOURS OFCONTENT9 *2017 onsite survey conducted through a third party company Organised by Co-located withCONTACT THE TEAM ON +971 4 308 www.gitex.comgitexsales@dwtc.com6566/6022/4090/6282/6077 FOLLOW #GITEX2018US 14 - 18 OCTOBER 2018 DUBAI WORLD TRADE CENTRE FutureExperienceUrbanism WELCOME TO THE LARGEST TECHNOLOGY EVENT IN THE MIDDLE EAST, AFRICA & SOUTH ASIA
SAMIR PAWASKAR, CYBER SECURITY EXPERT, QATAR 12 AUGUST 2018
From a technology perspective, we have long passed the time where passwords and packet firewalls was considered as good enough security!However, at the same time the threat land scape has changed completely, companies have found to be lagging vis-à-vis the capabilities of the threat actors. This has necessitated a change in the cyber defense strategy adopted by the enterprises. Organizations are now moving from a Prevention and Protection Strategy to a Detect, Respond and Recover strategy. Easier said than done, the new strategy requires new capabilities and skills to be devel oped within an enterprise. This includes skills such as Log monitoring and analysis, incident handling, digital forensics, resilience etc.
n Focus on research and development, build ing innovative solutions. n SLA driven service n Transparency in terms of the providing Supply-Chain assurance for the product and ethical breach /vulnerability disclosure and closure. n Local or locally based solutions / service providers. There is a lot of focus this days on cloud-based services and Data Sovereignty is a thorny issue, so service providers that handle data locally could be preferred over others. When it comes to security, we all would agree that there is nothing as 100% secure. But, as a CISO how do you gear up to best protect your organization from an outsider as well as insider threat?
I believe the trick or rather the essence is maintaining a fair balance. There is no silver bullet solution; CISOs have the delicate job of managing security across the organization.
To begin with, the most important thing is to create the right governance and manage ment framework. The CISO should be able to translate the security in to a business lingo and establish communication vertically (CXO) and horizontally across the organization. Creating awareness and sensitivity about InfoSec amongst the management as well as the users is the key.
Over a period, I have seen myself in roles related to operational security, security manage ment and as well as cybersecurity regulations. In my experience, the role of information security has evolved over time from being a support function to being a business enabler, which in a way brings on a huge sense of responsibility and commitment to the role.
n Strong and long-term commitment and security focus on the product / service delivered.
Currently there is a strong focus locally, regionally and globally on regulations. The CISO needs to ensure that the organization is in compliance to applicable regulations (local, regional and global). This may entail working with the legal department. Building a strong team with defined roles and responsibilities is another factor. I personally put a strong focus on people and processes. Technology is the easiest thing to do. Having said that the technology chosen should be bal anced and aligned to your security strategy. The technology should imbibe controls that help the organization prevent, protect, detect, respond and recover from potential attacks.
Digital forensics (DF)— as a concept and demand— is evolving quite rapidly since the last few years. How effective a tool can this be to nab the cyber intruders? DF is part of the “Detect and Respond” strategy. I believe should an organization make a decision to go after the intruders or pursue a legal case (this may be mandatory for certain critical sector organizations by law), then DF skills and capabilities come handy and become essential. Further, the skills can allow an organization to do a deep analysis on the Threat actor and iden tify their Tactics, Techniques and Procedures (TTPs) which may help in mitigating future attacks from the same threat actor. Currently, the skills and expertise are very niche, and are usually sourced through a vendor and only the bigger and large organizations try to build these capabilities in-house.
Well some of the things that I expect from a security solutions / service provider are:
Tell us in brief about your career as a CISO/Security professional. How have you seen your role evolving with time and pressure? Well I started my career in 1995, as a system administrator and over the years advanced myself in Customer support and in to Network ing before moving into the information security domain. At some point of time in my career, I have worked as part of a vendor team, as part of a business organization and also with a regulator and thereby it gives me a good understanding of the challenges from all sides of the table.
As a CISO, what kind of gap do you see in the enterprise security space today?
According to Samir Pawaskar, CISOs today are walking on a tight rope. He says that there is no silver bullet solutions for modern day problems, but it is all about how they strike the perfect balance between regulations and painpoints.
THE FINE ART OF BALANCING
What would be your expectation from a security solutions/services provider?
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of the organization where the author works.. ë
CISO SPEAK 13AUGUST 2018
With the attacks on rise, “Are we prepared to prevent an attack” is no longer the right question to ask. Instead, organizations must play offense, be ready to quickly identify a breach and have the right protocols in place for immediate action. Every month we see cyber attacks and security vulnerabilities affecting millions of businesses around the world. Massive breaches like Careem – where private data of 14 million customers were compromised could have been prevented if paid attention to repeated warnings. According to Cybersecurity Ventures - an American Research firm, cyber-attacks damages could cost the world around $6 trillion annually by 2021. More surprising or shocking may I say is to know that Saudi Arabia faces the highest number of cyber-attacks in the Arab region followed by United Arab Emirates according to reports. With this rapid increase of data breaches, is the cyber security industry really offering its customers value for money? If yes, then who is respon sible for the breaches?
The number of threat alerts faced by KSA rose by 7% quarter on quarter during 2017. As per the Saudi National Cyber Security Centre, most of these threats targeted government, energy and telecom sectors. Shamoon 2, the computer virus that attacked Saudi Aramco in 2012, returned to the Kingdom for the second time in January 2017, leaving at least three government agencies and four private sector companies offline for 48 hours. Meanwhile, in Abu Dhabi, UAE in March 2017, the police arrested four hackers who allegedly stole more than AED1 million by installing skimmer devices on ATM’s across the country. The Telecommunications Regulations Authority (TRA) statistics say that they foiled 615 cyber-attacks against government, semi-government and private sectors in the first 10 months of 2017. In fact, almost 60 percent of the organizations in the Middle East have been cyber attack targets in the past 24 months according to a recent report. Furthermore, a third of Middle East business leaders think that cybercrime is likely to be the most disruptive crime to their organisation in the next 24 months, especially as enterprises continue to expand digitally. Gopan Sivasankaran, Security Architect of Secureworks believes that as a result, many companies in the Middle East, Turkey and Africa region are looking for reliable security partners with proven expertise in global security and compliance, who understand the region’s busi ness industry and possible cybersecurity threats. The shortage of cyber security skills in the marketplace compounds the challenges being faced by both large and small organizations, says HP. “To mitigate these risks, HP has focused on building security directly into our products that complement existing software solutions for both mobile and stationary users for the last 15 years. Whatever
n BY: DIVSHA BHAT <DIVSHA@GECMEDIAGROUP.COM> n PHOTO: SHUTTERSTOCK 14 AUGUST 2018
TARGET – MIDDLE EAST
COVERSTORY OFFENSIVE PLAY
15AUGUST 2018
form the attack takes, once the end user device is compromised, your network, servers and data are at risk. Our focus at HP is to build security directly into our end user devices to ensure security that is on by default and complements your legacy security solutions,” said Mathew Thomas, Managing Director, Middle East, Turkey and East Africa, HP.
MATHEW THOMAS, MD, MIDDLE EAST, TURKEY AND EAST AFRICA, HP MOHAMMAD JAMAL TABBARA, SENIOR SYSTEMS ENGINEER – U.A.E & CHANNEL AT INFOBLOX ERIC BROUWERS, VP – MEA, BARCO SHUKRI EID, MANAGING DIRECTOR – EAST REGION, CISCO MIDDLE EAST
“Our focus at HP is to build security directly into our end user devices to ensure security that is on by default and complements your legacy security solutions,” “If your digital service is not secure; then you should not offer your service,”
“AI is already shaping up to detect threats and attacks with the systems already being able to rectify the situation on its own,” “Security must be integrated from the start and not treated as an afterthought,”
16 AUGUST 2018
The Middle East is on the verge of huge digital disruption. The cross-border data flow connect ing the Middle East region to the rest of the world has increased in the past decade. According to Cisco’s Global Cloud Index (GCI) Forecast, from 2016 to 2021, projections estimate that the Middle East and Africa (MEA) will have the world’s highest cloud traffic growth rate, at 41 percent. Enterprises who do not have security at the forefront of their digitization plans, are at risk. “Security must be integrated from the start and not treated as an afterthought. Organizations who understand this and lead with security will protect their business value, drive digital agility, and enable long term growth,” commented Shukri Eid, Managing Director – East Region, Cisco Middle East. To put it in even simper words, successful digital transformation cannot happen without security. The security should be deployed in a quick and flexible manner along with mitigation techniques. “You can transform to digital business only if your network services will allow it. For most companies, that’s a very big if. To meet exploding digital demands, your network must be highly available, adaptable, easy to manage, resilient, and secure. If your digital service is not secure; then you should not offer your service,” said Mohammad Jamal Tabbara, Senior Systems Engineer – U.A.E & Channel at Infoblox. But with the threat landscape increasing rapidly and also expected 1 million new devices getting online every hour by 2020, is it possible to monitor IT systems only by humans?
ARTIFICIAL INTELLIGENCE – SAVIOUR OF CYBER SECURITY?
CYBER SECU RITY FOR TRANSFORMATIONDIGITAL
Artificial Intelligence and Machine Learning are being applied more broadly across enterprises. In
January 2018, Google’s parent company, Alphabet launched ‘Chronicle’ – an AI based solution for the cybersecurity industry – promising the power to fight cybercrime on a global scale. The imple mentation of AI can serve as a real turning point in security says Eric Brouwers, VP – MEA, Barco. “These systems come with substantial benefits that will help prepare cyber security professionals for taking on cyber-attacks and safeguarding the enterprise. AI is already shaping up to detect threats and attacks with the systems already being able to rectify the situation on its own. AI can provide new tools for threat hunters, helping them protect new devices and networks even before a threat is classified by a human researcher.”
We have already seen a number of enterprises using blockchain to ensure the security of financial transactions. However, real estate and construction companies, healthcare sectors, etc are beginning to use blockchain. Retail giant, Walmart has established a group to trace raw foods through supply chain using blockchain. The initiative is designed to track food-borne illnesses and recalls across farmers, brokers, distributors, processors, regulators, retailers, and consumers.
As truly said by Ned, AI shows significant promise in prioritising alerts in a more meaning ful manner, but how is blockchain redefining cybersecurity?
According to Ammar Mardawi, Country Manager of StoryTel Arabia – “Blockchains are by nature unhackable, at least in theory, because they are decentralized. If an attacker was able to compromise a copy of the blockchain, it will not affect the whole network. It makes blockchains an attractive security measure for public large datasets which are important to keep safe from tampering.Ontheother hand, Gopan believes that Blockchain is still in its nascent stage in the region and we have yet to see its full potential and how it will shape the future of cybersecurity. While some niche products may appear in the market, the technology has major limitations and short comings that do not lend to cyber security despite theAthype.the moment, businesses are unsure of block chain potential according to a survey by Deloitte. The survey also suggests that this feeling is pri marily due to the lack of information available on it or the inability to understand the technology. In spite of the mixed feelings, companies have invested millions in Blockchain projects. With regards to cyber security, Blockchain should be a top priority for any industry handling data. With the maturity of the technology, Blockchain as the main guard against cyber threats will become far more seamless to adopt.
MANAGING FUTURE THREATS The Middle East is one of the world’s most advanced regions when its comes to the adoption of technology. It is an undeniable fact that there will be new risks and may be even bigger ones. It is true that we cannot protect everything, but, we can always find a way to prevent! ë
“Machine learning and artificial intelligence shows significant promise in prioritising alerts in a more meaningful challenges,”regardlessentiremonitorsecurityalign“Organizationsmanner,”needtothemselveswithapartnerthatcanandmanagetheirthreatenvironment,ofbusiness
17AUGUST 2018
NED BALTAGI, MD – MEA, SANS GOPAN SIVASANKARAN, SECURITY SECUREWORKSARCHITECT,
AMMAR MARDAWI, COUNTRY MANAGER OF STORYTEL ARABIA
One of the challenges in information security response is the identification of events of interest among large number of aerts typically produced by modern detection systems. Ned Baltagi, Man aging Director - Middle East & Africa at SANS says that “many breaches are not missed because there was no alert, but because the relevant alerts were masked by too many irrelevant and false positive alerts. Machine learning and artificial intelligence shows significant promise in prioritis ing alerts in a more meaningful manner.”
A NEW CHAIN?
“Blockchains are by nature unhackable, at least in theory, because they are decentralized,”
RakeshCHANGEremarksthatsecurity
Digital forensics— as a concept and demand— is evolving quite rapidly since the last few years. How effective a tool can this be to nab the cyber intruders?
The pace of change for the security threat landscape is accelerating. To cope with the change and ensure success against challengers, I believe the security community needs to rethink the way it anticipates and responds to threats. It also needs to be more open and effective in the way it shares information and design solutions/products because security is not about restricting business but it’s about protecting business with adequate control. When it comes to security, we all would agree that there is nothing as 100% secure. But how do you gear up to best protect your organization from an outsider as well as insider threat?
What kind of gap do you see in the enterprise security space today? I believe following are the biggest gap any enterprise has in security space.
We have defined industries standard process and procedures and governing method, end to end monitoring and the most important we do edu cate every single user about security and threats with in the enterprise, also we do assess how well security is integrated with systems periodically by internal and external audit.
RAKESH NARANG, AVP - NETWORK & SECURITY, ALDAR PROPERTIES
What would be your expectation from a security solutions/services provider?
“Awareness GAP” because there is no Sec_rity without U and user awareness is biggest gap any enterprise has because technology is changing in very fast pace. Hence educating everyone in an enterprise about security do’s and don’ts are the most important task and this is the only way to eliminate the Awareness GAP, one consistent and unwavering business goal should be the “culture of security” to improve the posture of security with in “Skillenterprise.Gap”research shows corporate demand for cybersecurity skills is rising faster than internal supply, with innovative thinking needed to plug the gap – both in the acquisition and retention of key talent and it’s difficult to get good resources due to high demand.
today is not what security was yesterday. CISOs who do not transform themselves with the emerging technology would be left back in the race. Now, with AI and digitization, the security landscape is probably at its most vulnerable phase and CISOs have to be the biggest change agents.
CHANGING WITH THE
Digital forensics is an important tool for any digital incident response and it matters more now because all security incidents are related to digital world whether it’s online or offline incidents, also digital forensics are not only limited to corporate but it’s being used by law enforcement for investigation. ë
Tell us in brief about your career as a Security professional. How have you seen your role evolving with time and pressure?
CISO SPEAK 18 AUGUST 2018
I have spent 18 years in digital industry, out of which,12 years was exclusively in the IT security space. The journey kicked off slowly because those days IT security was limited to protecting IT infrastructure where as now it is all about protecting enterprise information/Data, Infrastructure and people as well. Today, it has become more challenging though there are so many tools and technology but keeping a track of information flow and mapping it with user behav ior is very challenging role and over the period of time it’s going to change more as AI and Machine learning will accelerate rapidly.
SecurityGartner & gartner.com/me/securityOctoberSummitManagementRisk201822-23/Dubai,UAESpecialdiscountforreaders! Save $300 on standard registration with code GEC © 2018 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com. Securing Digital Business: Adapt. Transform. Scale. Discover the latest research and recommendations to transform your security strategy and build resilience across the enterprise. Special discount for readers! Save $300 on standard registration with code GEC
BY: ANUSHREE DIXIT <ANUSHREE@GECMEDIAGROUP.COM>
n
Wise men have remarked that its never too late to learn. Machines today are entering into a world of advanced learning and analytics that are forcing the enterprises to rethink decision-making in a new light. Will humans still have an upper hand in the workforce chain?
PHOTO: SHUTTERSTOCK
20 AUGUST 2018
n
Benjamin Franklin had once made a very famous statement – “Tell me and I forget. Teach me and I remember. Involve me and I learn.” The day since ‘machines’ started getting involved in our day-to-day lives, the world has been a different place. Involvement of the machine— that run on mere binary commands— further led to them ‘learning’ our behavior and taking decisions to enable our decisions.
Computing power is touching new heights with advancements in business intelligence, cloud computing and data analytics and this has led to the rise of the use of AI in countering cyber attacks. When business started building a warehouse of behavioral data with its million user database, machine learning came to the rescue.
THE MACHINESLITERATEBESAFE
21AUGUST 2018
One of the greatest advantage of AI based techniques is that it reduces human time and effort and its intelligent automation models triggers off any threats that enter the network.
According to resources, skill gap or skill shortage has also been one of the strongest and contributing factors for the rising demands of AI in cyber security, According to Mike Lloyd, CTO, RedSeal “In two words—Staff shortages. The world pool of skilled security pro fessionals has run dry; every organization is facing the unwelcome choice between leaving an important job opening empty or putting someone into it who lacks the skills and background.”
With the advent of sophisticated hackers, business have started using AI as an effective tool to fight against the bad guys. As the hackers become sophisticated, the applications are also becoming sophisticated.
AI BASED CYBER SECURITY ADOPTION
Machine learning, that is based on cognition techniques rather than inference, are countering the traditional signature-based detection mechanisms that are not competent in solving today’s complex threats. Machine learning has been recognized as an easier tool to respond to cyber security threats.
Harish Chib, Vice President, Middle East & Africa, Sophos says, “Deep learning is a powerful, groundbreaking tool for keeping unknown threats at bay. Deep learning is used in Sophos’ Intercept X and XG Firewall. It uses a neural network set up like the human brain to make decisions based on stored data and predictive reason ing. It can handle hundreds of millions of points of information, quickly and accurately, while not bogging down your system.”
TOP CYBER THREATS ML CAN PROTECT AGAINST So, how many companies are actually using AI or ML today to solve real time issues? Today, there are a lot or reports and theories that highly talk about the use and impacts of AI in cyber security, but the real question is whether they are capable of responding to the nextgeneration model of cyber threats? While some vendors talk in high regards for the concept, some are a bit against the concept and call it ‘misleading’ as machine learning and AI are usually taken as interchangeable“Unfortunately,concepts.MLlacks a critical capability—this kind of AI cannot generalize well. Even the enhancement called “deep learn ing” (effectively stacking up several ML engines) doesn’t succeed at generalization. So, using ML is good, but limited. It is similar to driving using the rear view mirror. There is a clear role for ML in
Artificial Intelligence also possesses the ability to handle threats on a standardized procedure as the chances of error are relatively less or none that allows the solving of a threat in limited time.
“Enterprises need to simplify their security stack and rely less on static rules of behav iour, by having smart solutions that automate the discovery and protection against cyber attacks”
MIKE LLOYD, CTO, REDSEAL
stamping out repeats of well-understood attacks, but it is far less effective at tomorrow’s problems,” saysRolandMike.
22 AUGUST 2018
Whereas Mike of Redseal feels that Machine learning alone is not enough. Machine reason ing is also necessary. The next level of machine reasoning comes from teaching AI engines about the complex real world—adding domain expertise and skilled human input to the AI so that the two function as a team, and both get smarter over time. FINALLY Though humans are considered to be the weakest links in security, you cannot remove or com pletely uproot the existence of humans from the network, regardless of how sophisticated your AI or ML tool is. For the next 5 to 6 years, humans will only be the ‘constant’ in this evolving land scape. What would be worth waiting for would be to see how machine learning’s nature of ‘learning’ and artificial intelligence’s nature of ‘prediction’ would be able to co-exist in an enterprise and redefine the cyber security models. ë
Daccache, Senior Regional Sales Engineer, META – Fidelis Cybersecurity says, “Machine learning is valuable both, at the endpoint and network threat discovery, first by baselining the customer network traffic, whether on premise or on cloud, to discover suspicious traffic patterns, unknown protocols, rogue user behaviour, insider threat, etc., and second by baselining endpoint activity to discover advanced evasive malware.”
AI VS ML Machine learning often has devices or system exposed to a large set of data which it uses to understand, learn and gradually start predicting whereas Artificial Intelligence seldom infers new conclusions without any learning data. Quot ing a study here, machine learning has become indispensable in the fights against spam and phishing. Elie Bursztein, who leads the antiabuse research team at Google, notes that Gmail has used machine learning techniques to filter emails since its launch 18 years ago. But as attack strategies have evolved and phishing schemes have become more pernicious, Gmail and other Google services have needed to adapt to hackers who specifically know how to game them. Data trafficking or data poisoning is a significant threat to the machine learning model. If a hacker is successful in cracking the algorithm and its data source, it is pretty simple to counter this. For example, attackers may run campaigns on thousands of accounts to mark malicious mes sages or comments as “Not Spam” in an attempt to skew an algorithm’s perspective.
ML- THE FUTURE OF CYBER SECURITY
ROLAND DACCACHE, SENIOR REGIONAL SALES ENGINEER, META –CYBERSECURITYFIDELIS
“Machine learning alone is not enough. Machine reasoning is also necessary”
According to Normshield, Artificial intelli gence is a science field that is interested in finding solutions to complex problems like humans do. A decision mechanism that is similar to a real human decision mechanism is tried to be mod elled with some algorithms. Machine learning is a subdomain of artificial intelligence. Machine learning uses mathematical and statistical ways to extract information from data, and with that information ml tries to guess the unknown. Deep learning is a subdomain of machine learning and tries to learn the data with artificial neural network approach.
According to Roland, “Machine learning has a very promising future in reshaping the cyber security field. Enterprises need to simplify their security stack, and rely less on static rules of behaviour, by having smart solutions that automate the discovery and protection against cyber-attacks. So every security vendor needs to invest in ML today if they need to stay relevant in the coming years.”
“Deep learning is a powerful, ground-breaking tool for keeping unknown threats at bay”
HARISH CHIB, VICE PRESIDENT, MIDDLE EAST & AFRICA, SOPHOS
People do not have to be product centric, they have to be technol ogy centric or even process centric. It is not how good or bad the product is, it depends on the infrastructure that is being run, the kind of data stored or the kind of customers and the kind of operations. Once that is clear, then the CISO can look into the kind of data visibility they have. If they have a data visibility, they get a clarity on the kind of mitigation they need to put in place. They need to be technology centric and should look at cryptog raphy, Vulnerability mitigation, securing the parameter, endpoint security, etc. The CISO should look at the technology and what kind of controls they need to put in place to mitigate the threats.
the immense amount of data pouring in every day. But, threat visualization plays an even bigger role to keep it at bay.
PRIME GOAL:
IT security primarily dealt with safeguarding one’s organiza tion from external threats. As the threat landscape now has changed and organizations have become increasingly vulnerable with each passing day, the role of a CISO also started evolving. Earlier, a CISO’s responsibility was to look into anti-virus or firewall that dealt with external threats. Now, they have to look into compliance, internal threats, risk, governance and many other factors that are not limited to patching a software or just keeping the systems up to date. This is how I see the change in CISO’s role. Nowadays, the CISOs are also directly reporting to the board members of the company, such is the importance of security.
What are your expectations from a service provider?
DataVISUALIZATIONTHREATvisualizationisthebestbetforaCISOtokeeptrackof
What is the major gap in the Enterprise Security Space? Skills shortage has been one of the evident gap in the enterprise security space. Even the role of a CISO is not excluded from it. Very few people understand threats and their consequences. Very few peers now a days are hands on. The knowledge is limited to the conventional methods of threat prevention like firewalls, anti-virus or a data leak prevention. There is lot more to it. The CISOs should get the threat intelligence, day in and out. The skill shortage in terms of Intelligence gathering is also there. They don’t want to get into details of the issue or the threat. They also sometimes look at other peers for help, which is a good thing, but I would suggest to enhance their skills and look at improving the skills on visualizing the threat, governance and looking into granular details.
CISO SPEAK 23AUGUST 2018
As a CISO, how do you gear up to best protect your organization from an outsider as well as insider threats?
Threat visualization is one of the core areas where a CISO needs visibility & need to practice more.
The first one would be the trust between a service provider and a customer. If the trust is maintained between the service provider and the customer, they can see a much benefited project outcome. The second thing is transparency. During the project negotiation, when the customer complaints about the high cost, the service provider should put transparency on the table and inform them about the net price and margins.
How effective a tool Digital Forensics is to nab the cyber intruders? Digital forensics is one of the booming area right now and forensics have been in place since past 50 years. Earlier, only Law and Enforcement agencies used to do forensics. Now there are other people who do crime investigations and digital forensics. There is a lack of awareness about digital forensics between the customers and service providers. If there is a data leakage incident in the company, and the person in charge is not aware about the best way to handle it, Law and Enforcement Agency- should be notified immediately and asked for a digital forensic expert. BY: C V ARYA DEVI <ARYA@GECMEDIAGROUP.COM>
How is the role of a CISO evolving with time and pressure?
ë BHARAT GAUTAM, CYBER SECURITY SPECIALIST n
Imagine a situation when you can lead a convenient life but you would have compromise some of your data. Which one would you choose? The booming era of IoT is giving a life ease but data transmission happens in the background. CONVENIENCE OR24COMPROMISE?SPECIALSTORY AUGUST 2018
25AUGUST 2018
n BY: C V ARYA DEVI <ARYA@GECMEDIAGROUP.COM> n PHOTO: SHUTTERSTOCK You have to fight for your privacy or you loose it” said Eric Schmidt. Well, what if it’s a fight to the city hall, one which you can never win. As more days pass by, we hear more systems and information being compromised. Given this scenario, we get lost in the endless discussions on digital privacy. Privacy in digital world is emphasized much more as we are transitioning from paper-based to a fully digital world. PUSH AND PULL OF IOT AND DATA
As part of the process, we are pushing the technol ogy to a whole new level, Internet of things (IoT) is one of those I would say. This includes a vast variety of everyday household electronics that we are way too familiar with. According to a survey by IHS, by 2020, there will be roughly 3 IoT devices for every man on this planet and that number will double by 2025. With all of these connected devices, the biggest challenge that will be faced is storage. Experts expect this storage to be around 1.6 zettabytes. These IoT enabled devices will be gadgets with Internet connectivity that will allow data transmission. This is happen in the back ground with the users’ knowledge. Then there arises a big question, shouldn’t people be concerned about privacy and data security as these gadgets are transmitting informa tion without user realization. And furthermore, more devices enabled with IoT means a complex IoT ecosystem and more data collected with storage in different places. There was a time when the cyber threats were just ransomware, data theft or BEC scams in enterprises. But now since there are now a devices that are interconnected and gather, process and send data, the magnitude of cyber and digital privacy threats have reached to an unimaginable point. These IoT devices were not meant for security, their sole purpose was convenience alone. This in turn came to a point where the convenience is questioned as data is being more vulnerable. The idea of networking
DIMITRIS RAEKOS, GENERAL MANAGER AT ESET MIDDLE EAST
JEFF OGDEN, GENERAL MANAGERMIDDLE EAST, MIMECAST
As GDPR is already on text, another legal framework is coming around, GDPR: the ePrivacy Regulation. This regulation concerns all new electronic communications which includes instant messaging apps and tools like SnapChat and Facebook Messenger. The European govern ment has approved the text and now awaiting the approval from state members. Immediately after GDPR, in June 2018, California government unanimously passed a data privacy bill (AB 375) which will have huge implications on companies like Facebook, Google or Quora. This bill allows Californians to ask the 3 Ws, ‘What do you collect’, ‘Why do you collect’ and ‘With whom do you share’. It also allows them to delete or opt out of sale of data. With more and more talks on Digital privacy and countries coming up with plans to protect, data leakage is still on the rise. According to Breach Level Index, around 60 records were stolen every second in 2017, which adds up to 5 million records stolen every single day.
“Major concern is the oversharing of data by commercial services, insufficient protection of stored personal data, and the possibility of interception of digital traffic by cybercriminals or the mischievous elements.”
“From our perspective, while GDPR beyondrequirementscomplianceextendprovidingemail-centricsecurityandoperations,it’scertainlyagoodstartingpoint.”
SILENT SPECTATORS?
It is not like the authorities are not doing anything on their behalf. But are they thinking before implementing is to be question. One of the core example of this would be GDPR. The most talked about topic in this quarter, GDPR does not provide any clear cut guidance for IoT devices in particular, it only emphasize obtaining user consent. There are also recommendations that suggest getting the consent of the user before setting up the IoT device. “From our perspective, while GDPR compli ance requirements extend beyond providing email-centric security and operations, it’s certainly a good starting point.” said Jeff Ogden,
General Manager - Middle East, Mimecast. He further added, “As we know, privacy principles are the heart of GDPR and the right security is essential to underpin privacy obligations.”
bestorageCollectivewillaround1.6zettabytes 60 records stolen every second in 2017 5 million records stolen in every day in 2017 11% of people have had their personal information stolen like credit card, information.banking 1.6 60 11% 86% 5mnBy 2020, there will be 3 IoT devices per man. By 2025, it will double. 86% people have tried to remove their digital footprint on internet 26 AUGUST 2018
THINK TWICE? MAYBE MORE In a recent study by ESET on twelve smart home devices from seven vendors, researchers found that every single device had privacy issue. It is among voice-activated intelligent assistants most of the concerns raised. “Other major concern is the oversharing of data by commercial services, insufficient protection of stored personal data, and the possibility of interception of digital traffic by cybercriminals or the mischievous elements. Users need to carefully read the privacy policy of such devices and as no software or hardware guaranteed to be free from vulnerability issue’s, hence it is important to be aware finding and applying new firmware to such devices.” said Dimitris Raekos, General Manager at ESET MiddleDigitalEast.privacy begins with setting up of the IoT devices. Think twice or even thrice before clicking the “I agree” button. Even when downloading things, there comes a dialogue box that indicates what all information will be pulled from the device. Look hard into it and limit the information if possible. If it is quite unclear or brief, consider not downloading it in the first place. As mentioned earlier, convenience was the first priority for IoT devices, but many devices now have an update for security features. Keeping the devices upto date will provide the latest security patches. ë appliances were so fresh, that security never arised as a concern during product design.
The last step is to make internal systems selflearning and adaptive through machine learning. While organizations need to be increasinglysecure, continuously hindering employee pro ductivity can lead to an anarchical internal work environment. Hence, it is critical that internal cybersecurity applications learn from user behav ior and actually enable their productivity in near normal situations but raise red flags whenever there is a deviation from the normal.
The Zero Trust security best practice is applied
Previous cyber security practices assumed the integrity of a user’s credentials at face value and chose to verify them subsequently. In the new paradigm, any user is never trusted till both their credentials and device are rigorously verified. Identity access management solutions further grant the user access to the organization’s resources, but only as much to complete their task, mandated by their job role. In this scenario, the employee or user is never trusted to access resources of an organization that he/she is entitled to. It is assumed that a threat actor can assume the credentials of any user, at any time, and must therefore be limited in their access to an organization’s assets and resources. In short, the user is never trusted and always verified during their access to an organization’s assets.
Other learnings that emerge could help chief security officers to moderate and adjust security policies to balance organizational concerns and employee productivity. Organizations adopting a Zero Trust approach will increasingly find that it is the right path forward to rebuild their user and resource access policies. ë to all types of users including end-user of IT, priv ileged user, supplier, customer or partner. It also applies to all types of resources and assets whether through an application or compute infrastructure resource.
27AUGUST 2018
THE ZERO TRUST SECURITY BEST PRACTICE USES A FOURSTEP APPROACH
The first step is to verify the legitimacy of the user beyond the credentials of their username and password. Multi-factor authentication using per sonal information or another known device of the employee is the usual add-on practice.
Once the user and his/her device has been authenticated, the third step grants access to an organization’s assets, but only as much as required for the task specified by their role. Users can therefore access multiple applications and com pute resources only if it is required for their role. The more critical an application or a compute resource, the less access granted to an end user.
THE NEW SECURITY MANDATE: NEVER TRUST, ALWAYS VERIFY
ARTICLEGUEST
Organizations are coming to realize that merely a user name and password are not enough to secure their cyber existence.
A Zero Trust security approach is increasingly gaining acceptance, explains Kamel Heus, Regional Manager - MEA from Centrify
The same controls exist for all types of users including administrators, who are usually the prime targets for any threat actor because they usually have the “keys to the kingdom.” The underlying control here is to limit lateral access of end users into multiple applications and compute resources, unless required for any specified task.
KAMEL HEUS, REGIONAL MANAGER - MEA FROM CENTRIFY
The concept of Zero Trust is as profound in cybersecurity as the sweeping transformation generated by the arrival of cloud, mobility, agility, and availability. Gartner projects that worldwide security spending will reach $96 billion this year, yet we continue to read headlines validating that companies can’t address the threats fast enough, regardless of the growing list of vendors and solu tions available. What’s even more surprising is that less than 10 percent of that spend is allocated for identity and access management. Repeated mega breaches in cybersecurity have forced experts and vendors to relook at the basic underlying best practices and assumptions that have been adopted in the past and question their viability.
the device being used by the end user. Once an end-user’s device has been enrolled and validated, the same device is associated with some the user to validate an element of trust the next time it is used. However, if the end-user chooses to use another device, from another location, then the credentials of that device will need to be authen ticated and enrolled before the end-user can gain access into the organization using that particular endpoint device.
The second step is to validate the end point or
The revolutionary concept of Zero Trust Security assumes that the threat actor may be already within an organization and is posing as an employee of the organization. Or alternatively, has assumed the credentials of an employee of the organization. The concept of Zero Trust seeks to limit the opportunity of such an internal threat actor to use the assumed employee credentials and breach other parts of the organization.
WHAT IS RANSOMWARE?
28 AUGUST 2018 RANSOMWARE
Ransomware is a malicious software or a malware that threatens harm once in the computer system. The harm is usually done by denying access to the data or threat to publishing the victims’ data until a said ransom is paid to the attacker. HOW WORKS?RANSOMWARE
Ransomware is often spread through phishing emails that contains malicious attachments or through drive-by downloading. Drive-by down loading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. These attacks are typically carried out using a Trojan that is disguised as a legitimate file. The user is tricked to download or open this file when it arrives as an email attachment. But there are some that can travel automatically between computers without user interaction like the
n Use antivirus or anti-malware software to clean the ransomware from the machine.
n
n See if there are decryption tools available.
RANSOMWARE IN NEWS
n Use a smartphone or a camera to take a photograph of the ransom note presented on your screen.
n July, 2018: A hospital in the U.S. revealed that it has endured a ransomware attack. The hospital proclaimed that it first realized it had suffered a malware attack on July 9th, and that the attack affected its access to its own electronic health record or EHR, as well as its internal commu nications systems. After the hospital found out about the malware, it immediately activated its response protocol, and the company’s own IT workers collaborated with forensic experts and law enforcement in the investigation into the attack. Additionally, the hospital’s security team did an evaluation of its digital defense capabilities and chose to redirect ambulance patients who had endured stroke or trauma to other healthcare institutions.
n If traveling, alert your IT department before hand, especially if you’re going to be using public wireless Internet.
n There’s no guarantee you’ll get your files back if you pay, and paying just encourages more ransomware attacks. Don’t pay the ransom for screen-locking ransomware, because you can almost always get around it.
Bleeping Computer along with several other security researchers have kept an eye on this issue.
n Determine whether you have been hit by encrypting ransomware, screen-locking ransomware or something that’s just pretending to be ransomware.
“WannaCry worm”. HOW TO RANSOMWAREAVOID
Beyond that, the company is keeping mum on the details of the attack and its efforts to recover IT systems and resume normal operations.
WHAT TO DO WHEN ATTACKED
29AUGUST 2018
n Employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
n Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
n July, 2018: Middletown Schools were hit with ransomware attack. The Middletown school district is working to restore access to its computer systems after discovering a ransomware virus that had locked the staff out. Schools Superintendent Michael Conner said the district has not paid any ransom. He said officials are still working to determine how the virus got into the system and who might be responsible.
n Use reputable antivirus software and a firewall.
n July, 2018: After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting. The change was first spotted on July 5 by independent security researcher MalwareHunter.
n Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
n Do make sure that all systems and software are up-to-date with relevant patches.
n July, 2018: LabCorp,which handles 115 mil lion patient encounters annually and conducts 2.5 million patient specimens per week, acknowl edges the attack “has temporarily affected some test processing and customer access to test results.”
Disconnect your machine from any others, and from any external drives.
BY: C V ARYA DEVI <ARYA@GECMEDIAGROUP.COM>
What would be your expectation from a security solutions/services provider? A solution or service provider should be more transparent in their approach. They need to be selling and making money which is their business but at the same time they have to ensure that they are providing the services and solutions required for the business, organizations and the clients and the delivery is meeting the expectations. Without comprehensive management of projects, both the client and vendor will be at loss. They need to make sure that the organization has the right skillset and need to advice on running and managing the solutions.
CISO SPEAK 30 AUGUST 2018 CHALLENGING AND REWARDING TASK
ë ILLYAS KOOLIYANKAL, SENIOR VP AND CISO AT A PROMINENT ISLAMIC BANK IN ABU DHABI
Tell us in brief about your career as a CISO/Security professional. How have you seen your role evolving with time and pressure?
The journey in Information security field is chal lenging and at the same time rewarding because of the significance of the field and the momentum it received. When I joined Etisalat, there were only around 10,000 internet users. It was just the starting of a boom and then slowly the need for security of information became prominent. The role became more vital in financial sector, because regulations are tighter in the sector and the tan gible losses associated with information security and the risks were very significant. CISO role was initially focused in Information Technology but the position, role and function is gaining more relevance and becoming independent. With the evolution of the role, the pressure and the challenges associated with the role is also increasing. Information security is about how information is secured by having the right controls in technology, people and process that protect the information and services of the organization from internal and external threats.
As a CISO, what kind of gap do you see in the enterprise security space today? One of the key gap in Enterprise security that I see today is the lack of holistic approach towards security. The security is in bits and pieces while being technology driven and buying the latest solutions. Some of the mistakes organization makes is by running behind the flashy, extrava gant latest solution and forgetting about the fundamentals. Basics are the most important element for the organization to build a robust security environment.
Someone who directs strategy, operations and the protection of enterprise information assets is an overlooked one. As technology evolves, we sees an evolution in the role of a CISO which comes up with monumental responsibilities.
As a CISO how do you gear up to best protect your organization from an outsider as well as insider threat? 100% security cannot be promised by anyone. We do the best to manage, protect, detect, respond and recover. People, process and technology should be in place to tackle any security threats. If something goes bad, and there is a disaster, best way to recover in an effective manner should be part of a security programme or activity. Security is about management of risks. There are risks which needs to be accepted, transferred or mitigated according to rating. There should be a risk management framework for the organization, based on which risk assessment should be done for effective security control implementation.
Another mistake in many organizations is not giving right authority to the security managers or CISO s. Information security is much bigger than risk management or technology oriented part. It is a business driven function which is to be placed under top management umbrella.
n
FOR MORE www.gecopen.comVISIT:CONTACT: ronak@gecmediagroup.com, vineet@gecmediagroup.com, bharat@gecmediagroup.com GHANAFRANCEEGYPTCHINACANADABOTSWANABAHRAINAZERBAIJANAUSTRALIA NEPALNEWMAURITIUSMALAYSIAKENYAKAZAKHSTANITALYINDONESIAINDIAZEALAND SOUTHSPAINSRISINGAPORESCOTLANDSAUDIRUSSIAOMANNIGERIAARABIALANKAAFRICA ZIMBABWEUSUNITEDUAETURKEYTHAILANDSWITZERLANDKINGDOM PARTICIPATINGCOUNTRIES 34 QUALIFYINGROUNDS 50 C-LEVEL EXECUTIVES 3,700
COMING SOON! THE CHANGE TO FUTURISTIC BUSINESS BROUGHT TO YOU BY