SPECIAL SUPPLEMENT BY SPECIAL MITIGATEPROTECTDETECTTAMERODEH Regional Sales Director, Middle SentinelOneEast The vendor has integrated machine learning and artificial intelligence at the agent level, allowing much faster response times. SentinelOne MOVING MACHINEATSPEED V O L U M E 0 7 | I S S U E 22 | J U N E 2 0 2 1
PRESENTS THANK SPONSORS!YOU #REVOLVESENTINELS 26 MAY 2021 DUBAI, UAE TITLE PARTNER CYBER SECURITY PARTNERGOLD PARTNERS STRATEGIC PARTNERS EXCLUSIVE MANAGED SECURITY PARTNER BROUGHT BY OFFICIAL MEDIA PARTNERS MARKETING PARTNER PRIVILEGED ACCESS MANAGEMENT PARTNER SUPPORTING PARTNER Securely AHADTransformingAHADSecurelyTransforming COMPANY OF GEC MEDIA GROUP
However, Michel Huffaker of ThreatQuotient believes that the cybersecurity matu rity trajectory in the region has enjoyed unmatched growth over the last decade Moving from region to sector, the recent ransomware attack on Colonial Pipeline in the US points to an alarming rise of cyberattacks on critical infrastruc ture. John Shier of Sophos believes that the obvious global concern is ransomware which is equally true for oil and gas companies. To fight the cyber-pandemic, security leaders must ensure that their strategies are in lockstep with business priorities, says Maher Jadallah of Tenable. One of the weakest security links in the IT chain are the people themselves and many have not participated in any type of security awareness or education, says Farid Faraidooni of du. He believes that organisations need to consider the right governance model in their security operations.
EDITORIAL CYBERSECURITYRETHINKING PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT YASOBANT@GECMEDIAGROUP.COMMISHRA MANALI MISRA manali@gecmediagroup.com MANAGING DIRECTOR TUSHARTUSHAR@GECMEDIAGROUP.COMSAHOO EDITOR ARUNARUN@GECMEDIAGROUP.COMSHANKAR ASSOCIATE EDITOR MANALIMANALI@GECMEDIAGROUP.COMMISRA CEO RONAKRONAK@GECMEDIAGROUP.COMSAMANTARAY GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREEANUSHREE@GECMEDIAGROUP.COMDIXIT GROUP SALES HEAD RICHARICHA@GECMEDIAGROUP.COMS EVENTS EXECUTIVE GURLEEN JENNEFERRONITGURLEEN@GECMDIAGROUP.COMROOPRAIGHOSHRONIT@GECMDIAGROUP.COMLORRAINEMENDOZAJENNEFER@GECMDIAGROUP.COM SALES AND ADVERTISING RONAK PRODUCTION,PH:RONAK@GECMEDIAGROUP.COMSAMANTARAY+971555120490CIRCULATION,SUBSCRIPTIONSINFO@GECMEDIAGROUP.COM DESIGNER AJAY ARYA ASSISTANT DESIGNER RAHUL ARYA DESIGNED BY # 203 , 2ND FLOOR G2 CIRCULAR BUILDING , DUBAI PRODUCTION CITY (IMPZ) PHONE : +971 4 564 8684 31 FOXTAIL MONMOUTHLAN,JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS WHILERESERVED.THEPUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE ACCURACYOFTHE ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN.
When it comes to building skills for the challenging cybersecurity market, Rob Smith of Gartner says there is no way to stop getting ransomware attacks, but one can limit its spread, making threat hunting a very highly demanded skillset.
In the lead feature, Tamer Odeh of SentinelOne highlights that with the increasing complexity in cybersecurity, experts are looking at consolidation and integration of cybersecurity solutions with artificial intelligence and machine learning. In 2020, the UAE alone saw a 250% rise in cyberat tacks and it is believed that with the remote work culture, the trend is unlikely to diminish this year.
Gisec, the region’s most awaited cybersecurity event returns in its in-person form this year. The face-to-face event marks the opening of the region after the pandemic and simultaneously the bounce back in the IT sector. But the pandemic is still far from over and it has shown how attackers can leverage the adversity. The pandemic opened and revealed the gaps in cybersecurity and in this special supplement we highlight the challenges and pain points of the CISOs, how their role is evolving and what can the vendors do to help them succeed.
Most of the vendors interviewed in this edition believe that educating and conducting security awareness training of employees is crucial especially in the era of remote work culture. Bachir Moussa of Nozomi Networks rightly put organisa tions are no longer siloed and delivering on converged IT and OT strategy is what will differentiate decision makers and organisations.
Turn the pages to know more about the cyber threats looming for 2021, vendor solutions and how the CISOs can strategise to fight the challenges. Stay safe!
In terms of new technologies, according to Dr Ahmed Alketbi of Moro Hub, entrepreneurs, businesses, and other experts have already begun to view the com bination of IoT, cloud computing and cybersecurity as a key to business success.
SECURITYCYBERFORCOMMUNITYCYBERSECURITYCYBERSECURITY
CONTENTS Netscout: Need continuous evolution of security solutions Infoblox: How DDI solution can protect remote workers Nozomi Networks: Integrating security strategies across IT and OT CME: Four steps to cybersecurity in healthcare sector Proofpoint: Cybersecurity strategy with a people-centric approach GBM: Risk-based approach to security management Acronis: Developing a holistic approach to cyber protection Tenable: Matching cybersecurity strategy with business plan Cloud Box Technologies: Cloud-centric network security for a hybrid workforce Boston Consulting Group: Existential, strategic, operational risks loom ahead SentinelOne: Automated solutions can help CISOs maximise efficiency Riverbed Technology: Visibility of data crucial for rising remote work culture Thales: Time to review security quantum strategy INDUSTRY VIEW 03 EDITOR’S PAGE 07-09 TOP OF MIND 20-29 REAL-LIFE 61-62 DEEP DIVE 57-60 TRENDS Regional end user security trends by Help AG 11-18 EXECUTIVE VIEW JUNE 36-552021 du: Protecting end-users from emerging cyberthreats MoroHub: Enabling cybersecurity controls with new technologies Gartner: Organisations need to ensure security of remote users Heriott Watt: Security awareness is key in multi-cloud environment MITIGATEPROTECTDETECT MACHINEATSPEED COVER FEATURE 31-34 05JUNE 2021
Successful CISOs find ways of giving their team members the autonomy to execute on projects, while ensuring that they align with needs of the business, lower risk, and mitigate Recognition:threats.As an extension to building high-functioning teams, good CISOs celebrate success and are always willing to offer praise, where appropriate, to deserving members.
Empathy: Related to accountability, good CISOs can emo tionally understand what others feel and are willing to see things from the other person’s perspective, without being judgmental or condescending. For example, let us say that a security special ist has been the target of a threat actor or even a basic red team exercise. Rather than jumping to find fault or trying to fix the situation, empathetic CISOs put themselves in the other per sons’ shoes to try and understand their feelings, shortcomings, decisions, and Knowledge:mistakes.High-performing CISOs under stand that there is much to learn from others, as well as from their own successes and failures. They strive for personal growth via regular feedback and advice from mentors, peers, and subordinates. At the same time, they encourage others on their team, a lot of times by example, to do the same and are always willing to provide mentorship. Gaining knowledge every day is a core component of a good CISO.Honesty: The most respected CISOs are those who act with integrity. They take their commit ments seriously and do the right thing even when it is not easy. They are honest, transparent, ethical, and fair. They always listen and seek to understand others and assume positive intent. The only time this is not true is when considering the intent of threatHumility:actors.
Morey Haber of Beyond Trust shares the qualities that can make a CISO successful and effective in today’s challenging cybersecurity world.
To be successful particularly in the current environ ment, CISOs need to move beyond just being the tech nology expert in the boardroom. Merely being smart or good at your job is not enough to guide a business to success and become a respected leader. Here are some of the traits that are found in every successful CISO:
Great CISOs are unpretentious and always put the needs of the business ahead of their own ambitions and personnel agendas. In essence, they think of others before themselves, embodying the spirit of being a true servant leader. Finally, good communication is an invaluable skill for a CISO who wants to leave his or her mark on the business. Whether it is written, oral, public speaking, etc. it does not matter. However, having a good mix will only help you in the long run.
NINE TRAITS THAT CAN MAKE A CISO SUCCESSFUL
Great CISOs andunpretentiousarealwaysputtheneedsofthebusinessaheadoftheirownambitionsandpersonnelagendas
MOREY HABER, CTO and CISO at BeyondTrust.
Accountability: CISOs that are well respected in their organ isations always take personal responsibility for their decisions and actions, and those of their teams. They deliver on promises and commitments, actively engage in discussions and commit to resolutions once they are made with realistic expectations.
Passion: Effective CISOs need to be passionate about the business, customers, and the products or services offered by the company. This then translates to being able to create and foster a positive, energised, and rewarding working environment that encourages and empowers employees to find innovative ways to benefitTeamwork:customers.Successful CISOs recognise that everyone is a part of the team. They are personally committed to the success and well-being of the collective, above any individual success. They recognise that the strength of the team lies in the unique expertise, perspectives, experiences, and cultural backgrounds of its Empowerment:members.
07JUNE 2021 TOP OF MIND
SOUTH GULF 3rd AUG ASIA 26th AUG AFRICA 27th SEP NORTH GULF 28th TRANSFORMATIONJUNE ITTRANSFORMATIONBUSINESSTRANSFORMATIONNETWORKINGTRANSFORMATIONSECURITYINININAPPLICATIONSIN&COMPUTING www.btxshow.com #TheChange
The digitisation of insider trading: 51% of financial institu tions experienced attacks targeting market strategies. This allows for the digitisation of insider trading and ability to front-run the market, which aligns with the strategies of economic espionage.
l Conduct weekly threat hunting and normalise it as a best practice to fuel threat intelligence. The report findings indicate that 48% of CISOs already conduct weekly threat hunts.
l Integrate your network detection and response with your end-point protection platforms.
Russia, China, and the US underground posed the greatest con cern to financial institutions.
FINANCIAL SECTOR NEEDS CHANGE IN SECURITY STRATEGY
l
There has been a 118% increase
Here is an overview of some key findings:
Cybercriminals launch Chronos attacks: 41% of financial institutions observed the manipulation of time stamps. This is occurring within a sector that is incredibly dependent on time given the nature of its business. Because there is no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious. As the threat landscape evolves, so will the tactics, techniques, and procedures of cybercrime cartels, as seen in the above findings. These groups have become national assets for the nation-states who offer them protection and power. Here are a few strategies for security teams:
Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organised nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defence.
l From heist to hostage: 38% of financial institutions expe rienced an increase in island hopping, escalating a heist to a hostage situation. Cybercrime cartels understand the interde pendencies of the sector and recognise that they can hijack the digital transformation of the financial institution to attack their customers. They use brand trust against the bank’s constituents by commandeering its assets. Note: This excludes SolarWinds.
l Apply Just in time administration.
l Deploy workload security. The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources. It is no longer a matter of if, but when the next SolarWinds will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.
09JUNE 2021 TOP OF MIND
2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources, writes Tom Kellermann of VMware.
In the fourth annual Modern Bank Heists report, 126 CISOs were interviewed, representing some of the world’s largest finan cial institutions, regarding their experiences with cybercrime campaigns. Given the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they are facing an onslaught of sophisticated cybercrime conspiracies.
tensiongeopoliticaldestructiveinattacksasplayoutincyberspace
he modern bank heist has escalated to a hostage situa tion over the past year. The new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s con stituents. As the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming much more destructive and sophisticated than ever before.
l
l Increased geopolitical tension and counter IR triggering destructive attacks: There has been a 118% increase in destruc tive attacks as we see geopolitical tension play out in cyberspace.
TOM KELLERMANN, Head of Cybersecurity Strategy, VMware Security Business Unit.
T
AD#ChangeX 2021 ROADSHOW 36 COUNTRIES 4000 C-LEVEL EXECS 300+ SESSIONS 200+ EXHIBITORS AUGUST-NOVEMBER, 2021
A CYBERSECURITYOVERVIEWSTRATEGICOFBYTOPEXECUTIVES 11JUNE 2021 EXECUTIVE VIEW
T
One of the weakest security links in the IT chain are people themselves and many have not participated in any type of security awareness or education.
To help end-users more effectively protect themselves from current day threats, du offers two solutions, Secure Remote Access and Digital Workplace. Both of these protect employee’s endpoints, such as mobile phones, laptops, or any other type of device accessing the corporate network. At the same time, these offerings
12 JUNE 2021 EXECUTIVE VIEW
PROTECTING ENDUSERS FROM CYBERTHREATSEMERGING
Organisations need to consider the right governance model in theiroperationssecurity
he pandemic meant that entire workforces had to find new ways to work from home and this chal lenged businesses across the globe. From a cybersecurity perspective, organisations have been required to scale up their security response to ensure people working outside offices are better Personnelprotected.haveoften made themselves an easy target for hackers due to using unprotected Wi-Fi environ ments, and organisations have had to rethink their security practices and implement new security controls outside the workplace. One of the weakest security links in the IT chain are people themselves. Many have not participated in any type of security awareness or education and are regularly victims of phishing attacks, fake websites, and social engineering as a result.
Thirdly, organisations are obligated to provide their employees with adequate edu cation, which will enable them to identify security threats such as phishing emails and reduce exposure. du supports organisations with various security consulting services that help them to understand their security posture, identify gaps, and provide solutions to strengthen overall cyber resiliency. These revolve around improving security controls, better-protect ing endpoints, and ensuring they benefit from a complete security operations management service through Security Operations Centre.
13JUNE 2021 EXECUTIVE VIEW
There are several security best practices that should be considered as end-users adjust to hybrid workforce and disruptions, accel erated transformation and post pandemic recovery.
This is operational 24 hours per day, seven days per week, and enables fast detection and response to breaches and minimises impacts onSecurityorganisations.orchestration and automation will be vital for leveraging artificial intelligence and machine learning capabilities, reduc ing the reliance on people, and eliminating human error. These technologies will be com plemented by AI-based security platforms that will produce real-time data to predict attacks and ultimately prevent them.
• Building new security skills that will ensure better protection in environmentscloud-nativeiskey.
• In addition, today’s security lens focuses more on protecting the identity rather than the hardware assets, so increasing skills around identity management and protection will also be paramount.
CISOFORs
Secondly, organisations need to consider the right governance model in their security operations, so they can better detect threats and respond accordingly. Ultimately, out sourcing an organisation’s security manage ment to a Security Operations Centre is the best way to detect threats early because they protect environments both internally and at the edge 24 hours per day, seven days a week.
Firstly, organisations must have the right security controls in place, particularly for the endpoint devices. Companies need to have adequate security processes to ensure the right security controls are followed for company procedures, such as improved secu rity set up when onboarding new employees.
• In today’s digital world, many organisations are migrating to the cloud, where workloads are being distributed across a mix of private and public clouds.
devicesendpointforparticularlyincontrolssecuritythemustOrganisationshaverightplace,the enable people to work from home without impacting their productivity.
FARID FARAIDOONI, Chief New Business and Innovation Officer, du.
CONTROLSCYBERSECURITYENABLINGWITH NEW TECHNOLOGIES
While each of these threats can be severely damaging, Moro Hub always recommends stakeholders to pay attention to continuous monitoring and response, security of Application Programming Interface, APIs, and the end-user actions on cloud devices to be able to manage and control the cybersecurity attacks.
14 JUNE 2021 EXECUTIVE VIEW
While more and more remote access is being provided to employees, partner, and contractors, it has resulted in new areas of security challenges.
yberattacks are getting more complex with the increase of remote working and increase of depen dency on digital devices. Pandemic has changed the service delivery and consumption model.
All of Moro Hub’s solutions are created and developed to ensure effective operations for government and enterprise clients. Moro Hub’s dedicated cybersecurity division executes a defence in depth approach across networks, hosts, identities, and provides 24/7 security, threat monitoring and incident response from Cyber
Cyberattacks are the number one security threat, where a direct intervention is made by people outside of an organisation to avail confidential data, resources, etc. Phishing attacks are good example cyberattacks that aim at obtaining sensitive confidential information such as user’s credentials to access sensitive data.
C
While more and more remote access is being provided to employees, partner, and contractors, it has resulted in new areas of security challenges.
managementfocusedSecurity-projectskillsareextremelyimportant.
CISOFORs
IoT and cloud have a lot of potential. The core concept behind IoT and the cloud com puting is to boost productivity in the dayto-day tasks, without distressing the quality of the data being stored or transferred. Since the connection is common, both the services supplement each other efficiently. However, cybersecurity remains an enabler for these new technologies as they come with their own risks. Entrepreneurs, businesses, and other experts have already begun to view the combination of IoT, cloud computing and cybersecurity as a key to business success. Therefore, new technologies such as machine learning, artificial intelligence and Big Data analytics can be leveraged to enhance the cybersecurity controls and defence mechanisms.
• Analysis is a vital step for maintaining effective security.
l
l
l
controlscybersecuritytobeanalyticsandintelligenceartificiallearning,MachineBigDatacanleveragedenhance
Defence Centre based out of Dubai, UAE. Any end user can fall victim to cyberse curity threats. Moro Hub recommends the following best practices –Regular back up of the data Using strong passwords and enabling multi factor authentication Installing legit and trusted software Ensuring the physical security of the digital should enable security for the hybrid workforce by: Using a trusted digital service pro vider for all IT and digital needs Establish a secure cyber culture Ensure cybersecurity controls are adapted to extend security services to hybrid workforce Stay compliant to relevant standards and regulations
DR AHMED ALKETBI, Chief Information Security Officer, Moro Hub.
l
l
• Security-focused project management skills are extremely important.
l
l
l
Moro Hub has established a proven secu rity framework that takes into consideration the related people, process, and technology aspects to support organisation on their digi tal transformation journey. Moro Hub can extend its skilled resources and state of the art technologies using a cost effective shared MSSP model to organisations in UAE. Cyber Defence Services such as Cyber Exposure Analysis, Security Operation Ser vices, Digital Transformation Security, Gov ernance, Risk and Compliance and Identity and Access Management can help organisa tions to effectively secure hybrid work force and related systems.
• It is important that security professionals develop analytical skills to study the conditions that make attacks more likely and help minimise those attack surfaces.
• Decision makers should have a strong background in this area to be able to figure out how to integrate security solutions or measures with the rest of the organisation’s systems, maintenance, upgrades, etc.
• Decision makers should have thorough knowledge and insights with the technical areas to be able to take quick and reliable decisions.
15JUNE 2021 EXECUTIVE VIEW
Furthermore,devicesorganisation
usedshouldauthenticationMulti-factorbealwaysforallremoteusers ORGANISATIONS NEED TO ENSURE SECURITY OF REMOTE USERS
B
As a result, the only options available were to enable BYOPC or simply not to work. The problem with BYOPC is a high percentage of end users’ PCs are already infected with some form of malware or ran somware and when these devices are let onto the corporate network, it becomes an easy way for organisations to get infected.
16 JUNE 2021 EXECUTIVE VIEW
y far the biggest security threat we have seen emerge out of the pandemic is the use of BYOPC, Bring Your Own PC. Due to equipment shortages and logistical problems, most organisations struggled with getting users’ equipment quickly to enable them to work remotely.
To assist in solving the ransomware problem, Gartner recommends the use of Virtual Desktop Infrastruc ture, VDI, or Desktop as a service, DaaS, for any non-managed or untrusted device which needs access to a corporate network. Any managed or trusted device should be using an endpoint protection platform, EPP, which includes an endpoint detection and response solution, EDR. Also, multi-factor authentication should be always used for all remote users.
Users cannot be expected to follow any security best practices, the onus for this must rest with IT and the security department.
• If security skills are not an option, virtualisation and cloud application management are the way forward for most IT professionals.
The most important tool to track and stop the spread of ransomware and supply chain attacks is endpoint detection and response
There is no way to stop skillsetdemandahuntingsolimitbutransomware,gettingyoucanitsspread,threatisveryhigh
• There is no way to stop getting ransomware, but you can limit its spread, so threat hunting is a very high demand skillset.
• Experienced IT security professionals who are experts at threat hunting are very few and far between right now.
The most important tool to track and stop the spread of ransomware and supply chain attacks such as the Solarwinds attack is EDR. However, it is estimated that 90% of Gartner clients do not have the necessary experience or staff to correctly manage an EDR. There fore, Gartner recommends the use of a service provider to deliver a managed detection and response, MDR, service. However, if there is one truth about the pandemic is most organisations do not want to manage or secure anything anymore, so the easiest answer is to migrate users to DaaS which then fully returns all control to IT while giving the user the freedom to use any device to work.
17JUNE 2021 EXECUTIVE VIEW
• Anyone who can demonstrate this ability has a golden opportunity to advance their career.
CISOFORs
ROB SMITH, Senior Director Analyst, Gartner.
Moreover, users cannot be expected to follow any security best practices. The onus for this must rest with IT and the security department by providing the users with secu rity tools that do not impact on a user’s ability to ITwork.must first determine what user require ments are and build a use case before decid ing which security technologies are needed. In order to do this, they must first look at who is the user and what is their job function, what kind of device will they use and is it owned by them or the company, what kind of applica tions and data do they need access to and is it located in the cloud or on premises and is the data confidential, and where in the world is the user located as many countries have strict rules about data sovereignty. Once you know user, device, data, and location, you can build a user case and apply the appropriate technol ogy be it DaaS, EPP, VPN, or cloud security.
Alargely distributed workforce is here to stay in 2021 and beyond. The rapid migration to work from home last year has certainly put many organisations and end users at the risk of sev eral threats such as data breaches and phishing attacks. Security leaders are required to be more conscious about the safety of end users, the use of unsafe data security practices, more data breaches, and phishing attacks than ever before, which has spurred the need for more proactive security
Implementing a robust security awareness programme can improve employees’ knowledge of common security threats and best security practices.
Implementingmeasures.a robust security awareness programme can improve employees’ knowledge of common security threats and best security practices. Building cybersecurity awareness requires a year-round focus in the following areas for example.
Natural Language Processing, NLP, can help users identify and tackle spam and other forms
A highly skilled security workforce is the cornerstone of cybersecurity resilience
l Strengthening device security: Intro ducing external devices such as personal mobile phones to the network increases the number of attack paths for security threats. Hence, employee mobile devices need to be securely connected to the cor porate network with pre-installed endpoint
CISOFORs
SECURITY DECISION MAKERS SHOULD FOCUS ON AREAS SUCH AS: of social engineering. In essence, NLP observes normal forms of communication and language patterns and employs various statistical models to discover and block spam. A highly skilled security workforce is the cor nerstone of cybersecurity resilience. As hackers become more audacious and the nature of threats rapidly evolve, the demand for cybersecurity talent has amplified as well. However, we are faced with skills shortage which means more deliber ate steps involving upskilling and reskilling are required to close the skills gap.
l Reporting phishing emails: End users should proactively report email scams either to the IT department, email provider, or another governing body. Employee inac tion is one of the biggest causes of security oversight. l Avoiding unapproved software or plug-in installation: For example, it is important to create awareness about installing any software or browser plugins that are not approved by the IT team is important as well.
SECURITY AWARENESS IS KEY IN MULTI-CLOUD ENVIRONMENT
An emerging technology that can significantly STEPHEN GILL, Academic Head of the School of Mathematical and Computer Sciences, Heriot-Watt University Dubai.
• Risk management and identification • Cloud security • Perimeter security which is IDS and IPS • Cybersecurity automation
strengthen end-user and organisational secu rity is deep learning as it focuses on unusual behaviour by determining deviations from legitimate or acceptable behaviour. The neural networks of deep learning can help create smarter intrusion detection systems, IDS, and intrusion prevention systems, IPS, by scrutinising traffic with improved accuracy, hence decreasing the number of false alerts and enabling security teams to distinguish between bad and good network activities.
18 JUNE 2021 EXECUTIVE VIEW
Today’sprotection.multi-device multi-cloud environ ment requires a more robust cybersecurity strategy, such as zero-trust architectures, that can help protect customer data, intellectual property, and network controls.
MARKET SEGMENT IMPACT AND CHALLENGES CYBERSECURITYOF20REAL-LIFE JUNE 2021
Bassel Assah, Head of Infosec and Business Continuity at Bankmed, explains, “Before we could open the digital banking services for business back in 2011, we wanted to ensure our internal and external networks were free from critical vulnerabilities and hardened against cyber threats. As a first step, we aimed to perform a thorough inventory of all IP-con nected assets on our networks—allowing us to identify and close up any potential attack surfaces.”
In the last decade, the booming popularity of the digital channel has triggered a major shift in consumer expectations around banking ser vices. Increasingly, customers are seeking out providers that can offer 24x7 access to banking products and services, available on any connected device of their choosing. Bankmed saw an opportunity to nurture customer loyalty and strengthen its leading position in Lebanon’s financial services market by launching new online channels in 2008 and mobile banking services in 2012. In addition to delighting customers with innovative services, the bank aimed to protect them at all times by ensuring a mature and robust approach to information security on the new channels.
Founded in 1944 in Beirut, Lebanon, Bankmed is a provider of retail and commercial banking services with 50 domestic branches and operations in Cyprus, Iraq, Saudi Arabia, Switzer land, UAE and Turkey.
BANKMED USING THE CLOUD TO SCAN BANKING CHANNELS FOR VULNERABILITIES
As one of Lebanon’s leading banks, Bankmed has offered businesses and individuals across the country a comprehensive range of retail, com mercial and investment services since 1944. Through its 50 branches across the country, the bank strives to deliver high-quality, personalised services to meet each customer’s specific financial needs.
To launch new core banking within just 12 months, we had to rapidly scan, pen test and harden an entirely new datacentre architecture BASSEL ASSAH, Head of Infosec and Business Continuity at Bankmed.
“Two of the things that impressed Bankmed most about the Qualys solution were its technical depth and user-friendliness,” recalls Assah.
Impressed by its reputation in the vulnerability assessment space, Bankmed decided to explore the Qualys Cloud Platform. After running an in-depth proof of concept with the Qualys solution, Bankmed selected the Qualys Vulnerability Management and Web Application Scanning.
REAL-LIFE21JUNE 2021
“Unlike other tools we considered, the Qualys Cloud Platform offered all the intelligence and reporting capabilities we had targeted in one secure, web-based portal—eliminating the need to spend time manually generating individual reports and emailing them to our various applica tion and system owners across the business.”
Qualys Cloud offered Lebanon’s Bankmed the required capabilities through one secure, web-based portal, eliminating the need to generate individual reports.
“As consumer preferences shift towards online and mobile experiences, our digital banking services are only going to become a more important part of our offering,” concludes Assah.
Using Policy Compliance, the bank can ensure that its core banking sys tems are configured for maximum resilience to cyberattacks, and meet SWIFT and PCI: DSS compliance requirements for annual and quarterly vulnerability scans.
22REAL-LIFE JUNE 2021
CORE BANKING
“To launch the new core banking system and web applications within just 12 months, we had to rapidly scan, pen test and harden an entirely new datacentre architecture,” explains Assah.
He continues, “Crucially, the Qualys solution allowed us to perform indepth vulnerability assessment of the new web applications, and ensure they were secure enough to open to the public internet.”
To help solve the challenge, the bank added Qualys Threat Protection, Policy Compliance, and Continuous Monitoring.
With Threat Protect, Bankmed leverages automation to rank its vul nerabilities by severity, assign teams to fix them, and track their progress.
After an intensive, 12-month scanning and external pen testing initia tive, Bankmed built up a clear view of its external and internal networks, including several subnets across its international operations in Cyprus, Iraq, and Saudi Arabia. During the process, the bank’s security and IT teams successfully identi fied and remediated many critical vulnerabilities—enabling the launch of its new digital banking services to proceed on time.
After almost a decade of success with its digital banking services, Bank med aimed to prepare for the next generation of data-driven customer services. In 2019, the bank accelerated an initiative to move to a fresh core banking platform, including new web applications for digital banking services.Again, the bank turned to Qualys to help meet the stringent informa tion security requirements for the project within a tight timeline.
Finally, Continuous Monitoring allows the bank’s security team to auto matically scan for new vulnerabilities on external-facing servers, enabling a proactive approach to emerging threats.
“Our Qualys solutions helped us to quickly narrow down the list of vulnerabilities to the most critical, most exploitable threats,” comments Assah.Near the end of its 12-month deadline for the core banking refresh, the Covid-19 crisis swept around the world. Despite the significant dayto-day working pattern disruptions, Bankmed successfully leveraged its Qualys solutions to complete its essential information security validation process on time and meet the 2020 target.
“Although we do not allow access to the Qualys Cloud Platform from external networks, national lockdowns during Covid-19 never slowed us down,” says Assah. “By enabling our team to log into their Qualys dash boards using secure VPNs, we successfully validated the new core banking environment within our tight one-year deadline.”
“When a Qualys scan of the new core banking platform revealed a large number of vulnerabilities, we knew that we needed to cut the time and effort required to prioritise, remediate and monitor the environment to meet the go-live target.”
Today, Bankmed uses the Qualys Cloud Platform to scan more than 5,000 IP-connected assets, with daily scans for external-facing systems and scheduled periodic scans for internal networks.
Further, teams can prioritise remediation by assigning a business impact to each asset, like devices that contain sensitive data, missioncritical applications, public-facing, accessible over the Internet, etc.
REAL-LIFE23JUNE 2021
TIME FOR CISOS TO PARTNER AND ADD VALUE TO BUSINESS
ISOs are expected, now more than ever, to understand the business, its strategy, objectives, priorities and plans, in order to focus cybersecu rity efforts where it really matters from a business perspective.Thebusiness plan is the real driver to make sure a cyber security program is brilliant at the basics of protecting exist ing revenue and can put controls in place for newly created revenue streams, that is new lines of business, new acquisi tions, new production facilities.
Patching management After prioritising vulnerabilities by risk, VMDR rapidly remediates targeted vulnerabilities, across any size environment, by deploying the most relevant superseding patch. Additionally, policy-based, automated recurring jobs keep systems up to date, providing proactive patch management for security and non-security patches. This significantly reduces the vulnerabilities that the operations team has to chase down as part of a remediation cycle.
Seeking opportunities to use cybersecurity funding not just for risk mitigation, but also to support revenue and accomplish other business goals such as operational effi ciency, makes the CISO a business partner and cybersecu rity a business enabler rather than merely a cost center.
ENVIRONMENT SCAN
The stay-at-home working environment is definitely more prone to cyber risks as, in general, the intrinsic cybersecu rity and the users’ level of attention to cyber threats are lower whilst the vulnerabilities and the sources of distractions are definitely higher.
Qualys Cloud offered Lebanon’s Bankmed the required capabilities through one secure, web-based portal, eliminating the need to generate individual reports.
Automated remediation prioritisation with context VMDR uses real-time threat intelligence, advanced correlation and powerful machine learning models to automatically prioritise the riskiest vulnerabilities on your most critical assets; reducing potentially thousands of discovered vulnerabilities, to the few hundred that Indicatorsmatter. such as Exploitable, Actively Attacked, and High Lateral Movement bubble up current vulnerabilities that are at risk while machine learning models highlight vulnerabilities most likely to become severe threats, providing multiple levels of prioritisation.
VMDR continuously identifies critical vulnerabilities and misconfigurations on the industry’s widest range of devices, including mobile devices, operating systems and applications.
C
VMDR enables organisations to automatically detect vulnerabilities and critical misconfigurations per CIS benchmarks, on a by asset basis. Misconfigurations lead to breaches and compliance failures, creating vulnerabilities on assets without common vulnerabilities and exposures CVEs.
According to Gartner, by 2023, 30% of a CISO’s effec tiveness will be directly measured on the ability to create value for the business. A CISO needs to have and develop Business acumen and Technology expertise, and express it in terms of business cyber risk management. He-she also needs to explain cyber risk business impact in a qualitative and quantitative manner to executives, in business language, and find ways to enable business initiatives whilst minimis ing those risks.
Knowing what is active in a global hybrid-IT environment is fundamental to cybersecurity and VMDR enables organisations to automatically discover and categorise known and unknown assets, continuously identify unmanaged assets, and create automated workflows to manage them effectively. After the data is collected, the VMDR allows security teams to instantly query assets and any attributes to get deep visibility into hardware, system configuration, applications, services, network information, and more.
Qualys’ andManagement,VulnerabilityDetectionResponse,VMDR
From a technical perspective, a CISO is expected to develop further knowledge about a Zero Trust Architecture, Application Security and Identity and Access Management for users, but also and especially for customers as engage ment and operating business models become increasingly digital.
Real-time vulnerability and misconfiguration detection
Phishing campaigns perpetrated via email 90+% of the cases but also through SMS, social media, instant messaging systems etc. are nowadays extremely sophisticated and con vincing, often replicating legitimate messages from real and well-known senders. Phishing emails are featured with official logos, company paper headers and with the same layout and font as if it were from a legiti mate organisation. Phishing emails typically create a sense of urgency engaging recipients on a call to action in order to capture fraudulently sensitive personal information, access creden tials and bank Ransomwaredetails.hasbecome one of the most significant threats given the potential impact on business organisations and governmental insti tutions but also private organisations and indi viduals. Cybercriminals often illicitly obtain user logins and credentials through spear phishing, before taking control and deploying ransomware on their targets by encrypting data or exfiltrating it. Recovering from ransomware is extremely difficult unless comprehensive backups are in place. The Insider threat is also not to be under estimated. As we head into a post-pandemic world, there will be a rebalance of the remote workforces with people coming back to the office but the proportion will not be as prior to the pandemic.
SECURING REMOTE TEAMS
Against this backdrop, multi-factor authen tication, MFA or at least a two-factor authen tication, 2FA are seeing an uptick in adoption. These are far more secure because they rely on what you have: token, smartphone and-or what you are - biometrics. In addition to MFA-2FA, the SSO, Single Sign On is also utilised in order to provide users with a seamless authentication experience across multiple company solutions.
For remote workforce, the endpoint, exam ples are laptop, desktop, tablets, smartphone, protection but also malware detection and response are essential to secure company data and minimise risks of getting company systems compromised and related data stolen.
With IT hybrid environments becom ing more and more complex and boundless, example multi-cloud, on-premise, contain ers, operational technology, IoT, companies should go beyond MFA to protect their data by ensuring least privilege authorisation and most importantly, by adopting the Zero Trust secu rityInsteadconcept.of relying on verify once when authenticating a user and then continuously trust, the Zero Trust model is about never trust and continuously verify that users access only the data they are meant to and manage it prop erly, by analysing in a continuous and dynamic manner, any traffic, system-data access and-or user behaviour.
24REAL-LIFE JUNE 2021
Remote and mobile workforces will continue to exist and in addition to stay at home locations there will be co-working spaces where the net work might not be as secured as in the office but also shoulder surfing threat could be encoun tered by unintentionally exposing sensitive and privateWithinformation.theaccelerated migration to the cloud, the faster adoption of new technologies and the advent of hybrid workforce becoming the new reality, the perimeter that needs to be protected is no longer the corporate network but it is basi cally where the resources — both technological and human — are located.
In an environment where fast 5G connectiv ity is getting to be the norm and the number of IoT devices is constantly growing, the stay-athome environment has a greater attack surface with connected objects such as home assistants, smart TVs, connected fridges, automated heating-cooling equipment, baby monitors and home security systems. Hackers with the inten tion of compromising networks, will look for insecure or misconfigured connected objects to break through, cause damage and steal information.Furthermore, for parents with young chil dren, it can be quite difficult to balance profes sional and family needs, resulting in a lot of juggling between the two and consequently less attention being paid to what might be a phish According to Gartner, by 2023, 30% of a effectivenessCISO’swill be directly measured on the ability to create value for the business GIUSEPPE BRIZIO, CISO EMEA, Qualys.
ing email or a social engineering call. Phishing and spear phishing remain the most common methods used by hackers to steal personal information or user credentials in order to gain access to the home and company networks for distributing malicious content.
According to a survey, an average of 40% of the users have not been properly trained or have knowledge of the cybersecurity risks when working from home. From an organisation standpoint, given that the remote work model is here to stay it is imperative to continuously enhance security measures by providing secure hardware to users working permanently from home and implementing higher security standards in file-sharing, communication and collaboration tools.The most commonly used authentication method is based on what you know login-pass word but it is not secure enough, as passwordbased credentials could be easily stolen or hacked through brute force cyberattacks.
EDR, Endpoint Detection and Response is an emerg ing technology that addresses the need for con tinuous monitoring and response to advanced threats.Thehuman factor is the weakest link of the chain but with proper awareness, training and discipline, it can be strengthened to a point of solid risk mitigation and eventually close to risk avoidance. As a main guiding principle when ever an end user has the slightest doubt that an action could lead to a malicious situation, then the action should not be undertaken.
THREAT VEHICLES
RISING CYBERSECURITY THREAT IN THE OIL AND GAS SECTOR REAL-LIFE25JUNE 2021
The pandemic has reshaped the oil and gas sector, especially in terms of its move to remote work culture and thereby opening cybersecurity gaps in the critical infrastructure.
EXECUTIVE VIEW
According to Maher Jadallah, Regional Director Middle East at Tena ble, attackers thrive during times of uncertainty and 2020 has given them plenty to target. However, when introducing any new working practice, such as remote working, it is critical to do so securely. Organisations need to think through how this changes the threat landscape and intro duce controls to limit or address this risk, he adds.
26REAL-LIFE JUNE 2021
The obvious global concern is ransomware which is equally true for oil and gas companies
While Michel Huffaker, Director of Threat Intelligence at Threat Quotient believes that the oil and gas sector has always faced signifi cant cyberthreats, nation states interested in strategic energy stores, criminals seeking significant payouts for ransomware, and hacktiv ists looking to make a political or personal statement, among many others.According to John Shier, Sr Research Scientist at Sophos the obvi ous global concern is ransomware which is equally true for oil and gas companies. Unfortunately, ransomware is often a symptom of an underlying security weakness. The reasons for ransomware’s success are varied and speak to a broader set of causes. We find ourselves in a world where many cybercriminals have specialised and offer their unique services to others. There has been an acceleration of digitalisation recently and in the coming years this will only expand. This poses challenges to cyberse curity as more data is created, stored and utilised as well as more sys tems and processes within facilities become automated and online. Shier says that digital transformation means that you are taking analog or manual processes and digitising or automating them. This
JOHN SHIER, Sr Research Scientist at Sophos.
The recent ransomware attack on Colonial Pipeline in the US points to an alarming rise of cyberattacks on critical infrastruc ture. According to the World Economic Forum’s 2021 Global Risks Report, cybersecurity failures are among the top midterm threats facing the world. The Covid-19 pandemic resulted in the exponential rise of remote work culture across all sectors including oil and gas. It also exposed the sector to cybersecurity risks at an operational and enterprise level.
The oil and gas industry is one of the most powerful financial sec tors in the world, mentions Rajesh Ganesan, Vice President a Mana geEngine. Its importance in both national and global economies has made the industry a high-value target for cybercrime. Threats like cryptojacking, nation-state attacks, attacks on smart devices, advanced phishing and ransomware attacks are currently some of the biggest threats the industry faces, he adds.
Huffaker and Jadallah believe that Middle East companies are taking their cybersecurity seriously. Huffaker says that the Middle East, like all other regions, is playing catch-up, to some degree. Companies have policies and business goals and ethics to guide their decisions, but they move much slower than the cyber criminals and spies. In her opin ion, the cybersecurity maturity trajectory in the region has enjoyed unmatched growth over the last decade.
naturally means that some or all the old processes will have a new digi tal dimension. These new processes may require additional technolo gies that are not already present in the organisation. As such, security needs will have to address these new processes and provide mitigations for a set of threats that may not have existed previously, he adds.
REAL-LIFE27JUNE 2021
Jadallah says that at a time when organisations worldwide are facing a potentially lengthy period of economic uncertainty, it becomes more critical than ever to prioritise investments based on risk. There is also a clear operational benefit to be gained from performing risk manage ment exercises which can serve as a bridge between the business and the infosec sides of the organisation. He believes that what is revealed in the process will help the entire organisation understand how to best prioritise resources to keep the business running even during a crisis.
Ganesan says that the relatively high concentration of oil and gas companies in the GCC region makes them an exclusive target for hackers like organised ransomware groups. As chief executives of organisations in the region become highly concerned about cyberse curity, a further rise in the adoption of endpoint protection solutions is expected, and security tools with data analytics will also remain impor tant, he Huffakeradds.stresses that it is important to educate your workforce on good cyber hygiene. She says they should not be just trained about phishing awareness and password management, but organisations must create internal systems that support low or no-friction implemen tation of those trainings. Each vendor has its own products and solutions to help compa nies improve their cybersecurity posture. Huffaker adds that it is also critical to implement systems with threat intelligence-based strategy
Jadallah adds that things to consider include controlling access to data, both whilst in storage and transit and to utilise endpoint protec tion on devices that are being used to access corporate data. Organisa tions should look to scan devices and applications to ensure that the latest software version is being used as this will reduce exposure to vulnerabilities attackers typically target.
RAJESH GANESAN, Vice President, ManageEngine.
securityinvestmentandbudgetreassessinghaveOrganisationsnowstartedallocationsincreasinginIT
The pandemic situation has not only encouraged all organisations to deploy technologies to keep their operations running but has also driven CIOs to be more proactive in ensuring data security by better monitoring their endpoints. Acknowledging the heightened risks, organisations have now started reassessing their budget allocations and increasing their investment in IT security, concludes Ganesan. in mind. To do this, you must understand three main things: what you are protecting, how you are protecting it, and who is after what you are protecting. This understanding can only come from the melding of inter nal data and information with external threat intelligence. The ThreatQ threat intelligence platform, backed by its professional services, can bring this all together for organisations of any scale without reinventing their workflows.Tenable’s cyber exposure management solutions enable organisations to take a holistic view of their infrastructure from cloud environments to operational technologies, infrastructure to containers, and remote workers to modern web-apps to identify those assets and systems that are critical to function, determine which vulnerabilities exist within these core areas that are being actively exploited and update these systems to fix those flaws first.
MICHEL HUFFAKER, Director of Threat Intelligence at ThreatQuotient.
28REAL-LIFE JUNE 2021
accounts and others and their access to and permissions across systems. This allows security teams to focus efforts on what matters most.Shier remarks that doing security right is difficult and that is why there is no silver bullet in security. A good start, however, is building a solid security foundation. This includes having the right people, processes, and tools in place to give you a fighting chance.
Sophos helps companies fight cybercrime in a few ways. First, they provide companies with products that prevent threats and unwanted software from infecting your devices and networks. Next, they provide a managed service like Sophos Managed Threat Response, MTR, that continuously monitors customer environments for those that do not have a security team, and a Rapid Response team to help companies who find themselves under active attack. Lastly, they pro vide insight into current threats and adversary tactics, and advice on how to best protect yourself through our various outreach channels.
Jadallah says that in tandem, focus must also be placed on securing accounts, employees, service contractors, temporary workers, systems
Jadallah concludes by saying that the remote working hybrid model is likely to continue for the foreseeable in 2021, and pos sibly beyond. This shift to a remote, distributed workforce has led to a higher volume of critical and confidential information being transmitted electronically. Security leaders must ensure that their strategies are in lockstep with business priorities and can effectively communicate the security programme to business asset owners.
The maturitycybersecuritytrajectory in the region has enjoyed unmatched growth over the last decade
He adds that a robust security culture ensures everyone is on duty when it comes to protecting the enterprise. Clear, easy-to-follow, and conservative processes will prevent simple mistakes from harm ing your business. Using the very latest prevention and protection technologies will defend your organisation against attackers when the first two fail. Taken together, these three are just a starting point on the never-ending road to a mature security program.
[EC] With which OEM solu tions and platforms is Infoblox integrating the above solutions to broad base their usage and adoption amongst enterprises? A strong ecosystem integration is an essential element towards achieving automation and incident response orchestration, it improves customers’ RoI of their entire cybersecurity investment. We have over 80 vendors out of the box integration that is with and no limited to Advanced Threat Detection, Threat Intelli gence Sharing, Security Information and Event Management, SIEM, Vulnerability Manage ment, Network Access Control, NAC, Next Generation Firewall, NGFW, and much more.
[EC] What are the latest solutions from Infoblox to manage security threats across DNS, DDI Firewall, Endpoint and other areas?
MAKING NETWORKS MORE AGILE AND ROBUST
REAL-LIFE29JUNE 2021
A strong orchestrationincidentautomationtowardsessentialintegrationecosystemisanelementachievingandresponse
[EC] With the continuing move ment to hybrid cloud and multi-cloud, what is the secure management offering for enterprises from Infoblox? Cybersecurity can no longer be thought of as an additional layer of tools and solutions but should be the foundation of the strategy for any modern enterprise network. This is what we call at Infoblox a next level networking. Organisations cannot afford to think of networks and security as separate goals, concepts like SOAR demand a rethinking of legacy networks from the ground up, services like DNS a core part of any network cannot be an afterthought to security but rather a core component of any modern IT security defence system, and this is what Infoblox is conveying to their customers and partners across the world. We are helping organisations everyday by making their networks more robust, agile, integrated, and ready to embrace this new era of digital transformation. We enable them to tackle issues by investing in a future proof tech nology that is ready to take them to the next step as their business demands and needs.
BloxOne Threat Defense was formed as we have seen the need for a foundational security at scale. A defence solution that is adequate to the changes we see in the modern network, BloxOne Threat Defense is a scalable platform that not only secures existing and future net works, but also helps maximise the existing investment made in an organisation’s threat defence system by leveraging our large ecosys tem integration. It maximises SoC efficiency by reducing incident response time, create a unified policy with threat intelligence portability, while expe diting the time required for investigating and hunting threats. BloxOne Threat Defense can also be extended beyond your perimeter to branches, roaming users, and more.
AHMAD ALABBADI, Regional Sales Manager, UAE, Levant, Pakistan and Bahrain, Infoblox.
[EC] What are the latest skills and certifications required from Infoblox channel partners to deliver services using the above Infoblox products? We believe that Infoblox and our channel partners are one winning team, that is why we have developed the BuildingBLOX partners programme. The BuildingBLOX programmes offer our partners an access to wide range of tools training on demand, and instructor-led training that is required to drive their invest ment and relationship with Infoblox forward, depending on which level of partnership is aimed to be achieved; there is a clear step by step programme that we take with our partners hand in hand to achieve those goals.
ODEH, Regional Sales Director, Middle East, SentinelOne. MITIGATEPROTECTDETECT MACHINEATSPEED Artificial intelligence and machine learning are core part of the vendor’s product allowing response at aspeed.faster COVER FEATURE31JUNE 2021
TAMER
Tamer Odeh, Regional Sales Director, Middle East, SentinelOne says that this allows them to detect, protect, and mitigate zero-day type of attacks or known type of attacks at machine speed. So, that allows SentinelOne to respond in a much faster manner, almost equivalent to how the attacker is attacking too. These algorithms and machine learning are constantly evolving, and the aspiration is to leverage this learning into other solutions that they are working with, Odeh adds.
Odeh says that one of the things that distinguishes SentinelOne is the way it shows the alerts or the way it aggregates them. SentinelOne cor relates multiple sequence of events into a story. Odeh explains that they look at the threats, and those threats could have a sequence of events. SentinelOne aggregates those alerts, correlates and give a complete story to the customer or to the SOC. The XDR story is going to come into play when you are bringing new data points and new telemetry from other solutions and SentinelOne is going to correlate those stories together, remarks Odeh. The interesting thing about SentinelOne is that it can identify the root of the attack or the result of an attack from any point, he adds. Odeh elaborates further and says that if customers search an Indica tor of Compromise through the SentinelOne Deep Visibility platform, threat hunting platform, across all endpoints, they will get a result. So, from a single data point, they can extrapolate the complete story. Together with the XDR singularity platform, any data points that they get Detect, protect, and mitigate zero-day type of attacks or known type of attacks at machine speed
SentinelOne with its singularity platform looks at having visibil ity not only for traditional endpoints, which are your workstations and laptops, but also protection of cloud workloads, Kubernetes and containers which is where the world is heading to.
SentinelOne’s core compe tency is at the agent level. So, what you see is that the AI and the machine learning are sitting at the agent level, and that allows you to do multiple things.
SentinelOne’s approach removes different dependencies on the human or on the cloud to make a verdict. It follows the process that lets the machine defend itself, protect itself, whether it is online or offline, leveraging its own type of learning over time.
AI and machine learning are the core part of the product. Odeh believes that this is in fact, one of the things that they distinguish themselves in. SentinelOne believes that this is everybody’s right to evolve and take the luxury of what it has developed over time.
Most of the customers over the decade have addressed different types of attacks or vulnerabilities with point products. Most CISOs and CIOs are looking at consolidation of solutions or vendors. To help in the consolidation journey, a lot of vendors try to get into spaces beyond what they are currently addressing but you need to have a good medium, where you would reduce the amount of the vendors and consoles you deal with and try to augment the usage of your existing or new vendors.
SentinelOne reduces the alerts by consolidating much more of what the customer needs to address, then plug holes, by having vis ibility completely with a single gate.
Odeh terms it as consolidation of security tools, integration with new tools that are coming to market and current existing ones.
Born in the cloud, Scalyr’s SaaS platform unlocks the full promise of XDR. By eliminating data schema requirements from the ingestion process and index limitations from querying, Scalyr can ingest massive amounts of machine and application data in real time, enabling organi sations to analyse, query, and action data with unparalleled speeds and cost-effectiveness.ThisprovidesSentinelOne customers with autonomous, real time, and index-free threat analysis and mitigation beyond the endpoint across the entire enterprise and cloud attack surface something not possible with today’s human powered and schema-constrained cybersecurity products.SentinelOne collects that data and contextualises it in a way that the customers can act either automatically or manually. It will all evolve and come down to a single pane of glass. The customers receive a consolida tion of various alerts.
entinelOne focuses its technology primarily on artificial intelligence and machine learning, both completely pat ented technology and that is what differentiates it from other vendors in the space.
CISO PAIN POINTS
COVER FEATURE BY MANALI MISRA 32 JUNE 2021
SentinelOne has a forward-looking roadmap about where the next step of cloud protection is, says Odeh. The explosion of IT in IoT devices is another vector that the vendors are playing in the protection space. With SentinelOne security platform, you can leverage the SentinelOne agent to help you in IT asset discovery, control, and visibility.SentinelOne’s Singularity platform solution helps you address, legacy endpoints, laptop, mobile, IoT devices and cloud workloads.
SENTINELONE XDR Extended Detection and Response, XDR, is basically the aggregation and correlation of different telemetry points, from different sources, into a single point. And that is what SentinelOne’s recent acquisition of Scalyr allows it to do. Odeh says that the Scalyr acquisition will allow it to collect data and give visibility to the customer on its console, through integration with third party or with products.
S
dependenciesSentinelOne’sapproachremovesdifferent on the human or on the cloud to make a verdict COVER FEATURE33JUNE 2021
FLAGSHIPPRODUCT
One of the things that
SentinelOne covers Middle East, Turkey, and Africa, and is on an expansion path. Odeh believes that the expansion can be done only through the channel, scaling the partners and value-added distributors. The ideal partners are typically who sell different types of solutions, concludes Odeh. With the forward-looking vision of integration, automation and consolidation, and the innovation around artificial intelligence and machine language, SentinelOne’s go to market with Singularity is likely to help alleviate pain points of CISOs today and well into tomorrow.
COVER FEATURE 34 JUNE 2021
CHANNEL PARTNERS
ActiveEDR Build critical context for proactive real-time detection and response and long term threat hunting in a userfriendly fashion. IoT Ranger IoT rogue device discovery provides visibility into all managed and unmanaged network devices and control over those devices.
from other sources can be added to that story and the results are further enhanced provided the SOC analyst an enriched story. Transformation challenges Odeh says they do see a lot of customers going through various transitions and it could be digital transformation, or moving from on-premise to cloud or changing their way of working from being in office to remote. The pandemic shifted everybody’s priorities and pushed people to consider SaaS solutions. Odeh says that people started seeing the need for acces sibility to the cloud. It also introduced a new market of how to protect cloud workloads and not only protecting them, but also making the protection and the configuration consistent to what customers haveOdehon-premises.saysthatmany different opportunities have risen because of the change of the dynamics, and he believes that the Singularity platform has never been in the right position at the right market, as it is now.
The SentinelOne Singularity platform is the flagship solution. SentinelOne Singularity unifies historically separate functions into a single agent and platform architecture. Platform components include EPP, EDR, IoT Control, Workload Protection. Prevention AI-powered models identify malware and ransomware binaries before they detonate with high degrees of precision.
Workloads Migration of workloads to private and public cloud infrastructure is a key part of your digital transformation.
SentinelOnedistinguishesisthewayitshowsthealertsorthewayaggregatesthose
TOP RECOMMENDATIONSEXECUTIVESINDUSTRYSHAREFORCISOs INDUSTRY VIEW 36 JUNE 2021
• When the vulnerabilities are exposed, security leaders will be better placed to evaluate the measures and solutions needed to protect their network.
NEED CONTINUOUS EVOLUTION OF SECURITY SOLUTIONS
With the remote and hybrid working persisting long past the pandemic, companies have had to adapt quickly. This rapid digital transformation has left gaps and weak nesses for security threats. Some of the most notable challenges companies face in this postpandemic recovery era are DDoS attacks and ransomware. As the hybrid workforce contin ues it is important to educate human resources on protecting their network.
CISOFORs
EMAD FAHMY, Systems Engineering Manager Middle East, Netscout. to protect the company’s network while also training and educating the remote and hybrid workforce on their cyber hygiene. The developments in AI, smart analytics, and machine learning will continue to impact perimeter protection solutions positively. These technologies are in their infancy and present great potential for better cyber security services through greater threat intelligence and monitoring. As the hybrid workforce continues to endure and shape future work structures, there is a need for continuous evolution of security solutions.
As the hybrid workforce continues to endure and shape future work structures, there is a need for continuous evolution of security solutions.
NETSCOUT’s business transformation ser vices help IT organisations navigate the new ways of working through a combination of service assurance, cybersecurity, and business intelligence solutions. This gives enterprises better visibility of their current service perfor mance and security issues, allowing for better availability, reliability, and responsiveness of the various services used. Intelligent insights into the interactions between the various modern applications is crucial. The hybrid workforce presents a larger liabil ity to enterprises as it makes it more difficult for IT teams to control and monitor security risks.
To lessen possible disruptions, companies must apply security best practices to ensure endusers are protected. One example of best practice is for enter prises to adopt a least privilege practice, which limits the access on a need basis. Enterprises simply must secure all endpoints. It is essential endpointssecuresimplyEnterprisesmustall
INDUSTRY VIEW37JUNE 2021
• Security leaders need to have their finger on the pulse of the latest cyber-attack trends and developments.
As the workforcehybridcontinues it is important to educate human resources on protecting their network
• One strategy is to harness ethical hacking and analytical skills to enable decision-makers to uncover the weaknesses in current defences.
HOW DDI SOLUTION CAN PROTECT REMOTE WORKERS
While there are several different solutions available to protect remote workers, one of the best and most cost-effective is DDI, DNS, DHCP, IPAM. DNS is the foundation of the Internet and so every connection to the Internet goes through it, making it an ideal service that can be used to secure the network.
The hybrid workforce is a permanent reality for most companies these days.
The withcannotarchitecturesnetworkthatinhavetechnologiesofthework,remotewidespreadpandemic,andadoptionnewbroughtchangestraditionaldeal
BloxOne Threat Defense from Infoblox lever ages the power of DNS to protect users, devices, and systems no matter where they are, extend ing enterprise-level security to remote locations, and work from home environments. It does the following:
The sudden onset of the pandemic and associated shutdowns gave organisa tions very little time to prepare for such largescale remote work, let alone time to think about how to secure their work from home users who still needed to access enterprise applications in the cloud, and work with and store corporate data on their Securitydevices.teams now have to think about pro tecting corporate resources and data as employ ees are working outside the corporate perimeter.
Security teams now have to think about protecting corporate resources and data as employees are working outside the corporate perimeter.
In the corporate environment, DNS is often provisioned by the internal security team, but when working from home, employees typically use public DNS or DNS provided by their ser vice providers, both of which seldom do security enforcement on DNS.
INDUSTRY VIEW 38 JUNE 2021
The existing paradigm where the security stack is located within the corporate network is no longer sufficient to protect these teleworkers. Telework ing also exposes the company to a much broader attack surface, as workers add personal devices and home and public Wi-Fi networks to the cor porate network.
l Uses unique patented technology to prevent DNS based data exfiltration and keep pro tected data safe, and
l Detects and blocks phishing, exploits, ransomware, and other modern malware, preventing teleworkers from accessing mali cious web destinations using DNS as the first line of defense. l Blocks access to objectionable content restricted by policy.
Bad actors are taking advantage of the chaotic nature of these times, by launching coronavirusthemed cyberattacks and impersonating wellknown websites that try to provide useful, timely information for the public. Indeed, Covid-19 has become the subject of choice for phishing and spear-phishing campaigns that seek to take advantage of the heightened level of fear and concern.Inthis scenario, cybersecurity needs to be rolled out from day one, or else companies and their employees will be at serious risk from par tially secured cloud deployments, data breaches, insecure applications, and remote locations where the security and management of the remote user and the local branch LAN is often ignored leaving end-users vulnerable.
In many cases employees working remotely ignore basic cyber hygiene rules like updat ing the operating system, using an effective antivirus or strong passwords, and backing up data regularly. However, companies also have a responsibility to have structured security policies which address all security gaps. These need to be implemented and adhered to by all employees.End-users will always have the primary responsibility of being aware of increasingly sophisticated cyberthreats, provided the organisation provides proper education and training, and enforces security policies. It is important to consider the risks in consumer grade Wi-Fi connections, as home routers are usually not secure or patched. There are also risks in using shared docu ments on cloud folders. Additionally, home browsers configured with plug-ins and cer tain applications may introduce substantial risk. BloxOne Threat Defense from Infoblox includes a lightweight endpoint agent that helps end users with all of these vulnerabilities andRemotemore. workers and end-users will likely be active on a variety of mobile devices, home networks, and public Wi-Fi networks which make them more likely to face cyberattacks.
The withcannotarchitecturesnetworkthatinhavetechnologiesofthework,remotewidespreadpandemic,andadoptionnewbroughtchangestraditionaldeal
• This requires a different security skill set and an increased awareness of the vulnerabilities of today’s IT environment.
Access to cloud services is through the light weight Infoblox endpoint agent, which is easy to deploy on your remote users’ devices from the cloud, simple to manage, and securely redi rects the endpoint’s DNS to Infoblox cloud for anytime, anywhere protection and monitoring.
• Today a company’s traditional network parameter has basically disappeared.
• The Internet, cloud technologies and the onslaught of wireless all contribute to a massive increase in the attack surface.
• Today’s security decision-makers need to have a variety of skills, and an ability to understand the impact that new technologies like SDN, SD-WAN, multi-cloud, and Network Functions Virtualisation have on their ability to assess the risk of such deployments and respond with the right security models and tools for the organisation.
ALI SLEIMAN, Regional Technical Director, Middle East and Africa, Infoblox.
l Monitors for advanced threats including the rising threat of lookalike domains.
• The pandemic, widespread remote work, and the adoption of new technologies have brought in changes that traditional network architectures cannot deal with.
CISOFORs INDUSTRY VIEW39JUNE 2021
Leveraging the position, a core technology like DNS security has in the network can play a critical role in preventing attacks like lookalike domains, DOH/DOT, data exfiltration, and contentWithoutvulnerabilities.asecuritycontrol like Custom Loo kalike Domain, for example, that can monitor such risks, teleworkers will be more easily targeted and vulnerable to attacks, especially in an age where character substitution is increas ingly employed by cybercriminals to manipu late users into exposing credit card numbers, passwords, and other sensitive data.
With industrial organisations ramping con nectivity to accelerate digital transformation and remote work, threat actors are weaponis ing the software supply chain and ransomware attacks are growing in number, sophistication, and persistence. Understanding the effective ness of defences against the emerging threat and vulnerability landscape plays an important role in a strong cybersecurity programme.
Security professionals should be considering Zero Trust strategies to mitigate risk in hybrid IT, IoT, OT, cloud environments. Starting from a never trust, always verify mindset will limit the impact of breaches wherever they occur.
Nozomi Networks’ Guardian sensors were launched in 2016 to protect complex OT and BACHIR MOUSSA, Regional Director MEAR, Nozomi Networks. IoT networks. Guardian consolidates asset dis covery and network visualisation, vulnerability assessment, risk monitoring and anomaly and threat detection. Guardian protects mixed OT, IoT, and IT Customersnetworks.canenhance their implementa
INDUSTRY VIEW
• Understanding and managing the convergence of IT and OT is a critical area for decision makers to skill themselves in.
CISOFORs
Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and strength across deploy ments. Nozomi Networks’ solutions support more than 44 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building auto mation, smart cities and critical infrastructure.
In addition, Central Management Console and Vantage are designed to unify network visibility and security across IT, OT and IoT assets from anywhere in the world. The Vantage platform is SaaS-based and delivers cloud-based manage ment and analysis of all data from networks protected by Guardian. 5G is one upcoming technology to watch. 5G will accelerate digital transformation. 5G will give businesses constant access to faster, more reliable internet connectivity, a muchneeded tool to effectively support remote work scenarios. It also opens the door to massive interconnectivity.Millionsofdevices, networks and data trans fers supporting process flows and transactions.
While this mass-scale connectivity will drive greater business efficiency, it also increases cyber risk and the potential for more significant breaches. Security strategies must evolve to meet the challenge. Solutions must scale and deploy quickly and endlessly as devices are added and support cen tralised management and monitoring.
INTEGRATING SECURITY STRATEGIES ACROSS IT AND OT
• Gaining a better understanding of OT systems and gaining specialised skills to better assess and support the unique requirements of industrial networks help strengthen security and resilience across IT, OT and IoT networks.
Organisations are no longer siloed and delivering on converged IT and OT strategy is what will differentiate decision makers and organisations.
Nozomi’s products are deployable onsite and in the cloud. They span IT, OT and IoT to auto mate the hard work of inventorying, visualising, and monitoring industrial control networks through the innovative use of artificial intel ligence. Use cases stretch beyond cybersecurity, and include trouble shooting, asset manage ment and predictive maintenance.
When it comes to securing critical and industrial infrastructure, especially in a new world of hybrid work models and accelerated transformation, managing the risk of malicious cyber activity such as ransomware is not just about security defences around the network. It is about figuring out how you can limit the impact or operate despite an attack. That is why building in resilience is equally important.
40 JUNE 2021
Cyberattacks on critical infrastructure seem to make the news every week. It is a concerning trend that Nozomi Networks has seen in the field. Nozo mi’s recent threat report found cyberthreats to industrial and critical infrastructure have indeed reached new heights as threat actors double down on high value targets.
tions via subscriptions for Threat and Asset intelligence, and add-ons providing functional ity for smart polling and remote data collection.
• As IT and OT worlds rapidly converge, there is no better time for security decision makers to seize the opportunity to support their organisation’s efforts to improve operational resilience by adopting integrated security strategies across IT and OT.
• Organisations are no longer siloed and delivering on this converged strategy is what will differentiate decision makers and organisations.
• There are various effective user authentication techniques that can dispel actions geared towards user credentials theft.
CISOFORs centers located in distinct geographical areas.
• Modern healthcare is, as a digitised sector, faced with numerous cybersecurity problems.
• Modernise legacy IT systems and implement multiple security controls.
For the healthcare community, implementing comprehensive, effective, and practical cybersecurity strategies is a topmost priority. Modern healthcare is, as a digitised sector, faced with numerous cyber security problems. In addition to potential malware infections, private data leakages, and service attacks, it is also possible for application, configuration, and operating system vulnerabilities to be exploited – with many organisations struggling to oper ate as they rely on old technology and outdated systems.Forexample, research published in early 2020 found 83% of healthcare systems were running on outdated software – leaving potential loop holes for cybersecurity breaches. Moreover, attacks on medical data increased dramatically last year alone. Over 102 million healthcare records were exposed in 2020 due to data breaches, and medical workers being unfamiliar with secu rity best practices was also highlighted in the 2020 Healthcare Cybersecurity Report, which revealed how 62% of hospital administrators feel inadequately trained to mitigate cyber risks.
• Organisations should ensure all personnel are given the training they need to contribute to prevent cyberattacks.
#4 Modernise legacy IT systems and implement multiple security controls: As technology evolves rapidly, new tools, concepts, protocols, and pro gramming languages are being created and imple mented frequently. Due to such advancements, healthcare system standards continue to change, and it is important to modernise legacy IT systems to benefit from new technologies robustness, inte grate advanced security measures and speed the implementation of evolving requirements. As such, keeping pace with unfolding changes is essential, and the above measures will position them to combat the adversity of today and lay the founda tions for the preventive actions of tomorrow.
strict authentication measures: There are various effective user authentication
41JUNE 2021
NICOLAS KHOURY, Senior DevOps and Security Engineer, CME. techniques that can dispel actions geared towards user credentials theft. For example, One Time Password, OTP, is a token that is valid for one login session only, while multifactor authentication is another method that verifies user identities by granting system access after a code sent to their devices of choice has been submitted upon request. These measures have proven to be extremely effective this far, and organisations should follow suit should they not already be a part of preventative cybersecurity procedures.
INDUSTRY VIEW
#3 Ensure sensitive data is protected and HIPAA certified: Healthcare organisations store sensitive medical data that must be secured and preserved against corruption and theft. The Health Insurance Portability and Accountability Act, HIPAA, sets these stan dards for sensitive patient data protection, and every organisation responsible for Protected Health Information, PHI, must ensure that their software solutions, infrastructure, and data layers align with HIPAA standards. Moreover, several techniques can be employed to ensure the protection against data loss, such as frequent data backups and replicating these backups across different data
FOUR STEPS TO CYBERSECURITY IN HEALTHCARE SECTOR
For healthcare organisations to achieve suc cess in this direction and meet their cybersecu rity objectives, the four steps outlined below will assist them in their efforts and equip staff and their establishment with the vigilance, practi cality, and security they require in today’s tech landscape:#1Provide comprehensive cybersecurity training for staff: Concerns have already been raised within the industry regarding inadequate cybersecurity training. Therefore, organisa tions should ensure all personnel are given the training they need to contribute to prevent cyberattacks.Irrespective of system robustness, it is impor tant to appreciate that system security hinges on internal user competencies. Social engineering attacks, such as phishing and spoofing, continue to increase as they exploit a lack of security practices’ knowledge on the part of system users and training can ensure personnel are aware of various protection measures, capable of applying them, and helping to decrease cyberattack suc cess#2rates.Implement
CYBERSECURITY STRATEGY WITH A APPROACHPEOPLE-CENTRIC
Notably, organisations in the Middle East spend on average $11.65 Million annually on overall insider threat remediation.
Lastly, attackers have been capitalising on the popularity of video conferencing platforms using them not only as a lure for malware, but also for credential phishing, in particular to steal Zoom and WebEx Proofpointcredentials.deliversthe most effective cyber security tools available to protect people against the threats that target them, as well as the infor mation they create and access. As cybercriminals are increasingly targeting people, instead of infrastructure, Proofpoint’s comprehensive suite of advanced solutions spans email, social media, web, network, and cloud, including Microsoft OfficeFurthermore,365.
Proofpoint also looks at cyber security with a people-centric approach where employees play a crucial role to not only spot attacks but also be aware of their role in keeping their organisations safe. Lastly, Proofpoint offers a comprehensive and ongoing security training to all their partners and customers to foster a strong security culture. As phishing emails lead to fraudulent websites that can steal personal data, end users must be very cautious before clicking on unknown links.
themdealandtheythreatstheunderstandmustEnd-userstrulynewfacehowtowith
INDUSTRY VIEW 42 JUNE 2021
The pandemic has shown that cyber attackers are capitalising on unprecedented period to leverage attacks on people rather than infrastructures. Business email compromise, BEC, Cloud Account Compromise, phishing and insider threats remain the main secu rity concerns for CISOs in the region.
Remote working has increased cyber risks as threat actors are also pursuing corporate VPN log-ins and a compromised VPN can result in direct access to all email, data, and cloud apps.
CIOs need to recognise importancetheof a human dealunderstandensuringapproachcentricbyemployeeshowtowiththreats
• Lastly, to keep pace with the fastevolving threat landscape, IT leaders must leverage new technologies and deliver agile solutions to meet current day challenges.
INDUSTRY VIEW43JUNE 2021
Additionally, people must always confirm all transaction requests via phone to avoid email scams.Other important practices that need to be actioned is the setting of strong passwords and the enhancement of home Wi-Fi by changing default password on routers and enable WPA encryption. Last but not least, as cybercrimi nals pursue corporate VPN log-ins to directly access all email, data and cloud apps, people need to guard VPN log-in and organisa tions need to ensure all remote workers are restricted to only necessary systems. It is important that employees connect with their IT departments to ensure they are using a secure Wi-Fi connection, company VPN, strong passwords and that they understand security policies. End-users must truly under stand the new threats they face and how to deal withThethem.most effective way is through an ongo ing security awareness training programme as an integral part of the transition to hybrid working. By doing this, end users will be edu cated on different elements covering basics such as password hygiene and phishing detec tion, training should make clear the proven link between simple user behaviours and severe consequences.
• The Covid-19 pandemic has shown that cyber attackers are capitalising on this unprecedented period to leverage attacks on people rather than infrastructures.
EMILE ABOU SALEH, Regional Director, Middle East and Africa, Proofpoint.
CISOFORs
• Therefore, CIOs need to recognise the importance of a human centric approach by ensuring employees are knowledgeable about the new threats they face and understand how to deal with them.
An workingtotransitionpartintegralisprogrammetrainingawarenesssecurityongoinganofthehybrid
• As hybrid working is becoming more prevalent, it is crucial that security decision makers stay prepared and include employees in the cyber threat mitigation plans, making security awareness training an integral part of the transition to hybrid working.
Sharing security data and insights and develop ing an ecosystem across cybersecurity silos may be a transformational concept for the industry, one that needs people, process, and technol ogy adaptations. An organisation must adopt a risk-based approach to security management as it embraces secure digital transformation, that includes both technical and business contexts. The future of work is going to be very different from the present; workplaces and work culture are being transformed. Enabling employees to work from anywhere is becoming a critical capa bility for any organisation. As a result, the digital surface area is expanding at an unprecedented scale and protecting it from external and internal risks is becoming a key challenge and priority for organisations.Theninthedition of GBM Annual Security Report looked at how risk priorities have changed this year for organisations in the Gulf, and what security strategies they are employing as they accelerate towards a digital enterprise. Some of the key security risks that were identified in the study were growing identity risks in assuring identity integrity, risk of cloud security breaches, and data and privacy risks across application development, deployment, and use. When it comes to cybersecurity, unfortunately, a one size fits all approach does not exist. When GBM built its cybersecurity framework, it made sure to focus on two essential fundamentals: Holistic view and visibility, and an integrated approach for security solutions. In addition to existing security risks, internal delays to incident response, service unavailability, and regulatory
cybersecurityapproacharchitecturaladoptingshouldjourneytransformationagoingorganisationAnythroughdigitalstartanto
INDUSTRY VIEW 44 JUNE 2021
SECURITYAPPROACHRISK-BASEDTOMANAGEMENT
With rising cyberthreats, it is a must for IT professionals and organisations to make fundamental changes in the way they approach cybersecurity. Many CIOs struggle with the preser vation of confidentiality, integrity, and availability of data utilised in business processes, applications, and technology. To realise these security objectives, a holistic and integrated approach is required from the start: Security by Design. Any organisation going through a digital transformation journey should start adopting an architectural approach to cybersecurity. The key values of security architectures are as follows: Providing an efficient and effective secured envi ronment, meeting regulatory compliance needs, implementing effective security governance procedures, and giving an awareness level to all employees about possible threats and how they can help the organisation address them.
CISOFORs
INDUSTRY VIEW45JUNE 2021
complexity and non-compliance have become even more important than before. To address rising security risks, GBM is helping organisations with key focus areas such as data security, cloud security, identity, and access management, application lifecycle security, automation of threat management and security response, and modernising net workCybersecuritysecurity.
• Applications and Cloud Security skills represent crucial infrastructure for the modern economy.
GBM is helping organisations across the region to develop a strong cybersecurity strategy having layers of detection, protection, and response capabilities to counter against modern day cyber-attacks that attempt to access, change, or destroy data; extort money from users or aim to disrupt normal business operations.Ratherthan adopting a solution-based approach, GBM recommends organisa tion to adopt a holistic, integrated and zero trust-based approach to cybersecurity which considers all the key elements such as people, process, and technology.
solutions’ complexity, cre ated by disparate technologies and a lack of in-house expertise, can amplify the cost of a data breach. But organisations with a compre hensive cybersecurity strategy, governed by best practices and automated using advanced analytics, artificial intelligence, and machine learning, can fight the current day cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur.
The primary value propositions of XDR products or capabilities include improving security operations productivity by enhancing detection and response capabilities by unify ing visibility and control across endpoints, networks, and clouds.
cybersecurityapproachzerointegratedadoptorganisationrecommendsGBMtoaholistic,andtrust-basedto
HASANIAN ALKASSAB, Senior Regional Security Manager, GBM.
Cloud Security Posture Management, Cloud Workload Protection Platforms, Secure Access Service Edge, and Digital Risk Protec tion Services will witness a major evolution in the upcoming years and would have a signifi cant impact on an organisation’s future. These technologies tackle different applica tions for security, including identification, safeguarding and protection, across clouds, workloads, applications, and digital channels.
Extended Detection and Response, XDR, is also essential, as security and risk management leaders are struggling with too many security tools from different vendors with little integra tion of data or incident response.
• The two fastest-growing skills should be Application Security and Cloud Security, where both involve proactively building a secure environment rather than responding to a threat.
• The following skills set will be in demand for the next 3 to 5 years: risk management, incident response and threat intelligence, data privacy and security, compliance and controls, and Identity and Access Management.
Hacker who hacked Trump’s twitter account - twice! Former FBI trained hostage negotiator, drug & cybercrime enforcement agent and author Former Anonymous and LuluSec Hacker now Educating & Empowering the Next Generation of Hackers & Security Experts VICTOR GEVERSMATTHIAS SCHRANNER JAKE DAVIS THE MOST INFLUENTIAL AND CONNECTED CYBERSECURITY EVENT FOR THE ARAB WORLDwww.gisec.aeSECURE YOUR FREE VISITOR PASS FIRST TIME IN THE REGION Officially Supported by Official Government Cybersecurity Partner Official Distribution Partner Diamond Sponsors CYBER SECURITY COUNCIL ﻲﻧاﺮﺒﻴﺴﻟا ﻦﻣﻷا ﺲﻠﺠﻣ Officially Supported byOfficially Supported by Platinum Sponsors Strategic Sponsors Silver Sponsors
INDUSTRY VIEW
Some of the common reasons why end-users could be a target for a cyberattack are: they have money, they have a computing resource that is valuable for DDoS attacks or crypto mining, and they have access to their employer’s net work. With remote work becoming common place, the risk profile for the third scenario has grown
• In terms of hard skills, it means that security decision makers need to be able to work with whatever data processing platform is employed in their organisation for security data analysis it could be SIEM platform, or something else.
The easiest is to stop the attack at the initial compromise, but of course in-depth defence is important as well.
• They should not rely on their staff to provide them with reports, instead they should be able to generate hypotheses, validate those using data, reject those failed validation.
CISOFORs 47JUNE 2021
The main challenge in cybersecurity is that too many things are happening at once. In organisa tions, security operations teams are drowning in the security alerts and even individual users could be overwhelmed with alerts, news, and security notifications. Technologies that will solve the problem either by integrating segregated prod ucts under common management and reporting, or by providing AI-based automated incident response or at least better sorting the incoming flow of security alerts and removing false positives will have a significant impact on cyber protection.
Mobilesignificantly.deviceattacks are also expected to continue growing as more and more people use them for sensitive applications like banking.
DEVELOPING A HOLISTIC APPROACH TO CYBER PROTECTION
The above-mentioned risks arise from unpatched software and malware attacks. Acro nis protects its customers from such threats through an integrated cyber-protection soft ware. It allows to disrupt such attacks at various stages, providing in depth defence. First, it provides patch management help ing to ensure software is up to date. Then, if the attack happened nevertheless, it stops the malware from running using both traditional signature-based approach and modern AIbased detection. Finally, if none of the protec tions worked for some reason and, say, your data was encrypted, it still allows recovery from secure remote backup.
Businesses and individuals need to evolve to cyber protection to anticipate and defeat cyberattacks.
• Decision makers should be comfortable reading and assessing raw data, making deductions, and presenting this data to their peers and leaders to support their points.
• The most decisionorganisationssuccessfulmaketheirbasedondata.
Patching, using strong authentication, and employing strong malware protection are still the most important measures to take. Most attacks are not sophisticated, they start with a phishing email, with an easy to guess or a reused password known to attackers from another compromised source or from an old and forgotten service exposed to the internet. Then, attackers enter the lateral movement, privilege escalation cycle until they achieve their objective, either stealing the data or gaining enough access to run ransomware.
Businesses and individuals need to evolve to cyber protection to anticipate and defeat cyberat tacks. That is why behavioural anti-malware like the one found in Acronis Cyber Protect Cloud with Active Protection has emerged as an impor tant defence against hackers. Active Protection uses artificial intelligence and machine learning to identify malware by how it behaves, looking for suspicious activities, as opposed to matching it against a known threat database.
Finally, attackers could be opportunistic and use current events like Covid-19 alerts, govern ment reliefs and subsidies’ information, etc. to lure users onto malicious sites.
Acronis has developed a holistic approach to cyber protection composed of five vectors: KEVIN REED, CISO, Acronis. safety, accessibility, privacy, authenticity, and security. This allows for a well-rounded compre hensive protection experience going beyond tra ditional backups or classical Antivirus solutions which only focus on one part of the situation.
managementrisksecuritytrendslatestonupdatedremainhelpandCertificationstrainingstaffthein INDUSTRY VIEW 48 JUNE 2021
Attackers thrive during times of uncer tainty and there is plenty for them to target at the moment. The pandemic forced organisations to change work ing practices to adhere to work from home man dates, in some cases overnight.
Security leaders must ensure that their strategies are in lockstep with business priorities and can effectively communicate the security programme to business asset owners Things to consider include controlling access to data, both while in storage and transit and to utilise endpoint protection on devices that are being used to access corporate data. Organisa tions should look to scan devices and applications to ensure that the latest software version is being used as this will reduce exposure to vulnerabili ties attackers typically target.
The remote working hybrid model is likely to continue for the foreseeable, with some organisa tions considering this change permanently. This shift to a remote, distributed workforce has led to a higher volume of critical and confidential information being transmitted electronically.
Tenable.ep is the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute require ments change. Tenable.ep combines the com pany’s industry-leading products like Tenable.
Security leaders must ensure that their strategies are in lockstep with business priorities and effectively communicated to business asset owners.
Moreover, Tenable.ep’s single, flexible assetbased licensing model frees organisations to dynamically allocate licenses across all asset types according to their unique attack surface and modify as their environment changes.
STRATEGY WITH BUSINESS PLAN
Organisations need to think through how any changes made affect their threat landscape and introduce controls to limit or address this risk. In tandem, focus must also be placed on securing accounts, employees, service contractors, tem porary workers, systems accounts and others and their access to and permissions across systems.
io Vulnerability Management, Tenable.io Web Application Scanning, Tenable.io Container Security and Lumin into one platform, enabling customers to see all their assets and vulnerabili ties in a single dashboard alongside key threat, exploit and prioritisation metrics.
CYBERSECURITYMATCHING
Tenable’s research team analysed disclosed cyber breaches in 2020 and identified that, for the vast majority of incidents, it was known vulner abilities that continue to be the favourite attack methodology for attackers. Finding, and patch
The ability to quickly spin up and connect modern assets to the corporate environment is critical to digital transformation and work from home initiatives.
In 2020, pre-existing vulnerabilities in vir tual private network, VPN solutions were a favourite target for cybercriminals and nationstate groups. Organisations that have yet to prioritise patching these flaws are at extreme risk of being breached. Add in the dramatic workforce changes necessitated by the Covid19 pandemic and it is clear that securing VPN solutions is critical.
• Staff need good mentors. Bespoke professional services and training provides this critical support function.
• Investing in professional services at the start of a project to train staff to properly use advanced tools can ensure that costly technology is effectively used. Investing in a technology tool is important, but it is equally important to assure that the tool is used effectively.
INDUSTRY VIEW49JUNE 2021
The ability to
• Bespoke training, rather than general courses, may be particularly worthwhile if the service provider can work directly with an organisation’s tools or provide unique expertise on a new and advanced technology.
transformationtoisenvironmentcorporateassetsmodernconnectspinquicklyupandtothecriticaldigital
It is clear that securing VPN solutions is critical
• Certifications and training help staff remain updated on the latest trends in security risk management. This can also improve staff retention which reduces costs and improves organisational stability.
• Investing in services to provide a clear roadmap and training in the beginning can save many hours of frustration and failure later.
CISOFORs
• In considering training, it is also important to consider the type of training and provider.
MAHER JADALLAH, Senior Director Middle East and North Africa, Tenable.
Tenable’s cyber exposure management solu tions enable organisations to take a holistic view of their infrastructure, from cloud envi ronments to operational technologies, infra structure to containers, and remote workers to modern web apps to identify those assets and systems that are critical to function, determine which vulnerabilities exist within these core areas that are being actively exploited and update these systems to fix those flaws first.
ing, critical vulnerabilities will close off entry points that most threat actors look to exploit.
Active Directory is used by 90% of Fortune 1000 organisations as their primary method for authentication and authorisation, accord ing to Frost & Sullivan. Its ubiquity makes Active Directory a favored attack vector for bad actors who use its misconfigurations to move laterally across systems and escalate privileges. Tenable.ad enables organisations to see everything, predict what matters, and act to address risk in Active Directory to disrupt attack paths before attackers exploit them.
CLOUD-CENTRIC NETWORK
he last year has given rise to a gradual adoption of hybrid workforces across several industries to ensure that they can cope with the current situation and that their day to day activities continue to operate smoothly. It has also seen the switch from the present on-premise network to cloudcentric, SaaS-based solutions and AI-based work. This has in turn increased the security risk and most organisations are putting mea sures in place to protect data from unauthor ised access or online attacks.
SAJITH KUMAR, General Manager Enterprise, Cloud Box Technologies. vulnerabilities in many organisations are the employees themselves. It is critical that regular trainings are conducted to update them about the latest cyberthreats, security policies of the company and to understand the importance of securing personal technology being used for work.Itstrengthens information security aware ness among the hybrid workforce. Companies must also consider updating cybersecurity pol icies that are more relevant to the new remote workforce. Additionally, they must also manage end-points by using secured VPNs to prevent unauthorised access into company networks. Some of the technology trends to watch out in 2021 by end-users include edge computing, digital forensic and analysis, AI and machine learning for real-time threat management solutions, Robotic Process Automation and 5G networks.
The company has been highly effective in delivering solutions such as cloud-based secu rity, digital collaboration, data management and protection, VPN, multi-factor authentica tion and SD-WAN to enable better and reliable connectivity and enhanced bandwidth for remote and hybrid workers.
The company also provides Endpoint Detection and Response which monitors and provides insights into the data in real-time to take necessary steps to mitigate threats. It also provides vulnerability assessment and digital forensic tools. All these solutions protect the customers from multiple endpoints, several devices and from several remote location safely andOnesecurely.ofthe most important cybersecurity Zero Trust Approach can ensure hybridnetworkcloud-centricsecurityinaworkenvironment
INDUSTRY VIEW 50 JUNE 2021
• This calls for upgrading skills of not just the security teams but also of security decision makers.
CISOFORs
SECURITY FOR A HYBRID WORKFORCE
T
Some of the security concerns for today’s end-users are around cloud security, remote worker’s end point security, IoT devices with 5G networks, phishing and ransomware attacks and social media based cyberattacks. At this point a conventional security approach may not be effective. Zero Trust Approach can ensure cloud-centric network security in a hybrid work environment.
Cloud Box Technologies offers a 360 degree approach to security. Every customer’s require ment is unique, and the one-size-fits-all security solution can not apply. In a highly competitive market of technologies and solution offerings where SIs promise to provide end-to-end solu tion offerings, Cloud Box Technologies has managed to create a market for itself and offers value over cost.
• Security decisions makers ensure that they have a clearly defined and effective cloud security and data protection strategy in place.
Some of the security concerns for today’s end-users are around cloud security, remote worker’s end point security and IoT devices.
• Several upcoming technologies will deliver positive impacts for organisations.
security for faster market impacts with less risk. Business leaders are also implicated, and they too should always be familiar with the top five cyber risks at any given time and how they could impact strategic priorities.
• Detailed written plans are required for incident response, business continuity, disaster recovery.
CISOFORs
INDUSTRY VIEW
• End-users should apply security best practices, and the first is crown jewels.
• Cybersecurity integration with mission strategies is essential for enabling innovation and growth.
Security decision-makers require a thor ough understanding of the business they are protecting. They must be fully aware of critical systems and processes for business users, with an evident appreciation for the top five strategic business priorities moving forward.
Understandably,organisation.thechanges with hybrid workforces and accelerated transformations in a post-pandemic recovery reality will post security risks. Organisations are obligated to consider seven different risks. Health and safety breaches that cause physical injury or death are among the pressing, and such instances could arise should critical industrial safety systems be disabled.Existential, strategic, and operational risks loom ahead, and examples here include a com plete loss of data, competitors gaining unfair advantages through stolen IPs, and plant shut downs due to ransomware attacks, respectively.
Examples include complete loss of data, competitors gaining unfair advantages through stolen IPs, and plant shutdowns due to ransomware attacks.
rganisations must ensure they avoid scenarios that break regulatory com pliance by failing to ensure legally mandated data protection, reputa tional and financial risk that result in negative publicity for the
51JUNE 2021
O
SHOAIB YOUSUF, BostonPartner, Consulting Group. design with continuous monetisation. Moreover, secure cloud technology will enable infrastructure transition and repeatable processes in cloud applications, cyber fusion will integrate industry-specific capabilities, and next-generation cyber operations will empower security analysis through artificial intelligence, automation, and orchestration.
EXISTENTIAL, STRATEGIC, OPERATIONAL RISKS LOOM AHEAD
End-users should apply security best prac tices, and the first is crown jewels. End-users can have a comprehensive understanding of their most valuable systems, data, and assets, conducting breaching tests to preserve and pro tect these systems. At the same time, end-users should design services, products, networks, and systems with cybersecurity in mind and implement a riskbased third-party approach to secure suppliers, acquisitions, partners, and customers. Prepara tion is also vital. Detailed written plans are required for inci dent response, business continuity, and disaster recovery, while cybersecurity integration with mission strategies is essential for enabling inno vation and growth. Several upcoming technologies will deliver positive impacts for organisations. As such, becoming familiar with them should be a top end-user priority, and there are five areas to be excitedThere’sabout.cyber risk quantification, which will play an influential role in calculating risks, tracking improvements, and optimising cyber investment portfolios; and DevSecOps tool chain, which will converge security and system
Having the ability to articulate how the cyber world will enable these priorities is also essen tial, and an example here could be building
Furthermore, phishing and scams continue to rise, as remote employees fail to differentiate what emails and communications are legitimate, and what are not. With most of the workforce changing its habits, securing enterprise data requires comprehensive endpoint protection and robust cybersecurity solutions.
SentinelOne’s Singularity platform is a comprehensive solution that unifies histori cally separate functions into a single agent and platform architecture. Powered by AI, this plat form provides automated threat detection and response capabilities across endpoint protection programs, endpoint detection and response, IoT control, and Cloud Workloads.
Currently, organisations are exposed to a vastly increased attack surface and must reassess their security strategies to ensure they are equipped.
Additionally, as hybrid working continues, organisations should use a zero-trust security solution to protect enterprise data better and connect remote employees to the organisation’s MOHAMED MORAD, Senior Solutions Engineer, SentinelOne.
• Cloud security skills are one of the shortages that the pandemic is either causing or worsening.
• Ultimately, the cybersecurity skills shortage is related to the complexity of enterprise networks and the answer to this network complexity is network visibility.
Additionally, Singularity XDR empowers enterprise Security Operations Centres with end-to-end visibility, powerful analytics, and automated response across their complete tech nology stack and stops sophisticated attacks without analyst intervention. This supports organisations that require unified visibility across their entire technology ecosystem with automation and enforcement at every control point.Currently, organisations are exposed to a vastly increased attack surface and must reassess their security strategies to ensure they are equipped for this new environment. Firstly, organisations must map what is on a network and fingerprint devices to see what is connected and more importantly, unprotected.
AUTOMATED SOLUTIONS CAN HELP CISOs MAXIMISE EFFICIENCY
• Adopting automated solutions will allow CISOs to maximise efficiency and streamline security operations.
• Automated AI solutions can help bring visibility to the network so that businesses can see who is traversing it and what they are doing.
CISOFORs networks and servers. Moreover, it is also essential to train employees to spot threats and adapt to newer security challenges by practic ing effective cyber hygiene. The cybersecurity threat landscape is rapidly evolving and expanding. As attack vectors mul tiply, from endpoints to networks to the cloud, many enterprises address each vector with a best-in-class solution to protect those specific vulnerabilities. With SentinelOne’s Singularity XDR, customers can get unified and proactive security measures to defend the entire technol ogy stack, making it easier for security analysts to identify and stop attacks in progress before impacting the Additionally,business.asremote working and BYOD practices continue, SentinelOne’s Singularity Ranger allows enterprises to discover, identify, and contain any device-based threat by moni toring the network attack surface in real-time. This enables endpoints to autonomously pro tect the digital infrastructure from IoT attacks, compromised devices, and vulnerabilities.
INDUSTRY VIEW 52 JUNE 2021
• With businesses increasingly relying on the cloud to manage operations and resources, the security risks posed by applications, endpoints, infrastructure, and users become more challenging to visualise and harder to manage and respond to.
Throughout Covid-19, cybercriminals have continued to capitalise on unse cured work-from-home computers to deliver new malware and test new techniques. As organisations provide remote access to their corporate networks, they risk leaving their enterprise assets vulnerable to attacks by bad actors. This is because employees use unsecured devices and often their personal devices while working from home.
• BYOD, unmanaged devices are the future. Enterprise users can be resistive to the use of CISO’scontrastagents.company-controlledThesetrendsthetraditionalviewoftheworld.
• Options exist that may be outside the normal comfort zone of the CISO.
The new work from home environment has With employees installing free SaaS applications, this can take information flows and informationsensitiveoutside of the CISO’s control.
Prohibit the use of the new wave of shadow IT solutions.
INDUSTRY VIEW53JUNE 2021
VINCENT BERK, CTO and Chief Security Architect, Riverbed Technology. brought some complications and inefficien cies that make it harder to get the job done. With some employees installing free SaaS applications for collaboration, this can take information flows and often sensitive company information outside of the CISO’s control. Most SaaS applications have a free version for smaller groups of users, and often this is what people are using. While tempting, this modern form of shadow IT entails a substantial data governance risk so the best practice should be to not do it.
Policies and controls around data access, tracking and visibility, and data hygiene are going to be crucial.
Among the most significant security best practices that end users need to follow as they adjust to hybrid workforce and disruptions, accelerated transformation and post pandemic recovery is to prohibit the use of the new wave of shadow IT solutions.
T
• Policies and controls around data access, tracking and visibility, and data hygiene are going to be crucial in carefully accepting that this trend is happening.
Riverbed NetProfiler and AppResponse are both Full Fidelity products that, respectively, capture and retain every flow record and every packet for anomaly detection and forensic analysis. As we are faced with new and evolv ing threats, we simply do not know today what we will need to be defending from tomorrow, which positions the Riverbed suite strategi cally for both spotting anomalous patterns of behaviour, as well as allowing for forensics in responding to incidents.
CISOFORs
• Skills acquisition should focus on reducing the cloud footprint, limiting unsanctioned cloud applications, and the monitoring and visibility of cloud assets.
VISIBILITY OF DATA CRUCIAL FOR RISING REMOTE WORK CULTURE
he new normal has exponentially grown and amplified businesses’ reli ance on cloud-based infrastructure and solutions, scattering enterprise data into what is frequently the unknown. We see enterprises starting to grapple with the complex question of where their data is, and who really has access to it, and how they might audit or track this. As they do so, they have begun to realise their ability to govern data is limited at best, and they have few processes in place to understand who is accessing what data and from where, and what the actual costs are. Visibility is therefore becoming the new watchword.
l Thales Luna General Purpose HSMs are the foundation of trust for an organisa tion’s overall ecosystem including devices, identities, and transactions.
TIME TO STRATEGYSECURITYREVIEWQUANTUM
Breaking down the complexity barrier created in cloud environment will give businesses a clearer view of data so they can better control and protect it.
The post pandemic phase of 2021 has been characterised by huge organi sational investments into networks, employee access, cloud data orches tration, remote collaboration, supply chain and supplier management, transformation, amongst others. In parallel, there has also been an explosion of cyberattacks threatening the IT industry, threats and attacks from extortion syndicates, national threat actors making their periodic exploits, and highly advanced and offensive activities by select national players. All this while enterprises need to continue with accelerated business and digital transformation. Organisations must understand that today’s encryption standards are not fit for protecting against the power of quantum computers. Busi nesses cannot assume they are safe until quan tum resistance is achieved. Hackers are actively working to steal data to access years down the line, knowing quantum is coming. As such, adopting quantum-safe encryption is key.
l Thales Data Protection on Demand is a cloud-based platform, providing a wide range of Luna Cloud HSM, CipherTrust Cloud Key Management, and payShield Cloud Payment services through a simple online marketplace. Data security is now simpler, more cost effective and easy to manage because there is no hardware to buy, deploy and maintain.
l Thales CipherTrust Data Security Plat form unifies data discovery, classifica tion, data protection, and unprecedented granular access controls with centralised key management, all on a single platform.
l Thales Safenet Trusted Access is a cloudbased access management service that combines the convenience of cloud single sign-on with granular access security.
l Thales’ Cryptobox provides businesses and organisations with a sharing and collaboration solution to secure internal and external exchanges, using end-to-end encryption.
l Thales’ Citadel offers professionals secure frontiernextagilityCryptoisthe ofpowerprocessingagainstprotectioninthequantum
The time is now to review security quantum strategy. Considered one of the most significant cybersecurity threats to date, quantum com puting is set to make many current security methods, such as encryption, obsolete. While there is no such thing as a silver bullet when it comes to cybersecurity, crypto-agility is the next frontier in protection against the process ing power of quantum.
It will enable businesses to deploy algorithms in a flexible way, without significantly altering the system infrastructure, should there be a failure of the original encryption. Meaning that businesses can protect their data from future threats like quantum computing, which is still a bit away, without having to rip up their systems each year as the power of computing grows. The following solutions can help end users more effectively protect themselves from cur rent day threats:
INDUSTRY VIEW 54 JUNE 2021
• Focus on the opportunities resulting from the changed engagement model as many organisations are still accelerating their adoption of cloud-based services as result of a more distributed workforce.
instant messaging service to connect with your trust community while guarantee ing each user’s identity by requiring a company email address to register. It also provides the guarantee that a company’s data will not be used or sold to third Theparties.factis, a distributed workforce means more data is migrating to the cloud, and companies are using multiple IaaS and PaaS environments and hundreds of SaaS applica tions. Organisations must be able to safely rely on the cloud because its significance will only continue to increase. Breaking down the com plexity barrier created in this environment will give businesses a clearer view of all their data so they can better control and protect it.
• Two of the key questions they should ask themselves while refocusing their sales strategies would be:
SEBASTIEN PAVIE, Regional Vice President for Cloud Protection and Licensing activities, Thales.
There are three key pillars for a truly holistic approach to data security which Thales has incorporated in its solutions:
l Control sensitive data with centralised key management across on-premises and hybrid cloud environments. This simpli fies data-centric security, ensures regula tory compliance, and reduces risk across an organisation.
l Protect structured and unstructured sensitive data with advanced encryption, access controls and tokenisation. This means making it difficult for unautho rised users to access data. And if data is stolen or leaked, making it useless.
tocontinuewillsignificancebecausecloudonsafelyablemustOrganisationsbetorelytheitsonlyincrease
CISOFORs
• How can we continue to generate demand in this new normal way of working?
Businesses cannot assume they are safe until quantum resistance is achieved
INDUSTRY VIEW55JUNE 2021
• As data security is now more relevant than ever in our changed world, how can we leverage the new way of working as a business case?
l Discover where data resides on premises or in the cloud and classify its sensitivity and importance based on internal poli cies and external regulations.
THEME OF UNITE BOTS BODY ANDOPPORTUNITIESBUILDINGTEAMOBSTACLES SOUL FITNESS WELLNESS NUTRITION ENGAGE MONTHLY ALL-ROUND WELLNESS AND COMMUNITY BUILDING INITIATIVE FOR THE CIOS. STATE-OF-THE-ART LOCATIONS| ULTRA-MODERN ACTIVITIES| HANDS-ON EXPERIENCES | LIFE-CHANGING TAKEAWAYS
Help AG’s State of Market Report is first of its kind to focus on digital security in Middle East and delivers intelligence across a range of parameters.
Public and private sectors across the world are facing unprecedented levels of digital threats which are only increasing year-onyear. Cybersecurity is not a one-man show. It takes collaboration amongst all responsible actors in the government and private sectors to improve the region’s digital security landscape.
TRENDS
MAPPING REGIONAL SECURITY THROUGH CISO ENGAGEMENTS
Help AG’s State of the Market Report was created to be a guidebook for cybersecurity in the Middle East. The first of its kind to focus exclusively on digital security in the Middle East region, Help AG’s State of the Market Report 2021 delivers cybersecurity intel ligence across a range of parameters. These include top threats over the course of 2020, the region’s biggest vulnerabilities, the kinds of attacks and attack vectors which are a cause for concern, the anatomy of some high-profile breaches, security investment patterns of organisations in the region, and where the market is headed in terms of technologies and evolution.
STEPHAN BERNER, Chief Executive Officer, Help AG.
NICOLAI SOLLING, Chief Technology Officer, Help AG.
57JUNE 2021
DDOS ATTACKS Over ten million Distributed Denial of Service DDoS attacks were recorded globally in 2020, including a 183% increase in the UAE alone. Ransomware attacks are on the rise, with the government, private, oil and gas, telecom and healthcare sectors particularly affected.Forthe first time in history, the number of DDoS attacks recorded exceeded 10 million in 2020, showing UAE alone witnessed a 183% increase in DDoS attacks targeting government and private sector customers
VPN ATTACKS 2020 was the year of VPN attacks — no sur prises here considering the move to a new normal that came with a distributed workforce globally. There was a major incident or new vulnerability identified in almost every single
58 JUNE 2021
TRENDS a dramatic increase of almost 1.6 million over the 2019 count of 8.5 million1. The UAE alone witnessed a 183% increase in DDoS attacks tar geting government and private sector custom ers. The attacks are also increasing in scale, with the largest one observed in the UAE measured at 254.3 Gbps. This increase has made DDoS attacks by far the most prolific form of cybersecurity threats faced by organisations today. The government, private, oil and gas, telecom and healthcare sec tors faced a particularly harsh onslaught, with repeated attacks targeting specific customers using varying attack patterns in particular seg ments over the course of 2020.
RANSOMWARE
Ransomware attacks have also been on the rise, largely thanks to their high rates of success, which can be attributed to their relative sim plicity and their significant, immediate impact on an affected business, as well as the fact that many organisations still end up paying the ransom, thus encouraging the threat actors to continue utilising this attack method. In 2020, Help AG identified a common tactic employed by multiple threat actors, using DDoS attacks as a mechanism to distract secu rity monitoring and response teams, before executing the ransomware attack. Help AG also identified a ransomware threat group leverag ing built-in features of Windows 10 to initiate attacks.
The year 2020 saw a significant rise in the number of vulnerabilities discovered as compared to the previous year, with a total of 18,353 identified as per the NIST National Vul nerability Database, and a particular increase in critical and high severity vulnerabilities. Vulnerabilities that required no user inter action to exploit also increased. Government agencies were the most affected, followed by banking and finance, manufacturing, health care, education, and technology, with a sig nificant rise in industrial control system ICS vulnerabilities.
TOP VULNERABILITIES
Help AG has identified number of areas which saw significant investment over the course of 2020. Security infrastructure such as nextgen firewall platforms, application protection solutions and DNS security solutions saw major investment, as did secure remote access systems including VPN, SASE, Proxy, email security, and insider threat monitoring, which collectively enjoyed a 300+% growth YoY.
month of the year, highlighting the increasing need for Zero Trust Network Access to become an industry standard for cybersecurity.
Security Access Service Edge and Secure Cloud Enablement have both seen increased uptake by organisations across all industry verticals. Looking ahead to the next 12 months, the report predicts that these technologies will see continued focus, alongside several other areas, including secure SD-WAN, email, application and endpoint security, micro-segmentation, Managed Security Services, and SMB security.
There are four key lessons learned from cyberattacks resulting in the compromise of systems or assets: Incident response plan It is a must-have document, and not just one more policy. There is a need for clear view on Help AG identified DDoS attacks as a mechanism to distract security monitoring before executing the ransomware attack
In addition, organisations invested heavily in managed cyber defense and strengthening the Security Operations Centre triad, specifically in areas that included SIEM solutions, network detection and response solutions, endpoint protection/detection and response solutions, and vulnerability management.
NEW TECHNOLOGIES
AREAS OF INVESTMENT
LESSONS LEARNED FROM THE TRENCHES
TRENDS
59JUNE 2021
Protect active directory Often considered the crown jewels, your identity system needs careful design, appropri ate segregation and comprehensive protection using industry leading solutions like EDR. Patch! Patch! Patch!
60TRENDS JUNE 2021
It often happens that the antivirus might have detected only one component of the mal ware but several other backdoors are usually left. There is a need for an EDR tool that will record all events and give the analyst the ability to verify if the malware was fully deleted.
In 2021 and beyond, cyber resilience will be a key operational parameter for any organisa tion. It is important to make the right decisions when it comes to partnerships, technologies and capabilities, in order to empower a secure digital transformation.
As organisations are digitally transitioning themselves to the new normal, cybersecu rity has become a fundamental pillar in this transformation journey. Beyond availing increasing budgets for cybersecurity, the mod ern-day Chief Information Security Officer is also presented with an opportunity for a fullscale innovation. A chance to adopt a resilient, cost-effective model by availing a service-centric approach to their cybersecurity strategy, rather than just being technology-focused, with continuous 24x7 access to cybersecurity talent and innova tive partnership models. CISOs are continu ously challenged to demonstrate an ROI for their cybersecurity spend.
who will investigate, and what actions they are expected to take, when suspicious activity is identified. Have your backups ready Backups should be tested regularly, available quickly and kept offline if possible.
Every organisation needs a robust, regular patching schedule, with clear ownership and remediation timeframes. The absence of an incident response plan is a key factor that leads to big losses. It often happens that the antivirus alerts that a malware was deleted, and such alerts are just left as they are. Organisations should analyse and investi gate such alerts, especially those that happen in the server segment.
APPROACHSERVICE-CENTRIC
ENGINEERSCYBERSECURITY
l
The three primary cybersecurity job roles are engineering defences, testing security, and responding to cyberattacks. In smaller organisa tions, all these roles may land on a single person or be tacked onto non-security work. Founda tional cybersecurity skills are necessary for all these roles including: Knowledge of common cyberattacks l How to perform a risk analysis l How to manage risk through using controls l Knowledge of compliance regulations and how they work l Knowing how to explain risk and compli ance in business terms
The three primary cybersecurity job roles are engineering defences, testing security, and responding to cyberattacks, writes Raymond Pompon of F5. Twenty-five years ago, when cybersecu rity was emerging as a specialty, most practitioners were transitioning from IT operational roles. As the Internet expanded and firewalls went up, security duties became increasingly demanding and businesses created dedicated security positions. Those doing these early cybersecurity jobs ended up knowing a bit about everything and evolved into generalists. Since then, with so many new avenues of technology, most of these general ists either specialised or went into management. New recruits do not have time to acquire the historical knowledge of generalists. Instead, they will choose from a wide variety of security specialisations to match their capabilities and interests.
CURITY JOBS
Cybersecurity engineers, testers, and respond ers build specific skills on top of this foundation, many of which can be acquired in industry train ing classes and cybersecurity boot camps.
DIVERSITY IN CYBERSE
l
DEEP DIVE61JUNE 2021
The key problem is the divergent missions: IT is about implementation and maintenance, while security requirements can sometimes mean slow ing down an implementation to lower risk. This contributes to the security team’s reputation as the Department of No. Since the head of IT is engineersCybersecurityare the most common roles in cybersecurity
l
ROLE ANDENGINEER,CYBERSECURITYOFTESTER,RESPONDER
Many cybersecurity engineers come from tra ditional IT jobs, such as network engineers or system administrators. They use various tools, usually technical, and play a big part in engineer ing administrative controls. Job titles include: l Director of security l S ecurity architect Network security engineer l S ecurity software developer l S ecurity systems administrator Technical director l S ecurity Cybersecurityanalystengineers are the most common roles in cybersecurity. Most are found within the IT organisation, so they report up through the IT chain of command to the head of technology. However, being embedded in IT can diminish the effectiveness of their security functions.
TESTERCYBERSECURITYSKILLS
Responders are often under acute stress, whether dealing with ransomware that is shut down the entire organisation, gathering evi dence that can affect someone’s future, or per forming post-incident forensics in a potentially litigiousResponderssituation.need to wrangle resources for cyber incidents, such as appropriate cyber insurance, intrusion detection tools, and foren sic and malware analysis tools. They should also develop government, legal, and law enforce ment contacts and resources to assist with incidents.Theymay need to report on incidents in various settings, including boardrooms, confer ences, and legal depositions. Therefore, presen tation and writing skills are helpful.
Testers are one of the most glamorous jobs in security, as these are the folks who hack things or find the problems and look for the gaps and mistakes before an attacker does. Job titles include: l Penetration tester and Red teamer l Vulnerability researcher l Exploit developer l Ethical hacker l S ecurity research engineer l Internal, third-party, or external auditor Cybersecurity testers are mostly outsourced, often for their independence. Be warned that the healthy competition between engineers and testers can fester into an adversarial relation ship, even more so if the tester is external. When cybersecurity testers are full-time within an organisation, they can be attached to IT like cybersecurity engineers. Although, sometimes they can be part of a different department, such as legal or compliance. Appli cation security testers are sometimes linked to quality assurance departments, under an organisation’s development arm.
Many different standards and practices in cybersecurity can contradict each other and some may find the categories overlap too much. Cybersecurity career entrants should specialise. But if they become too specialised, they may find it harder to communicate outside their silo, and the real world does not always adhere to clearly delineated categories. Neither do actual career paths. in charge, they have veto power over security, which can be a problem as well. We explored this in detail in our blog: Who Should the CISO Report To?
cific technical controls in their area function. For example, engineers working in networking should understand firewall features and limita tions as well as the specifics of the implemented solution within their organisation. And they should understand the business and cultural aspects of rolling out and maintaining controls, even simple ones.
CYBERSECURITY ENGI NEER SKILLS
FINAL THOUGHTS
l Incident responder l Disaster recovery or business continuity
Job titles include: l IT forensics technician l S ecurity operations center analyst l Forensic, intrusion, or malware analyst
TESTERCYBERSECURITY
Respondersmanagerare commonly outsourced in smaller organisations. When they are internal, they can be found in IT, if focused on recovery and repair, or in legal, if focused on forensics. Sometimes they are found within the general business continuity organisation under opera tional risk.
RESPONDERSCYBERSECURITY
RESPONDERCYBERSECURITYSKILLS
Because of the obscure nature of some cyberat tacks, a cybersecurity engineer needs to under stand the organisation’s technology and the technical infrastructure. They also need a firm grasp on how the spe RAYMOND POMPON, Director of F5 Labs.
The role of a cybersecurity tester is to question everything, including assumptions. One way to help do this is to learn threat-modeling tech niques such as STRIDE. Testers may need to use their technical knowledge in unexpected ways, such as chain ing together low-severity vulnerabilities to breach a system. Testers often require spe cialised tools and techniques which are some times self-developed, so, they should also have some programming skills, if hacking, or statisti cal knowledge, if auditing. They will also need to communicate their findings, explain risks in business terms, and document the testing work they do, with detailed citations of evidence such as screen shots, source code, and compliance regulations.
Cybersecurity responders plan for and mini mise security incidents. They sometimes detect attacks and stop them. and sometimes help clean up the messes and get systems back online. Many of them investigate what the attackers did, who they were, and help find the clues to go after them, and some even work on finding digital evidence from non-cybercrimes.
independencetheiroftenoutsourced,mostlytestersCybersecurityarefor DEEP DIVE 62 JUNE 2021
“A New Normal of Technology, Business & Networking Events ” TECHNOLOGY LEADERSHIP BUSINESS CULTURE INNER-SELF 90 DAYS MILESTONES TECH LEADERS CIOS IT DIRECTORS INNOVATORS EDUCATORS VENDORS ACADEMICIANS AND INVESTORS 118 VIRTUALSUMMITS 59 ENGAGED OVER VENDORS AND PARTNERS 50 SPANCOUNTRIESACROSS5500 CONNECTED OVER END CUSTOMERS ORGANIZED BY BROUGHT TO YOU BY FOLLOW US: www.globalcioforum.com/unitewebsummit/Global CIO Forum Global CIO Forum
SOUTH GULF 3rd AUG NORTH GULF 28th JUNE ASIA 26th AUG AFRICA 27th SEP www.btxshow.com#TheChange
