special supplement by
Trends for cyber and industrial security executives
Mohammed Shakeel Ahmed, CISO, Abu Dhabi Aviation
september 2019
Skill Comes with Experience With over 22 years of expertise in Aviation Cyber Security, Cyber Resilience Management, Mohammed Shakeel Ahmed, CISO, Abu Dhabi Aviation plays an imperative role in developing, ...22
contents september 2019
14
12
Top of Mind
Top of Mind
Building resilience to cyber weakness during digital transformation
Is Your Organization Ready for the Windows 10 Migration?
16
Top of Mind The art of detecting and protecting
20
22
Top Executive
Skill Experience
Comes with
With over 22 years of expertise in Aviation Cyber Security, Cyber Resilience Management, Mohammed Shakeel Ahmed, CISO, Abu Dhabi Aviation plays an imperative role in developing,
Deep Dive Diverse info, different individuals
26
28
juniper rt
32
18
Moving from Multicloud Chaos to Calm
Deep Dive
35
How to Prevent Data Breach for Small and Medium Business: Expert Advice
03
Deep Dive
Vendor Talks
Real-Time
4 tips for effective boardroom presentations
“NOTHING IS DANGEROUS FOR THE COMPANIES UNDER THE DEFENSE OF TDS”
Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
september 2019
top of mind
36
Sizing Up Risks for Third-parties & Vendors
Epicor ERP Positioned as a Visionary in Gartner 2018 Magic Quadrant for Cloud ERP for Product-Centric Midsize Enterprises
MANAGING DIRECTOr: tushar sahoo
editorial
CEO: Ronak Samantaray DIRECTOr & EDITOR: Anushree Dixit anushree@gecmediagroup.com SUB EDITOR: Divsha Bhat divsha@gecmediagroup.com events Executive: Shriya Nair
Be the Transformation You Want to See I am particularly liking the growing correlation between the cover stories that we have been writing and bringing forth. We shall certainly not term it as a coincidence because the ideas expressed by the CISOs are a sheer reflection of the transformational role of the security decision makes today. While our CISO George Eapen of Petrofac emphasized on the importance of skill sets, Vimal Mani of Bank of Sharjah reinforced the need for a forward-looking mindset. In this issue’s cover feature, Mohammed Shakeel of Abu Dhabi Civil Aviation underlines the need for CISOs to have a business acumen along with the necessary skill sets needed to define clear security policies. Shakeel also points out the concern that most of the technologies that are being sold here are not home-grown, but belong to other countries (mostly from the west). Anushree Dixit These technologies are merely implemented Editor & Director by the partners here, hence raising some anushree@gecmediagroup.com issues during the implementation phase. Riding on the lines of these thoughts that drove the key theme of our magazines in the last couple of months, we chose to ponder over the ‘Transformative role of a CISO’ in the modern enterprise in an expert panel discussion during the upcoming GEC Security Symposium and CISO Awards 2019 on 4th September at The Address Boulevard Hotel. As the sophistication of cyber-attacks continue to increase, the challenge of keeping the enterprises protected while ensuring the business requirements are met is an extremely difficult task. The event explores the true meaning of what end-to-end security means in a digital enterprise. The symposium is an excellent platform for collaboration between those working in the IT security industry and those who provide the latest solutions and services in this sector. Cyber Sentinels will also be running an executive CISO briefing in association with BeyondTrust on the critical role of Privilege access management and the missing piece in security. Top 12 CISOs from the UAE will spearhead discussions on quickly controlling and automating key PAM capabilities is critical to an organization’s success. Industry thought leaders have stated that if you can only tackle one project to improve the security of your organization it should be Privileged Access Management. We look forward to seeing you at the event. ë
shriya@gecmediagroup.com Sales Manager : Neha Sharma neha@gecmediagroup.com Group Sales Head: Richa S richa@gecmediagroup.com + 971 529 943 982
Visualizer: Manas Ranjan Lead Visualizer: DPR Choudhary Designer: Ajay Arya ASSISTANT Designer: rahul Arya
SUBSCRIPTIONS info@gecmediagroup.com Social Marketing & Digital Communication Yasobant Mishra yasobant@gecmediagroup.com
designed by
Printed by Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE
I n fo m e dia Published by Accent Infomedia MEA FZ-LLC PO Box : 500653, Dubai, UAE 223, Building 9, Dubai Media City, Dubai, UAE Phone : +971 (0) 4368 8523 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A publication licensed by International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
s e p t e m b e r 2 019
05
News
Vectra Reveals Most Significant Ransomware Threat
A10 Networks Brings Advanced ZAP to DDoS Defense
Chris Morales, head of security analytics at Vectra
Vectra disclosed that cybercriminals’ most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers. Attackers today can easily evade network perimeter security and perform internal reconnaissance to locate and encrypt shared network files. By encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices. According to the Vectra 2019 Spotlight Report on Ransomware, recent ransomware attacks cast a wider net to ensnare cloud, data center and enterprise infrastructures. Cybercriminals target organizations that are most likely to pay larger ransoms to regain access to files encrypted by ransomware. The cost of downtime due to operational paralysis, the inability to recover backed-up data, and reputational damage are particularly catastrophic for organizations that store their data in the cloud. “The fallout from ransomware attacks against cloud service providers is far more devastating when the business systems of every cloud-hosted customer are encrypted,” said Chris Morales, head of security analytics at Vectra. “Today’s targeted ransomware attacks are an efficient, premeditated criminal threat with a rapid close and no middleman.” “Our research indicates that 53% of organizations say they have a ‘problematic shortage’ of cybersecurity skills today and the ramifications of it are very evident with fast-moving ransomware attacks,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “The industry simply doesn’t have enough trained security folks scanning systems, threat hunting or responding to incidents. This Spotlight Report offers important insights into the weaponization, the shift from opportunistic to targeted attacks, and the industries targeted by ransomware that can help organizations be better prepared.”
06
s e p t e m b e r 2019
Lee Chen, CEO of A10 Networks
A10 Networks adds Zero-day Automated Protection (ZAP) capabilities to its leading Thunder Threat Protection System (TPS) family of Distributed Denial of Service (DDoS) defense solutions. The ZAP capabilities automatically recognize the characteristics of DDoS attacks and apply mitigation filters without advanced configuration or manual intervention. This speeds the response to the increasingly sophisticated multi-vector attacks to minimize downtime and errors and lower operating costs. Today’s DDoS attacks are more prevalent, multi-vector in nature and morph over time. With millions of IoT devices predicted to be in use over the coming years, driven by the transition to 5G networks, traditional DDoS solutions will quickly become inadequate. Current solutions are static, reactive and require significant operator intervention, resulting in a slow response time to the rapidly evolving attack landscape. It is clear that DDoS detection and mitigation is a growing concern for enterprises, cloud providers and service providers, alike. In fact, in a recent A10 Networks survey of mobile operators, 63 percent saw advanced DDoS protection as the most important security capability needed for 5G networks. And, in an IDG research report, respondents confirmed that the number-one most important capability in a DDoS solution was automated detection and mitigation. “The economics of DDoS mitigation and attacks are very much slanted towards the attackers now, so we will need more efficient tools and advanced technologies to balance the equation to make DDoS defense more effective and economical,” said Chris Rodriguez, research manager, cybersecurity products. “A10 Networks is advancing the economics of DDoS security by leveraging machine learning and advanced heuristics to create that balance.”
News
Mimecast Now Delivers Community-Based, Tailored Threat Intelligence
Josh Douglas, Vice President of Threat Intelligence Mimecast
Mimecast introduced its Threat Intelligence which offers customers a deeper understanding of the cyber threats their organizations face. The new features are designed to give organizations
access to threat data and analytics specific to their overall organization, offering a more granular view of the attacks Mimecast has blocked. The Mimecast Threat Intelligence dashboard
highlights end-users who are most at-risk, malware detections, malware origin by geolocation, Indicators of Compromise (IoCs) and malware forensics based on static and behavioral analysis This offers customers a community-based, tailored threat intelligence that is specific to their organization. The data is consolidated into a user-friendly view and is also available for integration into an organization’s security ecosystem through the Threat Feed API. This targeted threat intelligence provides greater visibility and insight to security professionals, enabling them to more easily respond and remediate against threats and malicious files. According to Mimecast’s recent The State of Email Security Report 2019, 94 percent of organizations saw phishing attacks in the last 12 months and 61 percent said it was likely or inevitable that they would be hit with an email-borne attack. IT and security teams are often overwhelmed by the volume of information they need to track and if the intelligence they need to proactively defend their organization is buried, their defense becomes less effective. “The cyberthreat landscape is dynamic, complex and driven by a relentless community of adversaries. IT and security teams need threat intelligence that is easy to digest and actionable, so they can better leverage the information to proactively prevent and defend against cyberattacks,” said Josh Douglas, vice president of threat intelligence at Mimecast. “Mimecast sees a lot of data, as we process more than 300 million emails every day to help customers block hundreds of thousands of malicious emails. Mimecast Threat Intelligence helps organizations get the deep insights they need to build a more cyber resilient environment.”
Ecolog International and Dynology Corporation Sign MoU Ecolog International and Dynology Corporation signed a strategic MoU to expand cooperation in providing integrated digital and cybersecurity solutions to the defense sector as well as energy infrastructure in Macedonia and the Balkans. Under the terms of the MoU, parties will join forces to provide integrated security solutions, cyber security services and end-toend implementation programs focused on identification, mitigation and enhancement of
the infrastructure in defense as well as energy and hydrocarbon sectors. Commenting on the MOU, Ali Vezvaei, Chief Executive Officer of Ecolog International said “In a world of interconnectivity and integration on the one hand and rising complexities and conflicts on the other hand, protecting critical infrastructure in defense and energy sectors are of paramount importance to the nations. We are delighted to expand our cooperation with Dynology Corporation to help our customers
address this risk in an integrated and sustainable manner.” John Lord, President of Dynology Corporation added, “Having served the U.S. Department of Defense and commercial sector for many years, Dynology Corporation is committed to help address infrastructure security in general and cybersecurity in particular with our international customers, and in doing so, we are very pleased to establish our cooperation with Ecolog International.”
s e p t e m b e r 2 019
07
News
Data-Driven Bosch Jointly Develops Innovative Security Solution with NetApp
Centrify Joins Several Working Groups within Cloud Security Alliance
Nate Yocom, CTO of Centrify
NetApp and Bosch Building Technologies have revealed details of their joint high-performance security solution. The Bosch Video Management System (BVMS) is using real-time data, AI and IoT power to build a safer, more secure world. This is achieved by integrating NetApp Hybrid Flash Arrays with the Bosch Video Recording Manager (VRM) for a revolutionary concept of storage virtualization. The NetApp operating system is writing different data streams directly from the camera to the storage in a compact format and with high storage density. The result: video streams and storage capacity are ideally balanced and are backed-up in such a way that the processes continue to run even if there is a hard disk failure. Moreover, the system allows for highest scalability. Data and its availability are critical to Bosch Building Technologies and its customers. Among other solutions, its extensive product portfolio includes solutions for video surveillance, intrusion detection, access control, fire detection and evacuation systems, that help empower their customers to build a safer, more secure world. To be able to reliably map and record events as well as objects, a security solution needs industry leading resolution, refresh rates, dynamics, and light sensitivity. However, data must also be manageable efficiently. This is why Bosch Building Technologies has been working with NetApp since 2011. “We work with NetApp because they are the data authority”, said Bernhard Schuster, executive vice president sales and marketing at Building Technologies. “NetApp offers the technologies that ensure that our systems are up and running and makes managing large data volumes easy with maximum reliability while lowering costs.”
08
s e p t e m b e r 2019
Centrify said that several of its executive leaders have joined key working groups within the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment. Centrify brings its deep expertise in Privileged Access Management (PAM) to these CSA working groups. The modern threatscape in the cloud is much different than when privileged access was confined to on-premises systems and resources that were under your direct control. While common security models should be applied to the cloud as they are on-premises, workloads running in the cloud require new solutions for least access and least privilege that are more dynamic and less reliant on managing shared accounts and static passwords. IT decision makers are prioritizing PAM as a critical security effort when faced with a rapidly-evolving and expanding threatscape, including hybrid and multi-cloud environments. Research firm Gartner has listed PAM as a Top 10 cybersecurity project two years in a row. Today, privileged access abuse is involved in almost three out of every four breaches, yet less than half of organizations are controlling privileged access to cloud workloads. That’s why it is more important than ever for organizations like CSA to continue to drive thought leadership across the security industry and identify best practices. Centrify will make contributions to CSA working groups to help define and communicate best practices for securing privileged access to cloud workloads. “Centrify’s participation in CSA underscores the company’s deep commitment to advancing cloud security, specifically creating awareness about the increasing need to protect cloud infrastructure and workloads with Zero Trust Privilege,” said Nate Yocom, CTO of Centrify. “Centrify is excited join these critical working groups within CSA to give back to the industry, bring decades of experience with identity and access controls, and help organizations address modern, diverse IT environments and evolving attack surfaces.”
News
Sophos Positioned as a Leader in Magic Quadrant for Endpoint Protection Platforms Gartner has once again positioned Sophos as a Leader in its Magic Quadrant for Endpoint Protection Platforms. This is the 11th time in a row Sophos has been positioned as Leader. We believe our placement is driven by our strong endpoint protection, real-world endpoint detection and response (EDR) usability, as well as our unifying platform, Sophos Central. We believe Gartner recognized Sophos for our proven record at stopping ransomware, the deep learning technology
that blocks never-seen-before malware, and our anti-exploit technology. These are some of the ensemble of technologies available in Intercept X. “Recent awareness of million dollar ransomware payments and GDPR fines indicates that IT managers are still not putting in place the protection they need to prevent cyberattacks. This is in part because they are inundated with threats coming from all directions and, in some cases, cybercriminals are using multiple
methods and payloads along a single attack chain,” said Dan Schiappa, chief product officer at Sophos. “We believe Gartner’s recognition underscores how critical this endpoint product is to every organization’s security strategy. In our opinion, Gartner’s placement of Sophos in the Leaders quadrant 11 times in a row also demonstrates how Sophos is constantly innovating cybersecurity. This includes the development of EDR for endpoints and servers for advanced threat investigations.”
McAfee Report Uncovers Ransomware Resurgence McAfee released its McAfee Labs Threats Report: August 2019, examining cybercriminal activity and the evolution of cyber threats in Q1 2019. McAfee Labs saw an average of 504 new threats per minute in Q1 and a resurgence of ransomware along with changes in campaign execution and code. More than 2.2 billion stolen account credentials were made available on the cybercriminal underground over the course of the quarter. Sixty-eight percent of targeted attacks utilized spearphishing for initial access, 77% relied upon user actions for campaign execution. “The impact of these threats is very real,” said Raj Samani, McAfee fellow and chief scientist. “It’s important to recognize that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story.
10
s e p t e m b e r 2019
Every infection is another business dealing with outages, or a consumer facing major fraud. We must not forget for every cyberattack, there is a human cost.” Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world. McAfee Advanced Threat Research (ATR) observed innovations in ransomware campaigns, with shifts in initial access vectors, campaign management and technical innovations in the code. While spearphishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop
Protocol (RDP); these credentials can be cracked through a brute-force attack or bought on the cybercriminal underground. RDP credentials can be used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks. “After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach” said Christiaan Beek, McAfee lead scientist and senior principal engineer. “Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project.”
G L O RY AWAITS THE CHAMPIONS
1 ST OCTOBER 2019 FOR MORE VISIT g e c m e d i a g r o u p. c o m
Top of Mind
Building resilience to cyber weakness during digital transformation No organization functions in a zero-risk environment but digital transformation is rapidly exposing weaknesses in the cyber security fabric of an organization, prompting risk assessment and continuity planning, explains Yasser Zeineldin, CEO, eHosting DataFort.
For regional businesses, it appears their exposure to risk is continuously moving upwards. In the past, risks were limited to acts of nature, macroeconomic volatility and depending on the geography of the country, possible hostilities with adjacent countries. Today, there are additional variables that need to be brought into the assessment of risk for businesses. The exposure of an organization to cyber threats and the added vulnerability of an organization due to its embarking on a digital transformation journey, are recent variables whose risk impact needs to be added into the overall equation of resilience. Booz Allen Hamilton estimates that the annual global losses from exposure to cybersecurity threats is $600 billion, bringing the average loss per cybersecurity breach to an estimated $3.86 million. Moreover, the intensity and frequency of cyberattacks are being amplified by the adoption of digital transformation technologies. Digital transformation technologies are rapidly removing silos and barriers that used to exist due to legacy technologies and, analog industrial control systems. This is making organizations more interconnected and can contribute to a domino-like cascading effect in the case of significant breaches into regional enterprises. The rapid adoption of digital technologies is also throwing legislation into a catch-up game and bringing information technology departments, CIOs, CISOs, into the forefront in terms of interpretations and implementations of new guidelines and compliances. All put together, the working environments of both business and information technology are becoming more complex to manage, raising the possibility of costly and unpredictable errors. Booz Allen states that growing complexities stemming from rapid digitalization and changes in legislation are having a dizzying effect on businesses. Organization heads are still grappling with the speed of digital transformation and the
12
s e p t e m b e r 2019
Yasser Zeineldin, CEO, eHosting DataFort.
impact of growing interconnectivity on their business landscape. They have had even less time to factor in the additional challenge of their vastly exposed cybersecurity landscape, amongst all these numerous other challenges. Lack of adequate risk management in the face of advanced cyber security threat attacks, growth of interconnected enterprises, and rapid adoption of digital technologies, are eroding 10.2% of annual profits on an average of global organizations, through unplanned errors.
So, what is the way forward now? Organizations adopting digital technologies such as Cloud, analytics and artificial intelligence, mobility, Internet of Things, must adopt a two-
pronged approach towards building their future resilience. No organization can operate in a utopian climate of zero risk and hence as the first step an organization should perform an objective assessment like a SWOT analysis (StrengthsWeaknesses-Opportunity-Threats) or equivalent to identify the organization’s strength and weaknesses including a rigorous cyber security related Threat and Vulnerability assessment. The second step is to build a recovery and continuity process through any disruption to keep the organization functioning with minimum of loss and performance”. During the first stage of planning, as a process of risk management, it is important to identify all the risks that can cause disruption in an organization’s capability to function. This includes weaknesses in an organization’s cyber security framework, and the probability of their exploitation. Following this, is the business impact analysis, to quantify the business loss from the impact of each of these possible cyber security disruptions. This will lead to a matrix of incidents between most probable and most disruptive to an organization’s functioning and performance. Some of the numeric metrics used at this stage are the maximum tolerable period of disruption (MTPD), the recovery time objective (RTO) and recovery point objective (RPO). The second stage, involves detailed planning on how critical processes within the organization can continue to function and meet the expectations of MTPD, RTO and RPO objectives. However, this planning may not be of much use unless it is practiced and tested and improved, across the organization. Feedback and open communication across the organization, on improvement of such continuity process planning, are an important part of building resilience during adoption of digital transformation, amongst others. ë
Top of Mind
kevin alexandra, principal consultant, beyondtrust
14
s e p t e m b e r 2019
Top of Mind
Is Your Organization Ready for the Windows 10 Migration? Organizations should look at the migration to Windows 10 as an opportunity to upgrade their Windows management. But they must also take measures to maintain security against evolving threats.
Organizations worldwide are still coming to grips with the migration from Windows 7 to Windows 10. As we draw closer to the January 2020 deadline, Microsoft is committing to a renewed focus on the enterprise and to unify the Windows experience across devices, from the phone in your pocket to the display in the boardroom. The update also addresses pre-breach threat resistance by removing or defending against the attack vectors used by the malware and hacking industry. Although many are already capitalizing on the transition as a chance to strengthen their overall IT, and better protect endpoints for individual users, others are stalling. In fact, earlier this year, Microsoft announced that 184 million commercial PCs are still running Windows 7 across the world — and that’s excluding the People’s Republic of China. But as the deadline for Windows 7 extended support draws to a close in 2020, it’s important for IT professionals to prepare and become better informed on the implications of the migration for their business today.
For example, in a survey of 500 global IT and cybersecurity professionals last year, vulnerable endpoints were the top security concern of migrating from Windows 7 to Windows 10 for 40% of respondents. Meanwhile, for all regions except the United Arab Emirates (UAE), the biggest challenge for securing remote workers and employees that leverage bring your own device (BYOD) on Windows 10 was ensuring that endpoints were secure. UAE respondents were most concerned with malware attacks. These concerns are not misplaced, with many breaches arising due to employees working remotely and enjoying access to data from their own devices. To help mitigate this threat, CISOs should remove admin rights wherever possible and implement a thorough training program to ensure that employees understand why this is happening, along with the correct steps that must be taken to continually mitigate the threat of exposed endpoints.
Addressing Modern Security Challenges
There have been two main types of account — administrator and standard user — in every version of Windows to date, and Windows 10 is no exception. But with the knowledge that removing admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017, the specific security threat that overprivileged admin users pose to their businesses is clear. Fortunately, the removal of admin privileges from employees is relatively simple on Windows 10. However, although this process does result in improved security, it can present some usability challenges. Because many day-to-day tasks and applications require admin rights, their loss can hamper a workforce’s efficiency in carrying out their responsibilities. This is a conundrum for businesses, which must aim for maximum security but also avoid locking too many users out of the systems they need. IT and security leaders must weigh this
Windows 10 is considered the most robust Windows operating system so far; therefore, it’s little surprise that countless organizations trust in Microsoft’s cloud-based modern management approach to facilitate heightened security and agile IT capabilities. But mobile device management solutions mean that employees must have administrator rights to do their jobs on a daily basis — a potential security risk. So, while Microsoft is enabling organizations to deploy Windows 10 support and adopt modern management more easily, it’s important that businesses understand that the operating system alone is unable to protect businesses from evolving threats.To protect their organizations, CSOs, CISOs, and other IT security professionals need to think more strategically when migrating to Windows 10.
Privilege or No Privilege?
balancing act on a case-by-case basis and, if they do remove admin rights, ask which of their existing practices should be tweaked to avoid the challenges associated with them.
Optimizing the User Experience Although Microsoft rolls out updates to its operating system twice yearly, its modern management still doesn’t allow for a distributed set of employees to install key applications in a secure, user-friendly way. For example, when admin rights are taken away, IT staff can have difficulties in accessing the network and helping users to install software — ultimately detracting from the overall user experience. But IT leaders should note that the transition to Windows 10 doesn’t need to be a sprint. For example, by evaluating which devices require an upgrade, they can use previous operating systems for some areas of the business while simultaneously implementing Windows 10 for others. This will enable organizations to benefit from the security in Windows 7, for example, while also benefiting from the flexibility of newer systems.
Summary The migration to Windows 10 is an opportunity for organizations worldwide to upgrade their Windows management. But it’s vital that the flexibility that the new operating system offers is balanced with measures to maintain an organization’s security against evolving threats. According to the same research I cited earlier, more than half of the respondents believe their organization is ready for the Windows 10 migration, however, the other 44% are unsure about preparation plans or do not feel prepared. With just about four months to go for Windows 7 end of life, organizations must take proactive steps now. By thinking carefully about the points outlined in this article, IT leaders can plan a smooth transition to Windows 10. ë
s e p t e m b e r 2 019
15
Top of Mind
the art of detecting and protecting
Having worked for the TippingPoint group under various different companies for 15 years, Scott Rivers, Director of Product Management for TippingPoint, Trend Micro has witnessed many changes in the organization. In an exclusive interview with Cyber Sentinels, he shares his plans and priorities.
n
B y: d i v s h a b h at < d i v s a @ g e c m e d i a g r o u p. c o m >
Tell us about Trend Micro TippingPoint. Trend Micro’s TippingPoint solution uses machine learning to inspect and block malicious threats at the network layer in real time. Using TippingPoint, organizations can gain pre-emptive threat prevention, threat insight and prioritization, and real-time enforcement and remediation. Having worked for the TippingPoint group under various different companies for 15 years now, I have witnessed many changes in the organization. I would say that TippingPoint has ended up in a fabulous place. Trend Micro is investing heavily in TippingPoint, in both the employees as well as our business and the products. 2018 was a record year for TippingPoint so far, irrespective of who owned us. Around 80% of our business comes from 200 customers. What difference do you see between the GCC and the global network security Market? To be honest, I see very little difference. The key challenge globally is the shortage or difficulty in finding skilled employees and retaining those employees. Organizations struggle to find and recruit people and once they do and invest in them, those employees may not necessarily stay around for a long time. And that’s always been the challenge. How do you think organizations can optimize on network security? We focus on vulnerabilities and protecting these vulnerabilities from being exploited at the network level. This approach resonates well with many businesses and verticals. We have something known as the Zero Day Initiative (ZDI). This is the largest vendor-agnostic bug bounty program under which we reward a third-party researcher for disclosing zero-day vulnerabilities
16
s e pt e m b e r 2019
this period of time before the official patch is released by the vendor. Using the vulnerability information, we can virtually patch the affected software or hardware in our customers’ environment. On average, we provide vulnerability protection 72 days before a vendor patch is made available.
scott rivers,
director of product management, tippingpoint, trend micro
to us. Here’s how the program works. An independent researcher finds an unknown vulnerability in a piece of software/hardware and reports that to ZDI. The researcher can be from just about anywhere – we have worked with more than 3,000 different researchers from more than 80 countries. Once the bugs are verified by our internal researchers, we buy the bugs – offering a price based on many factors. We will then disclose the bug to the vendor, who will use the information to work on a patch within a month to six months. Where we add value to customers is during
What are Trend Micro TippingPoint’s plans for the year? We have two big areas of investment right now - in cloud and in people. We recently released a network-based security control for cloud workloads. We’re also investing heavily to hire and retain the right people. Also, apart from these, we have the largest critical infrastructure partners in North America. Our threat intelligence team, specifically the ZDI team, are investing heavily in steering the research community to find more vulnerabilities. Last year, the ZDI team discovered over 1400 zero-day vulnerabilities and one third of those were SCADA or IoT-related. What are your top three priorities? l Go where the network goes as it is constantly evolving l Evolve as the security landscape evolves l A tool is only as good as how you use it, and how you configure it. So keep learning. How are you different from your competition? From a networking point of view, we are transparent. We don’t impede the network. We pride ourselves on having low latency, low false positives, and zero impact on the network. That’s differentiation for us. Also, with regards to the ZDI, most of the vulnerabilities are reported by us, which means we have protection before anyone else and that’s key. ë
Discover the Edge.
Smart Solutions. Real Business. Rittal solutions for the technology of the future. Edge computing enables enormous amounts of data to be processed directly at the place where they arise. Securely and in real time. Rittal prepares you and your IT infrastructure for new challenges - ďŹ&#x201A;exibly, economically, and globally.
Visit us at
Sheikh Rashid Hall Stand SR-E2
For Enquiries:
Rittal Middle East FZE Tel: +971-4-3416855 I Email: info-it@rittal-middle-east.com I www.rittal.com/uae-en
powered by
28th AUG 2019 Emirates Palace Abu Dhabi, UAE
Moving from
Multicloud
Chaos to Calm
Brought by Global CIO Forum and powered by Juniper Networks - Multicloud Chaos to Calm roundtable was successfully held on 28th August at Emirates Palace Abu Dhabi under the theme ‘Simplify your Journey to Multicloud with AI-Driven Networks and Automation’. Today, digital transformation (DX) strategies are at the core of any organization’s evolution. Surviving in today’s rapidly evolving market is a challenge, especially to CEOs who are expected to implement DX strategies that yield tangible results. Given the abundance of infrastructure resources and tools and the fierce competition from tech giants, an organization’s technology leaders often find themselves at an impasse due to the fact that
18
s e p t e m b e r 2019
Enterprise Adviser
the majority of enterprises use a mixture of various SaaS, PaaS, IaaS, and private cloud services. Enterprise Adviser hosted the ‘Moving from Multicloud Chaos to Calm’ roundtable to discover how to consolidate services; an essential aspect for the success of any DX strategy. On display were also the new solutions like AI-driven networks and SD-WAN that can improve the user experience by simplifying onboarding processes, ensuring business-critical application performance, and automating security across the entire network. The event was attended by the top IT leaders of Abu Dhabi from multiple verticals. Haitham Saif, System Engineering Manager – META, Juniper Networks said - Juniper enables our customers to operate their multicloud with consistent security and operations across all places in the network, with support to launch workloads on any cloud and in any server. Using a common operating system and a single, open orchestration platform, Juniper solutions help our customers manage the complexity of operating in different environments. Juniper Networks brings simplicity to networking with products, solutions and services that connect the world. Through engineering innovation, we remove the constraints and complexities of networking in the cloud era to solve the toughest challenges our customers and partners face daily.”
s e p t e m b e r 2 019
19
Deep Dive
Diverse info, different individuals
Bits Secure IT believes it is only natural for data center service to be reliable and confident. The future Data center should be flexibly connect diverse info and different individuals to breathe life into IT businesses Bits Data centers will care your businesses by bringing advanced technologies and consistent services to provide your business through strong partnership.
GCC has been truly a significant market for system and substance peering and it is presently considering being generous to be as a cloud focal point too. Data center in the Middle East is set for a time of consistent development in the new space and income as per the recent research. Modern server farms need to help a new all-encompassing prerequisites with framework combination, improvement and mechanization while sparing vitality and expenses. Virtualization stands out as an innovation that makes it conceivable to deal with the pace of framework change, giving expanded command over client experience, better security, and business congruity just as improving programming arrangement and update. Bits Secure IT believes it is only natural for data center service to be reliable and confident. The future Data center should be flexibly connect diverse info and different individuals to breathe life into IT businesses Bits Data centers will care your businesses by bringing advanced technologies and consistent services to provide your business through strong partnership with us. Through worldwide partnerships with more than 100 IT firms in 5 countries including the United States, Middle East, and Asia, we have attained rich knowledge, technology and maintenance know-how on an extensive range of products covering from hardware and middleware to applications. By utilizing our worldwide network, we are able to delicately catch up the latest IT trends and progress the capability to select and operate optimal technologies and products along with the know-how for rapidly delivering suitable support. By merging the strengths of vendor partners with Bitsâ&#x20AC;&#x2122; industry knowledge and system integration expertise, we are talented to offer high added value systems utilizing the modern technologies and products in rapid turnaround time. Our one-stop outsourcing services deliver complete support for all facets of the IT life cycle
20
s e p t e mb e r 2019
Mohanbabu Murugesan, Business Head - Middle East, BITS Secure IT Infrastructure
containing robust facilities along with consulting, system integration, system operation, equipment procurement, and system maintenance based on the latest technologies. Bits Secure IT has a strong reputation in framework activity in multivendor situations from centralized computer to client server conditions. We align expert engineers to every client, and they will bolster your framework and react to your solicitations from the daily administration starts . In addition to acting as the contact point for dealing with the status of administration
activity, they comprehend clientâ&#x20AC;&#x2122;s organizations and requirements and tasks and give the best answers for settling the issues looked in your business at the time. Our data center sites and amenities guarantee outstanding durability in the event of a disaster and clear a high standard of consistency requirements and it is operated in line with our stringent security policy. Our solutions are operated to confirm harmony between individuals/firms, technology, and the environment. ĂŤ
Protect Your Information Wherever It Travels
Data Classification, DLP, and CASB only solve part of your data security challenge. Seclore Data-Centric Security makes it easy to unify your best-of-breed solutions and automatically add granular usage controls as information is discovered, classified, and shared. Ensure your information is protected and trackable wherever it travels with Seclore.
We look forward to showing you Seclore Data-Centric Security in action during the Future of IT Summit 2019, Dubai
www.seclore.com
Top Executive executive
Mohammed Shakeel Ahmed, CISO, Abu Dhabi Aviation
22
s e p t e m b e r 2019
Top Executive executive
Skill Comes with Experience n B y: D i v s h a B h at < D i v s h a @ g e c m e d i a g r o u p. c o m > n P h o t o : s h u t t e r s t o c k
With over 22 years of expertise in Aviation Cyber Security, Cyber Resilience Management, Mohammed Shakeel Ahmed, CISO, Abu Dhabi Aviation plays an imperative role in developing, building and implementing information security controls through business-aligned policies to achieve and enhance the information security posture of the organization. Being the CISO of Abu Dhabi Aviation which provides aviation offshore oil support and other services, Mohammed Shakeel Ahmed plays a major role in developing the cybersecurity posture of the organization. From convincing the top management to building a robust cybersecurity program plan as per the strategy of the organization, Shakeel Ahmed has always stayed a step ahead in fulfilling his duties. â&#x20AC;&#x153;My role and responsibilities start with top management. It is very essential to convince them and raise awareness that there is no risk-free environment. It is also important for a CISO to take care of the business operations. It would be very
s e p t e m b e r 2 019
23
Top Executive
Top 3 Priorities To address the High / Critical risks
difficult for the top management to understand technical or security terms. With 15+business divisions in our organization, I must ensure that there is no financial loss. Hence, explaining the management the increasing number of sophisticated attacks and its risks to the business is essential,” said Shakeel Ahmed.
The Increasing Challenges The aviation industry isn’t any more immune to critical cybersecurity risks than any other industry. Faced with the increasing threat landscape, CISOs are continuously confronted with a growing number of new and existing challenges. Shakeel divides the challenges into three layers – Top Line, Mid Line, and Bottom Line. “If you divide the organizations into three areas, there are challenges in all of them. While the top management is concerned about the budgets, the mid-management wants to ensure that there is no outage. It is very crucial to brief the management on how important it is to implement a particular technology. A CISO has limitations to calculations for return of investments on security products. The management does trust us and want us to implement the best technology but at a lower cost,” said Shakeel Ahmed. “The Mid Line does not want the business to be inoperative for hours while implementing technology because it cannot run without applications. And finally, if the Bottom line (Individual Employee) does not know the dos and don’ts of information security, the cybersecurity program will not work,” he adds.
24
s e p t e m b e r 2019
To provide Comprehensive Security Technology across organization
Shakeel Ahmed explains that these are internal challenges while the external is the increasing number of attacks. “Hackers are across the globe, using advanced technology and sophisticated methods. It is vital to stay secure and protect the data of the organization,” he said. Shakeel Ahmed also points out the challenges with the technology partners in the Middle East. “In the Middle East, most of the technologies sold are either US-based or other countries. The technology partners are distributing those solutions here. Due to this, a major challenge arises during the implementation,” he adds. Every CISOs face several challenges but its upto individual CISO how they mix and match and manage this is a part of their role.
Security Issues with Drones Aviation cybersecurity is a weak area believes Shakeel Ahmed. Airports, Airlines work in different parameters because of security reasons. Authorities like Gulf Civil Aviation, International Civil Aviation Authorities alone can give the guidelines. “At present in the Gulf region, the entire air space has been controlled by the regulatory. But of course, over a while, drones will be a significant challenge if we don’t have the advanced method of identifying. Firstly, we will need to identify if it is a drone. If the identifying mechanism is a legacy mechanism, it will be a bigger challenge. Identifying is a key parameter in digital security. Unless and until a CISO does not identify and detect, he/she cannot respond. Presently, I don’t see a challenge but over some
To ensure Digital & Privacy Security across organizations
time, drones can come into the intersection of the air space. So, we need to be ready with advanced technologies to face these challenges, said Shakeel Ahmed.
Investments in the Aviation Sector According to Airport Council International (ACI) World, the Aviation sector in the UAE is projected to reach AED 323.6 billion by 2030. The country is investing heavily in this sector. Shakeel Ahmed says – “With the increasing number of attacks, the management of the organizations are also now aware that they have to spend on security. The regulatory authorities from UAE bodies like NESA are ensuring that the right set of technology stack has been implemented. But yes, it is difficult for a CISO to cross the budget limits allotted by the management. Hence, a CISO can convince the board with the business case study of the solution that has been implemented.” A CISO needs to represent a business case study in the business language. Shakeel Ahmed believes that a CISO does not require any skill for this as it comes with experience. “In the Middle East, CISOs try to explain the management in technical terms and not business language. A CISO should be able to convince how important that solution is and how much business impact it will create, and how effectively it can run the business for a couple of years. That confidence is what I see lacking in the Middle East CISOs and if they can overcome that, no management would disagree to set aside the required budget for security.” ë
Swing
Local
-
Connect
Global
2019-20 AUSTRALIA AZERBAIJAN BAHRAIN BOTSWANA CANADA CHINA EGYPT FRANCE GERMANY GHANA
INDIA INDONESIA IRELAND ITALY KAZAKHSTAN KENYA MADAGASCAR MALAYSIA MAURITIUS NEW ZEALAND
40
PARTICIPATING COUNTRIES
NEPAL NIGERIA OMAN PAKISTAN PORTUGAL RWANDA RUSSIA SAUDI ARABIA SCOTLAND SINGAPORE
SRI LANKA SPAIN SOUTH AFRICA SWITZERLAND THAILAND TURKEY UAE UNITED KINGDOM US ZIMBABWE
60 QUALIFYING ROUNDS
4500 C-LEVEL EXECUTIVES
FOR MORE VISIT: www.gecopen.com CONTACT: ronak@gecmediagroup.com, vineet@gecmediagroup.com, bharat@gecmediagroup.com
Deep Dive
4 tips for effective boardroom presentations As technology assumes a greater role at most companies, CIOs are often required to present directly to senior management. Maher Jadallah, Regional Director of Tenable shares some key pointers that will showcase the security/IT team while securing buy-in.
As technology moves to the center of most organizational processes across the GCC, CIOs are communicating with the board more often, whether to discuss budget requirements or strategic cybersecurity defenses. Although more people are becoming familiar with IT terms, geek speak can leave many feeling dazed and confused. Talking about Remote Code Excecution (RCEs), Internet Protocol Security (IPSEC), Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), for example, can leave listeners baffled and waste valuable board face-time. Other terms often mean one thing in daily parlance but something else entirely to IT specialists. For instance, a ‘watering hole’ is neither a gathering place for oryx nor a venue to unwind after work; ‘whaling’ doesn’t include a net; a firewall involves neither fire nor a wall; and the sort of ‘container’ most frequently referred to doesn’t specifically concern maritime trade. Security is a serious topic that the UAE’s senior executives are particularly alert to, so it’s important that there are no misunderstandings. IT and security teams must replace the jargon with language their listeners will understand, if they want to win support for their projects.
How measurable is it? In general, upper management finds comfort in metrics. When talking to sales, for example, they seek to understand conversion and close rates. With marketing, it’s all about cost per lead. Security must, likewise, focus on quantitative assessments to compare and track performance. The most effective IT/Security pros will be those that can translate the technology and correlate security controls to a metrics-driven conversation. Metrics are the Rosetta Stone of crossfunctional conversation. Here are four key pointers to keep in mind when deciding which metrics to use and how to present them in a way that wins and retains the board’s attention: Quantifiable data: Information that can be monitored and analyzed over business cycles
26
s e p t e m b e r 2019
Maher Jadallah,
Regional Director, Tenable
serves to inform and educate non-IT audiences. For example, when a big vulnerability like BlueKeep hits - a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol that has the potential to spread in a worm-like fashion and replicate without requiring userinteraction. A demonstrable metric would be the estimated time required to patch against it. This will highlight how long the company is exposed and at risk. Is it 15 days, 30 days or longer? How can downtime be reduced and, if investment is needed, what will the return be? Lucid graphics: When presenting to management, it’s important to reduce complex graphs and analytical tables into simple indicators. List the things you want to talk about to keep the conversation focused on your goals. A good question to ask yourself is, “What is the intended outcome of showing this piece of data? What do I want the board to do?” If you can’t answer that, or have included the slide to fill time, delete it.
The best board-level presentations only show a handful of metrics, each selected to steer the conversation towards new investment or perceptible improvements. Riveting presentation: The best route to winning buy-in for your proposals is a professional presentation with simple and precise information. Think about how you’re sharing this data. Spreadsheets, though easy to create for many, may not be the right format as endless columns of numbers can be hard to navigate. And no one likes ‘death by PowerPoint’. To avoid these traps, consider a format that clearly underscores the point you’re conveying, and makes it compelling and eye catching – such as an infographic. Rehearse your presentation and put yourself in the audience’s shoes: What terms are unclear? What graphics are hard to read? Modify or get rid of them and tweak your work so it attracts the attention of everyone. Comprehensive ideas: Not everyone around the table will be a security expert, so avoid terms only the security or IT teams will understand – you’re not trying to teach them to speak geek. Instead of playing IT teacher, consider how to make your point simply and effectively, while presenting new ideas in bite-sized morsels that will give your listeners something to chew on. As we said earlier, you don’t want to risk someone in the room thinking you’re talking about port storage solutions when you’re actually discussing a development platform. Instead, focus on making sure everyone can understand what is being discussed and all are in alignment of next steps. With understanding comes the opportunity for actual communication between the board and security experts – and with that comes buy-in. To sum up, talk to the board in simple, easyto-understand metrics presented in an attentiongrabbing manner. Focus on measurable data and don’t overdo the geek speak. The board doesn’t need to be security experts – that’s your role. But you do need to make sure they understand what you require and why, as well as what it will deliver for the organization. ë
Vendor Talks
“NOTHING IS DANGEROUS FOR THE COMPANIES UNDER THE DEFENSE OF TDS” “Group-IB does not just sit around waiting for hackers to cause troubles, we help our clients to turn the tables and be threat hunters, rather than victims,” - Ilya Sachkov, CEO & Founder, Group-IB. Tell us about Group-IB and its products. Tech or otherwise, I am full of great stories to tell. Group-IB was established 16 years ago, and I could hardly imagine back in 2003, when me and other Group-IB co-founders were still at the university, that Group-IB would evolve into an international organization protecting banks, financial institutions, oil and gas companies, software and hardware vendors, telecommunications service providers, and FMCG brands in more than 60 countries against financial losses and reputational risks. I was 18 years old, my future business partners were of the same age. Now I am sitting in our global HQ in Singapore with a team of talented people (the median age of employees at Group-IB is just 27 years) from different countries with different backgrounds, strategizing ways to enter new markets, about which I knew mostly from the books back in 2003. What has not changed since 2003 is our mission: to protect our customers in cyberspace by creating and using innovative products, solutions, and services. At early stages of our company existence, Group-IB mainly focused on providing services, in particular cyber investigations digital forensics, including dynamic malware analysis. From day one, Group-IB’s specialists have painstakingly pieced together a unique knowledge base about hackers, cybercriminal groups, and their methods and tools, gathered during incident response activities and cyber investigations. By 2010, more and more often, during incident response activities all over the world we detected infected workstations with antivirus software installed. It became apparent that big international companies were spending a lot of money on ineffective solutions unable to protect their infrastructure. The technologies used by the attacked companies to protect themselves have proven to be irrelevant against the vectors of attack and tools used by cybercriminals. If you do not know your enemies, how can you fight them? Bearing this question in mind,
28
s e p t e m b e r 2019
Ilya Sachkov,
CEO & FOUNDER, Group IB
in 2010-2011, we decided to convert our unique knowledge to products that allow companies to protect themselves from cyber threats that are relevant to them, while considering their industry specifics and geographical location. And that’s how our flagship product, Group-IB Threat Intelligence, emerged - a system which understands everything about the nature of different cyber threats and predicts how they evolve. Our customers are always a few steps ahead of cybercriminals: they are aware of preparing attacks, and therefore can prevent them at an early stage. Group-IB Threat Intelligence made the shift from reactive approach to cyber defense to prevention of cyber threats possible. The launch of Threat Intelligence in 2012 accelerated the development of new products, in particular to creation of Group-IB Threat Detection System (TDS) – a system to protect corporate network, hunt for threats and respond to complex targeted cyberattacks. Unlike traditional signature-based detection methods,
TDS identifies traffic anomalies and previously unknown malware using in-depth behavioral analysis of files in an isolated environment. It is also born out of our incident response expertise, skills in detecting malware and cyber intelligence foundation. It uses unique threat intelligence data on hacking activities, including data on cybercriminals’ TTPs, the emergence of new malicious programs, C&C server addresses. Banks, oil and gas companies, critical infrastructure facilities, telecom companies, and other companies all over the world now use TDS to proactively detect and prevent cyberattacks and hunt for threat actors. Group-IB does not just sit around waiting for hackers to cause troubles, we help our clients to turn the tables and be threat hunters, rather than victims. When the world shudders at the latest news about new wave of ransomware or another threat, my partner, co-founder and CTO of Group-IB likes to say: «Nothing is dangerous for the companies under the defense of TDS». And it’s true. We have built a comprehensive cybersecurity ecosystem with proprietary Threat Intelligence at the core, which allows to help companies to deal with cyber threats before, during and after a cyber incident. Those who are willing to be proactive use Threat Intelligence, TDS and Secure Bank/Secure Portal to proactively defend against targeted attacks and financial fraud. If an incident already took place, CERT-GIB, Group-IB’s digital forensics and cyber investigations experts are there to help. Tell us about your ‘Secure Bank’. Why should financial organizations choose this product? Secure Bank is another product born out of Threat Intelligence. This is another example of our non-standard approach to routine problem solving. Most of the banks use transactional fraud prevention solutions which are effective to stop bad transactions. But we say: it is not enough. Group-IB stands out for its unique adaptive logic to correlate data on users’ behavior on their
Vendor Talks
devices, as they interact with their bank through various channels. It is widely known that the majority of cybercrimes are financially motivated, therefore banks and ecommerce businesses are always in the spotlight of hackers. Banks will likely continue to remain a primary target for cybercriminals, therefore, banking institutions must focus efforts on detecting blended attacks that combine phishing, malware, and fraud across multiple channels. That’s why we created Group-IB Secure Bank for banks and Secure Portal for ecommerce portals. Group-IB’s solution is equipped with a full stack of anti-fraud technologies, which protect banks’ and ecommerce portals’ and its customers across all layers while identifying fraud at the preparation stage. Complementing other anti-fraud systems, our solution can block thefts in real time and detect attacker’s logins, social engineering scams, botnets, money laundering, and the possible infection or compromise of a user’s device. Our solution continuously processes 9.5 mln. sessions a day. By using behavioral data (velocity and navigation, mouse movements, keystrokes, typing cadence, delays, etc.), Secure Bank identifies if a legitimate user or fraudster is logged in, reducing false positives by 79%. This information is enriched with Group-IB Threat Intelligence proprietary data on threat actors, malware intelligence, malicious IPs, and compromised data. Secure Bank/Secure Portal is already trusted by top international companies, including banks and online retailers, protecting more than 70 million of their customers. And I am proud that it has recently been featured in Gartner’s Market Guide for Online Fraud Detection, which we believe is not only a testament to our expertise, but also the shift in the market’s focus to more advanced anti-fraud solutions that go beyond signaturebased detection. How can you help safeguard businesses from social engineering attacks? Social engineering attacks are becoming more widespread for one simple reason: human is the weakest link in any cybersecurity system. It is much easier to take advantage of users’ personal weaknesses than finding network or software vulnerabilities, which requires special knowledge and skills. Usually, social engineering involves email or other means of communication that cause feelings of urgency, fear, or similar emotions in the victim, pushing them to promptly reveal sensitive information, click on a malicious link, or open a malicious file. The types of social engineering
attacks used in online banking fraud include pretexting, phishing, and hacking email & social media accounts. And such attacks are way harder to detect and prevent. The use of Group-IB Secure Bank allows to increase the detection of social engineering attacks by at least 30%. Let me give you a real life example. In July, our analysts have discovered a new wave of banking fraud which involved the use of social engineering. A victim receives a phone call purporting to be from their bank’s security department. Under the pretense of detected suspicious activity, the fraudsters ask a victim to install remote control software, TeamViewer, to block “unauthorized access”. When a victim agrees to install this software, fraudsters gain full control of the mobile device acting on behalf of a bank customer. Since the customers themselves authorize the installation of remote control software, traditional transactional anti-fraud solutions cannot detect suspicious activity. While Group-IB Secure Bank eliminates this blind spot in traditional anti-fraud by using behavioural analytics. The presence and the use of remote access software is detected using regularly updated signatures. By using a number of bio-chronometrics parameters, Secure Bank identifies if a legitimate user or fraudster is logged in, reducing false positives significantly. Unlike traditional anti-fraud that analyses transactions, Secure Bank algorithms start working right from sign-in step to detect dangerous activities before the fraud is executed. What are your expansion plans in the Middle East region? One of our major goals for the market is to improve cyber defense capabilities of the region’s companies with Group-IB’s intelligence-driven technologies. For this purpose, with our trusted partners from NGN. Group-IB has recently opened the first 24/7 intelligence-driven security operation center (SOC) in Bahrain. The new NGN SOC powered by Group-IB enables the regions’ governments, private companies and financial organizations to get expert assistance in proactive monitoring, detection and prevention of any cyberattacks at early stages for better defense of their internal networks. Our technology, experience monitoring for and investigating against advanced persistent actors that we brought to the region will help companies and government organizations in the Middle East save money, and most importantly gain efficiency. Another long-term goal is to increase cybersecurity awareness in the region. Human is the weakest link in a corporate security system, which is why Group-IB is planning to organize
a number of cybersecurity trainings for private organizations, university students and even ordinary users in order to build a cyber-savvy workforce, which would drive the region’s digital transformation. What is your go to market strategy? What demand do you see in the region for your security solutions? Not all the companies can use comprehensive cybersecurity protection solutions independently and at full efficiency. To be able to do this you need qualified cybersecurity experts familiar with both local threat landscape and technologies, which would allow to not only detect threats but also to properly manage it. For many organizations this is expensive. Not only expensive, nearly impossible to do well. Not because of the cost, but because of the shortage of cyber security talent, which is a problem not only in the Middle East but also across the world. Which is why at first, we want to provide efficient, affordable and comprehensive cyber protection for customers in the Middle East. And the first step is the opening 24/7 SOC, monitoring and responding to risks and keeping the organization safe from threat actors. Our SOC analysts monitor all the events in corporate network and notify the customers about most significant ones along with recommendations on how to protect against most advanced threat actors. On top of this, we have malware analysts, digital forensic experts, cyber intelligence analysts, which allows to not only effectively monitor threats but also to promptly respond to them. In order to expand properly in the region, we rely on our trusted partners and the relationships they have developed. We have many different levels of partners, including those who have invested in Group-IB’s solutions themselves to provide managed services to their customers. In June, we also signed an MoU with TAG. Global, one of the biggest IP registration and management companies in the Middle East. The agreement aims to create safer environment for IP owners in the region and to provide educational services jointly to impart essential cybersecurity knowledge and skills in order to ensure a stable and cyber resilient digital economy of the region’s states. I would say the demand for Group-IB’s cybersecurity solutions in the Middle East is strong. The growing level of professionalism and knowledge in the region from industry professionals fuels the drive for the best cybersecurity solutions. In fact, Group-IB is already providing solutions to customers in the Middle East and EMEA is one of our strongest markets. ë
s e p t e m b e r 2 019
29
Deep Dive
A Question for Business Owners, how safe is your Data and Business? After analyzing several customer experiences about Data Leakages and Ransomware attacks, it can be highly destructive than a Natural Disaster. Large Enterprise Data Breaches always find headlines, but small and medium business are more vulnerable and less protected. Monetary loss of internal attack for a SMB is more than what we expect. Latest study says that 10% Companies wonâ&#x20AC;&#x2122;t survive after a cyber breach. How you can protect your business from Attacks? Before jumping into solution, you need to find how the Information breach is happening. 1. Ransomware attacks. 2. Insider threat Attacks (Employee leaking Data)
Steps to Protect your Business and Data 1. Secure your Endpoints using DLP Solution against insider threat Insider threat (employee threat) is much more severe than a Cyber Criminal, you will be having many solutions like AntiVirus, Firewalls, WAFs
30
s e p t e mb e r 2019
etc against outsider threat, what you have in place for user monitoring. Data has value and if it falls into the wrong hands it can have drastic consequences. There have been sensitive data breaches earlier, but they have become more frequent nowadays. Always put a strategy for managing your data with some proper DLP vendors. Products like DataResolve, Zecurion have providing great values for SMBs than big products like Symantec or Digital Guardian. As always, finding a right solution provider have more priority than a vendor.
2. Make backups in the Cloud Saving your data backup in the cloud or storing it with a third-party provider on the internet, not only makes it more secure against cyber criminals, but also protects you from other natural disasters. Vendors like Acronis Cyber Cloud, Amazon, Azure never had any breaches to date. Selecting a service provider is much important than selecting a vendor, you should check their technical capabilities and support always.
3. Encrypt your data keeping your software up to date and passwordprotecting your devices may not be enough to stop hackers should they fall into the wrong hands. The more security the better, and with the growing threat, encryption should be regarded as essential.
4. Be organized and Develop a system develop a list of pre-approved vendors and ensure employees are aware. Review and customize crime insurance â&#x20AC;&#x201C; when it comes to coverage or denial the devil is in the details. Institute a password procedure to verify the authenticity of any wire transfer requests, and always verify the validity of an incoming email/phone call from a purported senior officer. Consider sending sample phishing emails to employees to test their awareness and measure improvements over time. Dataguard MEA make practical solution for make business data safer with our strong presence in UAE, Oman, Bahrain, Kuwait, Nigeria, Kenya and Mauritius. ĂŤ Source: Dataguard Blogs
Phone: +971-4-8863850 E-mail: info@asbisme.ae Web: www.asbisme.ae
Phone: +971-4-8863850 E-mail: info@asbisme.ae Web: www.asbisme.ae
www.seagate.com www.seagate.com
Real time
Avaya Deskphone: DecadeOld Vulnerability Found in Phone’s Firmware As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software and hardware, we decided to have a look at the Avaya 9600 series IP Deskphone. We were able to find the presence of a Remote Code Execution (RCE) vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then failed to apply subsequent security patches to. The bug affecting the open source software was reported in 2009, yet its presence in the phone’s firmware remained unnoticed until now. Only the H.323 software stack is affected, and the Avaya Security Advisory (ASA) can be found here ASA-2019-128. The attack is conducted with the phone directly connected to an attacker’s laptop but would also work via a connection to the same network as a vulnerable phone. As a user, you can verify if your Deskphone is vulnerable: first determine if you have one of the affected models (9600 Series, J100 Series or B189), then you can find which firmware version your phone is using in the “About Avaya IP Deskphone” screen under the Home menu, version 6.8.1 and earlier are vulnerable when using a H.323 firmware.
What are Researchers Looking for? When studying the security of embedded and IoT devices, researchers generally have a couple of goals in mind to help kickstart their research. In most cases, two of the main targets are recovering the files on the system so as to study how the device functions, and then finding a way to interact directly with the system in a privileged fashion. The two can be intertwined, for instance getting a privileged access to the system can enable a researcher to recover the files stored on it, while recovering the files first can show how to enable a privileged access.
Recovering the Files
32
s e p t e m b e r 2019
serves firmware updates for its various phone product lines and anyone can download them. The download contains multiple tar files. We can then run a tool called binwalk on the extracted files. Binwalk is a large dictionary of patterns that represents known file formats; given an unknown firmware file, it will look for any known pattern and, upon finding potential matches, will attempt to process them accordingly. For instance, if it finds what looks like a .zip file inside the firmware, it will try to unzip it. Running this tool is always a good first step when facing an unknown firmware file as, in most cases, it will identify useful items for you.
Getting the privileged access Philippe Laulheret,
McAfee Advanced Threat Research
from the Phone When we say recovering the files from the phone, we mean looking for the operating system and the various pieces of software running on it. User files, e.g. contacts, settings and call logs, are usually not of interest to a security researcher and will not be covered here. To recover the files, the easiest approach is to look for firmware updates for the device. If we are lucky, they will be freely available and not encrypted. In most cases, an encrypted firmware does not increase the security of the system but rather raises the barrier of entry for security researchers and attackers alike. In this case, we are in luck, Avaya’s website
In most cases, when talking about gaining privileged access to an IoT/embedded device, security researchers are on the lookout for an administrative interface called a root shell that lets them execute any code they want with the highest level of privilege. Sometimes, one is readily available for maintenance purposes; other times more effort is required to gain access to it, assuming one is present in the first place. This is when hardware hacking comes into play; security researchers love to rip open devices and void warranties, looking for potential debug ports, gatekeepers of the sought-after privileged access. In the picture above, we can see two debug ports labeled UART0 and UART1. This type of test point, where the copper is directly exposed, is commonly used during the manufacturing process to program the device or verify everything is working properly. UART stands for Universal Asynchronous Receiver-Transmitter and is meant for two-way communication. This is the most likely place where we can find the administrative access we are looking for. By buying a $15 cable that converts UART to USB and soldering wires onto the test pads, we can see debug information being printed on screen when the phone
real time
a disassembler, we confirm the phone’s version of dhclient is indeed vulnerable to the bug reported in 2009. Converting the original exploit to make it work on the phone requires a day or two of work, while building the proof of concept demonstrated in the above video is a matter of mere hours. Indeed, all the tools to stream audio from the phone to a separate machine are already present on the system, which greatly reduces the effort to create this demo.
Remediation
Close up of the phone’s circuit board. UART ports in Red and the EEPROM in blue
boots up, but soon the flow of debug information dries up. This is a curious behavior—why stop the debug messages?—so we need to investigate more. By using a disassembler to convert raw bytes into computer instructions, we can peek into the code of the bootloader recovered earlier and find out that during the boot process the phone fetches settings from external memory to decide whether the full set of debug features should be enabled on the serial console. The external memory is called an EEPROM and is easily identifiable on the board, first by its shape and then by the label printed on it. Labels on electronic components are used to identify them and to retrieve their associated datasheet, the technical documentation describing how to use the chip from an electrical engineering standpoint. Soldering wires directly to the chip under a microscope, and connecting it to a programmer, allows us to change the configuration stored on it and enable the debug capabilities of the phone.
Alternative roads The approach described above is fairly lengthy and is only interesting to security researchers in a similar situation. A more generic technique would be to directly modify the filesystem by altering the flash storage as we did for previous research, and then automatically start an SSH server or a remote shell. Another common technique is to tamper with the NAND flash while the filesystem is loading in memory, to get the bootloader in an exception state that will then allow the researcher
to modify the boot arguments of the Linux kernel. Otherwise, to get remote shell access, using an older firmware with known RCE vulnerabilities is probably the easiest method to consider; it can be a good starting point for security researchers and is not threatening to regular users as they should already have the most up-to-date software. All things considered, these methods are not a risk to end-users and are more of a stepping stone for security researchers to conduct their research.
In search of vulnerabilities After gaining access to a root shell and the ability to reverse engineer the files on the phone, we are faced with the open-ended task to look for potentially vulnerable software. As the phone runs Linux, the usual command line utilities people use for administering Linux systems are readily available to us. It is natural to look at the list of processes running, find the ones having network connection and so forth. While poking around, it becomes clear that one of the utilities, dhclient, is of great interest. It is already running on the system and handles network configuration . A quick search confirms that the 4.0.0 version is more than 10 years old and, even worse, an exploit targeting it is publicly available. Dhclient code is open source, so finding the differences between two successive version is straightforward. Studying the exploit code and how the bug was patched helps us to narrow down which part of the code could be vulnerable. By once again using
Upon finding the flaw, we immediately notified Avaya with detailed instructions on how to reproduce the bug and suggested fixes. They were able to fix, test and release a patched firmware image in approximately two months. At the time of publication, the fix will have been out for more than 30 days, leaving IT administrators ample time to deploy the new image. In a large enterprise setting, it is pretty common to first have a testing phase where a new image is being deployed to selected devices to ensure no conflict arises from the deployment. This explains why the timeline from the patch release to deployment to the whole fleet may take longer than what is typical in consumer grade software.
Conclusion IoT and embedded devices tend to blend into our environment, in some cases not warranting a second thought about the security and privacy risks they pose. In this case, with a minimal hardware investment and free software, we were able to uncover a critical bug that remained out-of-sight for more than a decade. Avaya was prompt to fix the problem and the threat this bug poses is now mitigated, but it is important to realize this is not an isolated case and many devices across multiple industries still run legacy code more than a decade old. From a system administration perspective, it is important to consider all these networked devices as tiny black-box computers running unmanaged code which should be isolated and monitored accordingly. The McAfee Network Security Platform (NSP) detects this attack as “DHCP: Subnet Mask Option Length Overflow” (signature ID: 0x42601100), ensuring our customers remain protected. Finally, for the technology enthusiasts reading this, the barrier of entry to hardware hacking has never been this low, with plenty of online resources and cheap hardware to get started. Looking for this type of vulnerability is a great entry point to information security and will help make the embedded world a safer place. ë
s e p t e m b e r 2 019
33
Vendor Talks
Cynet ‘Security for Management’ Template Communicates Enterprise Security Readiness to Senior Management New Template Maps Risks and Presents them to Business Professionals with the Goal of Securing the Organization Against Tangible Threats
Cynet’s ‘Security for Management’ template is available to cybersecurity professionals to help business management better understand and prepare against a cyber-attack. The template is a free resource available for download at the Cynet registration site. Throughout enterprises globally, IT security professionals are responsible for securing their organizations against attacks. However, there is another equally important task that falls on their shoulders: to communicate the security risks, needs, and status to the company’s CEO, CIO, or other senior management. Because senior officials decide and allocate invested IT resources, the level of security is adjusted in direct proportion to the threat level. Since management may not be as hands on as security administrators, Cynet has developed the ‘Security for Management’ template to provide a concise presentation of security issues and remedies. The template assists with the following: Cybersecurity as a Business Priority - Turns cybersecurity from an abstract risk to a business mission by mapping potential and real threats in a way that is presentable to non-technical executives, to gain consensus on near-term and future actions. Management Awareness - Because security knowledgeable management is instrumental in moving in the right direction, the Security for Management template creates a common language so that security needs are easily understood, including the NIST framework pillars of identification, protection, detection, response, and recovery. From Tactical to Strategic Initiative - Takes cybersecurity from a mere budget request to a continuous strategic mission. This is critical as cybersecurity is a continuous process. Accountability - Introduces operational metrics to measure stature and progress with a focus on achieving objectives. The clear presentation
34
september 2019
Eyal Gruner , CEO, Cynet
of results provided by the security security team ensures transparency and creates trust. Specific insights covered in the template include a general framing of the NIST framework as the common language; a NIST CSF deep dive to use per specific needs; a NIST scorecard; a mapping of the organization’s cybersecurity stakeholders; operational metrics, and a concise risk measurement dashboard that reflects the security posture of the enterprise.
“The ‘Security for Management’ template is a first of kind resource to help the IT security team ensure the organization is aware of their security profile and that they receive the necessary budget to safeguard the organization,” said Eyal Gruner, President and Co-Founder of Cynet. “Through the guidance made available in the presentation, those responsible for IT security and the management team are able to clearly communicate and respond to priorities.” ë
Deep Dive
How to Prevent Data Breach for Small and Medium Business: Expert Advice A recent study by IBM indicated that in 2019, on average, a single data breach costs $3.92 million for the affected company. The growing number of cybercrime occurrences of this sort is forcing organizations to rethink their security efforts to ensure their data is well protected. According to a network infrastructure industry insider Vincentas Grinius, the increasing number of data breaches can be partly curtailed if companies would hire cybersecurity specialists and make sure their data – both stored and in-transit - is encrypted and segmented, while only partially accessible to employees. The same survey reports that over the past five years, the financial damages inflicted by data breaches have increased by 12%. Finally, small and medium enterprises employing less than 500 people are the most vulnerable, since breachaffected companies of this size are potentially losing $2.5 million on average, a possibly stifling amount for growing companies. Some breaches, however, can get more devastating than others. This July, Capital One announced that their data had been compromised via a breach, leading to the information of 106 million customers being exposed for some time. Handling the aftermath of this incident
alone is expected to cost the company between $100 and $150 million, and this does not include the damage done to the bank‘s reputation. Nonetheless, there are steps organizations can take to minimize the probability of a potential data breach. Vincentas Grinius, CEO of Heficed, a cloud, dedicated server and IP address provider, highlighted a couple of measures that, if applied by an organization, would significantly diminish chances of a data breach. “This might not look like a necessity for every business, but hiring a dedicated cybersecurity professional could the best single step organizations can take to ensure the integrity of their data,” said Grinius. “Having an extra person on the payroll might come across as unnecessary expenses, but specialists of this sort prepare company-wide cybersecurity strategy, carry out periodic checkups, and provide other employees with necessary tools and knowledge to minimize risks.” Data encryption is something that, if applied by more companies, could potentially help diminish the growing global number of data breaches. When the data is encrypted, it can be only viewed by someone who has the encryption key. Otherwise, even if the company’s data has leaked, the information would render useless for
the illicit actors. “Enterprises need to encrypt their data not only when it is being stored on their local disks, known as data-at-rest, but also while it is being moved, known as data-in-transit,” added Grinius. “It is not enough to have your data, or the whole storage unit of it, encrypted prior to storing it on a disk. It is equally essential to ensure the security of datain-transit by encrypting the information before moving it, and using encrypted connections such as HTTPS or SSL, among others.” Finally, smaller enterprises can improve their cybersecurity standing by segmenting their data and limiting access to it. While this strategy can be troublesome to apply for companies with vast numbers of employees, organizations owning comparably small amounts of data and a lesser count of employees can undoubtedly benefit from this method. “When a company provides only a minimum amount of access needed for the employees to fulfil their roles, the risk of wide-spread breach greatly diminishes,” commented Grinius. “What is beneficial about this approach, is the fact that even though the data during a breach might get exposed, the breach won’t be system-wide, as the stored data is highly segmented.” ë
s e p t e m b e r 2 019
35
Top of Mind
rajeev dutt, REGIONAL BUSINESS DIRECTOR - MEA, SAI GLOBAL
36
s e p t e m b e r 2019
BAL
Top of Mind
Sizing Up Risks for Third-parties & Vendors
Third parties and vendors can bring a lot of value to the table – but with that also comes risk. How do you assess, address, and mitigate?
Instead of seeking to achieve the impossible and understand all risks a business faces, a better – or saner – approach is to look at the criticality of known, identifiable risks. Risk criticality involves looking ‘around’ the vendor. That is, assess the vendor’s necessity in the first place by asking questions all around their purported need, instead of more direct questions.
For example: What might the vendor’s data access frequency be like? Would that be the same, or change over time? Or by some other measure (e.g., as new records are added/deleted)? l What levels of data sensitivity does the vendor need? Can they clearly articulate which kinds, and why? Can they state what they will not need access to? l Which country or countries does the vendor operate in, from a labor perspective? What about from an electronic data storage perspective? This list isn’t exhaustive, but rather illustrative to explain a different way to size up a vendor or third party. Responses to those questions should not only yield answers, but also a visceral reaction to how important or critical a misstep in that particular area could be to your business. Using risk criticality as a yardstick Here are ten risk areas you should consider probing when assessing the criticality of risks for any particular vendor. As you think about these areas and the suggested facets to probe, document how one area might be more important, or critical, than another. The key to this exercise isn’t just understanding more about the risks, but to what degree they affect your business. l
Core company risks: FINANCIAL CRIMES AND SANCTIONS RISK: Are there protections in place to ensure your customers and suppliers aren’t laundering money for nefarious purposes or financing terrorists? Know Your Customer (KYC) provisions
demand you know who you’re doing business with, even in less advanced countries where it’s harder to know these answers. FINANCIAL STABILITY :How financially sound is this vendor or third party? Are they profitable? Or, do they have money in the bank, sufficient to last the duration of your foreseeable partnership with them? If a potential partner hits financial bumps in the road, then that could cause them to focus on things other than your partnership – a potential upset for your customers. LEGAL RISK: What is the partner’s track record with past or pending lawsuits? Are they generally litigious? Similar to a potential financial situation, avoid a third party or vendor who has or will have to spend considerable time with lawyers and courtrooms, stealing time from forging a solid partnership with your business. STRATEGIC RISK: is this vendor partnering with others in the same space? Moreover, are they partnering with a competitor? Is there a chance that your proprietary knowledge could be leaked? TECHNICAL STABILITY: Is the third party technically sound with respect to systems and infrastructure? Do they have documented uptime, and does it meet your minimum requirements? Do their multiple technical tools and services communicate correctly with one another? Business-specific risk areas: COMPLIANCE RISK: Does the vendor ‘walk the talk’ when it comes to ensuring that they operate by the book? Does this vendor comply with the numerous regulations and standards in their space? Moreover, do they comply with the standards in your space, if they are different? PROJECT, OPERATIONAL, AND PERFORMANCE ADEQUACY: How well-staffed and resourced is the third party? Do they have adequate human labor to carry out the duration of the relationship? Do they have a contingency plan in the event of attrition or sickness? Are the people well-skilled? Are the people a core part of that business, or outsourced (thus representing a
fourth-party relationship) DATA PRIVACY RISK: How well-versed is the third party in terms of maintaining data privacy? Are they keenly aware of all the various global regulations and requirements, depending on the level of sensitivity of your customer data? Has the vendor put data privacy at risk in the past? Can they produce a response or reason for these transgressions? How often does the vendor review their own data privacy governance? CORPORATE SOCIAL RESPONSIBILITY: Does the vendor operate in a socially conscious way? Do their external values align with your business’s? Would partnering with a particular third-party result in your business appearing less socially responsible? BRAND AND REPUTATION RISK: Can you assess what the customers’ general perception is of the third-party’s brand? How has the third party handled crisis in the past? How resilient are they when bouncing back from a crisis? Would partnering with them elevate the stature of your company? How likely is a crisis on their part going to negatively affect your business? How quickly could your business address and mitigate a crisis your vendor has, even if not related to your partnership?
What’s a company to do? To prevent yourself from being in the unenviable position of having to backpedal and respond to a breach, the first step is to reduce the chances of getting to that point. As mentioned earlier, it’s often Criticality Assessed – Now What? critical for businesses to partner with third parties and vendors to operate their business. Once the risks and criticality of those risks are assessed, businesses can now put into play a mitigation plan. Third-party and vendor risk mitigation can take many forms. (to be continued in next issue) ë
s e p t e m b e r 2 019
37
Top of Mind
Building resilience to cyber weakness during digital transformation A recent report from the government showed that 32% of businesses identified a cyber security attack in the last 12 months, and one of the most common attacks is spear-phishing - which involves sending targeted sophisticated emails to fool the victims. When a threat arises, the security team role is to investigate and determine the reality of an attack and its severity. This investigation makes it possible to set up a plan to defeat the offensive and, generally, better protect against certain type of attacks. One of the ways to investigate when a situation such as this happens is called victimology. This process allows security teams to quickly determine if they are dealing with a targeted offensive against businesses or traditional phishing. To explore this type of investigation, we’ll take the example of a protection system indicating in its alerts that it has blocked six spear-phishing attacks from the same sender, over a period of 45 days.
Victimology: identifying the motives and target of the attack The first step is to understand who these e-mails were targeted at. As the head of the investigation does not necessarily know all the company’s employees, their identities – including their title, position, manager’s name, geographical location, etc - should be imported in a Threat Intelligence Platform (TIP). There are several ways to build this list; they range from simple export from Active Directory to script that automatically inject data into the TIP via an Application Programming Interface (API), using standard software fields like PeopleSoft. With this set of data, it becomes easier to spot the similarities between the recipients of this spear-phishing campaign. An example would be they all work in the financial department. Therefore, a custom-designed attack against employees of that enterprise means the attackers
38
s e p t e m b e r 2019
Steve Rivers, International Technical Director, ThreatQuotient
motivation would be financial.
Conduct a technical analysis to know which countermeasures to deploy The second step is a technical analysis of the attack. The timestamp of each event is sometimes a hint: if e-mails are sent at the same time of day, we can deduce that a script was programmed by an assailant who attacks on a substantial scale, which would mean that said company is only one target amongst a larger campaign. If this is not the case, it means that the company occupies all the attention of the attacker and that they are all the less likely to throw in the towel. The detailed analysis of the recipients can also reveal interesting points. For example, it may be that one of them only appears several days after
the attacks began and that, according to HR, he was not part of the financial team before that. Here, the opponent keeps up to date on the employees. E-mail scanning allows you to know if radically different content is being used for each dispatch, including attached items, vulnerabilities they address, and/or malicious code they embed. If this content evolves, it means that the attacker changes techniques to test the defences of the company and it is likely that he will continue to do so. Note that it is difficult to say if the attacker is only one person with a large arsenal of offensives or several pirates each with a specialty, but it is a safe bet that attacks are co-ordinated. This technical analysis enables to make arrangements when facing an attack. The company is in fact able to know how to make the teams aware, how to clean the posts, what technical countermeasures to put in place and better prioritise its vulnerabilities.
The perspectives brought by the investigation The investigation does not stop there. As the attack is obviously targeted, it will be necessary to compare the next spear-phishing attempt to those studied here and determine whether the attacker is still targeting the company and if the techniques used are the same. As part of this example, the next spearphishing e-mails will be integrated into a Threat intelligence platform and it is likely that future correlations are discovered, if for example we could see that the assailant began targeting the HR team. Ultimately, this investigation has revealed that the company had an opponent and had to redirect its strategy to defend against them. Such investigation gives tangible elements to reassemble information at the highest level and thus raise awareness throughout the company. ë
SEPTEMBER-DECEMBER, 2019
3
CONTINENTS
14
COUNTRIES
3000+
C-LEVEL EXECUTIVES
B R O U G H T BY
W W W. G LO BA LC I O FO R U M . C O M
#REVOLVESENTINELS PRESENTS
04 SEPTEMBER 2019
ADDRESS BOULEVARD, DUBAI, UNITED ARAB EMIRATES
11 SEPTEMBER 2019
KSA, RIYADH, KINGDOM OF SAUDI ARABIA
ARE YOUR CYBER SENTINELS ARMED? BROUGHT BY
OFFICIAL MEDIA PARTNER
FOR MORE VISIT: gecmediagroup.com CONTACT: arun@gecmediagroup.com, anushree@gecmediagroup.com, divsha@gecmediagroup.com, ronak@gecmediagroup.com, FOLLOW US:
www.youtube.com/channel/UCbR-mbzVb6RThghxHg_HxRg