CYBER SENTINELS SUPPLEMENT
BY I N S I G H T PA R T N E R
YOUR PREVIEW TO THE GULF INFORMATION SECURITY EXPO & CONFERENCE AND THE FIRST EVER GULF ENTERPRISE MOBILITY EXHIBITION & CONFERENCE
SECURITY SPECIAL INSIDE... ABOUT THE SHOW | PAGE 03 NEWS | PAGE 04-06 EXPERT VIEWS -CYBERSECURITY -DAN LOHRMANN | PAGE 07 ADAPTIVE TRUST DEFENSE FOR ENTERPRISE MOBILITY | PAGE 08 PROTECT YOUR ENTERPRISE’S DATA ASSETS | PAGE 09 DENY THE HELLSING APT | PAGE 10 FUTURE CITIES OF SMARTWORLD | PAGE 12 COHESIVE APPROACH TO ADVANCED TARGETED ATTACKS | PAGE 18 TOP 10 THINGS TO KNOW ABOUT THE INTERNET OF EVERYTHING | PAGE 22 ALL YOU NEED TO KNOW ABOUT THE FREAK VULNERABILITY | PAGE 26 SECURITY VENDORS | PAGE 14, 16, 19, 20, 28 - 32, 35 MOBILITY VENDORS | PAGE 33-34 SECURITY VADS | PAGE 32-36
GISEC - GEMEC 2015 SPECIAL | ABOUT THE SHOW
ABOUT
SECURITY INNOVATION FOR A CONNECTED FUTURE
MOBILITY INNOVATION FOR A CONNECTED FUTURE
With an estimated annual cost of US$100 billion from cybercrime, the global cyber security industry is projected to be worth US$120.1 billion by 2017, growing at an 11.3% CAGR. The MENA region is far from immune to these global threats, with government, commercial and security services all investing heavily to detect, protect and react to the ever-changing cyber landscape. GISEC is the region’s only large-scale information security platform, assembling industry, government and thought leaders to tackle threats, issues and countermeasures. GISEC 2015 is highly focused on addressing security concerns for I.T., Oil & Gas, Banking & Finance, Government, Legal, Healthcare and Telecoms industries. Key industry decision makers have the chance to meet companies providing world-leading solutions across dedicated industry verticals.
GEMEC is a three day confex for senior executives from across a range of industries, to identify, evaluate and source technology and mobility solutions to meet their current and future mobile requirements. GEMEC’s world-leading conference programme caters to the region’s enterprise and government decision makers who are envisioning new and creative ways to extend their competitive advantage. It comprises a range of targeted breakout sessions led by expert technology solution providers. These interactive sessions are aimed at giving attendees an opportunity to interact with some of the world’s leading enterprise mobility experts to discuss specific operational challenges and share unparalleled industry knowledge.
BY I N S I G H T PA R T N E R
PUBLISHER: SANJIB MOHAPATRA COO: TUSHAR SAH00 EDITOR: SANJAY MOHAPATRA sanjay@accentinfomedia.com M: +971 555 119 432
Enterprise Channels MEA is the only magazine, which can be trusted and looked upon by the partners as the true influencer. We are the only magazine which talks about the futuristic business dynamics. The magazine focusses on enhancing skillsets of the channel partners to offer solutions and services to the customers rather than dumping products with them. The magazine brings vertical-specific market opportunities and trends from ICT perspective and prepares the partners and the vendors to address the market.
ASSOCIATE EDITOR: KARMA NEGI karma@enterprisechannels.com SUB EDITOR: SOUMYA SMITA PRAJNA soumya@accentinfomedia.com REPORTER: ANUSHREE DIXIT anushree@accentinfomedia.com VISUALIZER: MANAS RANJAN LEAD VISUALIZER: DPR CHOUDHARY
SUBSCRIPTIONS INFO@ACCENTINFOMEDIA.COM SALES AND ADVERTISING RONAK SAMANTARAY ronak@accentinfomedia.com M: + 971 555 120 490 SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA yasobant@accentinfomedia.com PRODUCTION & CIRCULATION RICHA SAMANTARAY + 971 529 943 982
DESIGNER: AJAY ARYA
A P R I L 2 015
MEA
03
GISEC-GEMEC 2015 SPECIAL | NEWS
Is it indeed possible to make IoT security a reality? IoT is one of the many topics that will be dissected and debated at the 3rd Gulf Information Security Expo & Conference (GISEC). With the consumer, automotive and industrial sectors having been identified as those that will drive the immense growth of IoT, Cisco has warned that while IoT presents conveniences to individuals and organisations, greater challenges await companies and those responsible for defending the network from cybercrimes. “As organisations continue to seek ways to capitalise on the vast opportunities that IoT brings, the number and type of attack vectors will only continue to expand,” said Philippe Roggeband, Business Development Manager of Cisco Security Architecture and one of the keynote speakers at GISEC. Roggeband will be delivering his keynote
presentation on day two of GISEC conference, 28 April 2015. He will be zeroing in on the topic of ‘What do we need to make IoT security a reality?’, where he will reveal valuable insights on achieving the immense business benefits of IoT through a highly robust and secure network infrastructure, the big impact of small devices: how do you ensure the security of smart things, and the need for a new security model. On day one of GISEC conference, 27 April 2015, Les Anderson, Vice President Cyber, BT, will discuss threat scenarios from ‘IoT’ and ‘Software Defined Networks’ including next steps to protect against next generation of attacks. Also, Hani Nofal, Executive Director, Intelligent Network Solutions, GBM, will share his thoughts on connected chaos within the internet using anonymity and sharing devices.
PHILIPPE ROGGEBAND, BUSINESS DEVELOPMENT MANAGER OF CISCO SECURITY ARCHITECTURE
MOBILITY – THE PRESENT AND FUTURE OF IT Gulf Enterprise Mobility Exhibition & Conference (GEMEC) 2015 is all set to take place from April 26-28, 2015 at the Dubai World Trade Centre (DWTC) and brings together the world’s leading experts who will address the challenges and explore solutions, as well as opportunities, associated with enterprise mobility. Strategically co-located with the 3rd Gulf Information Security Expo & Conference (GISEC), C-level executives will get an opportunity to identify key I.T. security concerns and challenges together with employing cutting-edge business tools on how to secure enterprise mobility. At GEMEC, over 2,000 senior executives from 51 countries will be identifying, evaluating and sourcing technology and mobility solutions aimed at highlighting the business benefits through new and creative ways that will extend their competitive advantage. Among those who will share key insights at the conference are Annosh Thakkar, Vice President, Business & I.T. Transformation, Philips Netherlands; Sameer S Poonja, Head of Digital Technologies, Emirates Group I.T.; Jean-Pierre Mondalek, General Manager UAE, UBER; Arun Tewary, Vice President (IT) & CIO, Emirates Flight Catering and Bill Douglas, Head of Mobility, Royal Bank of Scotland, UK. “GEMEC is the perfect platform to offer
04
A P R I L 2015
MEA
participants the opportunity to identify, analyse and discuss optimal solutions to develop and implement a successful mobile strategy.” John Banks, Vice President, Software Group, GBM. Johnny Karam, Regional Vice President, MEA, Citrix believes GEMEC, a leading enterprise mobility conference programme of its kind in the Middle East, forms the right platform for the region’s enterprise and government decision makers to tackle mobile security issues which are foreseeing new and creative ways to face potential cybersecurity threats.
Trixie LohMirmand, Senior Vice President, Dubai World Trade Centre, said “DWTC will host the inaugural Gulf Enterprise Mobility Exhibition & Conference (GEMEC) to help identify solutions and innovations that meet users’ current and future mobile requirements. GEMEC will also highlight key themes including BYOD to mobile first strategy, mobile device management (MDM) vs mobile application management (MAM), security and corporate compliance, rise of machine to machine (M2) connectivity, and Enterprise Apps Development.
GISEC-GEMEC 2015 SPECIAL | NEWS
Protection against Advanced ThreatFortinet tells you how Fortinet brings together two complementary technologies: Next Generation Firewall and Sandboxing into a comprehensive and cost effective solution. Kalle Bjorn, Director Systems Engineering Middle East and Ahmad Arafat, Senior Systems Engineering at Fortinet will explain how, to combat advanced threat in the GISEC session – “Advanced Threat Protection: a strategic approach against an increasingly sophisticated threats” - on Monday, April 27, 2015 at 11.30 pm and Tuesday, April 28 at 3.00 pm. Fortinet will be present at the Gulf Information Security Expo & Conference (GISEC), taking place from April 26 to 28, 2015 at the DWTC. Apart from advanced threat protection, they will highlight on the need and effectiveness of a comprehensive, multi-technology three point strategy to eliminate the threat - Prevention, Detection, and Mitigation. Panel discussion titled ‘Before the breach actions to protect data from attacks’ on April 27th at 2:30 pm will see Nader Baghdadi, Regional Enterprise Director, South Gulf & Pakistan at Fortinet take part in a discussion to explain how protect the corporate network and also the data against any future attacks. “In 2015, we expect to see cybercriminals, fueled by the success of high profile hacks, continue to innovate with an even greater focus on deceiving and evading existing security solutions,” says Alain Penel, Regional Vice President - Middle East, Fortinet. “Thanks to
SPECIALIST VAD EMT TO SHOWCASE MOST ADVANCED SECURITY SOLUTIONS
MOHAMMAD MOBASSERI, CEO AT EMT DISTRIBUTION
ALAIN PENEL, REGIONAL VICE PRESIDENT - MIDDLE EAST, FORTINET
Fortinet’s ATP framework, the combination of our Prevent, Detect and Mitigate approach to advanced threats enables organizations to stop known threats before they infect the infrastructure, discover new threats and then learns to continually evolve and deliver enhanced threat prevention.”
emt Distribution has confirmed its participation in GISEC 2015.Speaking about emt’s participation, Mohammad Mobasseri, CEO atemt Distribution said, “For past few years, cyber threats altering the security landscape and posing a real danger to not to just the security corporates, businesses, governments but also to individuals. GISEC provides an excellent platform to network industry experts, security specialists and with like-minded professionals from all across the region.” emt Distribution will be displaying along with its vendors Avira, Secunia, DenyAll, Kaspersky,and WhatsUp Gold at Booth No.SR-A30, Sheikh Rashid Hall,Dubai International Convention & Exhibition Center, Dubai World Trade Centre, Dubai, UAE.
HELP AG TO SHOWCASE MSS ALONGWITH SUPPORTING VENDOR PARTNERS Help AG is participating in GISEC 2015, Dubai, where it will be present together with six of its vendor partners. In addition to demonstrating each of these vendors’ technologies, the company will focus on showcasing its own extensive portfolio of specialized security services which are delivered by its Strategic Security Consulting, Technical Consulting, Security Analysis, Coordinate Threat Mitigation, Managed Security Services and Security Assistance divisions. “GISEC is one of the main events for the Middle East IT security industry and is a must attend for any business that is looking to gain insight into the latest trends and technologies in the market,” said Stephan Berner, MD at Help AG. “We have the region’s most comprehensive
06
A P R I L 2015
MEA
set of best-in-class security solutions and services, many of which we will highlighted at the show. Our top executives, consultants and security specialists will all be present at our stand and will be capable of engaging with visitors, understanding their security requirements and proposing the best plan of action to address their unique IT needs.” Help AG has dedicated a large portion of its stand to a presentation section which will feature 15 short presentations per day on the latest security threats and the company’s services which address them. While the company will showcase the full scope of its service offerings, its focus will be on promoting its Managed Security Services (MSS) division which was established in March
STEPHAN BERNER, MD AT HELP AG
2015. Help AG’s stand will also feature six ‘demo pods’ wherein security technologies from its supporting vendor partners- Cisco, Symantec, Blue Coat Systems, Palo Alto Networks, OPSWAT, and F5 Networks- will be highlighted.
GISEC 2015 SPECIAL | EXPERT VIEWS
CSO CORNER
Risk AssessmentPressing Need of the hour One of the leading speakers at GISEC, Dan Lohrmann is known for his refreshingly practical commentary on computer security. Dan engaged in a twitter conversation over information security challenges prior to GISEC 2015. Excerpts.
What are the top 5 security trends that are likely to impact the Middle East? Security issues with the cloud, mobile, big data, internet of things (IoT) and critical infrastructure protection. You have been recognized time and again for your skills as CSO; what’s your best tip for CSOs worldwide? Build trusted relationships with the business. Many enterprises still don’t have a CIO-CISO system; many still manage with either- do you think that can be a trouble? To some extent yes. You need someone who is accountable and has the resources to get the job done right. The data we host on clouds- who is responsible for their security ? Are there strict norms regarding the same? The data owner will always answer to their customers. Again, you can outsource the function, but not the responsibility. You are a seasoned CSO; how have you seen the trends changing before you in enterprise security? Absolutely. The CISO has moved up the org chart,
and the role is getting more attention. Also, more threats and risks. Smartphones are not safe, but can’t be done away with too .So, is there a plausible solution indeed? Enterprises need to have mobile device management (MDM) and security processes and procedures that are enforced. This (MDM) is certainly not perfect, but it can lower mobile risk tremendously. Is there still no way to stop the cyber crime before it actually hits the enterprises? No single way. It takes great people, processes and technology. It is also a 7x24 challenge... Is it really okay to trust an enterprise’s security to a third party service provider? A good lawyer answer: “It depends...” You need to know who you are dealing with. Background checks. Trust but verify. Also remember that you can outsource the functions, but never outsource the risk and your company or government reputation Is cyber threat landscape of MEA anyway different from other regions? Every region has its own unique challenges, but overall it is very similar around the globe. The Internet has few borders.
DAN LOHRMANN
CHIEF STRATEGIST & CHIEF SECURITY OFFICER AT SECURITY MENTOR ; EX-CSO, STATE OF MICHIGAN
“Right now the bad guys are ahead of the good guys. I think the good guys will eventually catch-up, but it will take time.” Should cyber insurance be made compulsory? What’s your take? Not today, but mandatory cyber insurance may be coming. The industry must evolve first and agree to better standards. What’s the best tip for enterprise security now? A good risk assessment of your enterprise What is the biggest worry you see CISO’s grappling with globally? Moving forward - the explosion of mobile devices flowing into the Internet of Things (IoT) Antivirus, Firewalls - nothing is losing its value. Is security always going to grow more complicated only? Is there no simpler way out? Great point! It seems likely right now. And yet, the new products just keep coming don’t they? Right now the bad guys are ahead of the good guys. I think the good guys will eventually catchup, but it will take time.ë
A P R I L 2 015
MEA
07
GEMEC 2015 SPECIAL | GUEST TALK
ARUBA NETWORKS
Adaptive Trust Defense for Enterprise Mobility Employees emboldened by the ability to always stay connected have forced the hand of corporate IT departments to boldly go where networks have never gone before – everywhere and anywhere.
Remember the good old days – when users all carried the same corporate-issued device, apps were carefully vetted and distributed via welldefined procedures, and remote access meant using a VPN client with two-factor authentication and a physical RSA token generator? MerriamWebster’s online dictionary defines nostalgia as “sadness that is caused by remembering something from the past and wishing that you could experience it again.” IT professionals responsible for securing today’s mobile enterprise networks and data must feel a tinge of this every time Apple or Samsung announce a new product or operating system update. Why nostalgia? Because IT has lost control. The transformation from a static, wired environment to a dynamic mobile environment is to blame. Employees emboldened by the ability to always stay connected have forced the hand of corporate IT departments to boldly go where networks have never gone before – everywhere and anywhere. What’s worse, IT typically becomes aware of new products or services on their network only after they’re widely in use, forcing them to openly welcome unwanted technology without properly vetting it or fully understanding the risks. As a result, IT ends up performing a delicate balancing act; on the one hand there is a need to enable employees but on the other the daunting challenge of mitigating risks. Thus IT must ensure sufficient security measures are in place without overly affecting employee productivity. This presents some rather unique challenges due to security and management inconsistencies: l Devices and operating systems differ
08
A P R I L 2015
MEA
across platforms and manufacturers l User preferences and habits differ l Security components may or may not work the same when it comes to performing basic functions like user authentication Mobile security by and large hasn’t been able to keep pace. IT spend remains largely focused on perimeter defenses to weather the storm of external denial-of-service (DoS) attacks and zero-day exploits that generate headlines but pay little attention to mobile devices and users gaining access to network resources and data. And while solutions like mobile device management (MDM) or enterprise mobility management (EMM) make their way into the enterprise to address mobile access, implementations lag due to end user rejection of big-brother controls or cumbersome / non-intuitive workflows. In keeping with the times, IT must evolve security to address the risks introduced by enterprise mobility – specifically as it pertains to trust. In the past, physical security measures satisfied most trust requirements; if an employee provided proper credentials at the front door or perimeter, then trust would be established and access grated. But what about users who don’t go through the front door and aren’t asked to produce identification to validate their need to be there? If that same user comes through a back door, do we let them connect and give them the same level of trust? Conventional wisdom would suggest that we don’t. In fact, everyone and everything should be interrogated and an informed policy decision made. The ideal model would be to make a decision based on relevant context. Useful context
MANISH BHARDWAJ,
SR. MARKETING MANAGER | MIDDLE EAST & TURKEY, ARUBA NETWORKS
“In keeping with the times, IT must evolve security to address the risks introduced by enterprise mobility – specifically as it pertains to trust.” can include; l User identity and role l Type of device and ownership l Location l Has this device been seen before l Does the device meet security standards By gathering and using context, IT is in a better position to handle the unknowns that pop up on their network. Instead of treating everyone and everything as an un-trusted entity, IT can create adaptive policies based on business needs and associated risks. What’s more, IT can also mitigate many of the risks associated with anywhere, anytime and any device access without impacting productivity. Adaptive Trust provides IT visibility and control while drastically reducing risk. And more importantly, it can strengthen existing systems without introducing unnecessary or complicated procedures. A trust model that adapts to how people work delivers a better user experience while drastically improving security. ë
GISEC 2015 SPECIAL | GUEST TALK
BLACKBERRY
Before the Breach: 3 Steps to Protect Your Enterprise’s Data Assets “As much as I dislike when people overdramatize serious situations, I do believe that it’s not a question of whether someone will try to attack your digital assets, it’s a matter of how ready you and your business are when it happens”
Over the course of the past 12 months we have had public breaches stealing the headlines on a weekly basis. The woes of U.S. retailer Target come to mind, so does Sony- and Sony again- for that matter. A lot of people believe that this is because there is an increase in cyber-attacks; others say disclosure laws are revealing breaches that would previously have been swept under the carpet. It doesn’t really matter; the reality is breaches are happening. None of this is helped by the fact that more and more assets are moving to the digital realm. You don’t need to break into a bank vault to empty it, all you need to do is find a chink in the bank’s digital armor. What makes the attacks more brazen is the fact that the perpetrator could be sitting in a different country, governed by different laws, knowing that if they are sufficiently skilled, there would be no forensic trace that would stand up in court. Furthermore, the motivation is irrelevant – the attackers could be driven by politics, money or because the voices told them to do it.That tired employee we mentioned earlier doesn’t need to forget a large folder full of documents:A lost MicroSD card the size of your fingernail could contain everything needed to drive a profitable business firmly into the red. The fact is, your organization’s data (read “wealth”) will be out there for all to see. A focus on prevention is very important, but so is recognizing that you can’t prevent all breaches. You also need to be prepared to deal with a breach when it does happen. How well you’ve prepared will
determine the following three criticalfactors: 1) How fast you can identify that you’ve been breached; 2) How much data you’re going to lose and how much damage results; 3) How fast you can recover and get back to business. If you are looking for silver bullets, look elsewhere.What you will find here is a lot of good sense driven by experience. And good sense says that more preparation can save you from catastrophic repercussions following a breach. It’s not in my nature to make biblical references, but it is worth noting that Noah built the Ark BEFORE the rain. Step 1: The Audit We have difficulty justifying security spend because of the gap between IT and the business; the business can value data because they derive revenue from this data, while IT manages its storage and retrieval, so data audit is meant to bridge that gap and then define which bank you want to store which assets. Step 2: Divide and Diversify Divide: The idea here is to make each data store on its own worth very little, hence makingeach an insignificant target. Diversify: When you are stacking solutions, make it interesting, so that one vulnerability does not expose your entire network. Layers should present different types of defenses and challenges
NADER HENEIN,
REGIONAL DIRECTOR, ADVANCED SECURITY DIVISION, BLACKBERRY
“When you are stacking solutions, make it interesting, so that one vulnerability does not expose your entire network. Layers should present different types of defenses and challenges to an attacker, ideally from different vendors.” to an attacker, ideally from different vendors. Step 3: Breach Bootcamp This is when you prep and start tackling the human factor. Twice a year you should schedule a mock breach session, this will help you develop your “Breach SOP Book,” the A to Z of what to do and who to call in response to different breach situations. Preparation extends beyond technology. All in all, having proper controls will help mitigate a lot of the risk that stems from lost or stolen data, but preparation helps dissipate risk altogether and ensures that, if and when the worst happens, you and your company are ready and capable to rise to the challenge. ë
A P R I L 2 015
MEA
09
GISEC 2015 SPECIAL | GUEST TALK
KASPERSKY
Deny the Hellsing APT by default According to2014 Global IT Corporate Security Risks Surveyconducted by Kaspersky Lab and B2B International, 13% of organizationsin Middle Eastfrom different industries said they experienced targeted attacks aimed specifically at our organization in the last 12 months.
DENIS MAKRUSHIN,
TECHNOLOGY EXPERT, KASPERSKY LAB
Recently Kaspersky Lab experts have announceda new APT campaign that targetsgovernment institutions, mainly in the APAC region.It was named “Hellsing” after the string containing the project directory name found within the attack components’ code. To penetrate the target infrastructure, cybercriminals used a spear-phishing attack (targeted e-mails with spoofed sender e-mail address) containing malicious documents. It’s important to pay particular attention to protecting IT infrastructures against this type of attack, preferably by deploying additional proactive defenses. A well thought-out deployment of Default Deny scenario is vital for a truly comprehensive counter-APT strategy. According to Kaspersky Lab’s vision, such strategy includes both network-based and endpoint-based elements, with whitelisting technologies playing key roles. Over-cautious as this may seem, the reality is that there are still attack scenarios where typical AntiAPTs are powerless. Therefore extra endpointbased multiple security layers are to be considered which would be efficient against previously unknown malware components.
victim did not notice the suspicious file. A“Default Deny” scenario provides highly effective, proactive protection, even in instances where the cybercriminal somehow (e.g. using social engineering and evenduping the user into disabling anti-virus) managed to deliver the malicious payload to their victim’s system. The concept of “default deny” is not new, but it’s still effectiveagainst advanced threatswith custom-made components - often the case with APTs. For example, if malicious exe-files or dlllibrariesare successfully deliveredto the victim, Default Deny would not allow their execution in the operating system environment because such files are not contained in a white list of authorized, safe applications. Default Deny excludes all options to start executable code. The next phase of the attack involves collecting information from the operating system, which may result in an escalation of privileges, the installation of backdoor or additional modules. As a rule in such instances, executable files and dynamic libraries are being used.But if they are not a part of the trusted environment, Default Deny will not allow them to run.
Art of Default Denying an APT At the stage of “infection” attackers use various techniques for delivering malicious code to the victim’s operating system. The ultimate goal of these attacks: to deliver the backdoor to the victim’s operating system and run it. “Payload” is an executable (.exe) file or library (.dll), containing malicious code. In Hellsing’s case,the attacker uses social engineering to dupe the user into launching an exe-file from RAR-archive. The exe-file extension was replaced with an innocuous one and the
Powerful yet cost-effective Besides additional benefits including greater IT network stability, and lower maintenance time,it should be considered that deployment of a Whitelisting solution is one of the TOP4 strategies that can mitigate 85% of existing APT-related risks. The Default Deny scenario is the safest known variant of such an approach. Compared with many standalone solutions for Default Deny implementation, even greater cost and operative efficiency can be achieved through
10
A P R I L 2015
MEA
“Compared with many standalone solutions for Default Deny implementation, even greater cost and operative efficiency can be achieved through the deployment of a truly integrated endpoint protection system that includes Default Deny capability.” the deployment of a truly integrated endpoint protection system that includes Default Deny capability. It’s worth the effort While the implementation of a Default Deny scenario is often considered too complicatedfor the average business, for institutions dealing with extremely sensitive data, the effort is likely to reap rewards. Kaspersky Lab’s convenient implementation tools mean the process doesn’t have to be too taxing. Currently all components of “Hellsing” APT are blocked by all Kaspersky Lab solutions. ë
Potential should not be tied down. With Dell Mobility, your people are more satisfied, more productive, and you’re confident that your data is secure See how we can help enhance your business’ performance at Dell.com/mobility
GISEC GEMEC 2015 SPECIAL | GUEST TALK
SMARTWORLD
The Future Cities of Smart World According to the Department for Business, Innovation and Skills – UK, smart cities industry is estimate to be more than US$ 400 Billion by 2020 globally.
The rapid urbanization and unprecedented growth of cities globally has never failed to attract people and businesses creating more opportunities and economic value to nations. It is estimated that more than 3.5 billion people are currently living in cities globally and 80% of global GDP is generated in these cities, these numbers are expected to change further with increase in expected population of 7 billion people living in cities in next three decades as per UN population report. The future cities globally are poised to becomesmarter and intelligent to deal with current challenges around performance, efficiency, safety and security towards better sustainability, economic growth and development. It is estimated that smart cities industry will be worth more than US$ 400 billion by 2020 as the current capacity building approach alone seems to be insufficient and unsustainable model. Thefuture cities will require right investmentsthat will largely focus on smart management of resources, mobility and assisted living, with focus on collaborative and inclusive government services that will require private and public partnership and citizen’s involvement. The key driving factors for the smart cities will be various digital services and presence of the internet connected devices in various forms such as wearable’s, sensors and control devices allowing faster services and generation of massive amounts of data. We are thinking about it in terms big volume, high velocity, variety and variability which is known as Big Data. This Big Data is hitting the enterprises from a plethora of sources or devices that produce a deluge of unstructured data that defies easy analysis. However, by addressing the technology limitation this Big Data would not only provide us with more information, it would give us better knowledge and different perspective to be more predictive, efficient and effective. The digital data (Big Data) generated from sen-
12
A P R I L 2015
MEA
sors, controller and user (Activities or behaviors) allows further analysis of historic or real-time data. This will enable organizations to make decisions based on analysis of entire data rather than smaller samples – for example, organizations targeting customer based on segmentation or behavior can further analyze individual customer data for better offerings, this model is widely used in insurance industry in some countries to offer insurance premium for drivers based on predictive analysis using driving data (using telematics devices) rather than just age criteria. Some of these opportunities will generate new sources of value; others will cause major shifts in value within industries. Big data initiatives will also allow us to create services around shared interests, communities or even needed information such as traffic, weather and environment.All of this is possible by using people, sensors or monitoring devices to provide the desirable information that can used to analyze and generate actionable intelligence. For example, people in the city of Santander in Spain have created something they call Participatory Citizen. It encourages citizens to use their mobile phones to report to city hall problems such as accidents. Officials notify the citizens when issues are resolved. The proliferation of these internet connected smart devices and its explosion into the consumer market will change the way technology is used leading to a major cultural shiftin businessesinnovations and behavior of residents. It is expected than more than 50 billion intelligence devices will be connected to the Internet by 2020. This fast adoption of the Internet of things (IoT) is however, threatened by various security issues. Critics have spun nightmare scenarios of hackers seizing control of these smart devices and causing a havoc, which could lead to property damage, life threats or simply denial of access to property. The recent connected devices used in health-
AHMED QURRAMBAIG,
SR. DIRECTOR – STRATEGY, RISK & EXCELLENCE
“Explosion of internet connected smart devices into the consumer market will change the way technology is used leading to a major cultural shift in businesses innovations and behavior of residents” care such as pacemakers and other monitors are also prone to security flaws that can lead to exploitation as demonstrated by prominent security researcher and hacker Barnaby Jack. Several issues will have to be addressed while dealing with big data as it is collected, transmitted and stored across various systems located within different geographies and regulatory landscape leading to privacy, security, Intellectual property Rights and liability. It would further require clarity on ownership, fair usage and failure of accuracy of information. Eventually, every aspect of our lives will be affected by big data. However, the intent, benefits and risks related to this has to be carefully analyzed for everyone’s benefit. ë
GEC AWARDS GLOBAL ENTERPRISE CONNECT
2015
BLOCK YOUR CALENDER
for 15th October, 2015 for the biggest industry awards
B ROU G HT BY
ORGAN ISE D BY
GLOBAL ENTERPRISE CONNECT
W W W . G E C O P E N . C O M
GISEC 2015 SPECIAL | END POINT PROTECTION
ESET
Smart security at low computing costs Its commitment to reliable and non-obstructive IT security has ensured ESET managing to become the first company to receive 80 VB100 awards from Virus Bulletin having not missed a single threat in Virus Bulletin’s tests since 1998.
Brief about your company? ESET is an IT security company that delivers leading-edge security solutions against cyber threats. We are dedicated to developing highperforming security solutions for home users and corporate customers, detecting and disabling all known and emerging forms of malware. Unlike other security vendors, ESET does not resort to scare tactics and advocating security by spreading fear. As a part of this mission, we launched two online portals. Through http://www.welivesecurity.com/, we inform our users about the latest threats and provide helpful advice to help them protect themselves. This keeps them up to date with all the latest trends in the IT security market. And through our newly launched http://www. goexplore.net/ platform, we present the best content of the web to user. What are the competitive advantages of your products? ESET technologies are renowned for delivering high performance and award winning security with extremely low computing resource utilization. How many products you have? On the consumer side we have ESET Smart Security, ESET NOD32 Antivirus (for Windows and Linux), ESET Mobile Security for Android & ESET Cyber Security Pro (for Mac). For our business customers, we offer an even more comprehensive suite of solutions that address endpoint security, endpoint antivirus, remote administration, authentication, mobile
14
A P R I L 2015
MEA
security, mail security, file security, gateway security and collaboration.One of the key USPs of our solutions for businesses is that they eliminate a lot of the challenges that organizations face with administration. Our advanced remote administration tool, ESET Remote Administrator provides centralized oversight and control of all ESET security solutions deployed in the network. Who are your major customers in the region? Our major customers are mainly from the Government and educational sectors. How are you present in various countries in this region? We have very strong presence in the Middle East and have been active in this region for a considerably long time. Just last year, we moved to a larger office in Dubai which also has special training room facilities. This has enabled us to train more partners at our weekly training sessions. From this regional hub, we manage an extensive partner network in 11 countries: UAE, KSA, Kuwait, Qatar, Oman, Bahrain, Yemen, Lebanon, Jordan Egypt and Libya. Name your distributors and VADs FDC International, ASBIS ME, Bulwark Technologies, Zedan Information Engineering & iPoint Briefly tell about your partner ecosystem and engagement strategy From the channel perspective, we adopt a 100%
PRADEESH VS
GENERAL MANAGER, ESET MIDDLE EAST
We pride ourselves on our ability to deliver solutions that enable both business and home users to ‘enjoy safer technology’.” channel driven approach. This allows us to ensure that are partners are expertly enabled and have ready access to the best support. ESET Partner Program is strategically designed to offer our valued partners a wide range of benefits, certifications, trainings, and rewards thus ensuring our mutual profitability and success. Our resellers are exclusively entitled to attractive incentives, rebates, co-marketing tools and other value additions. This year, we launched a rebate program for our retail partners as well called the ESET Retail Partner Program. Our partner-driven approach to business gives our channel the confidence that we always have their best interests in mind. Please highlight the major deployments done in the past one year. Last year, the British University in Dubai (BUiD) significantly strengthened its IT security posture with a campus-wide deployment of ESET Endpoint Security. In the 6 months since its deployment, BUiD has not registered a single support call with ESET- something that was a fairly regular exercise with the institution’s previous security solution. ë
GISEC 2015 SPECIAL | ENDPOINT SECURITY
BIT9 + CARBON BLACK
Actionable end point intelligence “The Bit9 + Carbon Black Security Solution is the industry’s first and only integrated Endpoint Threat Prevention, Detection and Response solution”
Brief about your company? Bit9 + Carbon Black is a computer security firm dedicated to protecting endpoints and servers from a new generation of online threats through its advanced solutions. We offer a complete solution against complex threats that target enterprise endpoints and servers, making it easier to see—and immediately stop—those threats What are the competitive advantages of your products? Through our products organizations can effectively prepare for a breach by continuously recording endpoint activities, and rapidly respond to an incident by instantly isolating endpoint threats, terminating attacks, and remediating endpoints, through a remote connection to any endpoint in the enterprise. These new capabilities significantly reduce the time to detect, terminate and remediate cyber attacks. We cater to more than 20 top IR firms and MSSPs, which includes distinguished brands such as Dell SecureWorks, Kroll, Stroz Friedberg, and General Dynamics Fidelis among others, all of whom have come to rely on and trust our system. How many do products you have? For now, we offer four main products, Bit9 + Carbon Black, The Bit9 Security Platform, Carbon Black, and the Threat Intelligence Cloud. The Bit9 + Carbon Black Security Solution is the industry’s first and only integrated Endpoint Threat Prevention, Detection and Response solution. The Bit9 Security Platform, on the other hand, is the most comprehensive endpoint threat
16
A P R I L 2015
MEA
protection solution and provides organizations with the real time visibility, detection, response and industry leading prevention. Carbon Black is the industry’s only endpoint threat detection and incident response solution for SOC and IR teams that combines continuous recording and live response capabilities to prepare organizations for a data breach, instantly isolate endpoint threats, terminate ongoing attacks, and remediate threats at the moment of discovery. Finally, the Threat Intelligence Cloud offers a comprehensive, aggregated advanced threat intelligence solution that combines Bit9 + Carbon Black’s leading software reputation and threat indicator services with third-party intelligence sources to provide some of the industry’s most powerful, correlated and accurate threat insights. How do these products address various technology requirements of the market? We provide IT personnel with the power to stop advanced attacks while maintaining the proper balance between endpoint protection and enduser application accessibility. We make it possible for security analytics to detect and interrupt attacks in progress using custom and third-party threat intelligence capabilities that provide valuable actor, agent, asset and target information important to security operations teams. We help prepare incident responders for the inevitable compromise of perimeter defenses by continuously recording all application and file activity on every endpoint. We also deliver enhanced, actionable endpoint intelligence to SOC analysts via the industry’s
DAVID FLOWER,
MANAGING DIRECTOR OF BIT9 + CARBON BLACK, EMEA
“We offer the industry’s first and only endpoint threat detection and response solution that combine continuous endpoint recording and live incident response capabilities.” first and only Open API architecture to support integration with leading network firewalls, threat detonation devices, threat intelligence providers, and Security Event and Incident Management (SEIM) platforms that greatly improve threat visibility across multiple vectors for faster, more accurate identification of suspicious activity, threat diagnosis, and operational response. How are you present in various countries in this region? We actively participate in various events, exhibitions and conferences such as GISEC as part of our aim to solidify our presence in the UAE. We conduct studies and surveys to better understand the needs and requirements of enterprises in the GCC in protecting their cyber space in order to develop more sophisticated and modern products that can address their concerns. Name your distributors and VADs. Starlink is our Distributor in the Middle East. ë
GISEC 2015 SPECIAL | GUEST TALK
FORTINET
A Cohesive Approach to Advanced Targeted Attacks Advanced targeted attacks are being launched to steal sensitive corporate data, intellectual property and insider information. And traditional network defenses often cannot detect and mitigate them. 2014 saw many major brands and large companies making headlines, not for some remarkable post-recession economic recovery or innovative product, but for massive data breaches and it doesn’t look to be slowing down in 2015. These attacks grab the attention of consumers, lawmakers, and the media when they manage to breach very large organizations with dedicated security teams and extensive infrastructure designed to keep hackers at bay. However, nobody is immune – smaller organizations are targets as well, either as part of a larger coordinated attack or through a variety of distributed malware. Advanced targeted attacks are being launched to steal sensitive corporate data, intellectual property and insider information. And traditional network defenses often cannot detect and mitigate them. Prevention to Act on Known Threats and Information Known threats should be blocked immediately whenever possible through the use of next-generation firewalls, secure email gateways, endpoint security, and similar solutions that leverage highly accurate security technologies. Examples include anti-malware, web filtering, intrusion prevention, and more. This is the most efficient means of screening out a variety of threats with minimal impact on network performance. Anti-malware technology, for example, can detect and block viruses, botnets, and even predicted variants of malware withthe use of technology such as Fortinet’s patented CompactPattern Recognition Language (CPRL) with minimumprocessing time.Attacks can also be thwarted by reducing the attack surface. Detection to Identify Previously
18
A P R I L 2015
MEA
Unknown Threats Unknown “zero-day” threats and sophisticated attacks designed to hide themselves from traditional measures are being used every day to penetrate high-stakes targets. This element of the framework uses advanced threat detection technologies to examine the behavior of network traffic, users, and content more closely in order to identify novel attacks. Sandboxing, in particular, allows potentially malicious software to be handed off to a sheltered environment so that its full behavior can be directly observed without affecting production networks. Additionally, botnet detection flags patterns of communication that suggest botnet activity while client reputation capabilities flag potentially compromised endpoints based on contextual profile. Though incredibly powerful, this type of threat detection is resource intensive and thus reserved for threats that could not be identified by more efficient traditional methods. Detection, of course, is only anotherelement of the ATP framework. Mitigation to Respond to Potential Incidents Once potential incidents and new threats are identified, organizations immediately need to validate the threat and mitigate any damage. Users, devices, and/or content should be quarantined, with automated and manual systems in place to ensure the safety of network resources and organizational data until this occurs. At this stage, eliminating redundancy and creating synergy between different security technologies is the key to deploying a high-performing security solution, where the unknown becomes known. Of course, the cycle is not completed until this actionable threat intelligence is available at the different enforcement points and shared globally.
NADER BAGHDADI,
REGIONAL ENTERPRISE DIRECTOR, FORTINET
“Perhaps the most critical feature of the threat protection framework – one that is missing in many organizations’ security implementations – is the notion of the handoff rather than any particular technology or element.” This keeps cybercriminals at bay not just for one organization but for all organizations worldwide. Advanced threat protection relies on multiple types of security technologies, products, and research, each with different roles. However, each will be less effective if they don’t communicate with each other on a continuous basis, handing off data from one to the next. Fortinet integrates the intelligence ofFortiGuard Labs into FortiGate next-generation firewalls,FortiMail secure email gateways, FortClient endpoint security,FortiSandbox advanced threat detection, and other securityproducts in its ecosystem to continually optimize and improve each organization’s level of security. ë
GISEC 2015 SPECIAL | NETWORK SECURITY
PALO ALTO NETWORKS
Safeguarding Businesses with Smart Solutions Fundamental shifts in how technology is used – including the wider embrace of cloud computing infrastructure are raising concerns about new attack vectors.
How are you positioned to tackle the ever evolving cyber threat landscape? The security landscape in the Middle East is also showing signs of maturing as most of the organizations have started to accept that cyber security is a real threat; and managing it is a strategic business decision rather than just an IT decision. With Palo Alto Networks, you can better manage and protect the complex and ever-evolving ecosystem of modern technologies upon which your industry relies. Tell us about the products you have. To protect organizations from cyber threats and malware the Palo Alto Networks Enterprise Security Platform offers a unique preventative approach with three essential components – NGFW, advanced endpoint protection and threat intelligence cloud – to secure computing environments, prevent known and unknown threats, and safely enable an increasingly complex and rapidly growing number of applications. What are the distinctive advantages that your solutions provide? Middle East customers are always trying to adopt latest trends leaving legacy solutions behind. Our security architecture becomes the foundation that makes all trends possible by spanning the full customer infrastructure from user devices
such as smart phones, tablets or laptops to the data center through all customer office locations locally, regionally or globally and by creating a granular visibility of user and application behavior, creating controls and corporate policies regardless of location and/or device and a fully automated and integrated solution addressing known and unknown threats. What are the main pain points you are observing in the area of security? The biggest challenge we see regionally is achieving a continuous balance between executive support and budget spent while implementing integrated and automated solutions addressing all types of risk and while utilizing the customer skill set base of their engineers and staff. Tell us about your market model. Our Route to Market model is completely driven by the valued network of Channel distributors and partners. Our presence in ME region is driven by the commitment to thought leadership, innovation and support for our partners and customers and a model that isn’t just channelfriendly, but channel-centric, with ongoing investment in partner enablement. Our presence is steadily growing in the region with triple-digit year-over-year growth in Dubai and a similar trend in Riyadh & Doha. What kind of special partner engagement initiatives have you been
SAEED AGHA,
GENERAL MANAGER MIDDLE EAST, PALO ALTO NETWORKS
“Palo Alto Networks solutions are a complete paradigm shift from a detection and remediation stance to one of prevention.” promoting? Our direction has been to secure & support our customers and partners and enabling them to take the full advantage of our leading & innovative technology. People, Education/ Training & Proof of Concepts resources are the biggest components of our investments as we are acquiring & then nurturing talent and expertise, in local region. We are also at the threshold of launching our Academy Program in select countries in ME to identify talent and also create a talent pool & bridge security skill sets gap seen n some markets. We also focus on education & skill upgrades for our partners & customer’s teams and run regular Expert Forums. We also actively support the Palo Alto Networks Fuel User Group, a global community, with a branch in Dubai, established to drive knowledge sharing and best practices among security professionals across multiple industries. Palo Alto Networks is also a co-founder of Cyber Threat Alliance, which is fostering collaboration and knowledge sharing among global security companies and the security industry. ë
A P R I L 2 015
MEA
19
GISEC 2015 SPECIAL | NETWORK SECURITY
CYBEROAM
Holistic Benefit for Security Needs Cyberoam has recently added next-generation management (NM) series of Cyberoam Central Console (CCC NM) appliances and next-generation reporting (NR) series of iView appliances, to its range of product offerings.
Brief about your company? Cyberoam Technologies, a Sophos Company, is a global Network Security appliances provider, offering future-ready security solutions for physical and virtual networks with its NGFWs and UTM appliances. Cyberoam offers comprehensive network, web & content, application and email security while providing secure remote access and data leakage prevention. Cyberoam is accredited with prestigious global standards and certifications like EAL4+, CheckMark UTM Level 5 Certification, ICSA Labs and IPv6 Gold logo. What are the competitive advantages of your products? Cyberoam security is designed to deliver an optimal mix of Performance, Scalability, Price and Future-ready Security. Unlike many network security vendors, Cyberoam thrives with its own in-house team of R&D and threat research labs. Recently, with CyberoamOS 10.6.2, the company has achieved major improvements in network security performance. Moreover, all Cyberoam security solutions are underpinned by Extensible Security Architecture (ESA) and thus deliver future-ready security in enterprises with multiple deployment scenarios – allowing configuration as high performance Firewall /VPN /IPS /WAF, NGFW, UTM or Proxy. How many products you have? Cyberoam brings a comprehensive portfolio of NGFWs and UTM network security appliances that fulfill security needs for businesses of varied size including SMBs, mid-sized organizations and large and distributed enterprises. In addition,
20
A P R I L 2015
MEA
Cyberoam has CCC and i-View appliances to support Centralized Security Management and Centralized Network Monitoring respectively. Cyberoam NGFWs and UTMs are available as both hardware as well as virtual appliances. Towards the end of 2013, Cyberoam added holistic security for ICS / SCADA networks on its security appliances and unveiled a unique cloudbased security management service (CCMS) for its partners and resellers. Who are your major customers in the region? Cyberoam enjoys significantly entrenched presence in the region in a range of verticals including Education, Retail, Construction, Government, Oil and Gas and more. Which are the various countries in this region you have your presence in? The list includes UAE,OMAN,BAHRAIN,KUW AIT,QATAR,JORDAN, LEBANON,IRAQ and KSA Name your distributors and VADs? BULWARK DISTRIBUTION, FDC INTERNATIONAL and SNB Briefly tell about your partner ecosystem and engagement strategy? Being a 100% channel-driven network security organization, Cyberoam thrives on the strengths of its partners. To this end, Cyberoam empowers and equips its partners and resellers with latest products, technology know-how, free training &
RAVINDER JANOTRA,
REGIONAL SALES MANAGER, MIDDLE EAST AT CYBEROAM
“Unlike many network security vendors, Cyberoam thrives with its own in-house team of R&D and threat research labs.” certifications and other marketing handholding. Partner ecosystem is organized across 3 categories viz.Platinum, Gold and Authorized.With a view to delivering highest partner enablement, Cyberoam’s local team of enterprise account managers works closely with these partners, helping them at every stage of sales cycle while ensuring committed presales and post-sales assistance with state-of-the-art Global Support Management Centre, which is industry’s first ISO 20000:2011 customer support infrastructure. Please highlight the major deployments done in the past one year? A recent deployment with JumaAl Majid group remains a compelling case study. The customer has deployed 50+ network security appliances from Cyberoam to secure distributed business networks, users and IT led infrastructure.The project was led by our partner organization Jurrasic technologies; with committed support of Cyberoam. ë
速
www.juniper.net
Networks that know how to Your ideas. Visit Juniper on Mindware stand SR-E55 at Gisec 2015 and attend the Security Session on April 28th @12:30 pm
GISEC 2015 SPECIAL | GUEST TALK
CISCO
Top 10 Things Cybersecurity Professionals Need to Know about the IoE The IoE doesn’t just require networked connections but secure networked connections in order to capitalize on the estimated trillions of dollars of value to be gained globally over the next decade. The Internet of Everything (IoE) is accelerating, creating significant opportunities for organizations, individuals, communities, and countries as more things come online – along with the people, processes, and data that interact with them. IoE presents new challenges, particularly when it comes to cybersecurity. To help cybersecurity professionals cut through the hype and gain a better understanding of what to expect as the IoE continues to evolve, these top 10 observations might help: 1. Worlds will collide. We need to begin to implement cybersecurity solutions to protect all networks equally from attack while recognizing their specific requirements and priorities. 2. The attack surface will expand. With billions of new devices now connected to the IoT and more devices connecting all the time, the ability to gain visibility into these attack vectors, let alone close them to malicious actors, is increasingly difficult. 3. Threat diversity will increase. Due to the variety of objects adversaries can target, many of which are in insecure locations, attackers are able to devise new methods the cybersecurity industry has yet to face and blend sophisticated techniques to accomplish their mission. 4. Threat sophistication will continue. Threats have already become stealthier, evading initial point-in-time detections and using nearly imperceptible indicators of compromise to reach their target. Cybersecurity systems that rely exclusively on point-in-time defenses and techniques can’t keep up with unfolding attacks. 5. Remediation will become more urgent and more complex. When an attack does happen
22
A P R I L 2015
MEA
organizations can’t necessarily isolate a system because the cost and implications of shutting it down may be greater than the cost of an infection, presenting serious tradeoffs between protection and continuity of operations. Remediation methods will need to support a focused approach to quickly detecting, scoping, and containing a threat, cleaning up systems, and bringing operations back to normal. 6. Risk and impact will escalate. Sensitive data and personal information is flowing between process and business domains . The vast majority of these devices and domains rest outside the secure embrace of the IT and OT networks. The ability to protect this data wherever it goes and however it is used must be addressed. 7. Compliance and regulations will mount. If unable to effectively and efficiently meet these requirements, an organization’s ability to gain value as an active participant in the IoE will be limited dramatically. In addition, as more devices are connected, lines of ownership and responsibility will become increasingly blurred. This introduces new challenges for managing and maintaining compliance with regulatory requirements. 8. Visibility will be paramount. Cybersecurity professionals need to see a real-time, accurate picture of devices, data, and the relationships between them, in order to make sense of billions of devices, applications, and their associated information. This requires more automation and faster analytics 9. Threat awareness will become the focus. In this amorphous perimeter, cybersecurity professionals need to presume compromise and
PHILIPPE ROGGEBAND,
BUSINESS DEVELOPMENT MANAGER OF CISCO SECURITY ARCHITECTURE
“Since every aspect of the network is now working together, our cybersecurity and physical security solutions must also work together with a coordinated focus on threats.” hone the ability to identify threats based on understanding normal and abnormal behavior, identify indicators of compromise, make decisions, and respond rapidly. 10. Action will need to be swift. This requires the right technologies, processes, and people working together and swiftly to be effective. What’s needed is a new, threat-centric security model that is as pervasive as the IoT and the threats themselves. This model must span a range of attack vectors and address the full attack continuum – before, during, and after an attack. With this model we can protect computer systems, networks, and data. And for many enterprises involved in industrial control and automation activities, we need to extend this same model to better protect operational systems that are the lifeblood of the enterprise and in many instances, our daily lives. ë
Cybersecurity Services Extend your team with Symantec to minimize detection and response times, reduce operational costs, and enable compliance. Now you can be more proactive about emerging threats and respond quickly and effectively when incidents occur. Visit symantec.com
#GoKnow Visit Symantec on
Mindware Stand SR-E55 During GISEC 2015
Copyright Š 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
GISEC 2015 SPECIAL | ENTERPRISE SECURITY
CISCO
Cybersecurity across the entire IoE continuum To secure the networked connections among people, processes, data, and things, an end to end security approach needs to be as pervasive as the Internet of Everything itself this is where Cisco’s solutions play a key role. Brief about your company? Cisco is the worldwide leader in IT that delivers intelligent cybersecurity for the real world, providing one of the industry’s most comprehensive advanced threat protection portfolios of solutions that is pervasive, integrated, continuous, and open. What are the competitive advantages of your products? Cisco’s threat–centric and operationalized approach to security reduces complexity while providing unmatched visibility, consistent control, and advanced threat protection across the extended network and the entire attack continuum. Cisco has been securing organizations of all sizes for decades, and we understand the rapidly changing security landscape. Cisco’s continued investment in software, data analytics and threat intelligence along with our assessment, monitoring, response and operational capabilities offer end-to-end cybersecurity across the entire IoE continuum. Cisco is uniquely able to provide a threatcentric and operationalized security model that provides continuous advanced threat protection, cloud-based security intelligence, and retrospective security, combined with security advisors and solutions that help companies address the shortage of talent in the security industry. Our framework for security covers the entire attack continuum - Before, During and After.
24
A P R I L 2015
MEA
How many products you have? Cisco has an extensive security portfolio which includes solutions for Access Control and Policy, Advanced Malware Protection, Email Security, Firewalls, Network Security, Next Generation Intrusion Prevention System (NGIPS), Security Management, VPN and Endpoint Security Clients and Web Security. Cisco’s security innovations provide highly secure firewall, web, and email services while helping to enable mobility and teleworking. To compliment our products we also have services to help our customers deliver, integrate and optimize. This is available through our extensive channel and in some cases directly.
ANTHONY PERRIDGE,
SECURITY SALES DIRECTOR, CISCO
“We also offer Master Security Specialization, which gives partners a powerful competitive advantage and qualifies them as part of an exclusive group” the best solutions and services to our customers.
Who are your major customers in the region? We have customers across all verticals in the region including government organizations, oil & gas companies, hospitality, healthcare and educational organizations. How are you present in various countries in this region? Today the company has Middle East offices in UAE, Saudi, Qatar, Oman, Kuwait, Bahrain, Afghanistan, Pakistan, Lebanon and Jordan.We have more than 870 Networking Academies in the ME with over 168,000 students since inception.We also have a strong channel network of reputed and established value-added distributors, distributors, resellers and systems integrators. Our global and local sales and support teams work closely with our channel partners to deliver
Briefly tell about your partner ecosystem and engagement strategy Cisco ensures that we train, enable and certify our partners and offer them the latest security solutions such as Cisco ASA with FirePOWER and Cisco ISE. Through our Channel Partner Program, which is designed to strengthen our partners’ ability to capture market opportunities, we train, enable and support our partners and help them gain a competitive edge. We conduct regular training programs, road shows and certification workshops and also incentivize and reward our performing partners. As the next phase in our Channel program, we have begun to offer our partners new Advanced Security Architecture Specialization, which has been created to provide partners with new skills to sell Cisco’s security products. ë
Secure Yourself!
partners@oppmusdistribuuon.com | www.oppmusdistribuuon.com
GISEC 2015 SPECIAL | GUEST TALK
QUALYS
All you need to know about the FREAK vulnerability Researchers have identified that a MITM attack can potentially force HTTPS connections to use weaker and easier to crack encryption.
HADI JAAFARAWI,
This past year we have seen an overwhelming interest in FREAK or “Factoring RSA EXPORT Keys.”FREAK is a vulnerability in Secure Socket Layer (SSL) that allows an attacker that has a Man-in-the-Middle (MITM) position to downgrade your computer’s SSL communication to an export grade cipher, which can easily be broken and accessed in less than 24 hours. Once the attacker has the key they can eavesdrop or modify your communication, and redirect you to impostor sites.While the full impact of this vulnerability is yet to be known, we do know that browsers, web clients and hosts can negotiate the strongest encryption “allowed,” falling back to weaker, “export” protocols as required. How It Works Researchers have identified that a MITM attack can potentially force HTTPS connections to use weaker and easier to crack encryption. This vulnerability affects clients that communicate with servers that offer RSA_EXPORT cipher suites and are using a implementation of SSL that is vulnerable to FREAK, which includes Microsoft Windows’s Secure Channel (SChannel), Apple’s and Android’s OpenSSL based libraries. The server part itself is not vulnerable, but a server can avoid its client from being attacked by not offering the RSA_EXPORT ciphers. An attacker connects to the web server with an export cipher and gets a message signed with the weak RSA key. Key gets cracked. For any future connections from innocent browsers, the attacker can act as a man in the middle (MiTM) connecting to clients, who will accept it. The attacker will then have access to all communication between the client and server.If hackers are successful, they could spy on communications as well as infect PCs with malicious software. As processing power increases and reduces the
26
A P R I L 2015
MEA
time and cost of breaking encryption, there is a direct impact to the security of weaker, shorter keys. While an RSA 512-bit key a few decades ago might have been considered a good option, it is not so today. The first 512-bit key was broken in 1999 and currently can be done through the use of on-demand computing power cloud provider in around seven hours at a low cost. What You Can Do Since the detection of the vulnerability was announced in March of this year, Apple, Google and Microsoft have released security patches to fix this problem. However these types of vulnerabilities are a reminder of the importance of good security hygiene within our networks and communication infrastructure. There has never been so much scrutiny of the security of the Secure Socket Layer (SSL) and Transport Security Layer (TLS) protocols like today. But, although most attention is on the protocol vulnerabilities, most organizations don’t realize that it’s their own actions that are proving to be bigger problems in practice.It is therefore important for businesses in the Middle East to ensure that systems and software are updated to avoid any potential threats. As cyberattacks continue to become more advanced, organizations are being forced to adapt to address new threats. In this complex security landscape, it is critical to be proactive and vigilant to protect against cyber threats in order to be as secure as possible. Practicing good cyber hygiene is the cornerstone to achieving this and in the enterprise, this includes: l Ensuring that only authorized devices are connected to company networks that limits the applications or software running on a company’s assets to only those necessary to meet business needs. l Securely configuring corporate assets,
MANAGING DIRECTOR, QUALYS ME
“Most organizations don’t realize that it’s their own actions that are proving to be bigger problems in practice.It is therefore important for businesses in the Middle East to ensure that systems and software are updated to avoid any potential threats.” removing default usernames and passwords and restricting the use of administrative privileges. l Continuously scanning for vulnerabilities and misconfigurations in company assets, and deploying a combination of network and endpoint malware defences using a mix of technologies, including blacklisting, whitelisting, heuristics, and virtualization. Qualys’ SSL Labs offers a free SSL Server Test that will tell users if their website’s server supports “export-grade” cipher suites, which are at the root of the vulnerability. Enter a domain name of any website into the SSL Server Test’s field, then examine the resulting report. ë
COMMUNICATE INSTANTLY SAVE TIME • SAVE COST • MANAGE EFFICIENTLY
Appliance based Gateways for Enterprise Mobility
APPLICATION AREAS • Alert Notifications (Datacenters/IT) • Third Party Application Integration (ERP, CRM, etc.) • Enterprise Messaging (SMS On-The-Move) • 2-Factor Authentication • Email-SMS Integration • Network Monitoring • IM-SMS Integration The sendQuick portfolio consists of appliance based Gateways for Enterprise Mobility. sendQuick devices such as Alert Plus and Entera helps in alerting on failure across IP address infrastructure - by either working on its own or with NMS solutions already in place. sendQuick Entera is a device that integrates with third party applications such as ERP, BI, DMS, SCM, MMS to facilitate messaging on set criteria. sendQuick ConeXa facilitates enhanced remote access security by integrating with RADIUS based SSL VPN and Active Directory to generate and deliver 2-factor authentication via SMS OTP, while sendQuick Alert Plus with HTTP Plug-in works with RSA to SMS-enable soft token delivery to mobile phones. In addition, sendQuick portfolio has sendQuick Communications for email-SMS integration on Microsoft Outlook, sendQuick Avera for Network Monitoring and sqoope, an in-premise appliance based Instant Messenger. TalariaX is an undisputed market leader in the purpose built appliance based Enterprise Mobility segment with clientele in 30 countries across 50 distinct verticals and a recipient of several awards worldwide.
www.talariax.com 76 Playfair Road #08-01 LHK 2 Building Lobby 1 Singapore 367996 Tel: +65 6280 2881 | Fax: +65 6280 6882 | Email: info@talariax.com | Support: support@talariax.com
GISEC 2015 SPECIAL | DDOS PROTECTION
ARBOR NETWORKS
Simplifying Network Security No matter how much the threats and attackers have changed, security still comes down to understanding networks. Arbor’s goal is to provide a richer picture into networks and more security context, so customers can solve problems faster and help reduce the risk to their business.
Brief about your company? Arbor Networks secures the world’s most demanding and complex networks from DDoS and advanced threats. Arbor has leveraged its unique customer footprint and experience working with the world’s most demanding network operators to develop a more enduring solution for the threats of today and tomorrow. Arbor does this not by focusing on specific threats or points in the network but on networks themselves. What are the competitive advantages of your products? What differentiates Arbor from other security companies is how Arbor leverages its pervasive service provider footprint to benefit all of our customers. Arbor’s Active Threat Level Analysis System (ATLAS) is a collaborative project with more than 300+ ISP customers who have agreed to share anonymous traffic data totaling an amazing 120Tbps. From this unique vantage point, Arbor is ideally positioned to deliver intelligence about DDoS, malware and botnets that threaten Internet infrastructure and network availability. Arbor customers enjoy a considerable competitive advantage by giving them both a micro view of their own network, through our suite of products, combined with a macro view of global Internet traffic, through ATLAS. . How many products you have? Arbor Networks has three product families: Arbor Cloud, Pravail and Peakflow. Arbor Cloud (Tightly integrated, multi-layer
28
A P R I L 2015
MEA
DDoS protection) Pravail Availability Protection Solution (On-Premise) Peakflow Threat Management System (High Capacity On-Premise Solution for Large Organizations) Who are your major customers in the region? Our customers include 90% of Tier One ISPs, and the leading brand names across Cloud Hosting, Finance, Retail, Manufacturing, Gaming and Social Media sectors. How are you present in various countries in this region? Arbor has sales and engineering teams present across the region to support customers; we also work with a number of partners. Additionally, we have an OEM relationship with Cisco to collaborate on DDoS protection for service provider and large enterprise network operators. Name your distributors and VADs?. Our distributors for the ME are Westcon and Starlink, and some of the key resellers are EliteVAD, Fireware and STS Specialized Technical Services. Briefly tell about your partner ecosystem and engagement strategy All of Arbor products are sold through the channel, depending on the geographic coverage
MAHMOUD SAMY,
REGIONAL DIRECTOR - HIGH GROWTH MARKETS (RUSSIA/CIS & MIDDLE EAST)
“Arbor’s goal is to provide a richer picture into networks and more security context, so customers can solve problems faster and help reduce the risk to their business.” requirements. The Arbor Advantage Program offers a flexible structure designed to accommodate our partners’ business models while maintaining a level of simplicity that our partners appreciate. Comprised of four partnership levels, the program is designed to make it easy for you to move up to higher partnership status – and greater rewards. Please highlight the major deployments done in the past one year Ooredoo, Qatar’s leading communication company has deployed Arbor Networks’ Peakflow platform in the cloud and Pravail platform on-premise to deliver an integrated managed security service offering to enterprises that utilizes best practices ë
CO
M G UA R D
R
GISEC 2015 SPECIAL | SIEM
LOGRHYTHM
Mitigating threats before they can damage LogRhythm uniquely combines enterprise-class SIEM, log management, file integrity monitoring and machine analytics with host and network forensics in a unified security analytics platform
Brief about your company LogRhythm is the leader in security intelligence and analytics, and empowers organisations around the globe to rapidly detect, respond to and neutralise damaging cyber threats. With threat sophistication ever-evolving, the world’s leading businesses are finally realising that it’s now a matter of when, not if, they will fall victimto an attack. LogRhythm’s patented and award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint forensics, and advanced security analytics. What are the competitive advantages of your products? The cornerstone of LogRhythm’s Security Intelligence Platform is an award-winning, nextgeneration SIEM and log management solution. LogRhythm collects and analyses data from more sources and provides greater out-of-thebox analytics and embedded expertise, delivering broader protection, deeper visibility and more actionable insight than any other solution on the market. LogRhythm’s patented machine analytics are powered by the AI Engine, delivering highly automated and easily customised advanced behavioral and statistical analysis. An easy-to-use interface allows organisations to rapidly customise and tune rules to fit their environment to minimise false positives and improve the Mean Time to Respond (MTTR) and Mean Time to Detect (MTTD) breaches.
30
A P R I L 2015
MEA
How many products doyou have? Unlike some other security vendors, SIEM is all we do. Therefore we are specialists in this arena and we uniquely combine enterprise-class SIEM, Log Management, File Integrity Monitoring and Machine Analytics, with Host and Network Forensics, in a unified Security Intelligence Platform. This platform is continuously updated to meet the changing needs of our customers. Major product upgrades are typically released every 18 months, with two significant minor releases in between each major release. How do these products address various technology requirements of the market? LogRhythm’s Security Intelligence Platform empowers global organisations to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before. It meets a critical market need for visibility into threats as an unprecedented number of organisations experience damaging data breaches. Behavioural analytics is also a development that the market will begin to see more of. The changing nature of threats has seen many of them become internalised, and there is now a greater need for suspicious activity – activity outside of what is considered normal – to be flagged immediately. Whether it’s malicious behaviour, accidental accessing or sharing of data, or industrial espionage, breaches are now just as likely to originate from within an organisation.
MAZENDOHAJI,
REGIONAL DIRECTOR – MIDDLE EAST, LOGRHYTHM
“Unlike some other security vendors, SIEM is all we do. Therefore we are specialists in this arena.” As the threat landscape continuously evolves, basic tools, or tools working in isolation, are no longer sufficient to provide the necessary protection. Alongside its technology partners, LogRhythm is able to provide a truly holistic defence package, empowering organisations to detect and mitigate threats before any damage has been done. How are you present in various countries in this region? We have recently established our regional presence through our sales and support office in Dubai. We have implemented a 2 tier GTM model by appointing major Information Security focused SIs in the Middle East region. Name your distributors and VADs? Spectrami & Exclusive Networks Briefly tell about your partner ecosystem and engagement strategy? LogRhythm works with a number of partners across 19 geographies to help deliver nextgeneration security intelligence to its mutual customers, enabling them to increase the value of their technology investments. ë
GISEC 2015 SPECIAL | CYBER SECURITY
FIDELIS
Evolving faster than Cyber Threats The Middle East is a key market for Fidelis as it provides opportunities with significant potential investments for companies to protect from APT and ZERO-day attacks
What products and solutions are you exhibiting at the show? General Dynamics Fidelis Cybersecurity Solutions offers a comprehensive solution to advanced threats with a powerful combination of products, services, and expertise. With the expertise of our people and services delivered through our Fidelis XPS Advanced Threat Defense Products and Network Defense & Forensic Services, commercial enterprises and governments have the specific skills and solutions needed to fight cybercrime. What is your expectation from this region? The Middle East region is a growing market with huge potential for IT security. There are many countries withemerging economies that will keep the growth moving forward for some time. Also, more mature economies like UAE and KSA have huge demand for new technologies and services. Overall, we see a great potential in thisregion; however, at the same time the market is highly competitive. Why is it important for you to be at GISEC 2015? The Middle East is a key market for Fidelis as it provides opportunities with significant potential investments for companies to protect from Advanced Persistent Threat (APT) and ZEROday attacks. Fidelis XPS provides customers in the Middle East with technology to detect malware, viruses, and zero-day attacks though emulation and sandboxing. Fidelis XPS enables our custom-
ers to decode DNS abuse for data breach over DNS, VPN over DNS, and to decode any protocol over any port including unknown proprietaryprotocols and SSL/TLS encrypted sessions. Tell us about your channel specific initiatives. We have partnered with Value Added Resellers (VARs), and Certified Value Added Distributors (CVADs), so they are able to serve major geographies in the region. We are 100% channeloriented in this region and our channel partners are our greatestasset. Our business strategy is concentrated around strengthening our channel partner network and expanding our product portfolio so it can deliver better margins to our partners. We intend to invest heavily in resources that can create a healthy channel network in this region; for example, a few months ago, we launched our new partner portal that includes incentives for our channel partners, whichwill provide many benefits to them. What’s going to be your prime focus this year? Our main focus remains on strengthening the channel, expanding, and enhancing our product portfolio that will deliver better margins for our partners. We plan to invest in awareness and visibility for our brand through marketing campaigns, participating in major events like GISEC. In addition, our business plan aims to help our vendor partners expand their reach across the region. Geographic expansion is also part of our
PETER G. GEORGE,
PRESIDENT, GENERAL DYNAMICSFIDELIS CYBERSECURITY SOLUTIONS
“Our awardwinning Fidelis XPS Advanced Threat Defense products enable organizations to discover and eradicate threats in real-time through broad visibility over all network threats” business strategy this year. What is your target for 2015? Fidelis plans to grow our branding, solutions, and awareness globally. We will continue to offer comprehensive solutions to enterprises that are facing advanced persistent threats. Our awardwinning Fidelis XPS Advanced Threat Defense products enable organizations to discover and eradicate threats in real-time through broad visibility over all network threats (both malware and non-malware based). Services available from our Network Defense and Forensic Services team enable enterprises to defend themselves against advanced adversaries and sophisticated attacks at any stage of the threat life. ë
A P R I L 2 015
MEA
31
GISEC 2015 SPECIAL | IT MANAGEMENT
MANAGE ENGINE
Keeping IT simple and affordable With more than 100,000 customers worldwide, ManageEngine is the fastest growing alternative to traditional network management frameworks.
NIRMAL KUMAR MANOHARAN,
REGIONAL DIRECTOR (SALESMIDDLE EAST) AT MANAGEENGINE
What products and solutions are you exhibiting at the show? ManageEngine is the enterprise IT management division of ZohoCorporation. The company delivers real-time IT management tools that empower an IT team to help an organization enhance its business productivity. About 3 out 5 Fortune 500 companies rely on ManageEngine’s products to ensure optimal performance of their critical IT infrastructure. What are the competitive advantages of your products? ManageEngine products are simple to use, highly scalable, and offer seamless integration with third-party management tools. How many products you have? ManageEngine believes in innovation and invests heavily on R&D. Today, ManageEngine has over 25 products that cover many key areas for effective IT management and security. The ManageEngine suite offers enterprise IT management solutions, including network performance management, IT help desk, application performance management, storage management, website monitoring, desktop and mobile devices management, log analysis & security, privileged password management and active directory management & reporting. In addition, ManageEngine’s Free Tools portfolio touches almost every IT domain from physical network devices to virtual servers in the cloud. How do these products address various technology requirements of the market?
32
A P R I L 2015
MEA
All ManageEngine products can be downloaded from the website, and the products will be fully functional in a matter of hours. A 30-day free trial is available for all ManageEngine products after which the user can opt to purchase the license from our partners in the region. Since ManageEngine has been in the industry for more than 13 years, we know the market trends better and the transformations and thus we address the upcoming requirements in all our products even before the requirement arises. Who are your major customers in the region? Some of ManageEngine’s regional customers are KhimjiRamdas, Averda, MedNet, Zulekha Hospital, Qatar Gas, and the Emirates Group to name a few. How are you present in various countries in this region? In the Middle East, we predominantly work through partners who have core expertise in the IT management space. Name your distributors and VADs Our gold partners are Elitser Technologies LLC (UAE), Burhan Technology Co. W.L.L (Kuwait), and Alnafitha International for Information Technology (KSA) and our silver partners are Hilal Computers - Al Hilal Group (Bahrain), TjDeeD Technology LLC (Jordan), Qatar Computer Service (Qatar), Future Technology Systems. (Kuwait), Naizak Global Engineering Systems (KSA), IT Pillars (KSA), Trust Information Technology (KSA), Digital Waves IT Solutions (Oman), and Zawawi Business Machines(Oman).
“The Middle East being one of the fastest growing markets for us, we see a lot of potential in this region because the market is matured and the adoption level of IT is at par with the western countries.” Briefly tell about your partner ecosystem and engagement strategy ManageEngine usually follows a single-tier partnership structure. We have SIs and resellers as our partners, who directly interface with customers. Our partner program supports resellers, who drive the sales process in their territory. This helps reachManageEngine products to a larger audience. Apart from ManageEngine’s User Conference every year, we conduct periodic partner’s training programs, workshops, and seminars to educate our partners on the new technologies and on our new features. The training programs include certification, interoperability, equity participation, and sales and channel strategy among other possibilities. ë
GEMEC 2015 SPECIAL | ENTERPRISE APPLICATIONS
FOCUS SOFTNET
Customized Innovation with Easy Implementation The Focus Suite of advanced business applications has enhanced business efficiency at more than 45,000 corporations across the globe.
Brief about your company? Focus Softnet aims to be the best IT solutions provider for enterprises in terms of growth, quality, and innovation. The company develops solutions that move businesses and helps them grow in a highly competitive environment. With vertical specific speciality, we intend to roll out highly niche solutions for the real estate sectors, manufacturing, retail, hospitality, sales, inventory and warehousing domains. This being the first edition of GEMEC; what prompted your participation in it? Focus has been a mainstay Enterprise Solutions organization with its own suite of ERP solutions which were mobile enabled right at the dawn of mobility technology. Being a company immersed in innovation, R&D, and being committed to staying ahead of the technology curve, it was only logical for us to showcase our strengths at the new GEMEC platform. What are the competitive advantages of your mobility solutions? Focus Softnet has been developing Enterprise solutions for 24 years now. We not only have generic enterprise solutions but have also developed customized and bespoke solutions for many of our customers. In keeping with the current mobility trends, we have developed several mobile apps for our solutions in addition to the PC and Web apps.
How do these products/ solutions address various technology requirements of the market? Focus’ enterprise systems, augmented by mobility solutions address a plethora of technology requirements of the market. Focus has a suite of platform-inclusive solutions which seamlessly integrate into each other and bring about user-experience uniformity throughout the Focus ecosystem. Additionally, Focus mobility solutions embody the “easy-to-use” mantra across all skill levels within target industries. Who are your major customers in the region? Focus Softnet’s client list in the region is constantly growing & includes prestigious names such as Air Arabia, Boeing, National Bonds, ICCAT, Taleem, Chapal World, Ajman Bank, SNASCO, Alinco, Total Lubricants, to name a few.. How are you present in various countries in this region? Focus Softnet began its ME operations in 1995 and then moved its regional headquarters to DIC in 2001. Since then, the company has experienced a resounding growth across ME with over 200 employees In 2008, Focus Softnet established its fully-owned subsidiary in the KSA and in 2009, the company moved its international HQ to Grosvenor Business Towers in TECOM.Focus has sales offices in the UAE, KSA, Bahrain, Qatar, Kuwait, Oman, Yemen and works through channel and franchisee partners in the Levant.
NISITH NAIK,
REGIONAL CEO – UAE, ASIA PACIFIC AND AUSTRALIA, FOCUS SOFTNET
“Focus has always prided itself in being an organization immersed in R&D with a commitment to staying ahead of the technology curve.” Briefly tell about your partner ecosystem and engagement strategy. Focus has embarked upon an aggressive partnership model which provides strong business models for partner organizations. Moreover, with such a successful implementation track record, the business model is all the more lucrative and rewarding for partner organizations. Additionally, all applications have been designed keeping in mind the implementation oriented approach thereby making application deployment a breeze compared to competing products. Please highlight the major deployments done in the past one year. Our solution, for a major real estate player in Abu Dhabi and Dubai, starts with a fully automated and integrated in-bound and out-bound call center for servicing tenants/occupants of residences and offices owned by the client. Moreover, the service contractors themselves have an app installed on their mobile device with barcode scanning capabilities. ë
A P R I L 2 015
MEA
33
GEMEC 2015 SPECIAL | ENTERPRISE MOBILITY
TALARIAX
Enterprise Mobility Made Easier 80% of Fortune 500 companies use sendQuick-the self-sufficient Appliance based solution for Enterprise Mobility; and TalariaX is all set to continue the success story with sQoopea highly secure instant Messenger
Brief about your company TalariaX is based in Singapore with clients across 30 countries . The company has been a market leader in the niche of Appliance based Enterprise Mobility solutions . TalariaX has been consistently innovating and has introduced several products for various requirements consistent with demand. TalariaX has won top honors at every award since its inception. What are the competitive advantages of your products? SendQuick appliances are plug-and-play devices that are self-sufficient. Once the solution is deployed, there is no need to purchase additional licenses if you scale up on users.SendQuick appliances are sector agnostic just as they support a host of connecting protocols. SendQuick has a tremendous market across Medium to Large Industries in every conceivable vertical. How many products you have? We have two streams – the first - appliance based gateways which go by the brand name ‘sendQuick’ The other is an appliance based instant messenger called “sQoope”. An in-premise appliance, sQoope is highly secure and intended for Enterprise IM. How do these products address various technology requirements of the market? Communication has to be established instantly, in a cost effective manner in a secure environment. The solution has to ensure interoperability across
34
A P R I L 2015
MEA
a heterogeneous environment with fail over redundancy and cater to the present requirements while being scalable for the future. sendQuick does all of that. Who are your major customers in the region? Large Petrochemical companies, Government Organizations, Defense Establishments, Academic Institutions, Banks, Audit Houses, Manufacturing Organizations, Telecom companies etc., are already our clients. How are you present in various countries in this region? Through our Distributors and their downstream (Systems Integrators and Resellers) Name your distributors and VADs. In the ME region, Bulwark Technologies based in the UAE for UAE, Qatar, Kuwait and Oman and Unisis is based in KSA for KSA and Bahrain are our exclusive Distributors. . Briefly tell about your partner ecosystem and engagement strategy We have a multi-tier eco-system where our Distributor sells onward to their downstream channel of Resellers and SIs In markets where we do not have Distributors, we sell directly to SI and Resellers. In the event we receive an inquiry from a direct client in a market where we do not have a channel partner, we try to route it to the nearest available partner (possibly in another country) failing which we address the requirement directly – duly explaining the aspects involved
ASHOK KUMAR,
CHIEF OF BUSINESS DEVELOPMENT [EMEA & SAARC], TALARIAX
“We are a sector agnostic offering meaning we can cater to any industry vertical in the Medium to Large Enterprise segment.” in such an arrangement. We identify partners with significant experience in selling solutions to Medium-Large Enterprises and then provide them with requisite training, marketing support and follow ups to ensure that they are successful in their mission. Please highlight the major deployments done in the past one year alongwith the partner involved in those. Ministry of Defense, Egypt was implemented by our partner GNSE. Rwanda Online was implemented by our partner SHI. Gulf Petrochemicals, Saudi Ericsson and Bahrain Bourse was handled by our partner Unisis, SOS International and Ministry of Agriculture was handled by our partner Orsenna, Hachette UK and Netstream was handled by our partner NU. Abu Dhabi transport was handled by our partner, Bulwark. All of the partners were responsible for complete client side interaction that included marketing, pre-sales, sales, implementation and post implementation support. ë
GISEC 2015 SPECIAL | ENDPOINT & NETWORK SECURITY
SOPHOS
Security Made Simple In a crowded, noisy market, Sophos strives for simplicity, making it simple for customers and channel partners to purchase, implement and maintain our security solutions; solutions that work together and scale as customer requirements expand.
Brief about your company? Established 30 years ago in 1985, Sophos is a global IT security company. Our mission is to be the best in the world at delivering complete IT security – software, hardware appliances and cloud based services – to protect small and mid-market enterprises, leaving them focus on their businesses instead of dealing with IT security-related threats.Moreover we are the only “Channel First” security company, with 100% channel sales. This means we only sell through distribution, direct marketing resellers, and valueadded resellers in all our regions, and we engineer our products with the Channel firmly in mind. What are the competitive advantages of your products? Frankly, we don’t see other companies doing what we’re doing. Instead the big guys are trying to be all things to all people – attempting to deliver solutions to everyone from the consumer to Citigroup – and they’re taking a point-product approach. We’re unique in our mission to supply complete security (as opposed to a piece by piece point product approach) in a simple, easy to deploy platform. Everything we do across the company is dedicated to delivering on that mission. If we do that well, and we continue with that passion and focus to make the cyber-world safe, with an eye on delivering world-class solutions that make security simple, that’s a very unique approach in the industry. How many products you have? Our solutions are divided into the three main
sections Network Protection, Enduser Protection and Server Protection. The networks group consists of UTM & Next-Gen Firewall, the ultimate network security package, Secure Web Gateway (Complete web protection everywhere), Secure Wi-Fi (Remote Ethernet Devices and Access Points) and Secure Email Gateway (Simple protection for a complex problem). Enduser means Enduser Protection Bundles (Comprehensive security for users and data), Sophos Cloud (Sophos Security. Cloud Simplicity), SafeGuard Encryption (Protecting your data, wherever it goes), Endpoint Protection (On-premise or cloud-based threat protection for Windows, Mac and Linux) and Mobile Control (Countless devices, one solution for MDM). Last but not least Server Protection includes Virtualization Security (Performs like it isn’t there. Protects because it is), SharePoint Security (Collaborate in confidence), PureMessage (Good news for you. Bad news for spam), Server Security (Pro-server. Anti-virus) and Network Storage Antivirus (High-tech security for high-tech storage) How do these products address various technology requirements of the market? The vision for Sophos is to be the company that understands the current security landscape, sees the future of where threats are going, and delivers the technology, process, and programs to protect users (corporate and consumer) so that they can focus their efforts on innovating and growing their business.
THOMAS THOELKE,
SALES DIRECTOR NEEMEA, SOPHOS
“We’re unique in our mission to supply complete security (as opposed to a piece by piece point product approach) in a simple, easy to deploy platform. Everything we do across the company is dedicated to delivering on that mission.” Briefly tell about your partner ecosystem and engagement strategy The Sophos Partner Program features tiered benefits to partners that reflect Sophos’s strong commitment to strengthening security and control throughout the network. Sophos Channel Sales Teams provide a deep level of support and are highly responsive to partners. The Program offers distribution of high quality leads to qualified partners, on-line deal registration and dedicated pre-sale and post-sale support. Extensive marketing support and comprehensive training programs are available to enable partners to grow their businesses through new customer acquisitions and incremental sales. ë
A P R I L 2 015
MEA
35
GISEC 2015 SPECIAL | VADS CORNER
How many brands you have and what is the USP of those brands? Ping Identity – provides hybrid SSO, secured authentication and identity services Kaspersky – advanced end point security solution, security intelligence service, anti DDos & fraud prevention Sophos – end point & perimeter security solutions Bluecat – complete IP address management, including DNS & DHCP security Nexthink – end user behavioral analytics, proactive ITSM,
COMGUARD
AJAY SINGH CHAUHAN,
CEO, COMGUARD
Brief about your company? ComGuard, established in 2002, is a prominent VAD in the IT & Security space. The company is headquartered in Dubai, UAE and is the flagship division of the Spectrum Group, which is engaged in IT networking and security training, managed services, niche hospitality solutions, network consultancy and Broad line distribution, amongst others. ComGuard has invested in its inherent strength in infrastructure, technical skills and customer support to create a niche for itself in the value added distribution space. The biggest strength for ComGuard is the skill sets, which has made it one of the fastest growing VADs in the region. Industry recognition and awards have come ComGuard’s way for its discerning ability to provide value addition to product offerings while effectively helping customers to make most out of them. Backed by a strong vision and sustained growth, ComGuard’s distribution reach covers 14 countries across the Middle East and APAC with a roster of more than 1,000 partners. As a VAD ComGuard represents a diverse range of world-class security vendors. What is the present turnover of the company and what is your YoY growth? The current turnover as it stands is app. 195 M AED, which boasts a 60% Year-on Year
36
A P R I L 2015
MEA
STRENGTHS l l l l l l
Pricing power Financial leverage Brand recognition Customer loyalty Technical strength Marketing muscle
WEAKNESS l Backend process robustness
OPPORTUNITIES l Emerging markets and niche technologies l New geographical reach
THREATS l Intense competition l Mature markets l Unstable market conditions
CONTACT CORPORATE HEAD QUARTERS 29th Floor, BB2, Mazaya Business Avenue, Jumeirah Lakes Towers, Dubai, United Arab Emirates Email:info@comguard.net Web - http://www.comguard.net/ Tel No.:+971 4 4576500
How do these products address various technology requirements of the market? Various requirements are catered to like handling overburden on multiple passwords, identifying individual access to an asset, provides protection against advanced end point attacks, provides secured online banking transactions, threat intelligence services to financial entities, complete security solution for SME segment in a single appliance, helps in managing the IP address space including IPv6, network automation and secured internet access, helps in visualizing end user experience with different applications. Allows help desk to proactively assist users What services do you provide as a security distributor? As a best-of-the-breed Information Security Distributor, ComGuard provides a web of services including Solutions designing, Pre-sales consultancy, Professional and customized Training services, committed post sales and technical support, onsite implementation & configuration services, POCs &Demos. What kind of support did you receive from the vendor in projects? As a VAD we attempt to address all foremost requirements of a project. Vendors are requested to intervene only when support levels are escalated to 3 and above. How are you present in various countries in this region? Head quartered in JLT, Dubai. Offices in Knowledge Village & JAFZA, UAE, registered office in AUH, offices in Riyadh & Jeddah, Egypt, Tunisia, Mumbai, Delhi, Bangalore, Singapore Tell about your road map? In 2015 we are primarily focused on Big Data, Iot, Analytics& Visualization, Cloud, webscale IT, Storage, Power, etc. ë
GISEC 2015 SPECIAL | VADS CORNER
enabling Optimus to provide complete turnkey, integrated solutions to its partners.
OPTIMUS
How do these products address various technology requirements of the market? Optimus believes in addressing the technology requirements of the market by virtue of its market enablement model that combines best of breed products and solutions into an integrated service offering for its vendor and channel base.
NAHULGORADIA,
VP - CHANNEL & ALLIANCES, OPTIMUS
Brief about your company? Optimus is a pioneering market enablement company that helps leading technology and telecom vendors develop and create business revenue streams in the Middle East, Africa and South Asian Regions. Founded in 2008, Optimus has leveraged its partnership with key vendors to become a regional player in technology growth and proliferation. In the 7 years since its inception, Optimus has disrupted the traditional technology sales and marketing business models to addeffective quality into the technology channel globally. What is the present turnover of the company and what is your YoY growth? Optimus is privately held organization we are not allowed to disclose our revenues but we have been witnessing close to 15-18% YoY growth over the last few years How many brands do you have and what is the USP of those brands? Optimus has built strategic partnerships with some of the best technology brands across the technology and telecom industry, including Huawei, McAfee, Bitdefender, Avayo, Opti-UPS, NetIQ, Novell, Maelys, Jabra&Interquartz in its portfolio. All these brands are market leaders in their own right and complement each other,
STRENGTHS l We are a Market Enablement company l Comprehensive suite of Complimentary Products and Services lOwn Cloud offering platform lIn-houseChannel Loyalty Program l 360° approach to business allows us greater market penetration and a keen ability to identify and deliver on opportunities. l Optimus is synonymous with pioneering initiatives to introduce the market with best-of-breed solutions, technology services and business practices, much ahead of its peers. And this has helped the company subvert challenges of competition, regulatory compliances or customer demands.
CONTACT 1603, Millennium Plaza Hotel Tower, near Emirates Towers metro station, Sheikh Zayed Road, Dubai E - partners@optimusdistribution.com T - +971 42379001 F - +971 4 3252558 website: www.optimusdistribution.com
What services do you provide as a security distributor? Optimus being a security solutions provider, we provide many services to our channel partners under our OptiSecure Security Consulting Practice. Our service portfolio has been designed to deliver strategic, financial & technical benefits to customers, helping them achieve the desired state of Information Security robustness. Our Security consulting practice offers a full range of security consulting services that can help identify, evaluate, and improve enterprise security across industry verticals in the region. Additionally, we support our partners with Sales, Presales & Professional Services to enable them to position & implement our products with their customers. Through the Optimus Academy, we also provide enablement services to ensure our partners and vendors are better equipped with necessary skills to address customer needs & requirements effectively. What kind of support did you receive from the vendor in projects? We work as an extension of our vendor’s channel & delivery team and close coordination is critical to the success of our partnership. We receive a lot of support from our vendors, right from customer interaction to technical assistance as well as ongoing trainings programs. How are you present in various countries in this region? Optimus as a regional solutions provider, we have direct presence in UAE, Qatar, KSA, Pakistan & Egypt. Through these touchpoints, we cover the entire MEA& South Asia markets. Tell about your road map? We shall continue to add brands & services in information security space to ensure our partners are able to provide cutting edge technologies with the desired services to their customers. One of the areas that we’re currently exploring is the MSSP space wherein we would be able to provide Security as a Service to customers. ë
A P R I L 2 015
MEA
37
GISEC 2015 SPECIAL | VADS CORNER
Protection, Risk Management, Secure Mobility& Operational Intelligence.
STARLINK
How do these products address various technology requirements of the market? The StarLink Security Framework provides a strategic approach that cuts through the clutter and is designed to simplify risk management and ensure that all critical controls for effective enterprise IT Security are in place. What services do you provide as a security distributor? To our valued customers we are expert consultants, bringing best-of-breed IT Security solutions to tackle their IT security concerns; to our vendors, we are a true extension of their sales, marketing and technical teams, The launch of the StarLink Choice program in 2014 helps our partners to optimize revenue and increase their profitability potential. .
NIDAL OTHMAN
MD, STARLINK MIDDLE EAST
Brief about your company? StarLink is acclaimed as the largest and fastest growing “True” Value-Added IT Security Distributor across the META regions with on-the-ground offices in 10 countries. With its innovative Security Framework, StarLink is also recognized as a “Trusted Security Advisor” to over 1000 enterprises and government customers that use one or more of StarLink’s best-of-breed and market-leading technologies, sold through its Channel network of over 250 Partners. The StarLink Solution Lifecycle helps Channel Partners differentiate offerings, and assists customers to identify key risks and define priorities for addressing IT Security gaps relating to compliance and next-generation threat protection. What is the present turnover of the company and what is your YoY growth? StarLink turnover was $75 million in revenue in 2014 and we are anticipating a growth to approximately $100 million in 2015.
STRENGTHS l Channel Focus: This year our theme is ‘Partnering into the Future’ l Our Exclusive rebate and incentive program l Experienced Management team l Proven technology Solutions l Leading vendors l Marketing prowess l True Value-Added-Distribution.
WEAKNESS SMB: StarLink’s focus has been on enterprise and Government customers and therefore has consciously overlooked the SMB
OPPORTUNITIES l New Partners l Emerging markets in the region:
CONTACT Tell us about your product portfolio StarLink’s True Value Added IT Security Distribution portfolio comprises of 24 leading vendors split into 4 dynamic solution areas, which provide cutting-edge predictive security to businesscritical data: Access Control, Advanced Threat
38
A P R I L 2015
MEA
Address: Office 4301, Mazaya Business Avenue - BB2 JLT, Dubai, United Arab Emirates. P.O. Box 99580. Email: info@starlinkme.net P: +971 4 2794000 F: +971 4 4306716 Web: http://www.starlinkme.net/
What kind of support did you receive from the vendor in projects? StarLink gets excellent sales and technical support from the vendors in its portfolio initially during the on-boarding process, but they typically stay involved only for the first couple of projects. After this point StarLink makes it a point to become an extension of the vendor team in the region. In many cases, StarLink becomes the Authorized Support Center for vendors, as well as, the Authorized Training Center. How are you present in various countries in this region? StarLink’s business operations have spread across UAE, KSA, Qatar, Bahrain, Oman, Kuwait and over the last couple of years, StarLink has successfully expanded and exponentially increased its presence in Sub-Saharan Africa, Egypt and Turkey. This year further expansion plans are being executed into Southern Europe and North Africa, as well as North America. Other African countries are also in the pipeline. ! Tell about your road map? From a portfolio perspective, we may also add a couple of key technologies, which are identified from Customer and Partner feedback. We expect to touch, if not cross, the $100 million turnover mark by the end of 2015 The general trend seen, for business expansion is from the West towards the Eastern countries! StarLink aims to be a trailblazer in reversing that trend! We are carrying our values, offering and success towards the West! ë
GISEC 2015 SPECIAL | VADS CORNER
growth? Turnover in 2014 is 10 Million USD; 35% YOY
SPECTRAMI
How many brands do you have and what is the USP of those brands? We have 7 brands. lLogRhythm – SIEM security intelligence lGeneral dynamics Fidelis Cyber SecurityAdvanced threat defense solution lTenable –– vulnerability management lXceedium – Privileged Identity Management lGood technology – Enterprise mobility management lActifio – Radically simple Copy Data Virtualization lViolin – All Flash storage array for the cost of disk
ANAND CHOUDHA,
MANAGING DIRECTOR AT SPECTRAMI
Brief about your company? Spectrami started with a vision of Vendor Extension model for the vendors that do not have a direct presence in Middle East. The purpose is to act as their extension arm of the principal in the ME in terms of delivering the same service level as they would, in case they had a presence here. We represent niche and specialized solutions that need a proactive engagement with the customer and partner ecosystem. The key to delivery of such solution is not just in presenting the solution to the market, but really in terms of creating a value for it, making customers understand and appreciate the value the solution gives to their business,. The success lies in empowering partners to sell it, carry out POCs, implementing and supporting them in customer’s infrastructure. This requires a comprehensive connected body of ecosystem consisting of sales, pre sales, post sales and marketing which works as a single entity to deliver a seamless experience to the customer and deliver the same experience as a large vendor would give. So essentially taking certain products that did not have a presence in the region and delivering the same high level SLA as a Tier 1 vendor is the overall contribution to business development that Spectrami creates. What is the present turnover of the company and what is your YoY
STRENGTHS l Unique Vendor Extension Business model l Strong Management team and experienced local team presence l Skilled and highly trained professional pool l Infrastructure for providing training backed by well equipped Customer Experience Center
WEAKNESS l Logistics, credit and Warehousing facilities
OPPORTUNITIES l Add more products to provide full range of solutions in the Security and Storage space l Security is growing market
THREATS
How do these products address various technology requirements of the market? Spectrami solutions portfolio consists of leading and bleeding edge technologies in the Security, Mobility and Storage space. This includes Advanced Threat Protection, SIEM, Network Security Analytics, Incidence Response Platform, Vulnerability Management, DLP, Advanced Forensics, OpenSource Intelligence in security, Enterprise Mobility Management in Mobility and Copy Data Management and All Flash Array in Storage solutions What services do you provide as a security distributor? We have two teams of technical complement, one the Business Technologist team which works as with customers in terms of helping them identify and adopt technology, the second is the service delivery team consisting of service delivery professionals and PMO who are responsible for post salesservice delivery. We also provide specialized services including delivering intelligence as a service, incidence response, SOC augmentation and threat identification and mitigation. How are you present in various countries in this region? We have local presence in all the regions with (KSA,UAE,OMAN,QATAR, KUWAIT ETC) sales and technical representatives.
l Oil prices going down
CONTACT Office 2402, Mazaya BB1 Tower, JLT ,P.O. BOX 487840, Dubai, UAE T: +971 4 4357209 M: +971 55 4706726 Web: www.spectrami.com
Tell about your road map? This year will see a substantial growth in business as the customers continue to invest in security and storage solutions. Spectrami has expanded and increased its presence in Kuwait, KSA, Qatar, Oman and South Africa. ë
A P R I L 2 015
MEA
39
GEMEC 2015 SPECIAL | AGENDA
Conference Agenda SUNDAY 26 APRIL 2015 - GEMEC 2015 9.00
Registration and welcome coffee
9.30
Chairman’s Welcome address
DISRUPTIVE INNOVATION IN ENTERPRISE MOBILITY TRAILBLAZER - Why ideation is critical to your enterprise mobility strategy? - Annosh Thakkar, VP, Business, & IT Transformation, Philips
10.00 - 10.30
Netherlands
10.30 - 11.00
TRAILBLAZER -
11.00 - 11.10
EXHIBITION OPENING CEREMONY
11.10 - 11.40
MORNING TEA AND COFFEE
11.40 - 12.10
KEYNOTE ADDRESS - Enterprise mobility at the forefront of the modern mobile economy - John Banks, Director of Software, GBM
Opportunity, efficiency and engagement: developing a futuristic enterprise mobility strategy - Bill Douglas, Head of Mobility, Royal Bank of Scotland, UK
TRANSFORMING YOUR MOBILITY STRATEGY KEYNOTE ADDRESS - Taking control with a holistic security strategy - Senior Executive, Citrix
12.10 - 12.40
SECURITY INTERVIEW -
12.40 - 13.10
Application economy and the impact of IoT on your mobility strategy - Sameer S Poonja, Head of Digital Technologies,
Emirates Group IT
13.10 - 13.40
KEYNOTE ADDRESS -
13.40 - 14.50
Networking Lunch
Stay Focused! The device is one thing, but managing information is everything - Eng. Muhammad Said, Managing Director, Asyad Capital for Technology Services
IDEA SWAP - Core tenets of successful enterprise mobility Jean-Pierre Mondalek, General Manager UAE, UBER Samir Khan, Regional Information Technology Head, African + Eastern Adrian Davis, Managing Director EMEA, ISC2 Jonas Zelba, Senior Research Analyst, ICT, Middle East and North Africa, Frost & Sullivan
14.50 - 15.30
RISK VS. RETURN 15.30 - 16.00
How eliminating mobility silos will reduce risk and optimize service delivery Walter Wehner, Director of IT Network and Infrastructure, Atlantis, The Palm
16.00 - 16.30
AFTERNOON TEA
16.30 - 17.00
Why building an enterprise application suite is worth the work Arun Tewary, Vice President (IT) & CIO, Emirates Flight Catering
17.00
CLOSING REMARKS from the chair
SUNDAY 26 APRIL 2015- BRIEFING DAY - GISEC 2015 10.00 - 10.10
Chairman’s Welcome address
INTEGRATING SAFE CITY INTO SMART CITY STRATEGY 10.10 - 10.40
TRAILBLAZER -
10.40 - 11.10
TRAILBLAZER -
11.10 - 11.40
MORNING TEA AND COFFEE
The journey from a smart city to safe city: strategic plan, projects, and technologies - Bassam AlMaharmeh, MSEE, CISO Ministry of Defence, Jordan
Staying ahead of emerging information security threats - Dr. Amirudin Abdul Wahab, Chief Executive Officer, Cybersecurity Malaysia, Ministry of Science, Technology and Innovation
CYBER SECURITY AND RESILIENCE Providing a safe and secure environment for future cities through smart technologies - Colonel Khalid Nasser Alrazooqi, General Director of Smart Services Department, Dubai Police GHQ
11.40 - 12.10
40
A P R I L 2015
MEA
GEMEC 2015 SPECIAL | AGENDA
Conference Agenda 12.10 - 12.40
KEYNOTE ADDRESS - Colonel Khalid Nasser Alrazooqi, General Director of Smart Services Department, Dubai Police GHQ Addressing cyber security and network challenges in creating a safe city
SECURE INFRASTRUCTURE 12.40 - 13.10
Developing a framework for improving critical infrastructure cybersecurity ; Donna Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Training, US Department of Commerce
13.10 - 14.10
Networking Lunch
14.10 - 14.40
Addressing cyber security and network challenges in creating a safe city - Joan Manel Gómez, Head of IT Security, Barcelona City Council
NEXT GEN SECURITY 14.40 - 15.10
IDEA SWAP- What new technologies and innovative tools can be embraced for ensuring city security? Shadi Khoja, Director of Strategy, Dubai Smart City. Dr. Amirudin Abdul Wahab, CEO, Cybersecurity Malaysia, Ministry of Science, Technology and Innovation
15.10
CLOSING REMARKS from the chair and close of briefing day
GISEC 2015 - DAY ONE, MONDAY 27 APRIL 10.00
Chairman’s welcome address
CYBER SECURITY MEGATRENDS CISOs CAN’T IGNORE 10.10 - 10.20
WELCOME ADDRESS
10.20 - 10.40
TRAILBLAZER - CISO 2020: Are you ready to be the guardian of your state?
10.50 - 11.20
TRAILBLAZER - No place to hide: Unmasking the risks and threats lurking in our cyber streets
11.20 - 11.50
MORNING COFFEE
Farid Farouq, Vice President IT, Dubai World Trade Centre
Dan Lohrmann, ex CSO, State of Michigan, US, Chief Strategist & CSO -Security Mentor
Steve Williamson, Director IT Risk Management, GlaxoSmithhKline, UK
NEXT GEN THREATS AND VULNERABILITIES 11.50 - 12.35
KEYNOTE ADDRESS - The threat landscape and future of hacking - Les Anderson, Vice Presidnet of Cyber BT, UAE
12.35 - 13.20
KEYNOTE ADDRESS - Privacy Dilemma - Hani Nofal, Executive Director INS, GBM, UAE
13.20 - 14.30
Networking Lunch
ART AND SCIENCE OF ENTERPRISE SECURITY IDEA SWAP - Before the Breach – actions to protect your data from attacks! 14.30 - 15.00
15.00 - 15.30
Manal Masoud, Principal Consultant, Paramount Computer System, UAE Amit Bhatia, Head of Information Security Governance, Oman Insurance Company Jonas Zelba, Senior Research Analyst, Information and Communication Technologies Practice, MENA, Frost & Sullivan Hadi Jaafarawi, Managing Director Middle East, Qualys Inc, UAE Nader Baghdadi, Regional Enterprise Director South Gulf & Pakistan, Fortinet
IDEA SWAP - Protection from within - learnings from the Snowden affair Ahmed Baig, Senior Director – Corporate Strategy, Risk & Excellence, Smartworld - A Dubai Government Entity, UAE Nick Pollard, Senior Director Professional Services, EMEA & APAC, Guidnace Software Inc, UAE
15.30 - 16.00
AFTERNOON TEA
16.00 - 17.00
TRAINING SESSION - Hands-on-Session: How do you build a vigilint security culture in your organisation? Dan Lohrmann, ex CSO State of Michigan, US
17.00
CLOSING REMARKS from the chair and close of conference day
17.30
I.T. Security AWARDS Ceremony
A P R I L 2 015
MEA
41
GEMEC 2015 SPECIAL | AGENDA
Conference Agenda GISEC 2015 - DAY TWO, TUESDAY 28 APRIL 10.00
Chairman’s welcome address
SCHNEIER ON SECURITY TRAILBLAZER - Reactions and learnings from the Sony Hack - Bruce Schneier, Fellow, Berkman Center for Internet and Society, Harvard
10.10 - 10.40
Law School, US
INTELLIGENCE DRIVEN SECURITY AND RISK MANAGEMENT KEYNOTE ADDRESS - What do we need to make IoT security a reality? - Phillipe Roggeband, Business Development Manager, Cisco
10.40 - 11.10
Security Architecture
11.10 - 11.40
KEYNOTE ADDRESS - The Defenders Advantage - Peter Clay, CISO, Invotas
11.40 - 12.10
KEYNOTE ADDRESS - Revealing the quiet intruder – understanding techniques used in modern cyber attacks - Brian Tokuyoshi, Senior Solutions Analyst, Palo Alto Networks
12.10 - 12.40
MORNING COFFEE
NEXT GEN THREATS AND VULNERABILITIES 12.40 - 13.05
KEYNOTE ADDRESS -
13.10 - 13.40
KEYNOTE ADDRESS - Intelligent Security Operations Centre (I-SOC) - Framework - Firosh Ummer, MD EMEA, Paladion
13.40 - 14.30
Networking Lunch
The enterprise impact of cyber risk through the shareholder lens - Kamran Ahsan, Senior Director of Security Services, Digital Services Business, Etisalat, UAE
INCIDENT RESPONSE IDEA SWAP - The future of authentication amongst web services Brett McDowell, Executive Director, FIDO Alliance Mayank Upadhyay, Director of Engineering, Google Dhruv Soi, Chair, OWASP India
14.30 - 15.00
IDEA SWAP - Protect, detect, respond: anatomy of an effective incident response plan Mohammed Darwish Azad, Head of Group Information Security, Group IT - Emirates NBD Roshdi A. Osman, Deputy CISO, Banque Saudi Fransi Mayank Upadhyay, Director of Engineering, Google
15.00 - 15.30
IDEA SWAP - Active defence: how can data-centric protection increase security in cloud computing and virtualisation?
15.30 - 16.00
Dr. Jassim Haji, Director Information Technology, Gulf Air George Yacoub, Acting Group CIO, SEHA
CLOSING REMARKS from the chair and close of the conference
16.00
42
A P R I L 2015
MEA
We unify. You thrive. In this hyper-connected, always-on world, today’s anywhere workers are demanding more from the devices and enterprise apps they use to connect and collaborate. We say, give in to their demands.
unify.com/thrive
Formerly Siemens Enterprise Communications
UNI-3746 ME Thrive Print Ad.indd 1
Copyright Š Unify GmbH & Co. KG, 2014
2/11/2014 2:49 PM