B YOND DETECTION
How XDR is redefining cybersecurity in 2025
Complementary forces in modern cybersecurity
AJEEVAN THANKAPPAN
jeevan@gcemediagroup.com
s cyber threats become more sophisticated, security solutions must evolve. The journey from AV to EDR and now to XDR highlights the need for a more integrated approach. However, the XDR market is already crowded, with varying definitions depending on who you ask. Today, even traditional monitoring tool vendors claim to offer XDR capabilities, creating confusion in the market.
At its core, XDR is an evolution of EDR, aggregating and analyzing telemetry from multiple security tools— network, email, cloud, and endpoints—leveraging AI-driven analytics to detect and respond to threats in real time. Unlike traditional SIEM solutions, which rely on log data and rule-based detection, XDR provides broader visibility and automated response capabilities.
Now, the industry debates whether XDR is a suitable substitute for SIEM. Traditional SIEM systems come with challenges, as many implementations fail due to complexity. XDR aims to fill the gap where SIEMs remain too focused on log collection, compliance, and traditional correlation rules to be highly effective in preventing breaches.
While XDR offers superior threat detection and response automation, it does not replace SIEM. SIEM plays a critical role in regulatory compliance, forensic investigations, and log management—functions beyond XDR’s primary focus. SIEM solutions aggregate logs for historical analysis, meeting regulatory requirements that demand extensive event storage and auditing.
Rather than choosing between XDR and SIEM, organizations benefit from using both. XDR enhances real-time detection and response, while SIEM ensures compliance, long-term data retention, and deeper investigations. Together, they provide a holistic security posture, bridging proactive threat management with regulatory needs.
As the cybersecurity landscape evolves, integrating XDR and SIEM is the best strategy for enterprises looking to maximize visibility, improve threat response, and meet compliance mandates effectively.
PUBLISHER TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM
CO-FOUNDER & CEO RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM
GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM
MANAGING EDITOR JEEVAN THANKAPPAN JEEVAN@GCEMEDIAGROUP.COM
ASSISTANT EDITOR SEHRISH TARIQ SEHRISH@GCEMEDIAGROUP.COM
CHIEF COMMERCIAL OFFICER RICHA S RICHA@GECMEDIAGROUP.COM
PROJECT LEAD JENNEFER LORRAINE MENDOZA JENNEFER@GECMEDIAGROUP.COM
SALES AND ADVERTISING SALES@GECMEDIAGROUP.COM PH: + 971 562 151 157
DIGITAL TEAM
IT MANAGER VIJAY BAKSHI
PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM
CREATIVE LEAD
AJAY ARYA
DESIGNERS
SHADAB KHAN, JITESH KUMAR, SEJAL SHUKLA
PRODUCTION
RITURAJ SAMANTARAY
S.M. MUZAMIL
DESIGNED BY
SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM
PRINTED BY Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE Office No #115 First Floor , G2 Building Dubai Production City, Dubai United Arab Emirates Phone : +971 4 564 8684
31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918
A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.
Bernd Greifeneder, CTO and Founder at Dynatrace
DeepSeek popularity exploited in latest PyPI attack
Dynatrace Expands Security Portfolio with Cloud Security Posture Management Solution
Dynatrace has announced the expansion of its security portfolio with a new Cloud Security Posture Management (CSPM) solution. For enterprises managing complex hybrid and multi-cloud environments, Dynatrace CSPM can significantly enhance security, compliance, and resource-efficiency through continuous monitoring, automated remediation, and centralized visibility.
Dynatrace CSPM extends its existing Kubernetes Security Posture Management (KSPM) solution and enables organizations to manage their entire cloud security posture through a single, unified platform. The solution aggregates and contextualizes security and observability information, can integrate with or replace existing hyperscaler-specific solutions, and provides insights into the security posture of both applications and the infrastructure they run on.
The powerful Dynatrace AI engine, Davis® AI, and the Dynatrace Grail™ data lakehouse combine security and observability data in context to provide comprehensive insights across code, libraries, language runtime, and container infrastructure.
Philip Bues, Senior Research Manager, Cloud Security at IDC said: “Cloud security teams get thousands of alerts every day. I’m excited about how observability context could provide Cloud Security teams with the ability to prioritize alerts, enabling them to remediate those that really matter.”
The Supply Chain Security team at Positive Technologies’ Expert Security Center (PT ESC) discovered and neutralized a malicious campaign in the Python Package Index (PyPI) repository. This attack was aimed at developers, ML engineers, and anyone seeking to integrate DeepSeek into their projects.
The attacker’s account, created in June 2023, remained dormant until January 29, when the malicious packages deepseeek and deepseekai were registered. Once installed, these packages would register console commands.
Stanislav Rakovsky, Head of Supply Chain Security at PT ESC, said, “Cybercriminals are always looking for the next big thing to exploit, and DeepSeek’s popularity made it a prime target. What’s particularly interesting is that the malicious code appears to have been generated with the help of an AI assistant, based on comments within the code itself. The malicious packages were uploaded to the popular repository on the evening of January 29. Thanks to the vigilance of PT PyAnalysis, Positive Technologies’ automated malicious package detection service, the threat was identified and neutralized within minutes. Despite the rapid response, the packages had been downloaded over 200 times.”
Tenable Plans to Acquire Vulcan Cyber
Tenable Holdings has signed a definitive agreement to acquire Vulcan Cyber Ltd. (“Vulcan Cyber”). Vulcan Cyber’s capabilities will augment Tenable’s industry-leading Exposure Management platform, enhancing customers’ ability to consolidate exposures across their security stack, prioritize risks and streamline remediation efforts across the entire attack surface.
Under the terms of the agreement, Tenable will acquire Vulcan Cyber for approximately $147 million in cash and $3 million of restricted stock units (RSUs) that vest over a future period. The acquisition is expected to close in the first quarter of 2025, subject to customary closing conditions.
“CISOs are overwhelmed with scattered security products, siloed tools and disjointed teams which makes protecting their organizations from exposure a massive undertaking. As the pioneer behind Exposure Management, we are driven to solve this central challenge of modern security — a fragmented approach to identifying and combating cyber risk,”
said Steve Vintz, Co-CEO and CFO, Tenable. “That is what this acquisition is all about. With Vulcan, we’re accelerating our Tenable One vision to radically unify security visibility, insight and action across the attack surface –from the data center to the cloud – to rapidly expose and close the gaps that put businesses at risk.”
Tenable plans to expand the Tenable One Exposure Management Platform with Vulcan Cyber’s robust capabilities, including enhanced visibility, extended third-party data flows, superior risk prioritization, and optimized remediation. By consolidating and aggregating vast amounts of data into the most comprehensive Exposure Management platform, Tenable is empowering organizations to confidently reduce risk across their entire environment.
“These capabilities aren’t just technical enhancements – they represent a fundamental shift in how organizations will manage cyber risks holistically into the future. For example, while having a cloud security platform is critical on its own, its power is exponentially
Mark Thurmond, Co-CEO and COO, Tenable
amplified when treated as part of a comprehensive exposure management approach,” said Mark Thurmond, Co-CEO and COO, Tenable. “By uniting disparate tools and data under one roof, we’re providing security teams with a fullspectrum view of their attack surface, enabling them to prioritize what matters most and act decisively to address vulnerabilities.
Positive Technologies specialist helps fix a critical vulnerability in MyQ Print Server
PT SWARM expert Arseniy Sharoglazov identified the CVE-2024-28059 (BDU:2024-01648) vulnerability in MyQ Print Server, a printing management solution. MyQ Print Server is installed on Windows servers of an organization to give a single access interface for controlling printers and scanners from different vendors. MyQ solutions are used in 140 countries around the world. The vendor was notified of the threat in line with the responsible disclosure policy and has released an update.
Arseny Sharoglazov said, “The vulnerability in question is of the most dangerous type: it allowed an unauthenticated attacker to remotely execute arbitrary code with just a single request. An attacker could gain full access to MyQ Print Server and intercept confidential documents waiting to be printed, user passwords, and other information. Typically, MyQ Print Server is situated within a company’s internal network. However, if attackers discovered a server-side
request forgery vulnerability in any other product on the perimeter, they could compromise MyQ Print Server, even if the system was not directly accessible over the internet.”
The MyQ Print Server 8.2 Patch 42 and lower versions were exposed to CVE-2024-28059 (BDU:2024-01648). The security flaw can be fixed by installing MyQ Print Server 8.2 Patch 43.
To detect and block attempts to exploit server-side request forgery vulnerabilities, it is recommended to use systems for analyzing application code security, such as PT Application Inspector, dynamic analysis tools, such as PT BlackBox, and web application firewalls, such as PT Application Firewall or its cloudbased version, PT Cloud Application Firewall. Vulnerability management systems, such as MaxPatrol VM, help quickly detect critical vulnerabilities in infrastructure. Network traffic analysis products, such as PT Network Attack
Discovery, identify attempts to exploit existing vulnerabilities and alert the SOC operator. Endpoint security tools, such as MaxPatrol EDR, reduce the risk of exploitation of vulnerabilities that allow attackers to remotely execute arbitrary code. MaxPatrol EDR allows you to detect malicious activity, send an alert to the SIEM system (MaxPatrol SIEM), and prevent attackers from carrying out the attack. It is also recommended to use VPN solutions to protect your internal network.
Gaidar Magdanurov, President at Acronis
Qualys introduces managed risk operation center (mROC) partner alliance to scale cyber risk services
Acronis Data Privacy Survey Reveals 64% of Global Consumers Cite Data Breaches as Top Privacy Concern
Acronis has unveiled the findings of its inaugural report, Data Privacy in 2025: A survey to explore consumer views on cyber protection. The report provides insights into global consumer attitudes and behaviors regarding cybersecurity and data protection. The report is based on a wide range of survey questions posed to consumers about their top privacy concerns, awareness of cyber risks, and the security measures used to safeguard personal data.
The findings reveal insights into the prevalence of data breaches, the adoption of security tools like two-factor authentication, and the significant gaps in practices like mobile security and regular backups. Notably, 64% of respondents identified data breaches as their top privacy concern, emphasizing the urgent need to strengthen personal cyber defenses.
“At Acronis, we’ve seen how both corporate practices and individual behaviors shape the landscape of data privacy and cyber protection,” said Gaidar Magdanurov, President at Acronis. “We launched this survey around Data Privacy Day to better understand how home users think about data protection and the steps they are taking to safeguard their information. While many people are rightly concerned about how organizations handle their data, this survey highlights that individuals also play a crucial role in protecting themselves.”
Qualys, Inc. a leading provider of disruptive cloud-based IT, security and compliance solutions, has announced the Managed Risk Operations Center (mROC) Partner Alliance, allowing select Qualys partners to expand their revenue streams by offering advisory, onboarding, integration, and remediation through a unified managed service to help their clients identify, quantify, assess, and mitigate cyber risks. This provides qualified Qualys Managed Service Solution Partners (MSSPs) the exclusive opportunity to grow their service offerings among Qualys’ extensive installed base of enterprise customers.
Organizations often face challenges managing the overwhelming volume of risk findings spread across siloed tools, resulting in inefficiencies and overlooked threats. To solve this, Qualys has transformed Cyber Risk Management with the Risk Operations Center (ROC) powered by Enterprise TruRisk™ Management (ETM). This innovative solution consolidates diverse risk insights into a unified view, quantifies and communicates cyber risk in terms of Business Value at Risk (potential loss of money, trust, productivity), and automates and orchestrates risk reduction to enhance an organization's security.
Achieving the full potential of the ROC is best achieved via trusted partners who streamline cyber data aggregation through integrations and connectors, apply industry-aligned risk models and quantification, and provide continuous cyber risk monitoring. These experts help CISOs communicate risk to executives, boards, and stakeholders in terms of VAR while ensuring risk is monitored and remediated in alignment with the organization's risk tolerance.
Sumedh Thakar, CEO at Qualys
Tenable strengthens its identity exposure capabilities to protect against compromises
Tenable® has announced the launch of Identity 360 and Exposure Center, two new Tenable Identity Exposure capabilities designed to help organizations pinpoint identity risks and take swift, targeted action to prevent identity-based attacks.
Identity management has become fragmented, leading to identity sprawl - a tangled web of accounts, permissions and misconfigurations across disparate platforms. This fragmentation severely limits visibility and risk detection, weakens access controls, and increases the threat of privilege escalation and lateral movement. The combined power of Identity 360 and Exposure Center simplifies this complexity, delivering unified visibility across identity providers to serve as a single source of truth.
“Compromised identities are at the root of nearly every successful cyberattack,” said Shai Morag, Chief Product Officer, Tenable. “Today, 75% of organizations manage
Shai Morag, Chief Product Officer, Tenable
two or more identity solutions,1 leading to increased complexity around identity security. Tenable Identity Exposure ensures that organizations have full visibility into
their identity risks and provides actionable remediation guidance so organizations can swiftly and confidently prevent attacks before they occur.”
Ransomware Payments Dropped 35% in 2024 as Over Half of Victims Refused to Pay Cybercriminals
After ransomware gangs extorted a record-breaking US$1.25 billion in 2023, and the value stolen in the first half of 2024 rose 2.38% year-on-year, cybercriminals seemed poised for another record payday.
“For years now, the cybersecurity landscape seemed to be hurtling towards a so-called ransomware apocalypse, so this sharp decline, to levels even lower than those in 2020 and 2021, speaks to the effectiveness of law enforcement actions, improved international collaboration, and a growing refusal by victims to cave into attacker’s demands,” said Jacqueline Burns Koven,
Head of Cyber Threat Intelligence at
Chainalysis.
Another positive trend is the widening gap between the amounts demanded by bad actors and the actual payouts made by victims — in H2 2024, there was a 53% difference between the two. Moreover, despite the number of ransomware events
Meriam ElOuazzani,
Senior Regional Director,
Middle East, Turkey, and Africa at SentinelOne
actually increasing in the second half of 2024, the number of on-chain payments declined, suggesting that while more victims were targeted, fewer paid. In cases where
victims did pay attackers, on average, the final amounts for these ransoms typically ranged between US$150,000 to US$250,000, regardless of attackers’ initial demands.
Mohannad Abuissa, Director of Solutions
Engineering at Cisco Middle East, Africa, Türkiye, Romania, and CIS
Protecting Hospitals from IoT Threats
Cisco Highlights Top Data Center Priorities for 2025
Driving efficiency, reliability, and resiliency in data centers is not just a matter of upgrades – it requires rethinking how data is stored, processed, and accessed to keep pace with evolving business models and shifting market landscapes. In this context, Cisco shares four priorities for data centers on which organizations should focus this year.
Gain flexibility by simplifying operations
Ensuring that new data science projects integrate smoothly into the data center while fulfilling all expectations for availability, security, and governance will make things easier for employees. Businesses should be able to innovate without having to fundamentally change data center management, as IT departments already face significant storage, compute, networking, and middleware challenges.
Ensure the data center is AI-ready (even if the business is not)
Tremendous hype around generative AI is creating an insatiable demand for faster, more efficient data centers to power intelligent solutions. Not every organization considers itself “all in” on AI. Yet all need to hit goals, reduce operational expenses, and keep ops running—and that alone can require infusing AI into processes or building data center clusters to train large language models (LLMs) at scale.
Vasily Dyagilev, Regional Director, Middle East, RCIS at Check Point Software Technologies Ltd.
The rise of Internet of Medical Things (IoMT) devices has transformed patient care, but it also brings significant cybersecurity risks. The US CISA has flagged a security issue with Contec CMS8000 devices, commonly used for patient monitoring, revealing a backdoor that sends patient data to a remote IP and could allow malicious file downloads.
Technical details aside, human safety is always paramount. Addressing this type of vulnerability ensures that clinicians make care decisions on accurate data, thereby ensuring patients get proper care. As noted by CISA, “…a malfunctioning monitor could lead to improper responses to vital signs displayed by the device”.
This article explores how Check Point's IoT Protect solution can help hospitals defend against such threats, leveraging insights from the 2025 Check Point State of Cyber Security Report and addressing the broader issue of IoMT security.
The Threat: Contec CMS8000 Backdoor
The Contec CMS8000 patient monitors contain a backdoor that compromises data security and device integrity, allowing unauthorized access to patient data, sending it to a remote IP, and enabling file downloads. These vulnerabilities risk data breaches, unauthorized manipulation, and disruptions in patient care.
GLOBAL CIO EXPERTISE, DRIVING INNOVATION FOR PEOPLE AND PLANET
CONSULTING | RESEARCH | ON DEMAND
RESEARCH
INSIGHT & BENCHMARKING
EMERGING TECHNOLOGIES
GOVERNANCE
RISK & COMPLIANCE
CYBER SECURITY
DIGITAL TRANSFORMATION
DEOPS & DIGITAL INFRASTRUCTURE
ERP & CRM
Mark Toussaint Senior Product Manager OPSWAT
Palo Alto
Networks
Highlights the Need for Platformization, AI-Powered
Security, and
Vendor Consolidation to Enable Secure Transformation
Optical Diode Achieves C1D2 Certification, Enhancing Safety and Cybersecurity in Hazardous Environments
OPSWAT has announced that its MetaDefender Optical Diode, specifically the Din Rail version, has achieved Class 1 Division 2 (C1D2) certification, setting a new benchmark in safety and cybersecurity for hazardous environments. This certification ensures that MetaDefender Optical Diode meets the strict operational and safety standards required for industries where reliability is paramount.
“The MetaDefender Optical Diode is engineered to meet the highest standards of safety and security, providing organizations in high-risk sectors with the confidence that their critical systems remain protected,” said Mark Toussaint, Senior Product Manager, OPSWAT.
The C1D2 certification is essential for organizations operating in environments with potential explosive hazards, such as oil and gas, chemical processing, and pharmaceutical industries, where combustible gases, vapors, or dust pose significant risks. This certification assures organizations that the MetaDefender Optical Diode has undergone rigorous testing to ensure safe operation in these environments, meeting both regulatory requirements and industry safety standards.
Using C1D2-certified equipment boosts operational safety, reduces accident risks, and ensures regulatory compliance. The MetaDefender Optical Diode helps prevent data breaches and secures information flow across industrial networks, supporting both physical safety and cybersecurity.
H.E. Dr. Mohamed Al Kuwaiti Head of the UAE Cyber Security Council (CSC)
With enterprises worldwide navigating disruption driven by the rise of Artificial Intelligence (AI), increased network complexity, and expanding threat surfaces, Palo Alto Networks, the global cybersecurity leader, will highlight the importance of Platformization, eliminating complexity, and the adoption o AI-powered cybersecurity at Ignite on Tour Abu Dhabi on February 16 at Emirates Palace Mandarin Oriental. The event, which will be opened by H.E. Dr. Mohamed Al Kuwaiti, the UAE government’s head of cybersecurity, will bring together 250 cybersecurity practitioners, decision-makers, and C-level executives for keynote sessions, presentations, tech demos, panel discussions, and customer success stories. Topics will include tackling growing complexity, AI-powered threats, the impact of new regulations, and empowering secure transformation for governments. "AI and cloud computing hold immense potential for transformation, yet they also introduce new risks that must be addressed to fully harness their benefits. Today, we must ensure that our organizations are empowered to leverage technological advancements while effectively mitigating the associated risks said H.E. Dr. Mohamed Al Kuwaiti, Head of the UAE Cyber Security Council (CSC).
2024 DDoS Attack Trends
Cloudflare has announced its 2024 Q4 DDoS report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network, which is one of the largest in the world.
HTTP DDOS ATTACKS
The majority of the HTTP DDoS attacks (73%) were launched by known botnets. An additional 11% were HTTP DDoS attacks that were caught pretending to be a legitimate browser. Another 10% were attacks which contained suspicious or unusual HTTP attributes. The remaining 8% “Other” were generic HTTP floods, volumetric cache busting attacks, and volumetric attacks targeting login endpoints.
RANSOM DDOS ATTACKS
In the final quarter of 2024, as anticipated, Cloudflare observed a surge in Ransom DDoS attacks. 11% of the attacks were HTTP
Bashar Bashaireh VP - Middle East, Türkiye & North Africa at Cloudflare
DDoS attacks disguised as legitimate browsers, 10% had suspicious HTTP attributes, and 8% were generic HTTP floods, cache busting, or login endpoint attacks.
Bashar Bashaireh, VP - Middle East, Türkiye
& North Africa at Cloudflare, said, “Too many organizations only implement DDoS protection after suffering an attack. Our observations show that organizations with proactive security strategies are more resilient.”
AmiViz Partners with Titania to Deliver Cutting-Edge Network Security Solutions Across the Middle East and Africa
AmiViz has announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing network security and the operational resilience of enterprises across the region.
As cyber threats grow more complex, organizations must secure, comply, and optimize their networks. Titania’s solutions, like Nipper Enterprise, offer near-real-time analysis of network changes to detect advanced threats like Volt and Salt Typhoon. By automating posture reporting and spotting potential compromises, it streamlines incident response and enhances security.
The agreement allows AmiViz to introduce Titania’s solutions to its broad partner network, serving key sectors like finance, healthcare, energy, and government. It provides resellers and system integrators easy access to Titania’s tools, along with training, technical support, and pre-sales assistance through its
Ilyas Mohammed AmiViz's Chief Operating Officer
extensive channel partners.
This partnership aims to meet the growing demand for proactive cybersecurity in the Middle East and Africa. Titania’s automated risk management aligns with the region’s digital transformation, while AmiViz’s market expertise will help expand Titania’s reach to custom-
ers seeking better network security.
Ilyas Mohammed, AmiViz's Chief Operating Officer, said, “We are excited to partner with Titania, whose innovative approach to proactive configuration security addresses a critical need in today’s cybersecurity landscape.”
Cyber-physical security in the Middle East
The integration of computation, networking, machinery and infrastructure has opened a new realm of operational efficiency improvement opportunities, transforming industries such as oil & gas, financial services, healthcare, manufacturing and beyond. The convergence of physical and digital systems, otherwise known as Cyber Physical Systems (CPS), has been ongoing since the 2010’s, with CPS underpinning many critical infrastructures, such as smart grids, healthcare devices and smart cities.
Given its importance in global value chain through its critical industries, the Middle East has had a few notable examples of the consequences of ignoring the importance of cybersecurity in CPS going as far back as 2017. In the TRITON attack that happened at a Saudi Arabian petrochemical facility in 2017, attackers exploited a remote access protocol to bypass security measures and gain access to the plant’s control systems through an engineering workstation. They proceeded to deploy malware that targeted Triconex controllers, an essential part of Safety Instrumented Systems (SIS) that monitor and shut down processes when hazardous conditions occur. The attackers were able to manipulate process control systems, causing a shutdown of several units. Luckily, no lives were lost but the company suffered
substantial monetary losses as existing security frameworks and systems failed to pick up “red flags” in real time.
That incident served a stark reminder for the Middle East, and beyond, that security frameworks needed to evolve together with the development of threat vectors and be continuously updated with real-time monitoring and adaptive response strategies that are suitable for an era of increasing granularity of digital and physical systems integration.
Fast forward to 2025 and our current “always-on & always interconnected” global market! The interconnection of digital and physical systems has never been as ubiquitous and comprehensive as it is today in the industrial landscape. Inevitably, this has exposed businesses & governments to a new wave of risks as bad actors can carry out their actions in the digital domain to wreak havoc in the physical layer at any time.
CPS-related cybersecurity threats have become more prominent and persistent and previous practises of periodic cybersecurity evaluations are now obsolete. Continuous Threat Exposure Management (CTEM) for CPS has therefore evolved from a security consideration to becoming an essential aspect of an organisations business governance, playing a key part in ensuring compliance, continuity & resilience.
CPS & CTEM: A necessary & powerful combination
LOUKAS TZITZIS
CEO & Chairman FORUS International Group - 2023 DX Inspire Awards Winner for Innovation Ecosystems
Cyber Physical Systems are essentially networks of smart devices and sensors that underpin critical infrastructures. In such conditions, CPS needs to continuously monitor and address challenges such as:
1. Real-Time Integrations
2. Unified IT/OT security
3. Complex Exposed / Vulnerable Attack Surface due to the presence of multiple technologies
4. Severe breach impact, threatening material and immaterial assets as well as human lives
5. The need for real time monitoring and behavioural analytics, powered by AI
6. Providing an adequate defence for multiple layers of client architectures, with built-in moats that can at least slow down attackers
7. Constant updating of vulnerabilities and weaknesses identification through audits and pen testing
8. Consistently defend Safety Instrumented Systems.
These aspects are even more critical in industrial environments that support business-, citizen- or even life-critical applications. The integration of CPS with CTEM frameworks are not an isolated IT concern anymore! CTEM-powered CP systems are a critical business and public safety matter that ensures operational & life c ontinuity by organisations adapting & responding to the evolving threat landscape and safeguarding both digital and physical assets.
Middle East: Where does CPS & CTEM matter most?
The integration of CPS with CTEM frameworks in the Middle East is a strategic global imperative, given the region’s status as a global energy powerhouse. It is therefore unsurprising that forecasts indicate that the Middle Eastern cyber physical security market is expected to grow at a CAGR of 14% over the next several years, exceeding the global average of 12%.
1. Oil and Gas
This is by far the most significant sector as any large-scale disruptions could have extreme economic, environmental and geopolitical ramifications across the globe. Typical Cyber physical system deployments include:
• SCADA Systems (Supervisory Control and Data Acquisition) systems responsible for processes management such as drilling, pipeline flows, and refining.
• Automated Safety Systems: Disaster prevention in high-risk environments
• Remote Sensors and Control Valves: IoT devices for real-time monitoring of various indicators.
Oil and gas companies in the region are allocating considerable budgets for CTEM, driving significant growth in the regional cybersecurity market.
Beyond Oil and Gas, there are multiple other sectors that play a significant economic and public welfare role.
2. Healthcare
The increasing complexity of the digital footprint of hospitals, the rise of connected medical devices—such as infusion pumps, MRI machines, and patient monitoring systems – and the increased legislative and regulatory focus on healthcare providers has made the healthcare sector come into immediate CPS & CTEM focus. Manipulation of digital and physical systems can lead to lead to compromised patient data or even direct harm to patients and public health crises.
In the Middle East, where healthcare facilities are increasingly adopting advanced technologies to interconnect systems for patient monitoring, diagnostics, and treatment procedures, integrating all relevant CPS with robust CTEM platforms & frameworks is crucial for the present and future of healthcare.
3. Financial Services
Powered by strategic foresight and a favourable regulatory regime, Middle East financial institutions have been advancing at a rapid pace that exceeds the global average. This advancement has brought a raft of digitalisation initiatives such as mobile wallets, real time transaction services, Web3 & Classical Banking convergence.
With oil and gas already in focus of malevolent actors, the financial services CP systems are now also under constant threat. Automated Teller Machines (ATMs), transaction processing centres, on-premises data centres and even physical branches must be secured not only against physical but especially from digital intrusions. Even the slightest incident can lead to customer trust issues and severe regulatory interventions with a hefty price tag.
4. Smart Cities and Public Infrastructure
Beyond these traditional sectors, the Middle East is witnessing rapid
14%
Middle Eastern cyber physical security market is expected to grow at a CAGR of 14% over the next several years.
development in smart city initiatives, such as Abu Dhabi, Dubai, and Neom. These locations are integrating CPS to ensure the seamless operation of crucial systems, such as traffic control systems, water distribution, waste management, and public safety. For these smart cities, CTEM plays an essential role in ensuring that urban systems remain secure against both cyber threats and physical disruptions.
Going forward: The Middle East can lead the way in CTEM & CPS
The TRITON attack in Saudi Arabia serves a stark reminder of the destructive potential that CPS threats can pose, when CTEM fails to keep pace with sophisticated cyber threats.
8 years later, the digital and physical worlds have converged and interconnected even more, with applications as far reaching as controlling individual lives in healthcare and “guarding the gates” of geopolitical stability. The challenge of this evolution is the expanded, complex multi-tech and multi-layered attack surface that spans the tightly interconnected physical and digital realms.
Moreover, as bad actors increasingly leverage the power of AI, CPS & CTEM cannot be considered components of a risk management strategy tucked away in a desk, only to be leveraged periodically for audits and testing. Systems & frameworks that are static, siloed, mono-dimensional (i.e. cloud-only) or reactive cannot address the challenges of our era! Organisations need partners that can operate in a “no-code automation & protocol-agnostic” paradigm, providing real-time actionable insights in a simplified “single pane of glass view” that can be collaboratively shared across security, operations, and development teams.
Given its strategic and geopolitical importance, the Middle East can address these challenges with the right partners and go beyond: it can set new standards for cyber physical security and lead the way in defending against the evolving threat landscape by leveraging cuttingedge technologies. The combination of technological evolution, together with the regions enlightened approach on regulation and continuous improvement can set the region as a clear demonstration of what a “CPS & CTEM-powered protected future” could look like.
THE FUTURE OF
How XDR is closing the gaps
The XDR market is gaining momentum, with a growing consensus on its capabilities and advantages over traditional SIEM platforms. By integrating data across endpoints, cloud environments, identities, and networks, XDR offers a more comprehensive and streamlined approach to threat detection and response.
As SIEM platforms face criticism for their high costs and reliance on rule-based detection, XDR is emerging as a more agile and scalable alternative. Its predictable pricing and unified architecture make it an attractive choice for organizations looking to simplify and strengthen their security operations. By late this year, XDR is poised to become the default security solution
for most businesses, pushing SIEM into a specialized role for large enterprises with unique analytics needs.
What types of threats are driving demand for XDR in 2025?
“Increasing awareness of sophisticated humanled attacks targeting organizations of all sizes and verticals in the supply chain has continued to drive more organizations to adopt EDR and XDR solutions to augment 'traditional' preventative technologies,” says Anthony Merry, Senior Product Marketing Director at Sophos. He points out that more organizations are recognizing the need to detect and investigate suspicious activity that technology alone can't block (without potentially causing operational disruption, at least). Furthermore, multistage threats executed by active adversaries
are driving the increased need for detection and response solutions that extend beyond endpoints (EDR) across all key control points in the IT environment (XDR).
Ankit Gupta, Product Marketing Director, Fortinet, highlights that demand for XDR is being driven by a variety of threats that target hybrid environments beyond endpoints. These include multi-vector attacks that combine ransomware, phishing, and supply chain exploits across endpoints, cloud, and network. Hybrid vulnerabilities are also contributing to the demand, as expanded attack surfaces in mixed on-premises, cloud, and edge setups create new opportunities for exploitation. Additionally, lateral movement poses a significant risk, with attackers stealthily traversing diverse layers such as IoT, cloud, and endpoints.
CYBERSECURITY
Ivan Milenkovic Vice President – Cyber Risk Technology, EMEA, Qualys
Morey Haber Chief Security Advisor, BeyondTrust
Narayanan Country Manager, Check Point Software Technologies Ltd,
Ram
Ankit Gupta
Product Marketing Director, Fortinet
Ezzeldin Hussein
Regional Senior Director, Solution Engineering – META, SentinelOne
“Another factor is the exploitation of APIs, particularly targeting SaaS and hybrid systems. Advanced persistent threats (APTs) represent another major concern, as they often involve long-term, multi-environment attacks. Finally, insider threats, whether malicious or accidental, remain a challenge in decentralized workplaces,” he remarks.
According to Iliyan Gerov, Sr. Product Marketing Manager, Acronis, the proliferation of tools and communication channels that we use on a daily basis has moved the security perimeter beyond the endpoint. It now requires a more holistic approach, encompassing other attack vectors such as email, cloud and identity. This has led to the broader adoption of XDR, especially in more mature markets and larger organizations.
“Due to the growing attack complexity and frequency, we’re now seeing XDR penetrating even in the SMB market, where companies are not equipped with the teams and tools to monitor and respond to threats around the clock. It fueled the need for Managed Detection & Response (MDR) services that are gaining significant momentum and enabling much broader adoption.”
Ezzeldin Hussein, Regional Senior Director,
Solution Engineering, SentinelOne, says the demand for XDR will be driven by sophisticated threats such as advanced persistent threats (APTs), which involve stealthy, long-term campaigns targeting critical systems. The evolution of ransomware, now employing double and triple extortion tactics, continues to wreak havoc by encrypting data and exposing sensitive information. Supply chain attacks have also surged, with adversaries exploiting vulnerabilities in trusted vendors to infiltrate entire ecosystems.
Additionally, the rapid adoption of cloud services and IoT devices have expanded attack surfaces, while identity-based threats, such as credential theft and privilege escalation, bypass traditional security measures. XDR meets these challenges by delivering unified visibility and AI-powered detection across endpoints, networks, cloud, and identity domains. Its automated response capabilities significantly reduce detection and response times, empowering organizations to stay resilient against the ever-evolving cyber threat landscape, he adds.
What are the biggest challenges organizations face when implementing XDR?
One of the biggest challenges organizations face when implementing XDR is integration. XDR solutions need to work seamlessly with existing security tools, systems and infrastructure, which can be complex and time-consuming, especially in larger organizations with heterogeneous environments.
“Ensuring smooth interoperability with both native and third-party solutions is essential but can require significant expertise. Another challenge is skill gaps within security teams. XDR solutions, while powerful, demand highly skilled professionals to configure, monitor and respond to threats effectively. Additionally, managing the balance between automation and human intervention to ensure optimal threat detection and response without overwhelming security teams can be challenging. Lastly, the increasing sophistication of threats also means that XDR solutions must continuously evolve to keep pace with emerging attack techniques,” says Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East. Morey Haber, Chief Security Advisor at BeyondTrust, says the biggest challenges organizations face when implementing XDR is an architectural and mindset shift change. Traditional solutions have complex on-premise
Iliyan Gerov
Sr. Product Marketing Manager, Acronis
architectures that impact environments, change control, and infrastructure management. When moving to XDR, organizations need to be comfortable with moving management to the cloud, having internet connections for agents, losing some forms of change control, having asset and threat information in the cloud, licensing a subscription model in lieu of a perpetual acquisition, etc. If an organization can come to terms with all of these changes, and many more that might be business specific, then the challenges of moving to XDR can be overcome.
How will XDR evolve in the next 3–5 years?
“What’s next? Expect convergence. Vendors will likely absorb smaller players to build all-in-one solutions, so you can manage SIEM, SOAR, threat intel, and everything else in one platform. You’ll also see a big push toward cloud-native XDR, which integrates smoothly with public and private clouds. As we continue connecting more gadgets (IoT included), XDR solutions will adapt to cover those devices, too,” says Ivan Milenkovic, Vice President – Cyber Risk Technology, EMEA at Qualys. He says we’ll also see more automated or
“self-healing” actions. In other words, the XDR system won’t wait for you to decide; it’ll proactively isolate a compromised endpoint or reboot a malicious process. All of this, of course, means new challenges around governance and trust. But if done well, it helps security teams move faster and more confidently in a constantly changing environment.
Ankit from Fortinet asserts one key development will be the convergence of EPP and EDR into XDR, with unified platforms replacing fragmented endpoint and detection tools. XDR solutions will increasingly adopt cloud-native architectures, optimizing for cloud-first and hybrid environments. Hyperautomation will also become prevalent, as integration with AI and orchestration tools enables autonomous detection and response. Additionally, XDR platforms will offer broader ecosystem integration, ensuring seamless compatibility with third-party threat intelligence, identity management, and analytics solutions. Finally, vertical-specific solutions will emerge, providing tailored features for industries such as healthcare, finance, and manufacturing.
Anthony from Sophos says the focus will be on user experience (UX), optimizing workflows,
and using Generative AI to empower staff to get the most out of their XDR platforms – especially in SMB and mid-market organizations. Integrating third-party security tools will remain essential to XDR platforms, providing organizations visibility across their disparate security tools to detect threats and active adversaries.
Will XDR eventually replace traditional SIEM and SOAR solutions, or will they coexist?
“Consolidation is the magic word in security nowadays – but not only on a solution or agent level, but also in the context of data consolidation for more holistic visibility across the full breadth of incidents. This is due mainly to the high proliferation of tools required for efficient protection and has also led to a multitude of M&As in the sector,” says Iliyan from Acronis. In this context, sharing telemetry between SIEM, SOAR, and XDR solutions is and will remain a vital part of cybersecurity. However, what we believe the market demand will drive is centralized management that consolidates multiple solutions and data streams, even spreading further than SIEM, SOAR, and XDR, he underscores.
Can you tell us about your partcipation at Intersec this year?
As you know, every year, we conduct the State of Physical Security Report, which I’m sure you’ve seen.
We poll security professionals—including end users, channel partners, and consultants—and ask them about their number one concern: what is the biggest challenge that could impede their business in the coming year? The Middle East was unique in its response—unlike any other region, the number one concern here was workforce shortages. Finding talented employees in the security space is a massive challenge. There’s a huge talent shortage, making hiring difficult and highly competitive.
One of the solutions we showcased at Intersec this year is called Operations Center. It’s a work management tool designed specifically for security professionals, and it integrates seamlessly with the Genetec Security Center platform. Genetec is known for large-scale video access control, license plate recognition, and intrusion detection. However, we realized that security professionals—especially in resource-constrained markets—needed an easier way to manage their workforces and maximize efficiency. In the security industry, professionals have often been forced to choose between IT-centric tools like Atlassian or Zendesk, or general productivity tools like Asana, Basecamp, or Trello. Many end up relying on spreadsheets, which simply aren’t scalable or effective for globally dispersed teams. This is especially true for multinational corporations in sectors like oil and gas, large-scale airports, and universities.
Operations Center is designed to streamline security operations. It enables investigations, tracks work progress, and manages employees so that organizations always have a clear overview of
GENETEC
Andrew Elvish
Vice President of Marketing, explores the emerging trends transforming the physical security industry Genetec
their workforce activities. For example, if a security guard is on a patrol, the tool will provide step-by-step instructions and allow for real-time reporting.
The system is based on Kanban principles—akin to Lean management processes—where tasks are represented as cards that move through different stages until completion. This externalizes the value of security professionals’ work, providing them with greater visibility within their organizations. Security is often seen as a necessary cost of doing business, but in reality, it shapes business resilience, efficiency, and strategic planning. Operations Center helps make that impact more tangible.
We’re so confident in this product that we’re offering it to all our channel partners for free, allowing them to integrate it into their businesses immediately.
Is it a standalone product, or is it built into Security Center?
It's a standalone product, but it’s designed to work best with Security Center. However, you can use it with any other tool of your choice since it’s a cloud-based platform.
What makes it especially powerful with Security Center is that it has built-in integrations for evidence management, video surveillance, access control, and intrusion detection. It pulls all this information together automatically, but it can also function independently. In fact, even teams outside of security at Genetec use Operations Center for work management.
So it’s available with Security Center SaaS?
Yes, absolutely. If you purchase Security Center SaaS, you’ll get an Operations Center license included. If you have the on-premises version of Security Center, you can easily add Operations Center as an extension.
The report mentions that the physical security market in the MENA region is projected to reach $3 billion by 2028. What’s driving this growth? Where do you see the demand coming from?
The growth is being driven by several key factors.
First, the Middle East has been experiencing a significant phase of economic expansion. The leadership in the UAE and Saudi Arabia, in particular, has set clear visions for
economic transformation, with a strong focus on technology-driven development. Many governments in the region have established concrete goals for increasing the contribution of technology to GDP.
Second, we’re seeing large-scale infrastructure developments—especially in Southeast Dubai, where new data centers, airports, cities, and resorts are being built. These projects naturally require advanced security solutions, creating an enormous demand for physical security technologies.
A key driver in this space is the rise of data centers, which are arguably the most security-intensive facilities. They require perimeter security, drones, lasers, cameras, access control, and intrusion detection—all at once. These centers are major consumers of security technology, particularly in visitor management, as many are multi-tenant facilities requiring strict access control measures.
Additionally, the increasing presence of data centers in the region is expanding the availability of cloud-based technology. Historically, the Middle East has faced challenges related to data sovereignty and residency, which have slowed cloud adoption. However, with growing local infrastructure, cloud-based security solutions are becoming more viable, further driving demand.
Another major factor is the maturation of the security industry itself. Around 2016, Genetec put a major focus on cybersecurity. Although we don’t make cybersecurity tools, we recognized that physical security professionals weren’t thinking about network security. Many failed to realize that surveillance cameras were networkconnected computers that could be exploited for cyberattacks.
By 2019, however, the industry had shifted dramatically. Integrators and vendors, including Genetec, started building defensein-depth strategies, ensuring that security devices were regularly updated and protected from cyber threats. This has further increased the sophistication of the industry, creating more demand for security solutions that incorporate cybersecurity best practices.
The report also mentioned that IT departments are becoming more involved in physical security. Is this because of cloud adoption, or is there another reason?
Yes, cloud adoption plays a role, but the main reason is that IT teams have realized that
physical security systems run entirely on their networks.
In many regions, including North America and Western Europe, there has been a major shift away from on-premises servers due to the high costs of maintenance, cooling, and real estate. Organizations have moved services like email (Microsoft 365) and CRM systems (Salesforce) to the cloud, and now the same trend is happening with security.
IT departments no longer want the burden of maintaining security software themselves. They want cloud-connected solutions that offer automatic software updates while still allowing them to retain control over their data. This hybrid approach—on-premises data with cloud-managed software—is becoming the industry standard, and we expect it to grow significantly in the Middle East and North Africa.
AI is the buzzword of the season. Are you seeing increased demand for AI-powered security solutions?
Yes, but at Genetec, we take a slightly contrarian stance on AI. Our President, Pierre, often says that AI stands for Absolute Ignorance. He doesn’t mean this negatively— he’s just pointing out that AI, particularly large language models, are statistical inference machines. They make educated guesses based on probabilities, but they don’t understand context the way humans do.
Instead of focusing on AI as an autonomous decision-maker, we prioritize Intelligent Automation (IA)—using AI to enhance, not replace, human decision-making.
For example, reviewing security footage is time-consuming and inefficient. AI excels at scanning hours of video, detecting changes, and flagging relevant footage. Our forensic search tool uses metadata analysis from cameras (such as identifying objects like people, cars, and colors) and integrates large language models to make searches more intuitive.
Instead of using complex checkboxes and filters, users can simply type, “Show me the blue truck that passed by last night at 10 PM in front of the building.” The AI then interprets the request, queries the metadata from multiple cameras, and provides relevant results.
However, the final decision always rests with the human operator. We believe AI should assist security professionals, not replace them.
Beyond legacy: A new paradigm in cybersecurity
SentinelOne’s endpoint protection reimagines the art of defense by fusing static and behavioral artificial intelligence with robust automation, enabling proactive identification and neutralization of even the most elusive threats.
How does SentinelOne’s endpoint protection differ from legacy antivirus tools in stopping modern threats?
Cyber threats have evolved beyond the capabilities of traditional antivirus (AV) software, which relies primarily on signature-based detection. While legacy AV tools can only recognize known threats, they struggle against modern cyberattacks such as fileless malware, zero-day exploits, and advanced persistent threats (APTs). We offer a revolutionary approach to endpoint security, integrating artificial intelligence (AI), automation, and a multi-layered defense strategy to stop both known and unknown threats proactively.
Traditional AV solutions operate on predefined malware signatures, which means they require frequent updates and can only detect threats that have already been identified. This leaves organizations vulnerable to sophisticated attacks that constantly evolve. We eliminate this limitation by utilizing Static AI for pre-execution threat detection and Behavioral AI for real-time monitoring. Instead of relying on static rules, we continuously analyze behaviors to detect malicious activities before they escalate. This approach allows us to autonomously detect and neutralize threats, even if they have never been seen before. Most AV tools focus exclusively on protecting traditional endpoints, leaving other attack surfaces exposed. We, however, provide a comprehensive security platform that extends protection to containers, cloud workloads, and IoT devices. This unified approach ensures that businesses can safeguard their entire digital infrastructure without relying on multiple disconnected security solutions. By securing diverse environments, we reduce complexity and enhances threat visibility across an organization.
We map our detection and response capabilities to the MITRE ATT&CK® framework, a globally recognized knowledge base of adversary tactics and techniques. This alignment provides security teams with deeper insights into threats, enabling them to enhance their defenses and proactively address attack patterns used by realworld adversaries.
Investigating cyber threats is often a time-consuming process, requiring analysts to manually piece together event data. SentinelOne’s Storyline™ technology automates this process by correlating events into a single, easy-to-follow attack narrative. This significantly reduces investigation time, allowing security teams to focus on proactive threat hunting and remediation.
What makes your ransomware detection and recovery tools faster or more effective than others?
Ransomware attacks have become more sophisticated, with attackers
Meriam ElOuazzani
Senior Regional Director, Middle East, Turkey, and Africa, SentinelOne
employing advanced techniques to bypass traditional security defenses. Many security solutions struggle to detect and stop ransomware in real time, often relying on outdated signature-based methods or slow manual intervention. We take a proactive, AI-driven approach to ransomware detection and recovery, making it faster and more effective than other solutions.
Unlike traditional security tools that rely on signature-based detection, SentinelOne leverages an advanced behavioral AI engine to detect and stop ransomware before it can cause damage. This AI-driven approach allows us to: • Analyze ransomware behavior in real time
and identify malicious encryption activity before files are locked.
• Detect and block both known and unknown ransomware strains, including zero-day variants that evade traditional detection methods.
• Stop fileless ransomware attacks by monitoring behavioral patterns instead of relying on file signatures.
By focusing on real-time behaviors rather than static rules, we ensure that ransomware is neutralized before it can encrypt critical data. Speed is critical when dealing with ransomware.
SentinelOne automates the entire response process to minimize dwell time and prevent damage:
• Instantly kills malicious processes, stopping the encryption sequence before it completes.
• Quarantines infected files to prevent further spread across the network.
• Isolates compromised endpoints from the network, cutting off ransomware’s ability to propagate.
This automation eliminates delays associated with manual intervention, allowing organizations to respond to ransomware attacks in seconds rather than hours.
One of SentinelOne’s most powerful features is its rollback capability, which enables organizations to restore encrypted files without relying on external backups or paying a ransom. This is achieved through:
• Automatic rollback of malicious changes, restoring files to their pre-attack state.
• Behavior-based undo actions, reversing ransomware modifications without needing a system-wide restore.
• Backup restoration integration, ensuring data
integrity even if a ransomware attack bypasses initial defenses.
By combining real-time prevention with automated recovery, SentinelOne eliminates the need for costly ransom payments and minimizes operational disruptions.
Can you share an example of how AI automatically detects and blocks a never-before-seen threat?
Cybercriminals constantly develop new, sophisticated attack techniques designed to bypass traditional security solutions. Legacy antivirus tools rely on predefined signatures and known indicators of compromise (IOCs), making them ineffective against zero-day threats—attacks that have never been seen before. Our AI-driven approach overcomes this challenge by detecting malicious behavior in real time, stopping threats before they can cause harm.
Imagine an attacker delivers a zero-day fileless malware payload via a phishing email. The user unknowingly clicks on a malicious link, triggering a PowerShell script designed to execute directly in memory—without writing any files to disk. Traditional antivirus solutions, which rely on file scanning and signatures, would fail to detect this attack.
Our Singularity platform, however, detects and neutralizes the threat automatically, without requiring prior knowledge of the attack. Here’s how:
1. Behavioral AI Detection
2. Automated Threat Prevention & Containment
3. Threat Investigation & Rollback
Unlike traditional security solutions that require constant updates to detect new threats, SentinelOne’s AI-driven model identifies threats based on behavior, rather than relying on predefined signatures, stops fileless and in-memory attacks that evade traditional detection methods, responds automatically in real time, eliminating the need for human intervention. And provides instant remediation, reducing downtime and preventing data loss.
How do you ensure customer data stays private while meeting regulations like GDPR or HIPAA?
For many businesses, staying compliant with industry regulations like GDPR or HIPAA is an ongoing challenge. Noncompliance is not just a risk—it’s an expensive one. Fines, operational disruptions, and reputational damage can severely impact a company’s bottom line. In today's regulatory landscape, which spans everything from data privacy to financial reporting, businesses must remain vigilant or risk significant penalties. By adopting the right compliance monitoring solution, organizations can avoid costly penalties, build trust with customers, and maintain a culture of accountability that supports long-term growth and success. .
Compliance monitoring is the continuous process of assessing how well a business adheres to industry regulations, internal policies, and legal requirements. It’s crucial for businesses because regulations are frequently updated, and missing a change can lead to noncompliance. Without a proactive approach, companies may find themselves struggling to catch up with legal requirements, putting them at risk of costly mistakes.
Regulations like GDPR and HIPAA are specifically designed to protect customer data. Noncompliance with these laws not only exposes businesses to severe penalties but also undermines customer trust. Compliance monitoring tools make it easier to track how customer data is handled, ensuring it is securely managed according to legal standards. Compliance monitoring tools are an invaluable asset for businesses that need to manage complex, evolving regulations. These tools help streamline processes, reduce the risk of noncompliance, and ensure that customer data remains private and secure. By leveraging realtime monitoring, automated reporting, and integrated remediation features, businesses can stay ahead of regulatory challenges and protect both their bottom line and reputation.
The Role of Data Analytics in a Privacy-First Future
Data privacy has become a major issue in today's interconnected world, where data is abundant and can become easily accessible, with high-profile data breaches hitting the news every so often. With so much data being generated each day, there are concerns about it being misused by organizations or falling into the hands of hackers. As part of measures to prevent such data security breaches from happening, organizations are turning to data analytics for solutions to support the efforts towards a privacy-first approach.
The privacy-first approach governs how an organization's products and systems are designed, as well as how it interacts with its customers, including measures such as data anonymization and limiting the collection of personally identifiable information (PII). Safeguarding user privacy is the primary goal of such an approach, which should be incorporated into all aspects of the data infrastructure. With a privacy-first approach becoming more necessary by the day, data analytics has a crucial role to play in safeguarding individuals’ right to protect their data, primarily by providing organizations with valuable insights that will help them detect, prevent, and mitigate privacy breaches and other digital security threats.
One of data analytics' strengths is pattern recognition, and this can help organizations detect if there is any unusual behavior that could be a sign of fraud or a cyberattack. By employing predictive analytics algorithms, cybersecurity teams can go through the organization's data infrastructure and determine its weak points that attackers are most likely to exploit. Data analytics is also used to power real-time intrusion detection systems, which can neutralize threats before they are able to do significant damage. Furthermore, data analytics can improve businesses’ risk reporting and management capabilities, allowing analysts to make data-backed presentations and recommendations for key stakeholders, including management, customers, and regulators. These will allow them to better visualize and understand the state of the organization's data security and privacy, as well as any corrective actions needed.
International data privacy regulations, such as the EU's General Data Protection Regulation (GDPR) and Australia’s Notifiable Data Breach (NBD) act, are becoming more stringent, with hefty penalties for violations. Alongside this, public interest in data privacy continues to grow, with the international data community observing Data Privacy Week every January. In a privacy-first age, companies
Jadd Elliot Dib Founder & CEO, Pangaea X
shouldn't fear that regulations will hamper their ability to benefit from data insights. Instead, they should embrace data analytics to strengthen their privacy and security while creating a better customer experience. By being ethical and transparent on how consumer data is being collected, stored, and used,
PANGAEA X
which allows clients from all industries to access high-quality, specialised data analytics talent.
organizations can build trust and stronger customer relationships, which leads to better business outcomes.
Jadd Elliot Dib is the founder and CEO of data analytics platform Pangaea X, which allows clients from all industries to access high-quality, specialised data analytics talent.
From whack-a-mole to winning strategy
How Tenable’s risk-centric approach, AI-Driven insights, and the ‘Critical 3%’ are redefining cybersecurity’s battle against relentless threats
How Vulnerability Management has Evolved?
The sheer number of cyber threats organisations face is staggering, with threat actors breaching defences seemingly daily. Cyberattacks can cost millions to resolve and make headline news. As organisations connect more assets, allow remote work, and promote virtual customer engagement, the attack surface continues to expand. It’s hard to keep up in today’s intense threat landscape
The reality is attackers don't break defences, they get through them. This has seen the traditional focus of responding to, and recovering from, cyber incidents gradually give way to a more proactive stance as part of risk management. Regulations, such as NIS2 and DORA, are also forcing organisations’ attention to prioritise prevention rather than addressing the shortcomings of reactive threat detection.
Staying ahead in today’s intense threat landscape is increasingly challenging. The business needs to know are we exposed, and are we at risk?” This is the seemingly unanswerable question facing every modern leadership team every day. Today cyber exposures are business risks of the highest order – wielding the power to cause liability, loss and irreparable harm.
A recent Tenable research report revealed a key insight: only 3% of all vulnerabilities are responsible for the most impactful exposures. This finding is both a revelation and a call to action for cybersecurity professionals. For too long, the industry has operated under the assumption that every vulnerability is a priority, leading to a scenario where security teams are constantly reacting to new threats or vulnerabilities as they appear, without making meaningful progress in managing the overall security landscape.
This leaves security teams playing an unending game of whack-a-mole. As soon as one threat is addressed, another one appears. This cycle of constant reaction rather than proactive and strategic management results in high stress, low efficiency, and an overwhelming amount of time spent on vulnerabilities that pose little actual risk.
Instead, security teams need to cut through the noise and focus on the vulnerabilities that truly matter? This is where the concept of the "critical few" comes into play.
By zeroing in on the small percentage of vulnerabilities that present the greatest risk, organizations can not only enhance their security posture but also optimize their resources, ensuring that their efforts are aligned with the most significant threats.
How does Tenable decide which vulnerabilities pose the biggest risk to a business?
The shift towards context-driven vulnerability management is not just
Vice President, Middle East & North Africa, Tenable
Maher Jadallah
about improving cybersecurity; it's about aligning security efforts with business priorities to reduce the organisation's overall risk. Contextual information plays a crucial role as, only by understanding the connection between a vulnerability and its potential impact on sensitive data and systems, can organisations correctly prioritise where to focus efforts to address true business risks.
Tenable Vulnerability Management addresses the challenge of managing vulnerabilities in an expanding and dynamic attack surface. Powered by Tenable’s industry-leading Nessus technology and managed in the cloud, it delivers the most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first.
By integrating vulnerability data, threat intelligence, and machine learning, Tenable Vulnerability Management offers an easy-tounderstand risk score that helps organizations identify high-impact vulnerabilities and prioritize remediation effectively. Its intuitive dashboards, risk-based prioritization, and seamless integrations empower security teams to act swiftly and strategically.
Tenable Vulnerability Management has pre-built integrations available for popular credential management, SIEM, ticketing systems and other complementary solutions, so security teams can easily build an efficient vulnerability management process. Organisations can easily create their own integrations by leveraging a fully documented API set and SDK.
The solution is backed by Tenable Research, delivering world-class intelligence, data science insights, alerts and security advisories. Frequent updates from Tenable Research provide the latest vulnerability checks, zeroday research, and configuration benchmarks, helping you stay secure.
Adopting a targeted response strategy allows organizations to prioritize their efforts on the most pressing threats. For example, a focused campaign might target vulnerabilities that are part of active ransomware campaigns or those flagged by regulatory agencies.
How do you avoid “false alarms” when detecting vulnerabilities in complex environments?
With Vulnerability Intelligence, organizations can search, contextualize and respond to vulnerabilities based on the industry’s richest sources of data and intelligence provided by Tenable Research. By normalizing 50 trillion data points, Vulnerability Intelligence
provides comprehensive deep dives on any given vulnerability. Identify key vulnerabilities that are leveraged in the wild or search for a specific vulnerability with natural language or advanced search. This offers detailed insights into vulnerabilities, helping teams understand active threats, while Exposure Response enables progress tracking and SLA management. These capabilities revolutionize security workflows by aligning vulnerability management efforts with organizational goals.
How do you track shadow IT or cloud assets that even IT teams might not know about?
Using an advanced asset identification algorithm, Tenable Vulnerability Management provides accurate information about dynamic assets and vulnerabilities in ever-changing environments.
Tenable Vulnerability Management gives organizations a unified visibility of their entire attack surface. It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, cloud connectors and configuration management database (CMDB) integrations to maximize scan coverage across the infrastructure and reduce vulnerability blind spots.
This mix of data sensor types helps track and assess both known and unknown assets and their vulnerabilities, including hard-toscan assets like transient devices analyzed by agents and sensitive systems like industrial control systems. Predefined scan templates and configuration audit checks that follow best practices frameworks, such as CIS and DISA STIG, help protect the organization with a fraction of the effort otherwise needed.
11%
Only 11% of organizations say they are efficient at vulnerability remediation. The result is that organizations are exposed for long periods of time, as attackers’ average time-toexploitation has shrunk from 32 days to five.
Tenable Vulnerability Management provides the ability to track assets and their vulnerabilities more accurately than any other solution in the industry.
How does Tenable keep its tools updated to catch brand-new vulnerabilities?
Tenable Vulnerability Management is powered by over 20 trillion data points analyzed by Tenable Research. This ensures continuous protection by delivering daily updates for vulnerability and configuration assessment plugins, ensuring coverage for the latest threats and misconfigurations. Vulnerability Priority Ratings (VPR) are recalculated daily to reflect changes in the threat landscape, helping organizations maintain a real-time understanding of their exposure.
The SaaS-based platform also delivers core product enhancements seamlessly, without downtime or additional effort from customers, ensuring they always have access to the latest capabilities and innovations. This ongoing commitment to updates ensures that security teams can stay ahead of emerging threats.
What tools or advice do you provide to help teams fix vulnerabilities faster?
Identifying critical vulnerabilities is only half the battle. The other half is taking decisive action to mitigate those vulnerabilities before they can be exploited, which is where strategic value is truly realized. A targeted response approach is essential for streamlining the process of prioritizing and mitigating critical vulnerabilities, ensuring that security teams can move quickly and efficiently.
Vulnerability remediation remains a critical challenge as identifying, testing and installing the countless patches released every day is cumbersome. A recent Tenable report found that only 11% of organizations say they are efficient at vulnerability remediation. The result is that organizations are exposed for long periods of time, as attackers’ average time-toexploitation has shrunk from 32 days to five.
Tenable Patch Management pairs autonomous patch functionality with Tenable’s leading vulnerability coverage, built-in prioritization, threat intelligence and real-time insight to shorten the mean time to remediate (MTTR). Automated correlation between vulnerabilities and the most up-to-date remediation action helps security teams overcome the bottleneck that can occur between vulnerability prioritization and remediation.
Navigating cybersecurity challenges in video technology
Louise Bou Rached, Regional Director of META at Milestone Systems
Video security systems in the Middle East have evolved into intricate networks driven by smart cameras, sensors, and advanced video management software (VMS). While these innovations boost security and operational efficiency, they also open doors to new cybersecurity threats, requiring constant vigilance and proactive defence strategies. Major initiatives like Saudi Arabia’s Vision 2030 and Dubai’s Smart City projects have surged the demand for secure video surveillance. The UAE’s video surveillance market is projected to grow at a CAGR of 4.35% through 2028, driven by smart city initiatives and heightened security concerns. Events like Expo 2020 Dubai underscore the critical role of video security in large-scale public and private sector projects.
Addressing Complexity and Vulnerabilities
Modern video security systems are complex; even advanced solutions can be vulnerable without rigorous security protocols. Oversights such as exposed credentials or unpatched software can lead to significant breaches. Each element—from cameras to edge computing devices—represents a potential entry point for cybercriminals. Unsecured devices can compromise video networks and broader IT infrastructures, threatening sensitive data and
operations.
The Cyber Kill Chain: Understanding Threats
To effectively defend video systems, understanding cyberattack patterns is essential. The Cyber Kill Chain framework, introduced by Lockheed Martin, breaks down attacks into seven stages, from reconnaissance to execution. Critical infrastructure like oil and gas facilities and government data centres in the Middle East faces increasing cyber threats. A 2024 report highlights that 40% of dark web activity targeting the region focuses on the UAE, with 26% directed at Saudi Arabia. Government agencies represent 21% of dark web posts, indicating heightened interest from hacktivists. Multi-layered defence strategies are vital to mitigating such threats.
VMS as the First Line of Defense
A robust VMS forms the backbone of a secure video security network, coordinating protective measures across devices. For Middle Eastern industries like hospitality, retail, and critical infrastructure, VMS adoption is crucial for mitigating cyber risks. As cloud adoption grows, regulations like Saudi Arabia’s NCA cybersecurity framework and the UAE’s DIFC Data Protection Law enforce strict data security measures. These regulations drive VMS innovation, integrating encryption and
Louise Bou Rached Regional Director of META Milestone Systems
anomaly detection to ensure compliance and resilience.
The Role of VSaaS and Cloud-Based Solutions
Video Security as a Service (VSaaS) and cloud solutions add another layer of protection by leveraging automatic updates and cutting-edge cybersecurity technologies. The Middle East’s video surveillance market is expected to surpass $4.3 billion by year-end, reflecting
housing and encrypted data transmission further enhance security.
Regional data laws, such as the DIFC Data Protection Law and Saudi Arabia’s Personal Data Protection Law, mandate encrypted communication within video networks. Organisations must regularly audit and monitor edge devices to preempt emerging vulnerabilities, reinforce perimeter security, and ensure long-term resilience.
Tackling the Human Factor
Even the most advanced technology can be undermined by human error. Regular cybersecurity training ensures employees understand best practices, from using strong passwords to recognising security threats. Human error is often the weakest link in cybersecurity chains, making awareness programs vital.
The Middle East’s high data breach costs, averaging over $8 million per breach, reflect the importance of such initiatives. Regional campaigns, including the UAE’s
rising demand for scalable, cloud-based solutions. The VSaaS market is projected to grow by 16.4% annually, reinforcing its importance in minimising risks from outdated hardware and software. Mega-events like the FIFA World Cup in Qatar demonstrate cloud-based surveillance's scalability and security benefits. With more smart city initiatives across the region, cloud-based systems are becoming integral to safeguarding largescale infrastructure.
Securing Endpoints and Perimeter Devices
While VMS provides centralised protection, securing endpoints like IP cameras is equally critical. The widespread deployment of IP cameras in public spaces and infrastructure in the Middle East makes them attractive targets. Saudi Arabia and the UAE have implemented stringent measures to replace default passwords and deter physical tampering. Tamper-evident
Investments in Vision 2030, NEOM, and
Dubai
Smart City initiatives demand continuous improvements in video surveillance cybersecurity.
National Cybersecurity Strategy and Saudi Arabia’s cybersecurity programs, emphasise education and strict protocols to mitigate risks.
Emerging Trends: AI and Real-Time Threat Detection
AI-powered threat detection is rapidly gaining traction in the Middle East’s video surveillance landscape. Projects like Saudi Arabia’s NEOM and Dubai’s Smart Police Station demonstrate the potential of AI-driven technologies to enhance realtime monitoring and response capabilities. Video security must remain a priority as the region accelerates its adoption of smart technologies. Ongoing investments in Vision 2030, NEOM, and Dubai Smart City initiatives demand continuous improvements in video surveillance cybersecurity. Organisations can safeguard critical infrastructure and drive innovation across the Middle East by staying ahead of emerging threats.
Advanced AI-Driven security for a threat-filled world
Harish Chib, VP Emerging Markets, Middle East & Africa at Sophos, shares insights on why organizations should choose Sophos XDR, how its AI-driven threat intelligence works, and realworld examples of its effectiveness in preventing ransomware attacks.
SOPHOS
Harish Chib VP Emerging Markets, Middle East & Africa, Sophos
Why should businesses choose Sophos XDR over competitors?
Sophos XDR stands out due to its advanced AI, native integration, and centralized management. Unlike other solutions, it automatically correlates data from endpoints, email, network, and cloud applications, providing a comprehensive view of security threats. This enables security teams to detect and respond to complex attacks faster and more effectively. Additionally, Sophos Central offers a unified, intuitive platform to manage an organization’s entire cybersecurity infrastructure, simplifying administration and reducing incident response times.
What makes your ransomware detection and recovery tools faster or more effective than others?
Sophos’ AI leverages advanced machine learning models to analyze and correlate alerts in real time across multiple sources. Instead of treating each alert in isolation, it identifies patterns and relationships to uncover sophisticated attack techniques. For example, a phishing attempt detected in an email can be linked to unusual endpoint activity or suspicious cloud access, allowing security teams to understand the full attack chain and respond proactively.
With teams working remotely and in offices, how do you secure
both cloud and on-premise tools at once?
Sophos ZTNA secures both cloud and on-prem environments by enforcing a zerotrust model, verifying user identity and device health before granting access. Unlike VPNs, it limits access to only necessary resources, reducing attack surfaces. Integrated with Sophos Intercept X, it blocks compromised devices and is managed centrally via Sophos Central for unified visibility and control. With direct application access instead of VPN tunnels, it enhances security, performance, and user experience.
Sophos takes a hybrid security approach, combining endpoint, network, and cloud protection in a single, integrated solution. Sophos Central allows IT teams to monitor and manage security across all environments from one unified dashboard, ensuring consistent protection regardless of where employees work. With adaptive cybersecurity controls, AI-powered threat detection, and automated response capabilities, Sophos ensures that both on-premises and cloud-based tools remain secure against evolving cyber threats.
Can you walk us through a realworld example of Sophos helping a company recover from ransomware without downtime?
Absolutely. In one case, a mid-sized financial services firm was targeted by a highly sophisticated ransomware attack. Sophos’ Managed Detection and Response (MDR)
team detected early-stage malicious activity, including suspicious file encryption attempts. Using Sophos’ AI-driven XDR capabilities, security analysts isolated affected systems in real time, preventing the ransomware from spreading.
Thanks to proactive threat hunting and automated rollback features, Sophos was able to neutralize the attack before it could cause any operational disruption. The company avoided downtime, data loss, and ransom payments, demonstrating how Sophos’ proactive, AI-driven security approach can stop cyberattacks before they escalate.
How often do you update your threat intelligence, and where does the data come from?
Sophos updates its threat intelligence continuously, in real time. The data comes from multiple sources, including:
• Sophos X-Ops, our global threat intelligence unit that analyzes cyber threats across 600,000+ organizations worldwide
• AI-driven telemetry, collecting and analyzing vast amounts of data from endpoints, networks, cloud applications, and emails
• Threat intelligence sharing partnerships with other industry leaders and cybersecurity alliances.
By leveraging real-time insights and predictive analytics, Sophos ensures its security solutions stay ahead of emerging threats, providing businesses with proactive and adaptive defense against cyberattacks.
PAM reinvented
Michael Byrnes, senior director – solutions engineering, META, BeyondTrust, on the must-haves and best practices of cybersecurity’s new heart
Our identity is important to all of us. And all of our identities are under attack. Routinely, nefarious parties strip mine our online presences to find ways of breaching our walls and counterfeiting our digital selves for their own ends. From a simple joyride to a more sinister bank heist, the modern citizen has much to fear from identity theft. But as much as we have to lose as individuals, our employers have even more at stake. Data-breach dollar-costs can reach the millions, and smaller companies may never recover. According to one report, in 2023 almost a third (32%) of businesses in the United Arab Emirates (UAE) endured an identity-fraud attack involving a deepfake video. From the perspective of cybersecurity, the protection of our identities must be given the highest priority. To fulfil that promise, security teams often focus on accounts that have been granted privileged access to critical areas — systems, data, applications, and others — but IT infrastructure has become much too advanced for this approach to be effective on its own. Some instances of privilege are not etched in stone to be discovered by a simple survey. Some of today’s environments confer access through on-premises privilege models or through roles and entitlements in cloud systems. Privileged Access Management (PAM) platforms, however, are still used by organizations to focus
controls almost exclusively on administrative privileges that are directly assigned. But malicious actors rarely start their intrusions at the top. They frequently hijack non-admin user accounts and move laterally, worming their way towards greater and greater privilege.
User groups, misconfigurations, and overlooked cloud permissions — these are all features of the modern IT environment. The sprawling nature of the average tech stack offers more Paths to Privilege™ than ever but while the Paths are easy to exploit by attackers, they are obscured from the SOC’s view. Traditional PAM is focused on internal visibility and on control of assigned privileges; and the tunnel vision of traditional identity-security tools means they offer little to plug the gaps. And so, we see growing numbers of non-IT users with high privilege levels. They are spread across the environment. They expand the attack surface. They must be addressed.
But how? Managing identity security across a hybrid IT environment that includes multiple domains is difficult when one also has the goal of enhancing productivity. Just as IT environments have changed, PAM must change. This adapted, modern PAM must plug the critical identity security gaps that traditional solutions cannot. Modern PAM must expand
Michael Byrnes Senior Director – Solutions Engineering, META, BeyondTrust
visibility, bolster protection measures, and tighten controls beyond those accounts with directly assigned privileges. It needs to provide coverage across on-premises, cloud, SaaS, OT, and more. It must be the ultimate authority over what is accessed by whom or by what.
To frame modern PAM into a broad check sheet, there are four must-haves that will form the foundation of all effective platforms.
1. A secret-keeper
Modern PAM must be capable of managing any type of secret, from the something-you-knows, like passwords, to the something-you-haves, like keys. The platform must be able to do this in any type of environment — on-premises data centers, remote work locations, and cloud environments, whether they be IaaS, PaaS, or SaaS.
2. A single-pane solution
Modern PAM should be holistic and allow for all use cases. It should deliver access management; it should deliver session monitoring. And everything should be available to security personnel through a single platform. There should be no need to hop from screen to screen to get a full view of the identity ecosystem.
3. A best-practice champion
Modern PAM must, of course, embrace the prevailing industry wisdom on identity security. Zero-trust, least-privilege, and just-in-time principles must all be in effect. The region’s regulators must also be respected through advanced compliance reporting. With best practices in place, PAM is a silo no longer, but operates as a fully integrated component of a larger security strategy.
4. A firm foundation
Modern PAM sits at the heart of modern security suites, helping to redefine identity security and providing a foundation for securing all aspects of the identity and access management fabric.
More nooks, more crannies
PAM has always been preventative and will remain so. Modern PAM looks into more nooks and presses itself into more crannies than its predecessor. It proactively shrinks the attack surface by using the latest tools in its fight against aggressors. Modern PAM’s defining trait is its proactiveness. What better tools to leverage in detecting and mitigating threats than AI- and ML-powered intelligence. Through AI, PAM becomes a core part of identity threat detection and response (ITDR). Modern PAM is more than a toolbox. It is an enabler of productivity for IT admin, help desks, and end users. Far from being
an obstacle to access, it enables faster access for those who need it — fewer authentication steps, less admin workload, and fewer raised tickets — all while creating a hardened, more identity-aware security posture. For example, traditional PAM finds it problematic to deliver just-in-time (JIT) access in cloud environments without the need for high-burden authentication that eats into productivity. Modern PAM is ideal in these scenarios because it is built around streamlined workflows that maintain security and auditability. Our identities have always been under threat. There is no better way for fraudsters to defraud and thieves to thieve than to wear the skin of their victims. As environments have evolved, criminals have shown an uncanny knack of evolving with them. As potential victims, we too must evolve, and so must the tools of our defense. Modern PAM puts this notion into practice by employing a more intelligent approach to identity and privilege management. It eradicates identity-security blind spots, removes standing privileges, and decomplicates least-privilege. Turbocharged by AI, modern PAM clears the fog in front of the SOC, shines lights into hidden corners, and lays down the law on behalf of business strategists without ever blocking roads to achievement. Modern PAM is the new indispensable ally in our daily cyber-skirmishes.
Taming digital chaos
Yiyi Miao, Chief Product Officer at OPSWAT, makes the case for strengthening security across the software development lifecycle.
The United Arab Emirates’ economic Vision programs have long been seen as roadmaps to a digital future. Even where government guidelines and whitepapers do not explicitly mention technology, their ambitious goals imply it. The closer we get to Vision 2030’s “due date”, the more anxious decision makers will be to take control of their digital destinies — to respond with agility and to the expectations of markets and regulators. In doing so, many enterprises will turn to in-house DevOps teams to build their digital experience suites. In theory, that is the only way they can deliver for both consumers and regulators. It is in that tug-of-war between the desire of customers for superlative experiences and the insistence of regulators on secure workflows, that organizations face their most difficult challenges. Every speedy rollout has the potential to expose the business to vulnerabilities; and every security issue addressed has the potential to complicate workflows for employees and customers. The guiding principle in trying to walk this line is to secure the entire software development lifecycle (SDLC) by performing a left-shift in security strategy — bringing security considerations into earlier SDLC phases — and subsequently ensuring that vulnerability management remains part of every phase of software development thereafter. If UAE DevOps teams can identify
and mitigate threats all the way along the lifecycle, they will have achieved proactive protection, which is a hallmark of cyber-maturity. If they can minimize potential threats while saving time and resources, they will have discovered a recipe for thriving in the digital economy. To get the balance right, we must begin with clear definitions of what new solutions and updates will do, so we can embed best-practice security provisions as implementation gets underway. Frameworks like the Software Assurance Maturity Model (SAMM) can act as a strong foundation for security and development professionals to collaborate closely on the assessment of business risks associated with software vulnerabilities.
Following these practices, in which security is considered a core ingredient rather than icing on the cake, is a strong start. Software testers must still formulate their scripts in a security-conscious way.
Penetration testing and dynamic application security testing (DAST), accompanied by code reviews, can help ensure vulnerabilities have nowhere to hide in the later stages of the cycle. Even when green lights are given, the live production environment must be monitored for any emerging threats.
Security-focused DevOps teams do not have to invent methods from scratch to institute best practices. The tools are already available. Software composition analysis (SCA) and static application security
Yiyi Miao Chief Product Officer OPSWAT
testing (SAST) can automate vulnerability detection by scanning source code and libraries for issues. Tools like PyTM (pythonic threat modeling) and ThreatSpec can even model threats at the design phase; and the Security Knowledge Framework is designed to help developers and software architects think like attackers even if they are not well-versed in cyber security. This is useful in a region that continues to face cybersecurity skills gaps.
These are critical capabilities in the shiftleft approach to DevOps security because of the complexity and expense of ad-hoc remediation. If left to later stages, some vulnerabilities may not be candidates for simple patching and may require months
of workshopping and redesign to address. But if security is integrated into the heart of every project, the organization’s overall security posture benefits. Not only will it be able to more easily satisfy UAE regulators; it will live up to international standards like ISO 27001. This has lasting, positive implications for its market reputation, especially in industries like finance and healthcare where slips in customer
must take a look at threat intelligence because it is here that DevOps teams will differentiate themselves in cyber-maturity. Continuous training in high-profile threats will allow them to make better decisions while building applications. They should be aware of Log4Shell, which allows nefarious actors to remotely execute code through a vulnerability in Apache Log4j. Millions of attempts have been made by shadowy
groups to compromise the millions of applications and devices exposed to this flaw; and it persists in the wild despite multiple patches from Apache. Vulnerabilities can even be found in codeparsing tools and deployment suites. Development teams must make good use of code patterns, linters, and testing solutions to ensure code quality. They must include security checks through resources
Supply-chain rein
Keeping a tight rein on the SDLC by treating it as an interconnected whole is a critical step in addressing one particular cyber threat — the supply-chain attack. While some of the more famous examples like SolarWinds and NotPetya lie outside the region, the UAE and GCC have historically presented tempting targets to threat actors, so organizations here must remain cyber-mature to avoid the derailment of economic progress. DevOps teams rely on a supply-chain of third-party open-source libraries. As mentioned previously, tools exist to automatically scan libraries as part of source-code review. Additionally, the Open Web Application Security Project (OWASP) provides an industry-standard guide specifically for the SDLC. Helpful tips include lists of known vulnerabilities, outdated software, and license risks. Beyond process and best practice, we
UAE and GCC have historically presented tempting targets to threat actors, so organizations here must remain cybermature to avoid the derailment of economic progress.
such as tslint or OWASP DependencyCheck. For extra quality assurance, team leaders should consider peer reviews, pre-commit hooks, and automated testing; they should implement formal tracking of third-party libraries; and they should use both automated and manual testing, and pentests, and adopt tools like ZAP for automated Web-attack detection. During release, DevOps teams should review configurations for security flaws, and employ tools like Open Policy Agent, ELK stack, and Prometheus to ensure secure deployment.
Taming The Chaos
Vigilance should be the default state of every digital business, and we are now firmly in an era where every business is digital. To please both markets and regulators, enterprises can no longer afford to deploy applications like setting free wild horses. They must tame the experience or risk a fatal hit to their brand.
confidence can mean the end of a brand.
The hidden opportunity
Hadi Jaafarawi, Regional VP for Middle East & Africa, Qualys, asserts the great security threat of containerization is really an opportunity in disguise.
When the United Arab Emirates’ public and private sectors moved, at unprecedented scale, to the cloud in the early 2020s, organizations introduced several complexities into their everyday business cycles. Dependent as they are on technology, many business functions have been left vulnerable to previously non-traditional IT architectures. A mix of cloud environments, remote workers and third-party domains has expanded the cyberattack surface to seemingly unmanageable proportions.
One aspect of the emerging complexity is the growing popularity of application containers. Containerization is an indispensable technology when building cloud-native digital experiences. At design time, DevOps teams take the business logic of an application and bundle it in a way that it can work with an array of virtualized operating systems at runtime. Containers are eminently portable and reusable, and their deployment is easy to automate. The benefits to DevOps are clear. In a digital economy populated with digital natives, experiences must be digital and evolve with the changing needs and tastes of consumers.
Containerization has particular promise for the e-commerce, finance, and healthcare industries — three sectors that are growing
in the UAE. When deploying at speed and scale, the container’s lack of interference with other applications is an extremely attractive quality, as each comes with its own virtualized system of compute, storage, and network resources. It can go anywhere; no specialized versions are required for different environments. This quality also allows devs to add microservices more quickly. Global figures from Forrester suggest as many as 64% of organizations have either implemented or are about to implement containers using Kubernetes-based public cloud services. And Gartner expects the proportion of containerized on-premises production workloads will increase from less than 5% in 2022 to 15% by 2026.
So, what about security?
There is every reason to expect the UAE to reflect the global trend. However, containers present a runtime blind-spot. We are, after all, talking about a roster of digital assets that do not exist until the container system creates them. How do you protect these potential assets? It is important to note that each real-world host machine is limited only by memory capacity in regard to the number of containers it can instantiate. It is also unlimited in how it may transport these asset instances from place to place to fulfil service-availability requirements. So, the owner organization, and
its security team, is faced with lots of possibility as well as uncertainty. Orchestration tools like Kubernetes can only go so far, in that they manage instantiation from availability and efficiency standpoints. Security tooling must go further to deliver real-time, accurate, all-encompassing views of the container environment. Agentless and snapshot-based approaches are insufficient. Another challenge is the performance issue. Kubernetes already has tools to optimize performance, but there is no denying that any security add-ons will impact this, which is bound to provoke responses from a variety of
Hadi Jaafarawi
Regional VP for Middle East & Africa, Qualys
stakeholders, perhaps most of all, the DevOps team itself. Meanwhile, since container ecosystems are made of opensource building blocks, any included package or code library can bring vulnerabilities.
But strangely, the same factors that make containers such a security concern also make containerization an opportunity to improve security. Containers may carry software vulnerabilities with them wherever they go, but the process of
advise the establishment and diligent maintenance of an asset inventory that will include a real-time list of in-memory containers. This is made possible by modern security platforms that use asset inventories to predict risk at runtime. Vulnerability management is also a longrunning security standard, which can be applied to prioritizing issues found in containers by uniting threat intelligence and business context. This is a critical capability for container environments
because of their association with open source and the potential to have higherthan-average vulnerability counts. As much as existing security best practices will go a long way towards securing containerization systems, not even a change as technical as this happens in a vacuum. Any steering committees already in place to address matters of digital transformation must be informed of vulnerability findings and what their mitigation will mean for non-security
containerization can be revisited to include fixes that also travel with the container. The presence of a consistent environment from design to production means that if we detect vulnerabilities and patch them, we can sanitize the entire development lifecycle. Modern security tools are already capable of scanning container images (the design-time templates that sit in registries waiting to become runtime entities). If problems are fixed at source, then robust security is duplicated everywhere instantiation occurs. This principle applies to every element of the development cycle, from third-party libraries to DevOps’ own code. If enterprises fix design-time flaws, runtime assets will carry these as a shield against exploitation.
Sanitizing the supply chain
Containerization best practices are still in their infancy, but cybersecurity methodologies are not. Any CISO will
Only DevOps is in a position to protect containers at runtime from zero-day threats.
and even non-tech stakeholders. CISOs should impress upon dev leads the criticality of robust containerization, especially as it relates to the global rise of supply-chain attacks. Only DevOps is in a position to protect containers at runtime from zero-day threats. Assuming teams are collaborating efficiently, leading-edge threat-detection tools can be leveraged to analyze container images and nip potential vulnerabilities in the bud, thereby releasing the organization from the anxiety of having to rely on signaturebased detection methods at runtime.
Containers put deployment at speed and scale within our grasp. But as tempting as it is to start grasping, we must not forget the fundamentals of risk management. The threat is real and on our doorstep. Ultimately, the future of containerization lies not only in its capacity to accelerate innovation but in the ability to balance that with diligent, forward-thinking risk management.
Tales from the crypt
Carlos Aguilar Melchor, Chief Scientist – Cybersecurity, SandboxAQ, shines a spotlight on the silent saviour against cyber horrors.
Following the rise of cloud and mobile computing — not to mention a pandemic that forced many in the Middle East to embrace both technologies — our attitude to cybersecurity has undergone a sea change. A PwC survey showed that 45% of Middle East organisations placed the mitigation of cyber risk as a top priority for 2024. For comparison, only 38% were prioritising inflation. The same poll showed that 77% of regional enterprises would be increasing their cybersecurity budgets this year. Figures like these serve as strong indicators of the anxiety the cyberthreat landscape engenders in boardrooms around the world. But determination alone is illfated against the cyber hordes. It is all very well to now be wise to the booby-gift at the gates, but what about the threats you cannot readily see? Firewalls, endpoint security, identity access management (IAM) tools, and others are not foolproof in a world in which cyberthreat actors have moved lightyears ahead of wooden horses. Few today talk of the technology that arguably is our greatest countermeasure. Stealthy though it may be, cryptography stands as our silent defender.
The great mitigator
Cryptography offers effective defence against the most common threats we face today. By encrypting sensitive files, and
properly protecting the associated encryption keys, we take a huge step towards preventing attackers from gaining access to our crown jewels. If we encrypt to the highest industry standard, we ensure that even attackers that exfiltrate personal, payment, or IP data will not be able to use that information. So, cryptography mitigates the risk of extortion in ransomware campaigns. Cryptography, with robust key-management policies, can also protect against advanced persistent threats (APTs). Indeed, key-management policies ensure key rotation and guide employees on best practices when generating and issuing keys. Practices like these lay the groundwork for more secure authentication and authorisation because they enable time-limited and granular access to resources and data. This practice protects services, data at rest, and data in transit, all of which are key in the context of APTs.
But as with all great tools, cryptography must be used properly to effect positive results. Despite its many benefits, encryption and authentication mechanisms remain largely overlooked allies. This oversight has led to fragmented and poorlymanaged, or not managed at all, cryptographic ecosystems, and most Middle East organisations today would likely be unaware of the precise state of their cryptographic assets. This leads
Carlos Aguilar Melchor Chief Scientist – Cybersecurity, SandboxAQ
to regular outages, high governance and risk mitigation costs, and a state of vulnerability in an area where most organisations consider themselves secure. Many business executives believe encryption to be a straightforward, boxticking exercise and are not aware of the spectrum of quality that pertains to it, nor of the associated direct and indirect losses resulting from low quality approaches.
Plugging all gaps
Any plan must begin with a status
key rollovers, and to the cryptographic algorithms that underpin it all. Continuous and (partially) automated auditing is thus key. However, it can lead to significant technical debt that some enterprises may struggle to manage effectively. Implementing cryptographic agility can help reduce this burden by allowing systems to adapt to new cryptographic standards, or repair issues, more easily and cost-effectively. My colleagues and I think of it as the ability to effectively manage risk related to the
changing needs of cryptographic systems. Gartner tells us that crypto-agility plays a major role in defending against a fluctuating threat landscape. In 2017, the analyst firm said those organisations with an established crypto-agility plan would suffer 60% fewer breaches that could be tied back to encryption failures. So, there is a measurable incentive to get it right. Every enterprise wants to be technologically agile. This must also apply to our most silent sentinels. In an interview with Emirates News Agency
audit. How does the organisation use cryptography? What keys are live and in service, how are they secured, and how are they allocated? Care must be taken to specify the frequency of key rotation and to understand, in detail, the potential business impacts of compromise for every key in service. And when vulnerabilities are discovered, what then? A plan of action is required for such discoveries. The same scrutiny must apply to vulnerabilities in cryptographic libraries, to urgent
60%
the analyst firm said those organisations with an established crypto-agility plan would suffer 60% fewer breaches that could be tied back to encryption failures
(WAM), from mid-2024, Dr Mohammed Hamad Al-Kuwaiti, Chairman of the UAE Cybersecurity Council, announced new regulations on key standards for data-transmission security in line with quantum systems will be rolled out by the end of the year. While giant horses may be a thing of the past, crypto-agility can protect us from the thousands of would-be infiltrators that try to tunnel into our digital estates daily. If we take it seriously.
OPSWAT has achieved Class 1 Division 2 (C1D2) certification, setting a new benchmark in safety and cybersecurity for hazardous environments. This certification ensures that MetaDefender Optical Diode meets the strict operational and safety standards required for industries where reliability is paramount.
“The MetaDefender Optical Diode is engineered to meet the highest standards of safety and security, providing organizations in high-risk sectors with the confidence that their critical systems remain protected,” said Mark Toussaint, Senior Product Manager, OPSWAT. “In industries where any equipment failure could have catastrophic consequences, this certification reinforces our commitment to delivering resilient, reliable security solutions that safeguard both data and operations.”
The C1D2 certification is essential for organizations operating in environments with potential explosive hazards, such as oil and gas, chemical processing, and pharmaceutical industries, where combustible gases, vapors, or dust pose significant risks. This certification assures organizations that the MetaDefender Optical Diode has undergone rigorous testing to ensure safe operation in these environments, meeting both regulatory requirements and industry safety standards.
By incorporating C1D2-certified equipment, businesses enhance operational
OPSWAT’s MetaDefender
Optical Diode Achieves C1D2 Certification, Enhancing Safety and Cybersecurity in Hazardous Environments
safety, reduce the risk of accidents, and ensure compliance with stringent industry regulations. The MetaDefender Optical Diode plays a crucial role in preventing data breaches and securing information flow across industrial networks, helping industries maintain both physical safety and cybersecurity.
The MetaDefender Optical Diode offers unidirectional data flow, ensuring that sensitive networks remain isolated from potential threats originating from less secure, lower-level networks. This unique capability is essential for safeguarding critical infrastructure, especially in environments where physical safety and cybersecurity are equally vital.
“With the Din Rail version now certified, the MetaDefender Optical Diode is
the only data diode capable of safely operating in hazardous environments where this certification is required,” said Mark Toussaint, Senior Product Manager, OPSWAT. “This milestone highlights the importance of advanced security solutions that not only protect critical OT assets but enable business continuity in the most challenging conditions.”
The C1D2 certification enables deployment across key industries, including oil and gas, where it protects critical operational data in remote and hazardous locations; chemical processing, where it secures data exchange between mission-critical systems in volatile environments; and pharmaceuticals, ensuring safe and compliant data transfer in regulated industries.
HPE Introduces NextGeneration ProLiant Servers Engineered for Advanced Security, AI Automation and Greater Performance
Hewlett Packard Enterprise has announced eight new HPE ProLiant Compute Gen12 servers, the latest additions to a new generation of enterprise servers that introduce industry-first security capabilities, optimize performance for complex workloads and boost productivity with management features enhanced by artificial intelligence (AI). The new servers will feature upcoming Intel Xeon 6 processors for data center and edge environments.
“Our customers are tackling workloads that are overwhelmingly data-intensive and growing ever-more demanding,” said Krista Satterthwaite, senior vice president and general manager, Compute at HPE. “The new HPE ProLiant Compute Gen12 servers give organizations – spanning public sector, enterprise and vertical industries like finance, healthcare and more – the horsepower and
management insights they need to thrive while balancing their sustainability goals and managing costs.”
Chip-to-Cloud and Full Lifecycle Security
The HPE ProLiant Compute Gen12 portfolio sets a new standard for enterprise security with built-in safeguards at every layer – from the chip to the cloud – and every phase of the server lifecycle. HPE Integrated Lights Out (iLO) 7 introduces an enhanced and dedicated security processor called secure enclave that is engineered from the ground up as HPE intellectual property. HPE ProLiant Compute servers with HPE iLO 7 will help organizations safeguard against future threats as the first server with quantum computing-resistant readiness and to meet the requirements for a high-level cryptographic security standard, the FIPS 140-3 Level 3 certification . The chip-enhanced security features of HPE iLO 7 uniquely distinguish HPE ProLiant servers from other vendors. Embedded into the server hardware, secure enclave establishes an unbreakable chain of trust to protect against firmware attacks and creates full line-of-sight from the factory and throughout HPE’s trusted supply chain. This extends to the end of the product lifecycle with HPE Onsite Decommission Services which collects equipment and transports it to an authorized sorting and recycling facility.
AI-Driven Insights Improve Operations Management, Automation and Power Efficiency
HPE Compute Ops Management is a cloud-based software platform that helps customers secure and automate server environments. Proactive and predictive automation, now enhanced with AI-driven insights, helps organizations improve energy efficiency by forecasting power usage and enabling enterprises to set thresholds to control costs and carbon emissions on a worldwide level. A new global map view simplifies management so customers can instantly identify server health issues across distributed IT environments and multi-vendor toolset integration reduces downtime by up to 4.8 hours per server every year . Automated on-boarding simplifies server set-up and ongoing management, particularly in remote or branch-office deployments where local IT resources are not available.
KSA - APRIL SINGAPORE - 24 OCT INDONESIA - 27 OCT MALAYSIA - 29 OCT INDIA (MUMBAI) - 12 NOV INDIA (BENGALURU) - 14 NOV KENYA - 19 NOV
