l l
SAFE-T’S SECURE DATA ACCESS
NETAPP REVAMPS PARTNER PROGRAMME
PA G E S 6 0 VOLUME O8 | ISSUE 09 JUNE 2021 WWW.EC-MEA.COM
SOLARWINDS
MOVING TOWARDS SECURE BY DESIGN Transforming the security of organisations through programmes, policies, teams, and culture.
SASCHA GIESE, SolarWinds Head Geek.
More than ERP Take control of your entire business, from supply chain to sales with Sage Business Cloud X3. Software for established businesses looking for greater efficiency, flexibility and insight.
Not your typical ERP Regain control and agility with a faster, simpler and more flexible business management solution.
Faster
Simpler
Flexible
Sage X3 accelerates your entire
Sage X3 adapts to users’ unique
Sage X3 offers flexible
business – from procurement to
roles, preferences and workflow
configuration options and
production, warehousing, sales,
and delivers secure cloud and
applications to support your
customer service and financial
mobile access to the data they
industry-specific processes and can
management – and delivers faster
need, while simplifying the
be operated in the cloud –
insight into costs and performance
management of your company
managed by Sage – or in your
at every step, on a global scale.
software infrastructure with one
company data centre, giving you
cohesive suite of applications.
total control over your IT strategy.
www.redingtonvalue.com
sales.value@redingtonmea.com
H Hotel, Business Towers, SZR, 7th Floor, Dubai, UAE
MANAGING DIRECTOR TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM
SECURITY REVISITED
EDITOR ARUN SHANKAR ARUN@GECMEDIAGROUP.COM CEO RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM
ARUN SHANKAR, EDITOR A R U N @ G E C M E D I A G R O U P. C O M
Two events topped the list in May. The first was GEC Media Group’s virtual security symposium, where the region’s top security decision makers were recognized. This was a faceto-face event with 100+ attendees, while maintaining social distancing and non-contact engagement with masks. Some of the keynote speakers and participants at the event, commented that this was their first face to face event after a span of more than a year, and while they felt a bit rusty, it was good to be back. The second event was Gisec 2021, the region’s leading security industry exhibition and conference. This was also an in-person event with stringent and strict, non-contact and socially distanced visitors, touring the event and attending the conference. Gisec 2021 witnessed the presence of at least four country pavilions namely Israel, Germany, Turkey and Poland. A large number of exhibitors were first time participants into the region. Microsoft and distributor Spire Solutions had the largest sprawl in Gisec 2021 with the presence of channel partners and vendor partners respectively. The choice of speakers and the quality of the presentations at the Gisec conference was exceptional, with combined global and regional insights and comparisons made during the presentations. However, what was particularly brisk and therefore interesting was the activity at the Connexions lounge. This was the venue for pre-arranged, face to face, one on one meetings. It almost seemed as if the participants were trying to catch up for time lost in the previous 12+ months. Turn these pages to catch a glimpse of these events through our image gallery pages. In our lead feature this month, Sascha Giese at SolarWinds, takes us through the restructuring of this enterprise networking vendor and its products. The approach adopted by SolarWinds to rebuild the confidence of the technology industry, whose vendors and channel partners are its primary customers, is a secure by design approach. This applies both to best practices in security policies and software development. SolarWinds wants to transform the security of organisations through programmes, policies, teams, and culture. Security analysts rank the SUNBURST supply chain attack, that crippled SolarWinds’ customers, as one of the most sophisticated cyberattacks in history. The attack makes clear that current software development procedures, many considered as best practices, are no longer safe. Because of the complexity behind the attack the same strategy may have been used to attack other vendors as well SolarWinds could reconstruct the events as logs were still available dating all the way back to 2019. Keeping logs for 90 days, which is the default for many devices, is insufficient and should be reevaluated. US government and private-sector experts have stated their belief that a foreign nation-state conducted this intrusive operation. Turn these pages to learn more. As the pace of digital transformation picks up, vendors are scrambling to realign their partner programmes with net new market opportunities, meeting customer expectations, and aligning with hyper scalar market dynamics. We present some of these initiatives being adopted by NetApp. We wish our readers a prosperous summer season ahead. ë
03
MEA
J U N E 2 0 21
GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM GROUP SALES HEAD RICHA S RICHA@GECMEDIAGROUP.COM EVENTS EXECUTIVE GURLEEN ROOPRAI GURLEEN@GECMDIAGROUP.COM RONIT GHOSH RONIT@GECMDIAGROUP.COM JENNEFER LORRAINE MENDOZA JENNEFER@GECMDIAGROUP.COM SALES AND ADVERTISING RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM PH: + 971 555 120 490 PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM DESIGNER AJAY ARYA ASSISTANT DESIGNER RAHUL ARYA DESIGNED BY
SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA YASOBANT@GECMEDIAGROUP.COM PRINTED BY Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE # 203 , 2nd Floor G2 Circular Building , Dubai Production City (IMPZ) Phone : +971 4 564 8684 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.
Dell EMC VxRail Turnkey HCI platform proven to accelerate data center modernization, drive IT transformation, and simplify the path to the hybrid cloud Unlock �innovation Foster operational freedom Evolve predictably For details, contact your authorized distributor Mindware at delluae@mindware.net | www.mindware.net
CONTENTS 34-37/ COVER STORY
SOLARWINDS MOVING TOWARDS SECURE BY DESIGN 03
EDITOR’S PAGE
38-42
CHANNEL
07-13
43-47
14-21
52-53
GEC SECURITY SYMPOSIUM 2021
54-57
VIEWPOINT EVENTS
22-23
EVENTS GISEC 2021
SECURITY REAL LIFE GUEST COLUMN 58
PEOPLE
50-51
CHANNEL STREET ARCON: Challenges of monitoring and managing privileged activities NETAPP: Preparing an evergreen partner programme for tomorrow
48-49
INNOVATION
Safe-T: Taking secure access to data to the next level
J U N E 2 0 21
MEA
05
VIEWPOINT
INDUSTRIAL CHANNEL PARTNERS NEED TO INCLUDE CLOUD The pandemic has prompted a review of more than half of all large-scale global industrial projects, and cloud is an opportunity channel cannot ignore.
C
loud computing solutions enable enterprises across verticals to power their digital transformation journeys. Living in a pandemic has made every business realise the need to be digitally agile, robust, reliable, and secure. Deploying the cloud for business is the fastest and surest way to achieve this. Every other digital transformation solution can be bolted on after the enterprise has adopted and migrated to a cloud platform. Customers from all industries are either planning to migrate to cloud platforms or have already started that journey. It is imperative for system integrators and value-added partners for industrial solutions, traditionally facing oil and gas, energy and power, engineering and construction and utility networks, to similarly advance their journey into the cloud and keep pace with their customers. As every organisation moves towards becoming a cloud-first business, channel partners must make a similar transition – or risk being left behind. If you dealt with the vice-president of capital projects or the chief investment officer before, now be prepared to interface with other personas including the chief information officer, chief digital officer, and chief innovation officer. The language of business services has evolved from long-term returns to shorter demandbased consumption and outcome-based returns. Channel partner solutions and services therefore need to integrate laterally with other enterprise application solutions. Cloud-based application interoperability, OT-IT gateways, digital twins, manufacturing execution systems and cyber security policies are now as important, if not more so, than the upgrade of the ten-year old SCADA control systems that is on your quotation list. With your customer now likely to be a digital-first C-suite executive, it is necessary that your credentials showcase technical proficiency as well as the skills of a trusted advisor. The key consideration for this new breed of corporate partners is likely to revolve around delivering the plug-and-play infrastructure that eases their digital transformation. As channel partners begin or advance in their cloud skills development, they need to progressively move through a checklist to guarantee great customer experiences and complete satisfaction. Key questions to understand customer requirements l What is the customer’s cloud adoption strategy and progress in cloud adoption? l Is the customer looking for choice and flexibility?
As every organisation moves towards cloud-first channel partners must make a similar transition
KERRY GRIMES,
Head of Global Partners, AVEVA.
Channel partner solutions need to integrate laterally with other enterprise application solutions l What is the business value that cloud will need to deliver in the short and medium term? l Do you know the IT decision makers and their technology expectations? l Do you have an Opex based service price list to combine with the vendor’s?
Key questions to select the most ideal vendor offerings l Does the enterprise application vendor offer all flavors of cloud? l Are the solutions suitable for the target markets you operate in or plan to? l Does the vendor have a cloud partner program and specialisation? l Does the vendor offer training programs for your cloud enablement? l Is the vendor incentivising your cloud services? The cloud is not a short-term strategy for either the customer, the channel partner or the vendor. For now, it is a joint partnership effort and all stakeholders can benefit over the medium and long term. Technology and innovation are very important in the customer’s digitalisation journey, and trust, partnership and the human journey are the keys to success.ë
J U N E 2 0 21
MEA
07
VIEWPOINT
CISOs WILL NEED TO FOCUS ON CYBERPHYSICAL SYSTEMS Faced with growing threats to critical assets, organisations need to expand security programs to encompass cyber-physical systems.
I
n early February, an unknown hacker remotely accessed a computer system at a water treatment plant in Florida and attempted to increase the amount of sodium hydroxide in the water supply to potentially dangerous levels. An operator noticed the intrusion, but the incident shows the potential for harm when the cyber and physical worlds intersect. These cyber-physical systems introduce a new set of risks that few security and risk leaders have had to consider. Although enterprise IT security is generally well-known and managed, cyberphysical systems challenge traditional security approaches. That is because these systems process more than information; they manage and optimise physical outcomes, from individual processes to entire ecosystems. In a recent Gartner survey, security and risk leaders ranked the Internet of Things and cyber-physical systems as their top concerns for the next three to five years. Due to their very nature, cyber-physical systems face security threats unlike those affecting enterprise IT systems. They are typically used in operations or mission-critical environments where value is created for organisations, so attackers are increasingly targeting them. The term cyber-physical systems encompass concepts such as IoT, smart city and systems created as a result of operational technology and IT convergence. By using the broader term, Gartner encourages security and risk leaders to think beyond IT security and develop security programs encompassing the entire spectrum of cyber-physical risk. Gartner predicts that by 2025, 50% of asset-intensive organisations such as utilities, resources and manufacturing firms will converge their cyber, physical and supply chain security teams under one chief security officer role that reports directly to the CEO. Some types of threats to cyber-physical systems go way back, for example, insider threats. In 2000, a disgruntled contractor manipulated SCADA radiocontrolled sewage equipment for the Maroochy Shire Council in Queensland, Australia, to dump 800,000 liters of raw sewage into local parks. More recently, ransomware attacks have brought down gas pipelines, halted logistics operations and disrupted steel production. GPS spoofing has affected ship navigation, and hackers accessed a casino’s high-stakes gamblers database through an aquarium.
Cyber-physical systems face security threats unlike those affecting enterprise IT systems
KATELL THIELEMANN, VP Analyst, Gartner.
Risk leaders need to think beyond IT security and develop security programs encompassing cyber-physical risk There are also emerging threats to look out for. 5G, for example, has many benefits such as faster communications, but security standards are complex and targeted attacks are likely to increase. Other emerging threat vectors include the unique risks presented by drones, smart grids and autonomous vehicles. Start by documenting your organisation’s business strategy, identifying the technology drivers and environmental trends that are unique to your enterprise, and mapping them to a broad view of cyber-physical risk. Use voice of the business language to lay out a vision statement that directly links the security and risk profiles of your organisation’s cyber-physical systems to business outcomes. For example, a public utility’s vision for cyber-physical security could be: We will enable delivery of reliable, economical and highquality electricity services by ensuring safe, resilient, compliant and secure operations from our processing facilities and transmission infrastructure all the way to the client. Then, follow a classic strategic planning process to formalise the vision into actions Unlike most IT cybersecurity threats, cyber-physical threats are of increasing concern because they could have a wide range of impacts, from mere annoyance to loss of life. ë
J U N E 2 0 21
MEA
09
VIEWPOINT
COMBINING THE POWER OF BIG DATA, AI, AND MACHINE LEARNING Antoine Harb of Kingston Technology writes about unleashing the combined power of Big Data and artificial intelligence and what it means for organisations.
A
n avalanche of data has ushered in an era that is being fueled by its power and influence. A growing number of businesses use big data to analyse patterns, extricate insights and establish links or associations to predict future trends and consumer behaviors. This results in better implementation of strategies and optimised use of corporate resources and assets. When value is rightly maximised and timely extracted from a large volume of structured and unstructured data sets, exponential advancement occurs. More importantly, big data is now being leveraged to address and turn some of the world’s biggest and most complex problems into opportunities. Amidst its increased utilisation, the big data analytics market is expected to hit the $103 Billion mark by 2023. Big data fuels and enables AI, machine learning and deep learning which are tools necessary to equip organisations with high-level data analysis capability to function at their full potential. More and more industries, including most financial and healthcare sector, are combining the power of big data, AI, and machine learning to plan, reason, learn and achieve future growth. As a result, AI-driven services such as virtual personal assistants, chatbots, marketing automation and speech-to-text, among others, elevate customer experience and journey. AI applications, through machine learning and deep learning, are equipped to self-optimise and self-learn. By analysing a huge chunk of information from multiple sources and making changes accordingly with high accuracy level, AI can effectively deliver faster and more efficient services to customers. In the financial sector, for instance, companies deploy AI and machine learning algorithms to optimise their portfolios and profitability prospects, as well as study market trends and developments. The technologies can also be utilised for asset price back-testing, high-frequency trading and loan application evaluation, among others. Next to the financial industry, the healthcare sector is another industry that is already benefiting from these modern tools. During this pandemic, as pointed out by the Organisation for Economic Cooperation and Development, OECD, AI can assist in examining patient records, categorising risk groups, and recommending the best approaches to implement vaccination plans, to name a few. Moreover,
Big data fuels and enables AI, machine learning and deep learning
ANTOINE HARB,
Team Leader, Middle East and North Africa at Kingston Technology.
The powerful combination of big data, AI and machine learning can take growth and development to new levels hospitals and other healthcare providers can make use of data taken from wearables and other similar consumer devices to detect and diagnose diseases. With the disruptive impact of data-powered AI combined with machine learning and deep learning, the possibilities to transform and reshape today’s digital world are endless especially upon the full implementation of the 5G network and the Internet of Things. For this reason, there is a need to bolster processing power and data-storage technology. Such an infrastructure is critical to building a workplace of the future and establishing an AIdriven business able to drive innovation and gain a competitive edge in an ever-evolving world. Specifically, investments in infrastructure aligned with the specifications of the latest CPU, GPUs, next-generation memory and NVMe SSDs are going to be instrumental in enterprises’ bid to keep up with the changes brought about by game-changing technological innovations such as AI. The powerful combination of big data, AI and machine learning can take growth and development to new levels. To have a resilient strategy and approach concerning this, as a first step, it is important to build data protection and management strategies that work.ë
J U N E 2 0 21
MEA
11
VIEWPOINT
COST-EFFECTIVE SOLUTIONS TO PROTECT SMBS FROM ATTACKS While choosing a managed detection and response provider, the track record in finding attacks is key with experienced providers quickly identifying threats.
T
he time taken to detect a cybersecurity incident will determine the extent of the damage done. According to Kaspersky’s latest research, small and medium businesses, SMBs, with fewer than thousand employees that identified a data leak immediately suffered 17% less financial damage than those that detected it after a week or more. The same survey found that only 10% of businesses in this segment managed to detect a breach immediately. Cybercriminals are more likely to conduct advanced attacks when the cost of organising it is lower than the potential revenue. That is why sophisticated attacks usually target large enterprises. However, attacks against SMBs have become profitable as the toolkits needed to mount successful attacks have become low-cost commodities, readily available on the internet. Also, cybercriminals may not even use malware at all. They can misuse the legitimate functionality of an operating system or remote administration software to collect credentials or gain access to information without being noticed by endpoint prevention products. Such threats are not only difficult to spot but they often cannot be blocked automatically as they are similar to the everyday actions of an IT security administrator. Without further investigation, these response measures can disrupt important business processes. To deal with such threats, businesses need advanced solutions that can collect and correlate security-related data, as well as an experienced team to analyse and respond to incidents. However, security budgets are falling behind the needs of protection. In these circumstances, a cost-effective solution is to share the costs of a security operation centre, SOC, or a dedicated unit responsible for proactive searches of potential threats and analysis of alerts, with other companies. This is exactly what managed detection and response, MDR, offers. While choosing an MDR provider, its track record in finding attacks is the key factor to consider. Experienced providers can quickly identify threats, as they know about malicious tactics first-hand and are aware of emerging attack strategies. It is also important to look at the technologies that the service is built on. Systems that utilise machine learning should be effective enough that most threats can be prevented without manual human intervention. Customers also need to pay attention to the response options a vendor offers.
While choosing an MDR provider, its track record in finding attacks is the key factor to consider
AMIR KANAAN,
Managing Director, Kaspersky.
Attacks against SMBs have become profitable as the toolkits needed to mount successful attacks have become low-cost commodities Ideally, MDRs should be flexible: in some cases, an MDR team will work remotely, while in others, internal staff can react to their following instructions from the MDR. The latter is helpful at the beginning of a partnership, as a customer needs to ensure that the recommendations work with their network and processes. Also, some prefer to respond on their own in case critical assets, such as computers belonging to executives, are involved. It is also important to choose an MDR provider that can quickly react to incidents that may cause huge damage. Of course, 24*7 service is vital. The ability to consult with analysts directly is also important. This will help in situations when an internal team needs more comprehensive help or advice. MDR can help organisations that need to quickly improve their threat detection and response capabilities. It does not mean, however, that customers stop developing internal expertise. If they want to grow a mature cybersecurity function inhouse, an MDR service will help in this transition period. Later, MDR can be a supporting force that allows internal security analysts to focus on the most critical incidents. In case a company prefers to outsource threat hunting and incident response, it is worth polishing third-party management skills, to better handle outsourced functions. ë
J U N E 2 0 21
MEA
13
EVENTS
GEC Security Symposium 2021 ends with huge success On May 26, the fourth edition of GEC Security Symposium 2021 presented by Cyber Sentinels and Spire Solutions was held at Palazzo Versace Dubai, Jaddaf Waterfront. The event saw participation of nearly twenty IT decision makers who exchanged critical knowledge on the modern-day vulnerability landscape. The yearly mega event continued its tradition of recognising outstanding individuals and companies in the security field through CISO 2021 Awards and Future Security Leaders Awards. Below are the key highlights of the event: Anas Elsadig Eltahir, Senior Information Security Specialist, Government of Dubai Legal Affairs Department Eltahir delivered the keynote address highlighting the ongoing trend of remote work culture across the globe. He discussed how work from home arrangements can open multiple vectors for cyberattacks.
Siddhartha Murthinty, Chief Solutions Architect, Spire Solutions
Murthinty delivered a session on Packets Don’t Lie: Detection & Response. The key premise for the presentation was that network data was not made for security. He highlighted that average dwell time is 78 days to find an attacker. Murthinty said that network data health logs have a visibility gap. He also elaborated network visibility, hunting and analytics.
Dr Hoda Alkhzaimi, Director of Centre of Cyber Security, New York University Abu Dhabi; President, Emirates Digital Association for Women
14
MEA
J U N E 2 0 21
Alkhzaimi delivered a session on Rethinking the enterprise perimeter in the pandemic and transformation world. She discussed how Covid19 has accelerated digitisation of customer interaction by several years. Remote working and collaboration are the top areas where change is witnessed the most. Cloud and digitalised services are going to stay, she added.
Tareque Choudhury, Vice President - Technology Risk & Enterprise Architecture, Risk Management Architecture & Governance, Dubai Airports
Choudhury delivered a presentation on Transforming a Cyber Intelligence Programme at The World’s Busiest International Airport. Dubai Cybersecurity Strategy issued by Dubai Electronic Security Centre, DESC, focuses on cyber threat and compliance. Dubai Cyber Index ensures Dubai is the safest cyberspace place in the world. Choudhury said that the challenges include rapid growth of Dubai Airport, regulatory compliance, ability to monitor enterprise and airport’s systems infrastructure. He also mentioned that getting skilled resources takes months. He highlighted that cybersecurity is among the top risks for them. Choudhury also highlighted the Dubai Airport network infrastructure: 52,000 lights, 3,300 Wi-Fi access points, 110,000 network points, 100+ km of baggage belts and 5,000 security on doors. Digital Defence Centre monitors 150 big data servers, 20+ gbps network. He said that the focus is on engineering services, IoT and industrial control systems.
EVENTS
Hariprasad Chede, Chief Information Security Officer, National Bank of Fujairah l Rohit Bhargava, Business Unit Head, CloudBox The panel was moderated by Arun Shankar, Sr Editor, GEC Media Group. Ahmad said that post the pandemic, CISO’s role also includes taking care of remote worker’s cybersecurity. He added that the transition to the cloud has been boosted. Naqvi said that Board members have realised that information security is something they cannot go wrong with, and it is important to get the right kind of skill set. Naqvi added that Board members want to be aware of the security risks but want to leave the managing part of it to the CISO. Chede said that the culture towards security has changed. He said that security is everyone’s responsibility and managing it needs a transformational culture. Bhargava added that there has been virtualisation and outsourcing of services. He cited examples where CISOs directly reporting to the CEOs can spot the risks faster and hence mitigate those sooner. Among the proactive steps that a CISO can take to ensure, peers, top executives, and the board have confidence in the ability to manage a significant breach, Naqvi says that all controls need to be in place and be automated. Ahmad says that creating transparency is key while Chede believes that the culture is crucial. CISOs should only be focused on the business and convert data into value, Bhargava added. l
Choudhury said that budgets were slashed but cybersecurity had to continue. They developed cyber bots using AI called NEO. There were 182,000 cyber incidents in Q1 2021 and 17% were managed by NEO.
Anil Bhandari, Chief Mentor & Thought Leader, ARCON
Bhandari spoke on Next Gen Approach to Digital Identities and Vaults. Footprints of the identities are moving out of the premise and converging into the cloud. Digital identities must be at the core of everyone’s cyber protection programme. Digital identities need to be protected and digital vault in the cloud can play an important role. He mentioned that resilient framework is needed to respond quickly to threats. Identities are the gateway to do anything in digital space. Redesigning the cybersecurity framework needs to be constant.
Vijay Babber, Senior Channel Manager MEA, Gigamon
Babber delivered a session on Securing the Data Highway with NextGen Visibility. He discussed that hybrid environment is the reality for today’s enterprises.
Ashish Khanna, Information Security Professional, Dubai Government Entity
Khanna spoke about how some of the businesses had to shut physical offices and go online. He added that the UAE is going through a cyber-pandemic and healthcare and financial sector have been the most affected ones. What needs to be protected is evolving now. Detection is becoming difficult with the rise in remote work environment, and this delays the response as well. Increasing need of knowing the unknown is the new reality for cybersecurity defenders.
Panel discussion: Reporting to the board, has the pandemic elevated the CISO’s role, position
The panel included: Bilal Ahmad, Head Information Security & Business Continuity, Union Cooperative Society l Syed Mohammad Ali Naqvi, Head of AI, Data and Analytics Al Hilal Bank l
Panel discussion: Best practices to manage and administer the security organisation
The panel included: Jean-Michel Briffaut, Rail OT Cybersecurity Manager, Serco Dubai Metro l Prashant Nair, Group Head of Operational Risk and Control, Network International l Sheeba Hasnain, Head of IT Operations, Transportation Systems Department, Sharjah l Jacob Mathew, IT Consultant, Government of Abu Dhabi l Wissam Saadeddine, Regional Manager ME, Infoblox The panel was powered by Help AG and moderated by Nicolai Solling, Chief Technology Officer, Help AG. The event progressed with an Exclusive Secret Briefing - Adapting the Hacker Perspective were held by Siddhartha Murthinty, Chief Solutions Architect, Spire Solutions and Mohieddin Kharnoub, Chief Revenue Officer, Spire Solutions. Anushree Dixit, Global Head Content & Strategic Alliances, GEC Media Group and Dr Erdal Ozkaya, President of Global CISO Forum announced the launch of Global CISO Forum. Partners and sponsors of GECSS 2021: l Title Sponsor: Spire Solutions l Cyber Security Partner: Help AG l Gold Partners: Gigamon, Redington, SentinelOne l Privileged Access Management Partner: Arcon l Strategic Partners: Infoblox, iconnect l Exclusive Managed Security Partner: Cloud Box l Supporting Partners: Rubrik, AHAD, Genetec l
J U N E 2 0 21
MEA
15
EVENTS
GEC Security Symposium 2021 announces winners of CISO Awards and Future Security Awards On May 26, Cyber Sentinels and Spire Solutions presented CISO Awards and Future Security Awards 2021 at GEC Security Symposium. The Cyber Sentinels CISO Awards recognised the hard taskmasters of security in the digital enterprises and felicitated their unwavering commitment towards their organisation’s security infrastructure. The award recognised the top 33 security champions who are using technology to secure critical business information assets and minimise risk while delivering business value. The award ceremony was a platform to showcase their achievements, share their expertise and knowledge.
CISO Awards 2021 Winners l l l l l l l l l l l l l l l l
Adam El Adama, ABU DHABI PORTS Aliasgar Bohari, Zulekha Hospital Anas Elsadig Eltahir, Dubai Government – Legal Affairs Department Ashish Khanna, Dubai Health Authority Bilal Ahmad, Union Cooperative Society Dr Hoda Alkhzaimi, New York University Abu Dhabi & EDAW George Eapen, Petrofac Hafiz Sheikh Adnan Ahmed, WASL Group Hariprasad Chede, National Bank of Fujairah Hend Salem Matar AlShamsi, Ajman Municipality and planning department Illyas Kooliyankal, Leading UAE Bank Jacob Kaleekal Mathew, Government of Abu Dhabi Jean-Michel Briffaut, Rail OT Cybersecurity Manager Jejin Joseph, Director of Technology Jurageswaran Shetty, Gulftainer Company Kajjal Mustafi, Sharaf Exchange
Future Security Leaders Awards 2021 Winners l l l l l l l l l l l
16
Spire Solutions: Enterprise Security Leader MEA SentinelOne: Innovative EDR Solution Help AG: Future-of-Security ARCON: Privileged Access Management Gigamon: Cloud Security Infoblox: Trend-setting Security Solution Bits Secure IT Infrastructure: Intelligent Security ICONNECT IT Business Solutions: Emerging Wave in Security AHAD Information Technology: Transformative Security Cloud Box Technologies: Next-Gen Security Solution Bulwark Technologies: Innovative Security Solution
MEA
J U N E 2 0 21
l l l l l l l l l l l l l l l l l
Kanesan Pandi, Carrefour Mahmoud Yassin, United Arab Bank Mohammad Khaled, Senior Internal Auditor – IT and Security Assurance Mohammed Almansoori, Tawazun Economic Council Mohammed Shakeel Ahmed, Abu Dhabi Aviation Osama Hussein, MAF Properties Phadeep Pannagesh, Ministry of Finance Prashant Nair, Network International Rakesh Narang, Aldar Properties PJSC Shafiullah Ismail, Mubadala Capital Sheeba Hasnain, Head of IT Operations Srihari Upadhya, flydubai Sujata Narasimhan, Future Pipes/FutureX Sunil Sharma, Aldar Properties Suresh Nair, GE Vivek Gupta, GEMS Education Yousif Al Ali, SDTPS
GISEC NEWS
Industry leaders outline shared strategy to combat sophisticated cybercriminals Regional and global cybersecurity leaders used GISEC 2021, to outline the need for greater collaboration, knowledge sharing and trust building between public and private sectors to tackle increasingly innovative and sophisticated cybercriminals. His Excellency Dr Mohamed Al-Kuwaiti, Head of Cyber Security, UAE Government, delivered the opening keynote of the ninth edition of GISEC, and reinforced that it is a case of when, not if, governments and corporations will fall victim to a cyberattack. However, he called for collaborative efforts to identify new threats, anticipate the severity of attacks and limit reputational and operational damage. Dr Al-Kuwaiti’s views were echoed by Craig Jones, Cybercrime Director, INTERPOL, who shared his experiences in an on-stage interview along with Colonel Saeed Al Hajri, Director, Cyber Crime Department, Dubai Police. Jones said that INTERPOL is working with countries to create knowledge sharing platforms in order to collaborate on best practices, and operations platforms to identify joint approaches that can monitor and eventually catch cybercriminals. Jones gave insight into how public-private partnerships have produced positive results in Nigeria by collapsing a criminal network responsible for phishing attacks. Meanwhile, Aloysius Cheang, Chief Security Officer, Huawei UAE, stressed the need for cross-industry collaboration to enhance systematic cybersecurity governance and unify cybersecurity standards. Colonel Saeed Al Hajri, Director, Cyber Crime Department, Dubai Police, added: “We are working hard, through bilateral relations, police-to-police connections. Global connections and police-to-police intelligence sharing is key.” OIC-CERT launches 5G Security Working Group The Organisation of the Islamic Cooperation, Computer Emergency Response Team, OIC-CERT, launched a 5G security working group at GISEC, to ensure end-to-end cybersecurity for OIC member states. The 5G security working group will be tasked with increasing awareness on the importance of 5G security among OIC members, develop a common 5G security framework for risk assessment and management and develop
22
MEA
J U N E 2 0 21
an open standard that can be used to mitigate any technical difficulties in rolling out the 5G. The collaboration will strive to provide best practices, guidance and promote standardisation on an open and transparent platform to accelerate the seamless, cost-effective roll out of 5G among OIC member states. Dato’ Ts Dr Haji Amirudin Bin Abdul Wahab, CEO of CyberSecurity Malaysia, Permanent Secretariat of the OIC-CERT, and Malaysia representative, will co-chair the 5G security working group together with Huawei. Eng Bader Al-Salehi, Chair of OIC-CERT, outlined the group aims to contribute to the global development of 5G by forming a trusted global ecosystem, adding: “Before 5G technology can be deployed, we need to ensure that the security challenges of this technology can be overcome. We believe this initiative by the OIC-CERT will help resolve some security issues and accelerate 5G implementation, especially within the OIC community.” Acronis’ keeps football champions’ data secure In world-class sports where victories are measured by increasingly slimmer margins, teams rely on data to gain a competitive edge, both on the field and in the business office. That valuable data must be protected. Current champions Manchester City FC, FC Internazionale Milano, AFC Ajax Amsterdam, and more, rely on Acronis’ cyber protection solutions to keep data, applications, and systems secure. The fact that Acronis successfully ensures the protection and security of champions competing in such high-pressure environments shows why organisations in other industries also put cyber protection at the centre of their IT strategy. Featuring the same technology that its sports partners and business customers rely on, Acronis Cyber Protect Cloud unifies cybersecurity, data protection, and endpoint protection management in one service provider solution. It enables service providers to deliver comprehensive cyber protection services to protect organisations and their employees, regardless of where they are.
GISEC NEWS
COMMENTS FROM EXHIBITORS Arun Kumar Shaji, Technical Consultant SolarWinds, Spire Solutions “Visitors are inquiring about Orion and the remediation provided by SolarWinds,” says Shaji. SolarWinds has been ranked No 1 in Network Management Software by IDC. SolarWinds offers tools to help IT pros monitor the performance of their infrastructure, networks, applications, and databases. Spire Solutions is a leading value-added distributor with exclusive distribution rights for cybersecurity solution and service providers.” Maher Jadallah, Senior Director, Middle East and North Africa, Tenable “Visitors have been keen to discuss and understand the types of paths attack typically take, and how they can strengthen their defences to deflect them. Another key topic has been discussing the risks posed by misconfigurations in Active Directory and how threat actors will look for these to elevate privilege and further compromise infrastructure.” Bachir Moussa, Regional Director MEAR, Nozomi Networks “OT visibility and security are of large interest from the visitors, and they require the help of the Nozomi team to build the strategy and close the security gap. Key expectations of visitors include security solutions that can be deployed without any impact on the network and provide immediate benefits while adhering to government regulations.” Andrey Parshin, Pre-Sales Manager EMEA, Group IB “The visitors have good technical knowledge and most of the inquiries are about threat intelligence,” says Parshin. Group IB is a partner of Interpol and a global threat hunting and intelligence company. In November 2020 Group-IB, supported an INTERPOL-led operation, targeting business email compromise cybercrime out of Nigeria. Group-IB is a provider of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB’s Threat Intelligence and Attribution system was named one of the best in class by Gartner, Forrester, and IDC. Mareva Koulamallah, Head of Marketing and Communication MEA, Acronis “Simple data backup or simple cybersecurity is not enough anymore; companies and individuals need a fully cyber protection solution.” People want a solution that is simple to comprehend, to use, to integrate and deploy. SMBs want to lower their IT cost while having the most efficient protection on the market. Ultimately, all companies, regardless of their size and industry, want to minimise risk and limit the number of solutions being used in order to avoid downtime loss or data breach. People want quicker, safer and more reliable technology. Rabih Itani, Country Manager UAE, Vectra AI “Visitors are looking to harness the power of artificial intelligence to mitigate the ever-evolving threats.” To use an analogy from Greek mythology, they are simply looking to deploy a minotaur within their security operations that will cover the security gap where attackers can currently freely road after they bypass initial defences. Hadi Jaafarawi, Managing Director Middle East, Qualys “Organisations want to secure their hybrid environments, but they cannot secure what they do not see or do not know, visibility is the first step.” Organisations are looking for a unified endpoint solution that can provide multiple capabilities everything from visibility and risk prioritisation to patch management and response. This is where the Qualys Agents come in. A lot of interest is seen in the Qualys Global IT Asset Inventory, whether on-prem, mobile, endpoints, clouds, containers, OT and IoT. Naman Taldar, Channel Sales Manager, Oregon Systems “There have been a number of inquiries about our solutions and we have been having sales meetings with customers on day two of GISEC,” says Taldar. Oregon Systems provides an integration layer for OT vendor solutions and this has been built through years of experience working with such vendors. Oregon Systems is an Abu Dhabi based OT, IT and IoT cybersecurity regional distributor of OT-focused cybersecurity vendors. Its target customers are in critical infrastructure, oil and gas, manufacturing, nuclear, transportation, utilities, healthcare, financial, amongst others. J U N E 2 0 21
MEA
23
GISEC 2021 IN PICTURES A large number of exhibitors were first time participants at Gisec-2021.
GISEC-2021 IN PICTURES A new trend in this year’s Gisec-2021, extending from the annual GITEX event, were the country participants, this time featuring Germany, Israel, Poland and Turkey.
G
GISEC-2021 IN PICTURES Reflecting modern day real-life challenges, securing industrial operations and operational technology space was also an important theme.
GISEC-2021 IN PICTURES The largest industry sprawl across Gisec-2021 was taken up by value added distributor Spire Solutions and vendor partners, as well as by Microsoft and system integrator and channel partners.
28
MEA
J U N E 2 0 21
GISEC-2021 IN PICTURES
Gisec-2021 opened with a refreshingly new, spaced out layout plan. The conference area, connections lounge and the networking area, were attractively designed and busy from the opening hours. The conference sessions were well attended. Business discussions appeared to be serious, focused and well-paced. Visitors maintained social distance and wore mask protection.
EVENTS
Global CIO Forum, Aruba host summit on Automate your network using AI-powered sixth sense
On May 31, Global CIO Forum in association with Aruba, a Hewlett Packard Enterprise Company successfully hosted a VirtualSummit on Automate your network using AI-powered sixth sense. Today, scalable, secure, and agile networks are essential for supporting organisations’ transformation and expedited mission response. Aruba’s solutions give you unified management, robust network security, and automated intelligence. With the Aruba ESP, Edge Services platform, we take a cloud native approach to help customers in Middle East protect their investment in edge infrastructure across different campus, branch, datacentre, and remote working environments covering all aspects of wired, wireless and wide area networks. Following speakers attended the event: l Fehmi Sakkal, Pre-Sales Lead MESA, Consulting Systems Engineer, Aruba l Yehia Elamsy, Country Manager, Aruba l Islam Mongy, Solution Architect, Aruba l Mallika Sharma, Field Marketing Manager, Aruba The VirtualSummit concluded with a Kahoot quiz and a Q&A session.
Launch of Global CISO Forum announced during GEC Security Symposium The Global CISO Forum was launched on 26 May during GEC Media’s Security Symposium 2021. Anushree Dixit, Global Head Content & Strategic Alliances, GEC Media Group announced the launch of the forum. Dr Erdal Ozkaya, Management Member of Global CISO Forum gave a live overview of the Forum. Global CISO Forum community aims to unite security leaders across the globe, who are active in, or interested in security policy, technology, standards, certification, success
30
MEA
J U N E 2 0 21
story and programs to accelerate the thoughtful adoption of security best practices across regional as well as global level. The vision of the forum is as follows: l Building an effective cyber security culture l Securing the support of individual execs will help to build momentum behind cultivating a cyber security culture l Addressing the challenges of building a security team l Strategising staffing based on models,
budget, and organisation goals Identifying talent gaps l Knowledge through success stories l Industry specific insights and sharing of best practices Dr Ozkaya said the forum is built for the cybersecurity community to help them network and collaborate. “We are better together,” he said while giving an overview of the forum. He also took the audience through a tour of the website. l
EVENTS
Global CIO Forum, Juniper Networks host summit on the Automated Datacentre in Action On May 31, Global CIO Forum in association with Juniper Networks successfully hosted VirtualSummit on The Automated Datacentre in Action. The event focussed on how organisations can bring closed-loop automation and assurance to their entire datacentre network. Juniper’s Apstra Solution empowers IT team to automate the datacentre network from design to deployment and throughout operations. The Apstra solution is intent-based to maximise network performance, scale, and agility. It applies design templates for
everything from cabling to provisioning, so your network continues to operate as it was intended. This intent-based system continually validates changes, alerting the operations teams of brownouts or deviations from the original intent. During the summit, it was demonstrated how Juniper’s Apstra Solution can reduce design and deployment time from months or weeks to days or hours. Speakers included Fons Laudy, Director Sales, Juniper Networks; Islam Mahmoud, Senior Sales Engineer, Juniper Net-
works and Haitham Saif, Senior System Engineering Manager, META, Juniper Networks. During his presentation titled Automated Datacentre, Experience First Networking, Laudy highlighted the 5-step framework of enterprise multi-cloud. It includes the following: l Device led l Architecture led l Operation led l Business led l Customer led Laudy added that there is a strong need of automated NetOps environment. He believes that the agility needs to be in-line with the DevOps team. Laudy also spoke about the datacentre challenges which include: l Deliver on business intent l Do more with less l Trade-off between agility and reliability l Derive meaningful knowledge Laudy explained that intent-based networking focuses on the “what” and the “how” part is completely automated. Juniper Apstra principles include: l A unified intent-based approach l Graph data model as the secret sauce l Multi-vendor Islam Mahmoud, Senior Sales Engineer, Juniper Networks provided a live demo of Juniper’s Apstra Solution.
How Juniper can help AI-driven enterprise use cases Refat Al Karmi, Sr Consulting Engineer, Juniper Networks was the speaker. Pandemic has demanded to do more with less. Karmi spoke about the current healthcare challenges which include burden of preventable medical error, medical information explosion, the slow diffusion of medical knowledge, efficiency and managing operation cost, data security and privacy. Juniper helps in meeting healthcare challenges in following ways: l High performance, scalable, cloud-ready networks l Unified cybersecurity platform l AI-driven Wi-Fi with location-based experiences l Cost-effective aligning with value-based initiatives Juniper technology can help you increase patient engagement, drive seamless operation and lower opex. Juniper’s AI-driven enterprise has unique client to cloud, differentiated architecture, land and expand and real results Juniper’s Marvis Virtual Network Assistant has solved 77% customer IT tickets. l l
Global CIO Forum, Juniper Networks host summit on AIDriven Healthcare, A Foundation for Patient-Centred Care On May 31, Global CIO Forum in association with Juniper Networks successfully hosted VirtualSummit on AI-Driven Healthcare, A Foundation for Patient-Centred Care. As healthcare providers accelerate valuebased care and business transformation, the foundational IT infrastructure needs to be resilient, adaptable, and efficient. Juniper’s AI-driven healthcare network architecture enables the delivery of reliable,
secure, and flexible networking for hospitals, labs, clinics, and other medical business offices, at administrative locations as well as datacentre and cloud instances. In this Virtual Summit we uncovered some of the benefits of AI-Driven healthcare that deliver optimised and personalised network experiences everywhere. The following were the discussion points: l Healthcare market situation and challenges
J U N E 2 0 21
MEA
31
EVENTS
Top industry leaders unwind with a bowling session at Reboot Unite CIO Meet On May 31, Global CIO Forum held its fifth Reboot Unite CIO Meet where top leaders from various sectors got together to unwind with a bowling session at retro game and recreation zone at Brass Monkey, Bluewaters Island. The following dignitaries attended the event: The leaders also discussed about IT industry’s first corporate multi sports challenge, GEC Tech+ Championship. It is also industry’s biggest Corporate Wellness initiative. The GEC Tech+ Championship will challenge participating corporates to excel as a team and rise above their competition with skill, collaboration, professionalism and sportsmanship. The GEC Tech+ Championship will host over 12 dif-
32
MEA
J U N E 2 0 21
ferent sports and activities plus loads of food and beverages and entertainment avenues for everyone to have a great time out. l Seppo Kuusinen, Director, Sulava l Srihari Upadhyay, CISO, Flydubai l Nithin Thomas, CIO, Amity University l Jaykumar, CIO, Easa Salesh Al Gurg l Kirankumar PG, CISO, Digital14 l Santosh Varghese, MD, Toshiba l Atul Agarwal, CIO, Ceasers Bluewater l Piyush Kakkar, Alibaba Cloud l Deborah Laks Du Bois, Director of Field & Channel Marketing, Pcysys l Oren Kaplan, Regional Sales Director, Pcysys l Zameer Ali, Channel Lead, TeamViewer
Suresh Nair, CISO, GE Mohammed Shahzad, CIO, Dubai Developments l Ajay Rathi, CIO, Damac Properties l Ashraful Islam, IT Head, IFFCO l Shrenik Jain, CIO, Siemens l Basil Ayass, Head in the Cloud, Google l Matan Liberman, Semperis GCF Reboot focuses on striking an equilibrium between four pillars: Wellness, Fitness, Nutrition & Engage. It aims to provide CIO community members an opportunity to interact with the experts from these four pillars which can help them imbibe the benefits of an all-round wellbeing. l l
ADVERTORIAL
iConnect is helping organisations achieve efficient workflow by pioneering innovation ABOUT ICONNECT The 21st century marks an unquestionable necessity to introduce cutting-edge technologies in all industries. And iConnect is showing the way. The organisation formulates an extensive array of IT Services and solutions to help organisation, ranging from Governments, BFSI, Energy, Manufacturing, Aviation, Healthcare, Hospitality, and other corporations to achieve more efficient workflow powered by pioneering innovations and digital solutions. iConnect serves the MEA region with advanced IT Services such as: IT Consulting, Managed IT, Cyber Defense, Threat Protection, Access Management, Risk and Compliance services, Digital Forensic, Data Privacy, Cloud infrastructure and so on...
YOUR TRUSTED TECHNOLOGY AND BUSINESS PARTNER iConnect has formed strategic relationships to offer business and technical expertise, reliable solutions, and professional services to its clientele. Since its inception in 2016, iConnect works on integrating a wide spectrum of projects across multiple industries and sectors, positioning itself as a leading IT Services and Software Distribution Company in the field of information technology. Its clientele’s core principles and methodologies are foremost to iConnect’s business objectives, with a focus on providing state-of-the-art resources that are continuously evolving in quality and quantity.
OUR SOLUTION INTEGRATION SERVICES INCLUDE: TECHNOLOGY AUDITS AND SITE(S) ASSESSMENT: Our assessment process aligns projected goals and objectives with the business and technical
requirements of the client.
We build and reinforce your cybersecurity capabilities based on international industry standards and top-quality practices.
Designed and implemented at a top-class level, our document management services produce improved collaboration and reviews, faster approval, reduced risks and better accountability and control.
GOVERNANCE, RISK AND COMPLIANCE:
CUSTOMISED TRAINING PROGRAMMES:
A substantial portion of our resource directory is dedicated solely to proactive risk intelligence and higher efficiency levels. Security Consultancy and Advisory Services: We enable cybersecurity leaders to design comprehensive plans that resonate with our client’s Board of Directors and Executives’ business objectives.
We offer world-class training events that envelope a wide bracket of technology offerings and industries. Our programs are specially tailored to the needs of our clients.
Managed Cybersecurity Services:
BUSINESS ANALYSIS: We focus on the use of internal and external data to recommend technology solutions and services that deliver premium value to your business.
PLANNING AND SYSTEM DEVELOPMENT: Executed with global standards, we design, implement, maintain, and analyse integrated security systems.
PROJECT MANAGEMENT: Our exclusive methodologies help clients easily communicate information to all stakeholders and keep them in the loop with potential success.
TURNKEY SOLUTIONS: Our turnkey solutions can be easily integrated and immediately implemented to the current IT infrastructure of a business to revamp critical areas of the venture.
ENGINEERED PROJECT DOCUMENTATION:
PREVENTATIVE MAINTENANCE AND SERVICE AGREEMENTS: We provide cross-industry preventative maintenance for our clients’ IT infrastructure, leveraging the potential for higher revenue while diminishing the probability of down-time and misallocation of resources.
MISSION AND VISION iConnect believes in a high-performance culture. Our aim is to embrace today’s digital transformation of our living environment by providing groundbreaking technological infrastructure. We strive to translate our core values of reliability and innovation into the best solutions for our customers.
OUR VISION To define the future of Network and Security systems by implementing sustainable business models and providing reliable services that involve cutting-edge technologies.
OUR MISSION To design an unprecedented integrated system that leads the Middle East and African Market to compete on international frontiers.
J U N E 2 0 21
MEA
33
COVER STORY
SOLARWINDS
MOVING TOWARDS
SECURE BY DESIGN Transforming the security of organisations through programmes, policies, teams, and culture.
S The Orion Platform is the foundation upon which up to 14 different management tools operate
34
MEA
olarWinds is a provider of IT infrastructure management software. The company, headquartered in Austin, Texas, was founded in 1999 and is trusted by more than 320,000 customers in over 190 countries, including 499 of the Fortune 500 companies. In addition, the MSP business unit of SolarWinds, soon to be launched as a separate publicly traded company, N-able, serves more than 450,000 organisations worldwide. Independent market analyst firm IDC has recognised SolarWinds as a leader in network management software, and Gartner ranks SolarWinds as third in the systems management market. SolarWinds products focus on the individuals working in various IT roles: IT professionals. A career in IT can be exciting and rewarding, and most professionals with a passion for technology enjoy the responsibility to drive innovation for their employers. But the job can be hard, too, as technology changes at the same pace as the demands of the business. To achieve and retain a competitive advantage, professionals need to be on top of challenges, both technological and financial. Meanwhile, most businesses face shrinking budgets because of the pandemic, but even before 2020, many companies were already under pressure from disruptive market changes, new competitors, and other factors. And shrinking budgets always include budget cuts for the IT department. The usual result is an increase in workload with the
J U N E 2 0 21
same or even lower headcount. Therefore, teams need to rely on tools to solve problems now and tomorrow. The SolarWinds product portfolio spans more than 50 products to help organisations of all types, sizes, and industries to monitor and manage their IT infrastructure, whether on-premises, in the cloud, or hybrid, or even multi-cloud.
THE ORION PLATFORM The Orion Platform is the foundation upon which up to 14 different management tools operate. These tools work autonomously but are even more powerful when combined with others in the modular platform, and grow with the demands of the business, making it a strong system that can keep up with change. Among those tools are popular solutions like Network Performance Monitor, NPM and Server and Application Monitor, SAM and other solutions addressing more specific problems with storage arrays or the performance of web applications or databases. NPM is seen as the de-facto standard in network monitoring by market analysts and collects health and performance data from all elements in the network. It uses advanced features, like automated network diagrams and in-depth insights into complex devices, like load balancers or firewall clusters using an out-ofthe-box API. One of its highlights is a unique feature called NetPath, which visualises the path of applications from
COVER STORY
SASCHA GIESE, SolarWinds Head Geek.
point A to point B. NetPath shows problems with application delivery based on problems with the network on-premises, or at the ISP, or at the destination, which could be a public or private SaaS solution. Combined with other Orion Platform modules, the NetPath feature uses real-time information from various flow protocols and even detects changes in network device configurations as a possible root cause. Other features, like the PerfStack dashboard, are rooted in the multimodule approach of the platform and allow you to compare different types of data, independent of its source or location. Most administrators use it to gain insights from correlated data to get the full picture within a few seconds, and even travel back in time to understand previous incidents. These features and the ease of use have made the Orion Platform a popular product, which unfortunately has attracted advanced threat actors.
THE CYBERATTACK On December 12, 2020, SolarWinds was notified of a cyberattack, later named SUNBURST. Authorities, customers, and shareholders were notified on December 14, and SolarWinds engineering teams had an emergency hotfix ready the following day. The SUNBURST attack was one of the most sophisticated and complex cyberoperations in history. While investigations are still ongoing by governments, intelligence, and law enforcement agencies around the globe, and by private sector industry experts, SUNBURST was revealed to be a supply chain attack. SolarWinds was not the only target, but merely a method to get into other environments of interest to the attackers. While SUNBURST in general was tailored to attack the Orion Platform environment, those sub-elements were tailored for specific customer environments. Security fixes for all affected versions have been available since December 2020.
J U N E 2 0 21
MEA
35
COVER STORY
During the investigations, another, unrelated vulnerability was discovered, called SUPERNOVA. SUPERNOVA is not malicious code embedded like SUNBURST; instead it is a malware that used a previously undiscovered API vulnerability of the platform. In some environments, the perpetrators could bypass perimeter security and gained unauthorised access to the Orion Platform. They deployed an unsigned file specifically written to attack the system, and further deployed and utilised malicious code in a second step. This vulnerability has also been resolved in available updates. The US government and private-sector experts have stated their belief that a foreign nation-state conducted this intrusive operation as part of a widespread attack on primarily American cyber infrastructure. To date, our investigations have not independently verified the identity of the perpetrators.
LESSONS LEARNED Kevin Mandia, the CEO of FireEye, summarised these most recent events. “We have a need for shields up.” Leading security analysts rank the SUNBURST supply chain attack as one of the most sophisticated cyberattacks in history. Researchers at Microsoft estimated that based on the scope of the attack, around 1,000 engineers could have been involved full-time working on the operation. Furthermore, threat actors have obviously become increasingly sophisticated, resourced, and well-funded. If backed by a nationstate, a hacker’s job is even easier, as a successful operation comes with great rewards, and in case of a detection, a government may shield the threat actor, which means a lower risk in general. Because of the complexity behind the attack and common practices in software development, the same strategy and tools have likely been used to attack other vendors as well. That is one of the reasons SolarWinds is communicating the issue and findings openly and sharing them with the greater IT community—and are working with other vendors. SolarWinds believes transparency is key in such a situation. Each organisation should ask themselves “Who is in our supply chain?” and discuss possible risks with their vendors, contractors, and service providers. What we have dealt with was an attack on trust, or the trust chain, and gives even more reason to have a zero-
36
MEA
J U N E 2 0 21
trust environment: assume you are already compromised. SolarWinds also learned the attackers planned and ran the operation over a long timeframe, and fortunately, SolarWinds could reconstruct the events as logs were still available dating all back to 2019. This taught us that keeping logs for 90 days, which is the default for many devices, software, and infrastructure, is insufficient and should be reevaluated. The attack was a wake-up call for the industry and makes clear that current software development procedures, many considered as best practices, are no longer safe.
SECURE BY DESIGN With all the knowledge gained from investigating the attack, and help from leading cybersecurity experts, SolarWinds seeks to evolve into a company that is secure by design. These transformative efforts will require tremendous focus on security programs, policies, teams, and culture. Some immediate steps were taken to further secure the internal environment, like deploying an additional, robust threat protection and threat-hunting software on all the network endpoints, including a critical focus on the development environments. In addition, a password reset was enforced on all users in corporate and development domains. The credentials for all privileged accounts and all accounts used in building the Orion Platform and related products were reset. Remote and cloud access have been consolidated and accessing any internal SolarWinds resource requires multi-factor authentication. Steps to enhance the product development environment include ongoing forensic analysis of the environment to identify root causes of the breach and remediation steps. More important is the move to an entirely new build environment with stricter access controls and deploying mechanics to allow for reproducible builds from multiple independent pipelines. As improving the security and integrity of the software SolarWinds delivers to customers is the objective, the vendor is including additional automated and manual checks to ensure the compiled releases match the source code. In addition, SolarWinds is expanding the vulnerability manage-
COVER STORY
Because of the complexity behind the attack the same strategy may have been used to attack other vendors as well
ment programme to reduce the average time-to-patch and improve the way SolarWinds works with the external security community. Additional third-party tools expand the security analysis of the source code. Extensive penetration testing of the Orion Platform software and related products help identify any potential issues, which will be resolved with urgency. One of the most visible steps already taken is the re-signing of all Orion Platform software and related products, and many other SolarWinds products, with new digital certificates. These digital code-signing certificates verify the authenticity of both the publisher and the code. Vendors apply for a certificate and certain certificate authorities will hand out a private and a public key. The public key is embedded into the code before publishing. Modern operating systems check the integrity of a digital certificate upon installing software, and warn if the certificate is invalid, no longer valid, or not available at all. Most endpoint security solutions continuously check for certificate validation and, depending on the setting, could block the execution of files with invalid or revoked certificates. In the case of a compromised certificate, it is industrystandard best practice to re-sign the software. SolarWinds not only re-signed the products of the Orion Platform, but all of its products and tools which used the compromised certificate. This allowed SolarWinds to revoke the compromised certificate, so customers can keep updated solutions running in their environments without further changes or performance issues. To assist customers with the digital code-signing certificate update process and provide further assistance outside regular update cycles in general, SolarWinds opened the Orion Assistance Programme, OAP. The OAP provides upgrade and hotfix assistance to Active Maintenance customers by leveraging professional consulting resources who are experienced with the Orion Platform and its products. These guidance and support services are provided at no additional charge to Active Maintenance customers who were or are running one of the Orion Platform versions affected by SUNBURST or SUPERNOVA. A typical engagement could last from a couple of hours for patching up to 24 hours to accommodate maintenance
windows or support highly complex environments. The services are provided by members of the SolarWinds technical support team as well as its certified regional partners, including the Middle East region. In summary, SolarWinds expects these efforts and plans to help it become a safer and more secure company.
FURTHER INNOVATIONS While securing software is obviously the priority now, SolarWinds is also working on further innovations, products, and features. For example, SolarWinds is already using machine learning in some of its products and intends to enrich other products with this technology as well. SolarWinds relies on its technology community of more than 150,000 registered members, THWACK, to keep a finger on the pulse of IT professionals. SolarWinds invites them to have a say in what features will be added to its products, which is a unique approach. For example, customers requested support for Google Cloud SQL managed databases, which SolarWinds is currently working on for its Database Performance Analyser. Speaking of databases, SolarWinds learned database administrators are a group in need of more assistance, as many database administrators are put in the role because no one else would do it. Improving the support for those accidental database administrators is one of the missions for the future. The reasons are simple: data sits at the heart of each organisation and is part of application delivery. Since the pandemic, SolarWinds has seen a massive spike in cloud adoption on an international scale, even in regions where public clouds were not popular before. This means many organisations find themselves in uncharted waters and require assistance from local talents, service providers, and software vendors. There is a good side to it, as many organisations have reflected on optimising their current IT procedures and policies. The idea is to work with what SolarWinds has and improve it. But more importantly, many corporations have accelerated their digital transformation strategies, and that is another trend in progress. And while this started in the private sector, where companies sought competitive advantages while facing adversity wrought by the pandemic, it moved on to the public sector as well. ë
J U N E 2 0 21
MEA
37
CHANNEL
(left to right) M Mobasseri, Co-Founder and CEO, emt Distribution META; Satyen Vyas, CEO, Symphony SummitAI.
emt Distribution ties up with Symphony SummitAI for AI-powered solutions emt Distribution, a specialty IT and IT Security product distributor based around security, IT Management, and analytic solutions, has announced the partnership with Symphony SummitAI for IT Service Management, Enterprise Service Management, and IT Asset Management solutions for Middle East and Africa region. Satyen Vyas, CEO, Symphony SummitAI
said that the new-age technologies like artificial intelligence and automation help unleash enterprise productivity. AI-powered SummitAI suite enables IT and business leaders to drive digital transformation, derive value out of IT investments, and transform the employee experience. He added that they are excited to partner with emt Distribution to deliver the value of AI-powered solutions to the customers
AVEVA, PlanetTogether partner to optimise F&B manufacturing AVEVA, a global leader in industrial software, driving digital transformation and sustainability, has strategically partnered with PlanetTogether, the leading Advanced Planning and Scheduling, APS, platform provider, to bring scheduling optimisation capabilities to manufacturers looking to deliver digital transformation and sustainable solutions across their industrial operations. Advanced Planning and Scheduling, delivered by PlanetTogether, simultaneously plans and schedules production based on available materials, labour, and machine capacity. The software, which has been successfully deployed in the Food and Beverage, F&B, and Consumer Packaged Goods, CPG, manufacturing industries, provides a proven vertical fit for AVEVA MES. The integration of both production planning and manufacturing execution
38
MEA
J U N E 2 0 21
HARPREET GULATI, Senior Vice-President, Planning and Operations Business Unit at AVEVA.
into a single digital system represents the next step for manufacturers for growth and increased profitability. The partnership adds robust new capabilities to the AVEVA Manufacturing Execution System, MES, in terms of visual planning and scheduling, multi-plant production planning and production schedule optimisation, further broadening AVEVA’s portfolio of Industry 4.0 manufacturing solutions.
across MEA regions. In this partnership, they are committed to providing the best-in-class joint value proposition to the customers and partners in this region, he said. M Mobasseri, CEO, emt Distribution commented that they believe with digital transformation and artificial intelligence as the key objectives for organisations in the Middle east and Africa, the partnership with Symphony SummitAI would be highly successful and creates a lot of opportunities for our partners and help many organisations to achieve their digital transformation and service automation goals.
The combined offering leverages the strengths of both companies, to optimise performance across the value chain for manufacturers seeking to deploy integrated production planning and execution systems to increase their agility and supply chain resilience and deliver increased business returns in a volatile market. As a manufacturing planning and scheduling system provider, PlanetTogether resolves production and operational constraints and its integration with AVEVA MES enables supply chain planners to conduct realistic, integrated sales and operations planning based on actual plant capacity and material availability, with full visibility to progress against plan for on-time delivery at the lowest cost. Harpreet Gulati, Senior Vice-President, Planning and Operations Business Unit at AVEVA said that in the last year alone, the landscape for manufacturers has changed irrevocably, driven by the increasing need for enterprise agility, sustainability, and value chain optimisation. Manufacturers are integrating their operations into their supply chain systems, as a result of the impact of pandemic, he added.
CHANNEL
Inspira partners with BeyondTrust to sell Privileged Access Management BeyondTrust, the worldwide leader in Privileged Access Management, PAM, and Inspira Enterprise, the leading name in end-to-end IT solutions and a market leader in cybersecurity consultancy, have announced new strategic partnership. This strategic partnership aims at providing companies a seamless approach to prevent cyber-attacks, data breaches, misused privileges and compromised remote access. Inspira will sell BeyondTrust’s complete PAM portfolio across Enterprise and BFSI organisations. With this partnership, Inspira enriches its breadth of competences by offering their customers BeyondTrust’s technologies coupled with Inspira’s added-value services in terms of cyber-security tactics. Organisations will be able to exercise control over privileged access and permissions for users, accounts, processes, and systems across their IT environment. This will help reduce the attack surface and protect against external attacks and insider threats,
whether arising from malfeasance or negligence. The threat landscape is dynamic and complex and needs to be managed with agility. Third-party breaches account for over half of all data breaches. In parallel, elevation of privilege is the number one category of vulnerabilities, as highlighted in Microsoft Vulnerabilities Report 2021. This new partnership will provide our customers with the ability to effectively automate privilege management and secure access in a scalable and costeffective manner across every privileged session, asset, and user. Brent Thurrell, Chief Revenue Officer at BeyondTrust said they are very excited to partner with Inspira because of their ambitious vision and alignment with BeyondTrust’s unique approach to cybersecurity. With the onset of the global pandemic in 2020, CISOs were asked to
RiskIQ pumps in Middle East investment, quadruples resellers with CyberKnight
(left to right) Avinash Advani, Founder and CEO of CyberKnight; Henry Staveley, Regional Sales Director, RiskIQ.
BRENT THURRELL, Chief Revenue Officer at BeyondTrust.
be prepared for a set of events that few could have predicted. To effectively address these challenges, organisations need to work hand-in-hand with cyber-consultancies like Inspira, he added. Their expertise helps organisations to implement a robust, yet flexible cybersecurity strategy and it is a privilege for us to partner with a true leader in their market, Thurrell concluded.
RiskIQ, the leader in Attack Surface Management, has announced additional investment in its Middle East operations. Fuelled by revenue growth across the region of 132% in 2020, RiskIQ recently relocated Henry Staveley, Regional Sales Director to Dubai and is currently undertaking additional recruitment activity. In late 2019, RiskIQ partnered with the value-added distributor CyberKnight Technologies, and together they quadrupled the number of RiskIQ resellers across the region in 2020. Avinash Advani, Founder and CEO of CyberKnight said the RiskIQ platform enables enterprise and government customers to truly understand their attack surface. This is critical because when an attacker targets an organisation, they will look for any possible opening and without understanding what they can see, security teams will not be aware of the potential vulnerabilities that can be compromised and become attack vectors, he added. Advani said that with the investments being made in the region by RiskIQ, they have already observed accelerated market penetration in H1 2021 and expect rapid customer acquisition, as well as revenue growth in due course.
J U N E 2 0 21
MEA
39
CHANNEL
emt Distribution partners with HelpSystems for data security solutions
MOBASSERI, Co-Founder and CEO, emt Distribution META.
emt Distribution, a specialist IT and IT security product distributor based around security, IT management, and analytic solutions, has announced an enhanced partnership with HelpSystems to provide its data security solutions to customers in the Middle East and Africa. HelpSystems is a leading provider of endto-end, data-centric security for unstructured data, on-premises, in the cloud, or in hybrid environments. Regardless of how the data moves or where it lives, data is identified, secured, and protected throughout its journey. With best-of-breed technology that is simple to deploy and manage, HelpSystems offers needed expertise organisations can rely on for better data protection.
The partnership enables emt Distribution to provide organisations throughout the region with the ability to build a strong data security strategy by adding context and identifying sensitive data with full traceability and auditing. Data and information are a significant component of most organisations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing, said M Mobasseri, CEO of emt Distribution. HelpSystems data security suite enables enterprises within a wide range of industries to safely connect and automate their IT processes to protect sensitive data as well as comply with data privacy regulations, he added.
EVOTEQ, Movilitas partner to bring SmartTrack to the UAE EVOTEQ, a digital transformations solutions provider leading enterprises and governments through their digitisation journeys, has revealed the signing of a new strategic partnership agreement with Movilitas, a technology leader delivering the next generation of solutions and consulting services across multiple industries to advance smart supply chain ecosystems. The partnership brings SmartTrack to the UAE and the region, a revolutionary track and trace platform that ensures product integrity in the supply chain suitable to various industries. The Ministry of Health and Prevention is pioneering the use of the technology with EVOTEQ to develop and implement Tatmeen, a digital initiative aimed at securing the management of the country’s healthcare supply chains, built on the latest technology and GS1 standards. The new system will be created based on SAP solutions, utilising SAP Advanced Track and Trace for Pharmaceuticals, ATTP, repository at the core of its operations. It is set to deliver complete visibility of all pharmaceu-
40
MEA
J U N E 2 0 21
JIHAD TAYARA, CEO, EVOTEQ.
tical products to reduce medicines shortages and fraud, expedite recalls and prevent the sale of expired medicines. Its front-end mobile solution will also provide increased information and transparency for patients. It will offer end-to-end traceability of supplies covering various industry verticals and
will be created based on GS1 standards allowing for a seamless and easy way for manufacturers and supply chain stakeholders outside the UAE to operate. The system will be equipped with the latest state-of-the-art technology and will include SAP products completely based on secure, reliable SAP solution components.
CHANNEL
Accenture to acquire Oracle Platinum Cloud partner AppsPro in Saudi Arabia Accenture entered into an agreement to acquire AppsPro in Saudi Arabia, an Oracle Cloud implementation service provider in the region. The acquisition further bolsters Accenture’s robust Oracle Cloud capabilities globally, with the aim of delivering additional value to clients in the Middle East on their journeys to the cloud. The financial terms of the acquisition were not disclosed. Headquartered in Riyadh, Saudi Arabia, AppsPro is a Platinum Oracle Partner with extensive experience in both the public and private sectors in Saudi Arabia. AppsPro’s more than 240 professionals will join Accenture’s Oracle Business Group, combining Accenture and AppsPro’s deep industry knowledge in cloud and digital transformation to help Middle Eastern clients unlock greater value as they transform their businesses. Cloud technologies are a crucial stop on
Dr Khaled Al-Dhaher, Country Managing Director for Saudi Arabia, Accenture; Abdulaziz Al-Salloum, CEO of AppsPro.
the digital transformation highway and businesses with a strong digital foundation are better able to scale, operate at speed, and outmanoeuvre uncertainty, said David Deschamps, Accenture Technology lead in the Middle East.
Joining forces with AppsPro will expand their established global credentials across the Oracle Cloud portfolio, while helping clients in the Middle East accelerate their path to value and emerge as leaders in the next waves of technology disruption, he added
CNS partners with DataCore for software defined storage solutions CNS Middle East has announced its partnership with Datacore Software and added another key set of digital assets to their comprehensive portfolio of business solutions The addition of DataCore’s comprehensive product suite, its intellectual property portfolio, and its unrivalled experience in storage virtualisation and advanced data services will firmly establish CNS’s position as the regional authority on software-defined storage. The technology uses an approach that ensures continuity and data protection while optimising a client’s IT investment, allowing it to adapt to any changes in a business’s needs. A unified platform that simplifies and optimises primary, secondary and archive storage tiers is a radical improvement on previous data storage systems, allowing for predictive analytics of data on an unprecedented level. For the client, this means intelligent business decisions based on an accurate picture of their complete infrastructure CNS is excited to bring these innovative benefits to the market and has already actively promoted the solutions to their clients in the region. HATEM HARIRI, Managing Director, CNS Middle East.
J U N E 2 0 21
MEA
41
CHANNEL
emt Distribution announces partnership with Orchestra Group for MEA
MOBASSERI, Co-Founder and CEO, emt Distribution META.
emt Distribution, a specialty IT and IT security product distributor based around security, IT Management, and analytic solutions, has announced the partnership with Orchestra Group for seamless cybersecurity management and operations. M Mobasseri, Co-Founder and CEO, emt Distribution META said that despite continued security problems IoT will spread, and people will become increasingly dependent on it. emt partnering with Orchestra Group announces, advocates, and educates on what IT needs to know about OT/IoT threats and vulnerability. He added that they are excited
about signing Orchestra Group to help customers and partners to overcome their cyber security challenges. GCC and UAE in particular are focus markets in Orchestra Group’s growth plan, said Erez Dror Orchestra’s EMEA Regional Sales Director. emt Distribution represents many of the qualities they were looking for in a value-added distributor, Dror added. It has a highly experienced team with a thorough understanding of the unique needs of users in their region as well as strong professional chain of resellers to support them, he said.
Nozomi Networks, ServiceNow integrate to deliver smart, secured manufacturing Nozomi Networks, the leader in OT and IoT security has announced a technology integration with ServiceNow that helps manufacturers deliver next-generation operational efficiencies and resilience. The certified integration makes it possible for manufacturing and other industrial processes to leverage the combined power of ServiceNow’s expertise in service and asset lifecycle management with Nozomi Networks’ industrial strength OT and IoT network visibility and security solutions. With this integrated solution, organisations can utilise real time OT and IoT asset information from Nozomi Networks with ServiceNow’s Configuration Management Data Base, CMDB, and ServiceNow’s new Operational Technology Management products to quickly act on issues and immediately respond to operational threats. With this new integration, customers can synchronize network assets details gathered from the Nozomi Networks’ solution into the ServiceNow platform. Assets are automatically mapped to the new ServiceNow OT data
42
MEA
J U N E 2 0 21
model, streamlining the onboarding of new and existing devices. This approach makes it possible for manufacturers to achieve a complete and contextual view of their operational technology environments and addresses the need to help ensure the availability of their critical technology. Smart manufacturing is a bottom-and-topline game changer, leveraging technology and data-driven workflows to boost efficiencies, gain greater resiliency and drive more value, said Chet Namboodri, Nozomi Networks SVP, Business Development and Alliances. At the same time, managing and securing these environments complicates manufacturing operations. Nozomi Networks is pleased to team with ServiceNow to simplify and support a new generation of process operations with the real time asset visibility that manufacturers need to speed response, reduce risk and increase compliance, he added. CHET NAMBOODRI, Business Development and Alliances, Nozomi Networks SVP.
SECURITY
Colonial Pipeline pays $4.4M ransom, comments from top industry leaders
DAVE RUSSELL, VP of Enterprise Strategy at Veeam. This specific incident is somewhat like an actual disaster recovery situation. Imagine the heightened stress and the large volume of data that is required, not to mention that the response is most likely all hands on deck with every possible person being on active call to assist. So far, all of these things, large amount of data, organisational stress, heavy usage of infrastructure, and of course unexpectedly putting the DR plan into actual use, sound like challenges, but what one would expect with a DR activity. Cyberthreats, unlike traditional DR are different because the backup data needs to be inspected to verify that it is clean from infection.
STEFAN SCHACHINGER, Product Manager, Network Security – IoT, OT, ICS at Barracuda. Segmentation between IT and OT systems and micro-segmentation within the OT network is a key principle to contain an attack once a piece of malicious software has found a way in. And there are many ways for attacks, remote access is just one of it, email is still the most popular attack vector, and there are many other possibilities. Bear in mind social engineering targeted on humans can become a problem as well. Security is always a combination of multiple technical and organisational measures. For organisations in critical infrastructure and industry, where even short outages can cause significant damage, cybersecurity is an insurance that comes at a much lower cost.
PETER GRIMMOND, International CTO, VP Technical Sales at Veritas Technologies.
LIOR DIV, CEO and Co-Founder, Cybereason.
They say that data is the new oil, but it may now also be correct to say that, without data, there would be no oil. The more that hospitals, traffic management systems, policing or, in this case, fuel supplies, rely on data, the greater the impact that hackers can have by interfering with it. If organisations can bring their protection and availability solutions up to speed with their transformation projects then they will be better able to simply spin alternative IT environments, with clean versions of their data, that enable them to quickly return to providing their critical services without the need to engage with the hackers.
A capable adversary is not an excuse for failing to protect customers at such a massive scale, or to downplay that failure by glorifying the assumed prowess of the attackers. If the public and private sectors can work together to solve complex cybersecurity issues, and at the same time accurately identify the threat actors and bring them to account for their actions, it will go a long way in reversing the adversary advantage and enable defenders to retake the high ground. There is also another significant opportunity here as well to cooperate on a global scale to develop extradition laws that enable cybercrimes and cyber espionage to be prosecuted more effectively.
CHESTER WISNIEWSKI, Principal Research Scientist, Sophos.
MARTY EDWARDS, VP of OT Security at Tenable.
To make sure your business is protected from attacks like this moving forward, Sophos recommends working your way from the outside in, thinking like an attacker: l Analyse all public facing assets, ensure they are patched and require multi-factor authentication for any remote access. l Ensure your demilitarised zone, DMZ is isolated from the LAN and servers are locked down to not run PowerShell, unauthorised binaries, and are fully patched in the shortest time possible, ideally less than five days l Run advanced endpoint protection on all assets, especially servers. Many of the most advanced attackers will never interact with a desktop or laptop computer.
Cyberattacks are a real and present danger to critical infrastructure around the world and, by extension, every single consumer. If reports are accurate, the Colonial Pipeline incident has all of the markings of a possible ransomware attack that began in the IT environment and, out of precaution, forced the operator to shut down operations. Ransomware has been a favoured attack vector of cybercriminals because of its effectiveness and return-on-investment. That is precisely why bad actors have recently set their sights on critical infrastructure. Shutting down operational technology environments can cost hundreds of millions of Dollars which forces providers to outweigh the costs.
J U N E 2 0 21
MEA
43
SECURITY
Over 32M cyberthreats blocked by Trend Micro in UAE during 2020 Trend Micro, a global leader in cybersecurity solutions, has released its 2020 Annual Cybersecurity report: A Constant State of Flux. The report shares insights from last year’s threat landscape and provides strategic guidance for leaders to protect and navigate their organisations better in the new normal. The global insights reveal that Trend Micro blocked 62.6 Billion threats last year, 91% of which were email-borne. The findings also cited an average of 119,000 cyberthreats detected per minute in 2020 as home workers and infrastructure came under new pressure from attacks. In the UAE, Trend Micro solutions detected and blocked over 19 million email threats, prevented 10 million malicious URL Victim attacks, and nearly 119,000 URL hosts. In addition, 2.7 million malware attacks were identified and stopped, while over 1,600 online related banking malware threats were blocked. The report also shows that home networks in the UAE were a major draw for cybercriminals looking to pivot to corpo-
rate systems, devices, and networks. Across the emirates, Trend Micro’s Smart Home Network, SHN, solutions blocked more than 25 million SHN Inbound and outbound attacks combined, preventing 13 million such SHN events for hackers to target or control home devices from executing malware, obtaining sensitive information, intercepting communications, or launching external attacks. In its efforts to ensure secured digital
Help AG finds a rise of 183% in DDoS attacks in the UAE in 2020 Over ten million Distributed Denial of Service, DDoS, attacks were recorded globally in 2020, including a 183% increase in the UAE alone, while ransomware attacks are on the rise, with the government, private, oil and gas, telecom and healthcare sectors particularly affected, according to the State of the Market Report 2021 by Help AG, the cybersecurity arm of Etisalat Digital. The first of its kind to focus exclusively on digital security in the Middle East region, Help AG’s State of the Market Report 2021 delivers cybersecurity intelligence across a range of parameters, including the top threats over the course of 2020, the region’s biggest vulnerabilities, the kinds of attacks and attack vectors which are a cause for concern, the anatomy of some high-profile breaches, security investment patterns of organisations in the region, and where the market is headed in terms of technologies and evolution.
44
STEPHAN BERNER, Chief Executive Officer at Help AG.
DDoS attacks recorded exceeded 10 million in 2020, showing a dramatic increase of almost 1.6 million over the 2019 count of 8.5 million. The UAE alone witnessed a 183% increase in DDoS attacks targeting government and private sector customers. The attacks are also increasing in scale, with the largest one observed in the UAE measured at 254.3 Gbps. This increase has made DDoS attacks by far the most prolific form of cybersecurity threats faced by organisations today. Ransomware
For the first time in history, the number of
Ransomware attacks have also been on the rise,
J U N E 2 0 21
largely thanks to their high rates of success, which can be attributed to their relative simplicity and their significant, immediate impact on an affected business, as well as the fact that many organisations still end up paying the ransom, thus encouraging the threat actors to continue utilising this attack method. Top vulnerabilities
DDoS Attacks
MEA
transformation journeys of organisations in the UAE, Trend Micro has been working closely with public and private sectors to create awareness and bridge the gaps. Earlier this year, the company launched its Trend Micro Vision One platform to empower security teams in adopting a new approach that goes beyond to provide enhanced visibility, threat intelligence, with extended detection and response at every layer of their IT environments.
The year 2020 saw a significant rise in the number of vulnerabilities discovered as compared to the previous year, with a total of 18,353 identified as per the NIST National Vulnerability Database, and a particular increase in critical and high severity vulnerabilities. VPN attacks
2020 was the year of VPN attacks, no surprises here considering the move to a new normal that came with a distributed workforce globally. There was a major incident or new vulnerability identified in almost every single month of the year, highlighting the increasing need for Zero Trust Network Access to become an industry standard for cybersecurity.
SECURITY
Kaspersky finds increased spamming, phishing around Covid-19 vaccines Scammers are constantly searching for new ways to steal users’ data. Last year, a completely new category of opportunity became one of the most profitable scams for fraudsters. They extensively used Covid19 related spam letters and phishing pages to benefit from the year’s most alarming and high-profile news story. According to a new Kaspersky report, Spam and Phishing in Q1 2021 scammers are continuing to exploit this epidemiological challenge, this time, focusing on the vaccination process. Kaspersky experts discovered various types of phishing pages distributed all over the world. As well as spam letters, recipients are invited to get a vaccine, to take part in a survey, or to diagnose Covid-19. For instance, some users from the UK received an email that appeared to come from the country’s National Health Service. The recipient was invited to be vaccinated, having first confirmed their desire to be vaccinated by following the link. To make a vaccination appointment, the user had to fill in the form with their personal data, including bank card details.
As a result, they handed their financial and personal data to the attackers. Another way to gain access to users’ personal data has been through fake vaccination surveys. Scammers sent emails on behalf of large pharmaceutical companies producing Covid-19 vaccines, inviting the recipient to take part in a short survey. All participants were promised a gift for their participation in the survey. After answer-
ing the questions, the victim was redirected to a page with the ‘gift’. To receive the prize, users were asked to fill out a detailed form with personal information. In some cases, the attackers asked for payment of a token amount, for delivery. Lastly, Kaspersky experts found spam letters offering services on behalf of Chinese manufacturers. The emails offered products to diagnose and treat the virus, but the emphasis was on the sale of vaccination syringes.
Sophos finds median attacker dwell time before detection was 11 days in 2020 Sophos, a global leader in next-generation cybersecurity, released the Active Adversary Playbook 2021, detailing attacker behaviours and the tools, techniques, and procedures, TTPs, that Sophos’ frontline threat hunters and incident responders saw in the wild in 2020. The TTP detection data also covers early 2021. The findings show that the median attacker dwell time before detection was 11 days or 264 hours with the longest undetected intrusion lasting 15 months. Ransomware featured in 81% of incidents and 69% of attacks involved the use of the remote desktop protocol, RDP, for lateral movement inside the network. The playbook is based on Sophos telemetry as well as 81 incident investigations and insight from the Sophos Managed Threat Response, MTR, team of threat hunters and analysts and the Sophos Rapid Response team of incident responders. The aim is to help security teams understand what adversaries do during attacks and how to spot and defend against malicious activity on their network. Key findings in the playbook include: l The median attacker dwell time before detection was 11 days: To put this in context, 11 days potentially provide attackers with 264 hours for malicious activity, such as lateral movement, reconnaissance, credential dumping, data exfiltration, and more. Considering
that some of these activities can take just minutes or a few hours to implement, often taking place at night or outside standard working hours, 11 days offers attackers plenty of time to cause damage in an organisation’s network. l 90% of attacks seen involved the use of the Remote Desktop Protocol, RDP, and in 69% of all cases, attackers used RDP for internal lateral movement – Security measures for RDP, such a VPNs and multi-factor authentication tend to focus on protecting external access. However, these do not work if the attacker is already inside the network.
J U N E 2 0 21
MEA
45
ADVERTORIAL
A centralised storage solution for households and businesses to manage data more efficiently.
FIVE REASONS WHY SMBS SHOULD GET A NAS As the global pandemic accelerates digital transformation, it is crucial for SMBs to have functioning IT infrastructure.
D
o you know that the average data generated per person is up to 1.7 megabytes per second? According to IDC, the entire digital universe will consist of 44 trillion gigabytes of data by 2020, and is expected to grow to 175 trillion gigabytes by 2025. Data is growing exponentially in the modern world, and data is considered the “new oil”. It is necessary for daily operations, to understand and serve customers better, assessing performance, and make a better business decision. With the rapid growth of digital adoption across various sectors, where to store and how to safeguard these valuable digital assets become crucial. As the global pandemic accelerates digital transformation, with the increasing threats and disruptions that may put business continuity at risk, it is crucial for SMBs to have a functioning IT infrastructure ready for the Post-Covid workplace. If you are still struggling to find a solution that requires low management efforts and a low learning curve, NAS is a budget-friendly and turnkey solution that could help you streamline your data management. What is NAS? And the 5 reasons why you should get it for your business Now, you may ask, so what really makes it outperform a traditional storage device or a public cloud service? Well, first of all, NAS is more than just storage, it is an all-in-one application server that fulfils almost every IT needs of SMBs, and here are five reasons why. NAS is a storage device that connects to a network and allows data access from
46
MEA
J U N E 2 0 21
authorized users. It is a centralized storage solution for households and businesses to manage data more efficiently. Modern NAS also comes with a user-friendly operating system along with other built-in software applications that help users stream, sync, share, or back up their data.
HAVE A RELIABLE DATA PROTECTION PLAN IN PLACE It is very common for SMBs to use a Windows PC with mapped network drives as a file server solution. However, unexpected data loss happens all the time, from human errors, hard drive failures, natural disasters to ransomware attacks. Should any of these accidents happen, there is no turning back and it poses great threats to your digital assets. This is one of the reasons why NAS is ideal for your business. Most NAS support various RAID types to provide different levels of data redundancy. In the case of a hard drive failure, the data is still intact. Moreover, some NAS providers offer built-in backup applications that achieve full data protection, including backup tasks for both physical and virtual environments, and even let you offsite backup data to the cloud. By seamlessly integrating the
ADVERTORIAL
All-in-one comprehensive backup solutions offered by Synology.
backup solution with the NAS device, IT admins can have a comprehensive backup and recovery plan in place without paying any additional license fees.
ENABLE REMOTE ACCESS & MAINTAIN YOUR PRODUCTIVITY In response to modern working trends such as BYOD, or more recently WFH, people’s workplaces and devices have become increasingly flexible, making cross-device, cross-location data access, and synchronization more critical than ever before. This is the reason why NAS is an ideal solution for SMBs. NAS provides remote access through the internet and has many built-in data syncing and sharing software supporting multiple devices and platforms. It allows employees to work from home, share, and simultaneously work on the same files without lagging, which presents an effective collaboration that levels up productivity under this new working norm.
ENSURE STORAGE SCALABILITY & EFFICIENCY With the ever-increasing volumes of data, it brings uncertainty to businesses on how to handle their data. For SMBs that rely on third-party cloud services to store their data, the increasing storage subscription costs may gradually become a heavy burden. A scalable and efficient storage device is your answer. NAS devices are flexible and easy to scale-up; they provide room for growth without replacing the existing IT infrastructure. Furthermore, some NAS solution available in the market comes with data deduplication technology, which can reduce storage consumption and maximize storage efficiency.
OWNING YOUR DATA Since NAS is connected to the company’s own network, privacy is assured with complete data ownership. Whereas with the public cloud service, data security is constantly in doubt as there is a third party involved. There are countless public cloud data breach incidents over the years, and
a recent survey even suggested that over 80% of the companies had experienced at least one cloud data breach in the past 18 months, and nearly half, 43%, confessed with 10 or more breaches. When you entrust your data and applications to the public cloud, you have no real assurances that they will be safe.
SAVE YOUR MONEY AND TIME Compared to public cloud services, NAS is indeed more expensive in terms of initial deployment. But if you look at the long term, public cloud users must pay a monthly subscription fee based on the number of users, and the cumulative TCO, total cost of ownership, in one year may already far exceed the cost of implementing a NAS. Not to mention that a NAS usually comes with at least 2, up to 5 years of warranty. On the other hand, many SMBs are used to getting hardware and software services separately. Yet this may cause extra procurement and management effort. By seamlessly integrating hardware and software, NAS solutions ensure a greater solution consistency. “One-time purchase and One-stop support”, with streaming acquisition and technical support, NAS requires lower management effort and time by only having to deal with one single vendor, which results in low TCO.
SUM UP NAS is not perfect. For tiny companies with just a few employees, cloud services can be easier to implement and can be “leased” for a monthly fee without investing all budgets at a time. For large enterprises with sufficient IT resources, a SAN architecture may provide better manageability and scalability. But for most SMBs that care about data security and productivity, NAS may be a decent choice providing the best balance between cost and performance. ë
This content has been sponsored by the vendor.
J U N E 2 0 21
MEA
47
INNOVATION
EITAN BREMLER, Vice President, Corporate Development, Safe-T.
TAKING SECURE DATA ACCESS TO THE NEXT LEVEL The vendor is taking security of multifactor tools and zero trust authentication to next level of user protection and ease of use with ZoneZero.
T Safe-T does not jump on the zero-trust bandwagon 48
MEA
he goal for Safe-T is to keep an organisation safe from attacks and data leakage by securing access. Enabling secure application and file access is this company’s passion and purpose, driving everything as an organisation. Comprised of industry leaders from B2B security firms and government agencies as well as elite military units, Safe-T understands the complex challenges of protecting data in the digital transformation. Today, securing sensitive data is more difficult and more important than ever before. Modern scanning and hacking tools mean that attackers have their sights set on every organisation, regardless of size or vertical. This makes every organisation a target. Safe-T helps to build control over access to applications and files, two of the most common corporate entry points for malware and other threats. There is also lot of talk about zero trust
J U N E 2 0 21
in the security world. Safe-T does not jump on the zero-trust bandwagon, while ensuring that secure access to files and applications is a key element of a resilient security strategy. However, secure access needs to be user-friendly, to help employees get to resources quickly. The products ZoneZero is designed to be deployed between company users, remote and network users, and corporate applications, and control access to applications using Zero Trust concepts. ZoneZero also integrates with common identity and access management and multifactor authentication providers, and utilises them as part of the access flow. As part of controlling the access to applications, ZoneZero can invoke multifactor authentication request to users when as part of their access flow to any application,
INNOVATION
One of the deficiencies of multifactor authentication solutions is that in most cases they are SAML, oAuth based without the need to install agents on the corporate applications. The end result is that IT can now add multifactor authentication to any application in the network, be it web based, legacy, fat client apps, in an easy and simple manner. ZoneZero is a Zero Trust Network Access solution, which is designed to control access for users to corporate applications. Zero Trust means we
authenticate users before granting access, hiding the applications from unauthenticated users. The authentication phase is done by integrating with identity and access management and multifactor authentication solutions. And only after authentication is access granted to the user for the specific applications, essentially creating trust zones. ZoneZero supports all types of applications: Web, RDP, legacy, fat client, SSH, file shares, SFTP, APIs, databases. It also fits all verticals and market segments. It is important to understand that ZoneZero is not a multifactor authentication solution or utility. But rather it integrates with multifactor authentication providers allowing them to utilise it all applications. One of the main deficiencies of multifactor authentication solutions is that in most cases they are based on Security Assertion Markup Language or OAuth, which assumes web applications. However, the world includes more than just web applications and this is where most multifactor authentication solutions fall short. ZoneZero allows utilising any multifactor authentication provider for any application. “Our go to market is channel oriented. We sell via resellers, distributers, MSSP and OEM partners. We have customers in all verticals including FSI, healthcare, government, utilities, manufacturing,” says Bremler. “I believe our solutions are a great fit for the region. And we plan reaching out to customer through our local partners.” ë
J U N E 2 0 21
MEA
49
CHANNEL STREET
CHALLENGES OF MONITORING AND MANAGING PRIVILEGED ACTIVITIES To know who is doing what with privileged accounts becomes a tedious task while any malicious element can wreak havoc to an organisation by misusing accounts.
I
t is estimated that there are about 50 billion connected devices in the world. Even by conservative estimates, these devices will have trillions of digital identities – which are end-user online credentials to access devices and applications. Or should we say authorised end-user access to systems. Indeed, just like any other IT asset, digital identities are extremely vulnerable to misuse and abuse from unauthorised access. And privileged identities – the super-user identities that provide access to databases, business-critical applications among other forms of highly sensitive information – remain one of the most targeted IT assets. Compromised corporate insiders, third-party and advanced cybercriminals target and steal privileged identities and look to hijack privileged accounts that form the part of the attack kill-chain behind any data breach. Consider this, according to the European Union Agency of Cybersecurity research on insider threats 2020, the average cost of an insider attack is estimated at around Euro 11.45 million while the average cost for credential theft is about $493,093, and 88% of the organisations surveyed believe that insider threats are a cause for concern. The enterprise IT ecosystem is complex nowadays. Privileged accounts are everywhere. These accounts are no more confined to administrator and root level access. There are business privileged accounts that provide access to business-critical applications; there are various SaaS applications and IaaS platforms and resources with privileged access for dayto-day IT operations; there are more and more machine privileged identities to manage and process IT administrative tasks; and then there are privileged identities to access DevOPs and CI-CD Environments. Managing and monitoring privileged accounts and privileged activities becomes further complicated as all these identities are segmented and distributed in micro-perimeters. To know who is doing what with privileged accounts and why and when becomes a tedious task. Against this backdrop, any malicious element can wreak havoc to your organisation by abusing or misusing privileged accounts. Built to address the emerging privileged access use-case challenges, ARCON Privileged Access Management offers a Unified Access Control Engine that helps to authorise, authenticate and audit privileged users, in any IT environment. The solution ensures that each access to systems is rule and role based.
50
MEA
J U N E 2 0 21
ANIL BHANDARI,
Chief Mentor, Arcon.
Digital identities are extremely vulnerable to misuse and abuse from unauthorised access The solution enforces the principle of least privilege through its featurerich capabilities such as granular access control to ensure access only on the need-to-know and need-to-do basis, just-in-time privileges to systems to ensure the right person has the right to access the right systems at the right time, and privileged elevation and delegation management to control escalation of privileges. Moreover, the solution offers a comprehensive view of all privileged accounts and activities through its reporting and session management capabilities. ARCON Privileged Access Management is essential from the compliance perspective. A host of IT standards such as the National Electronic Security Authority guidance in the UAE, and other global standards such as PCI-DSS, HIPAA, ISO 27001, and regulations like the GDPR among many other local regulations. These are mandated by governments and central banks explicitly ask for role and rule-based access, multi-factor authentication, password vaulting, to protect data. The solution offers all the necessary safeguards as to data security, data integrity and data privacy. IT threats do not come with a prior notification. They are sudden and unexpected; and by the time we act, it is too late. To counter this challenge, ARCON Privileged Access Management leverages AI ML for advanced threat analytics. ARCON uses its User Behaviour Analytics component to identify and mitigate threats arising from anomalous privileged identities with potential to cause data breach on a real-time basis. ë
CHANNEL STREET
PREPARING AN EVERGREEN PARTNER PROGRAMME FOR TOMORROW Business transformation does not come off the shelf but takes an ecosystem of partners with complementary specialties to deliver outcomes customers need.
T
he NetApp Unified Partner Programme is evolving to make sure partners are rewarded for taking this journey. In fiscal year 2022, NetApp is laying out a path toward a new Unified Partner Programme structure. This renovation will differentiate partners in ways that are relevant to customer priorities and recognise how partners contribute, regardless of their sales. The NetApp partner locator is being redesigned for a better user experience to help customers find the most specialised partners to meet their needs. To reflect the way partners, lead with solutions, the partner ecosystem has evolved enormously. Digital transformation is accelerating, and it is becoming complex. The solutions that customers need are not one size fits all. That is because business transformation does not come off the shelf but takes an ecosystem of partners with complementary specialties to deliver outcomes that customers need. NetApp is transforming its Unified Partner Programme and evolving its structure to make doing business with NetApp simpler and more profitable for its partners. The objective is to design an evergreen, flexible partner programme that encompasses all partner types. The latest updates are just the start of a multi-phase strategy to incentivise and reward the partners for their solution expertise. Enhancements to the NetApp Unified Partner Programme for fiscal 2022 include simplified incentives that are streamlined to align with key initiatives and focus areas that reward customer acquisition, FlexPod, consumption, cloud and more, new customer acquisition. These incentives are tied to new specialisations which become more predictable along the sales lifecycle and new partner rewards in which individual participants who opt in will be rewarded for actions that drive deal closure as part of strategic programmes such as setting meetings and registering deals. New solution specialisations are an opportunity to recognise and reward unique partner skillsets and go-to-market models. The new updates to the Unified Partner Programme include solution certifications.
MAYA ZAKHOUR,
Channel Director, Middle East, Africa, Italy and Spain, NetApp.
Incentives are tied to new specialisations which become predictable along the sales lifecycle The Services Certified Partner Programmes now becomes Services Certified Specialisations. The new additions to services certifications incorporate Integration Services Certified Specialisation, which recognises partners with deployment and integration services across the NetApp portfolio. The Lifecycle Services Certified Specialisation, which recognises partners providing deployment, integration, and managed or support services in a NetApp data fabric, and NetApp Keystone Services Certification which delivers storage-as-a- service offerings that are built on partner-operated NetApp Keystone Flex Subscription, for which specialisation is available by invitation only. The programme will now include specialist partners who sell, consume or influence the NetApp portfolio – increasing relevance to more partner types. The latest enhancements will provide partners with a more flexible, consistent and simplified experience - preparing them for the planned transition to a new tiering structure next year. The programme is expanding the partner ecosystem, offering new financial incentives and accelerating profitability, and adding new solutions and Services Certified specialisations. ë
J U N E 2 0 21
MEA
51
REAL LIFE
Snam drives digital transformation with Red Hat’s open hybrid cloud Red Hat, the world’s leading provider of open source solutions, has announced that Snam, one of the world’s largest gas networks, has deployed Red Hat OpenShift and other cloud-native technologies to help drive the organisation’s digital transformation. Using a broad set of Red Hat’s powerful open hybrid cloud solutions, Snam can better manage and scale applications across distributed infrastructure, including at the edge, to prepare for a hybrid cloud and multicloud future. Headquartered in San Donato Milanese, Italy, Snam oversees one of the world’s largest natural gas transportation networks, 2 LNG terminals and the largest European natural gas storage capacity; it has participations in GCA, TAG, Terega, Interconnector UK, DESFA, TAP, and ADNOC Gas Pipeline. Snam’s mission is to help guide the evolution of energy transition by providing an innovative sustainable energy network that enables more stable supplies to Europe, while developing new businesses and technologies fostering a low-carbon future, such as H2 and
biomethane. In an effort to better serve the digital needs of its internal operations, while being able to provide the digital agility and flexibility its new business units require to succeed, Snam undertook a company-wide digital transformation programme. Backed by the open hybrid cloud expertise and technologies from Red Hat, Snam has started to renew its existing application map and make interactions leaner and more effective among its business services, while developing an entirely new technology stack for its IoT and data needs, designed to be ready to connect up to 30,000 devices and able to handle 100x more data, enabling the intelligent network. Through the adoption of Red Hat technologies, Snam can now deploy applications in an automated manner in as little as 30 minutes, improving by more than 10x the time to delivery of its new software products. Red Hat OpenShift has been deployed on-premises and on the edge of the network, with Snam
STEFANIE CHIRAS, Senior Vice President and GM, Red Hat Enterprise Linux Business Unit, Red Hat.
also taking advantage of the public cloud, using Microsoft Azure Red Hat OpenShift, a jointly engineered managed Red Hat OpenShift service supported by Microsoft and Red Hat. This enables Snam to scale workloads and applications across any public or private cloud in order to meet future business requirements, reducing potential risks around cloud lock-in, and helping streamline the platformisation of its application map, while being flexible to consume and provide new digital data and services, leveraging its business expertise and the opportunities offered by the current pace of digital technologies evolution.
Saudi Arabia’s ADF to automate finance, procurement, HR with Oracle Cloud Oracle has announced that the Agricultural Development Fund, ADF of Saudi Arabia will automate its core finance, procurement and HR functions with Oracle Fusion Cloud Applications Suite. The implementation will help ADF drive data integration across the organisation, reduce operational costs, and develop a secure, scalable IT infrastructure to help support the fund’s rapid expansion and innovation of new services. ADF is the Saudi government’s principal credit institution specialised in financing agricultural activities in Saudi Arabia. The fund also works to develop the country’s agricultural sector through scientific and technological development initiatives. ADF will deploy Oracle Fusion Cloud Enterprise Resource Planning, Oracle Fusion Cloud Procurement, part of Oracle
52
MEA
J U N E 2 0 21
Cloud ERP, Oracle Fusion Cloud Human Capital Management, Oracle Integration and Oracle Analytics Cloud. A significant result of the implementation will be the ability to
provide ADF leadership with mobile access to real-time field and operational data, which will be critical for enhancing decisionmaking and efficiency.
REAL LIFE
AVEVA digital solutions to help Henkel accelerate sustainability
AVEVA, a global leader in industrial software, driving digital transformation and sustainability, announced that Henkel, a global consumer goods and industrial chemicals manufacturer with a diverse portfolio of wellknown brands, has implemented AVEVA digital solutions to help accelerate sustainability within its supply chain. By integrating AVEVA System Platform, AVEVA Historian and AVEVA Manufacturing Execution System, Henkel is monitoring and minimising energy consumption saving €8M YoY in 2020 and working towards its target of becoming three times more energy efficient by 2030.
With sustainability at the heart of its strategy, Henkel’s Laundry and Home Care business unit wanted to reduce energy consumption and align with ISO 50001 standards at all its production sites. Using AVEVA software installed by EMP Etteplan GmbH, the team was able to successfully optimise collection, use and communication of energy consumption and emissions data across its supply chain. As a result, the team has improved supply-chain resource efficiency of on-site production by 5-6% annually. AVEVA’s flexible solution enabled Henkel’s Laundry and Home Care business unit to address all the information system architec-
KIM CUSTEAU, Senior Vice President APM and MES, AVEVA.
ture requirements needed to realise these emissions savings. The project took less than 18 months to start delivering audited benefits and included the energy monitoring solution using AVEVA System Platform and AVEVA Historian.
Choithram first to use Emirates NBD online supply chain financing platform Emirates NBD, onboarded Middle East grocery retailer and food distributor Choithram and Sons to pilot the bank’s smartSCF digital Supply Chain Financing platform. Emirates NBD’s state-of-the-art smartSCF platform caters to the growing need for digitisation of supply chain management and financing, which has emerged as one of the key priorities for corporate clients across industries. Through the smartSCF platform, Choithrams will digitise its payable process across the region, and benefit from improved cash flow and working capital efficiencies. The retailer’s extensive supplier base will also benefit from early payment of their invoices without the need for collateral and at competitive rates. Choithram’s suppliers will be able to selfonboard via the platform’s digital supplier onboarding toolkit, one of the first of its kind in the region, significantly increasing operational efficiencies at both ends of the process. Additionally, smartSCF’s enhanced data analytics tools such as interactive dashboards and customised reports will help Choithrams gain visibility across the supply chain process, from supplier onboarding to payment and reconciliation as well as cashflows.
AHMED AL QASSIM, Senior Executive Vice President and Group Head, Corporate and Institutional Banking, Emirates NBD.
smartSCF provides ecosystem financing by infusing liquidity in the physical supply chain of UAE corporates, said Ahmed Al Qassim, Senior Executive Vice President and Group Head, Corporate and Institutional Banking, Emirates NBD.
Developed to meet the growing need for more integrated and automated tools, smartSCF is one of the few Supply Chain platforms that offers simplified digital onboarding making it easier for corporate buyers to extend the facility to a large number of suppliers, he added.
J U N E 2 0 21
MEA
53
GUEST COLUMN
REDUCING DISCONNECT BETWEEN SECURITY AND BUSINESS CISOs must engage decision makers to change how cybersecurity is treated in the organisation and drive investments that impact business outcomes.
C
ybersecurity has been on board agendas for at least a decade, but the recent coronavirus outbreak puts a spotlight on the disconnect between executive understanding of cybersecurity and their organisation’s actual capabilities. The stories that we have seen during the Covid-19 outbreak are the latest example highlighting the failed approach to cybersecurity that many organisations take. While executives were focused on ensuring compliance and stopping hackers, simple opportunities like enabling secure remote access technologies, which have a much larger business impact, were ignored. Now, organisations are scrambling to catch up. These missed opportunities detected during the coronavirus outbreak are just the most recent example of how the disconnect between security and business outcomes is often underestimated. Organisations should focus on the creation of adequate, reasonable, consistent and effective controls in a business context. The Covid-19 disconnect should create a wakeup call for CIOs, CISOs and IT executives about the critical need to address cybersecurity in a business context and as a business decision. But IT leaders can build an executive narrative to change how cybersecurity is treated in their organisation. Many organisations take an ineffective approach to cybersecurity. These failed approaches lead to poor decisions and bad investments. Here are the four key challenges that limit cybersecurity’s business impact.
#1 PERCEPTION IS CYBERSECURITY IS A TECHNICAL PROBLEM This results in a lack of engagement with executives, unproductive exchanges and unrealistic expecta-
54
MEA
J U N E 2 0 21
The stories we have seen during Covid-19 outbreak are examples of the failed approach to cybersecurity tions. Ultimately, leads to poor decisions and bad cybersecurity investments.
#2 ORGANISATIONS ASK WRONG QUESTIONS ABOUT CYBERSECURITY. Questions like how much should I spend on cybersecurity? Or how can I comply with regulations, do not reflect the organisation’s level of protection. These misplaced questions drive attention away from improved priorities and better investments.
#3 CURRENT INVESTMENTS ARE NOT PRODUCTIVE Organisations are focused on new approaches that have great promise, but through a combination of failed execution and poorly set expectations, these investments are only delaying activities that will better improve cybersecurity. Many companies use quantification to present risk and security in terms of money - is that a $5 million risk or a $50 million risk? and likelihood of damage - what is the percentage chance of getting hacked? However, these calculations are often based on assumptions and expert opinion that essentially dictate the result, rather than real quantitative business assessment. Using the veneer of quantification to get what you want does not support improved cybersecurity.
GUEST COLUMN
PAUL PROCTOR,
Distinguished VP Analyst, Gartner.
Organisations should focus on the creation of reasonable and effective controls in a business context The Covid-19 disconnect should create a wakeup call for CIOs, CISOs and IT executives #4 REAL FAILURES ARE NOT GETTING ENOUGH ATTENTION For instance, the manufacturer of a medical monitoring device ignored cybersecurity in the development of its Internet-connected product to cut costs and speed up production time. The foundational software was riddled with vulnerabilities, and once discovered, cybercriminals exploited the devices to deploy ransomware. This rendered the devices unusable to medical
professionals and created a critical shortage during a time of peak need. The disconnect between executive decision making and effective cybersecurity should encourage both business and security leaders to focus their attention on new ways to approach the problem. To create a business context around cybersecurity, first identify the business context of your organisation. Every organisation has budgets and costs, desired outcomes and supporting business processes, sources of revenue and customers. Each of these components comes with key technology dependencies. Understand the organisation’s most important processes and business outcomes, and identify how technology maps back to them. Then, using business context as a guide,
shift toward an outcome-driven approach to cybersecurity. An outcome-driven approach is a governance process where priorities and investments are determined based on their direct impact on protection levels in a business context. This approach helps the organisation see how well the organisation is protected, rather than just how it is protected. For example, an organisation can manage ransomware risk by measuring the operational outcomes of the primary controls it uses to address ransomware: Backup and restore, business continuity and phishing training. If these tools are delivering outcomes that meet stakeholder expectations for readiness to address ransomware, it creates a business context for continued investment. Executives can then participate in decisions related to how much ransomware protection the organisation wants and how much it is willing to pay. An outcome-driven approach creates an entirely new lens for non-IT executives and other stakeholders to consume information about cybersecurity issues in a business context. Priorities and investments can be adjusted to balance the needs to protect against the needs to run the business. ë
J U N E 2 0 21
MEA
55
GUEST COLUMN
eCrime IS FASTEST GROWING THREAT FOR MIDDLE EAST Globally the CrowdStrike Threat Intelligence team has seen an increase in eCrime of over 330% since the start of the year versus in 2019.
A
s organisations across the world struggle with the upheavals caused by the Covid-19 pandemic, it is vital not to forget the threats that can cause massive disruption and loss:
cybercrime. While organisations have focused their attention on equipping staff for remote working and reengineering business processes, cybercriminals have been busy perfecting their attack strategies and improving their weapons to take advantage of the expanded threat landscape that the remote workforce has provided. Cybercriminal groups vary widely in size and technical prowess, but those that can cause the most extensive damage to businesses fall into two categories – eCriminals and nation-states. eCriminals are often interested in financial gain while nation-state actors tend to take a longer and more targeted approach to gain access to intellectual property from within distinct industries, including companies operating in the telecommunications, financial and healthcare sectors. Of all the types of cyber threat activity across the Middle East region, it is eCrime that has seen a rapid increase since the virus first appeared earlier this year. Indeed, globally the CrowdStrike Threat Intelligence team has seen an increase in eCrime up over 330% since the start of the year versus in 2019. The objectives of eCrime actors are shifting as well. Taking control of an organisation’s IT infrastructure and then demanding payment for its release is now a primary tactic, and in some cases, threatening extortion. In the current threat landscape, ransomware continues to prove one of the biggest challenges for organisations across the Middle East. Designed to bring organisations to a grinding halt so victims are forced to pay to regain access to critical data stores, it is a technique of choice for cybercriminals around the world. If a victim refuses to make the payment, the cybercriminal may threaten to make public some of the organ-
56
MEA
J U N E 2 0 21
Variants of threat actors active in the market show how quickly cybercrime is evolving isation’s sensitive data. If payment is still not made, that data could then be posted to a site on the dark web where it can be accessed and potentially used by other parties. A recent example of a criminal organisation using ransomware is Smaug. This ransomware-as-a-service threat allows criminals who lack the right technical skills to still mount an attack against a target. Users have to pay an upfront fee to use the service and then a certain percentage of any ransomware payments received. WastedLocker adversary group recently emerged and is designed to be tailored to work against specific target organisations. Operated by the cybercriminal group Evil Corp Gang, WastedLocker works by making a preliminary attempt at penetrating an IT infrastructure then collects information about the defences in place and these are then taken into account before a second attack is mounted. Ransom demands received by victims so far have been very large, ranging from $500,000 to more than $10 million, payable in Bitcoin.
KEY THREAT ACTORS CrowdStrike Intelligence has been observing the increasing sophistication of criminal organisations daily The adversary group Pinchy Spider, responsible for the nowretired GandCrab ransomware, has developed a new ransomwareas-a-service variant known as REvil. This malicious code is offered as a service and CrowdStrike has observed it to be the most widespread ransomware code during the second quarter of this year. The Carbon Spider adversary group has also been created by
GUEST COLUMN
RAWAD SARIEDDINE,
Vice President, Middle East, Turkey and Africa, CrowdStrike.
Ransom demands received by victims so far have been very large, ranging from $500,000 to more than $10 million
sophisticated cybercriminals, who make use of DNS tunnelling to spread code. The code can also be distributed on devices such as USB keys in the hope that staff within a target organisation will insert it into a networked PC. To date, the group has tended to target point-of-sale devices to extract details of credit cards. More recently, Carbon Spider, a group primarily focused on attacking organisations using point-of-sale terminals, has been observed using the REvil ransomware from Pinchy Spider. This has allowed them to extract ransom payments in addition to their normal modus operandi of favouring large organisations that process high volumes of credit card transactions, including large retailers, hotels and casinos. A third group, named Wizard Spider, previously used a family of ransomware code known as Ryuk until March this year, they have returned on the scene with Conti Softwarek, a code designed to identify and encrypt files on hosts within a local area network. The adversary leverages multiple, highly sophisticated techniques for attempting to deploy ransomware enterprise-wide, hoping for a huge payday.
Another recent group Sprite Spider conducts low-volume, targeted big game hunting. It exclusively deploys Defray 777 ransomware in-memory on victim systems and because its actor footprint remains small, investigations have proven difficult post-ransom. The wide variants of threat actors currently active in the market show how quickly cybercrime, and ransomware, in particular, is evolving. Many organisations that fall victim find they have little choice but to pay the ransom, thereby encouraging the groups to extend their activities even further. While the initial wave of attacks related to Covid-19 appears to have declined, it is likely activity will rise again as interest grows in the potential vaccine candidates currently being developed around the world. Attackers are likely to mount phishing attacks using emails that appear to offer details about vaccines and how soon they could reach the market. For this reason, it is now more important than ever for strong security measures to be in place across your organisation. Accept the 1-10-60 challenge Combating sophisticated adversaries
requires a mature process that can prevent, detect and respond to threats with speed and agility. Organisations can pursue the 1-1060 rule to effectively combat sophisticated cyberthreats: l Detect intrusions in under one minute. l Investigate and understand threats in under 10 minutes. l Contain and eliminate the adversary from the environment in under 60 minutes. Organisations that meet this 1-10-60 benchmark are much more likely to eradicate the adversary before the attack spreads from its initial entry point, minimising impact and further escalation. Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action. Ultimately, consider how successful your existing protective measures are with a distributed workforce and put in place additional tools to increase defences. It is going to be many months before many countries return to anything that resembles normal, but the threat of cybercrime will remain. Taking the time now to understand how threats are evolving will ensure you are best positioned to prevent an attack. ë
J U N E 2 0 21
MEA
57
PEOPLE
EXECUTIVE MOVEMENTS
Automation Anywhere appoints James Budge as CFO, Mike Micucci as COO Automation Anywhere, a global leader in cloud robotic process automation, RPA, has announced the appointment of James Budge as the company’s chief financial officer and Mike Micucci as the company’s chief operating officer. Budge brings to Automation Anywhere decades of experience as a CFO at both public and late-stage private companies, during which he has prepared three companies for initial public offerings, IPOs, and led multiple secondary public offerings, all while managing complex global operations. Micucci joins Automation Anywhere as COO with a proven track record in executive product and marketing leadership roles in Cloud and enterprise technology.
Mohammed Alkhotani joins Sitecore as Area Vice President for MEA region
Kissflow appoints Rahul Bhageeradhan as Global Director, Digital Architecture
Qualys appoints Sumedh Thakar as President and CEO
Sitecore has announced it is supporting the Middle East and Africa’s cloud applications market by appointing Mohammed Alkhotani as Area Vice President for the region. In his role, Alkhotani will bolster the rollout of Sitecore’s $1.2 Billion global investment plan. He will also support the integration of emerging technologies such as artificial intelligence, machine learning, and robotic process automation across websites, apps, and social media. Prior to Sitecore, Alkhotani was with the enterprise application software company SAP as Managing Director of Saudi Arabia, and SAP Ariba Senior Director for MEA, along with ICT in Australia, and Cisco Systems in The Netherlands and Saudi Arabia.
Kissflow has further strengthened its regional presence by appointing Rahul Bhageeradhan as its Global Director, Digital Architecture to support Low-code or No-code customers. In this newly created position, which represents the evolution of the company’s pre-sales strategy, Bhageeradhan will look to establish and grow Kissflow’s team of digital architects who will engage with customers to identify business process gaps, and address these by creating seamless employee and customer workflows using the company’s Low-code and No-code platform. Based on these in-depth customer engagements, Bhageeradhan will also work closely with the company’s product development team to ensure relevant and impactful features and functionalities are incorporated into Kissflow’s solutions portfolio.
Qualys, a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, has announced that its Board of Directors has named Sumedh Thakar as President and Chief Executive Officer. Thakar, long-standing Qualys executive and Chief Product Officer, was previously Interim CEO. Thakar has been with Qualys for nearly 20 years in various positions starting as a software engineer. Since 2014, he has served as Chief Product Officer overseeing product strategy and leading the transformation of the Qualys Cloud Platform from a single security solution to an evolving portfolio of integrated apps that deliver 360-degree visibility across on-premises, endpoints, cloud, containers, and mobile environments.
58
MEA
J U N E 2 0 21
THEME OF UNITE
BOTS TEAM BUILDING
BODY
SOUL
OPPORTUNITIES AND OBSTACLES MONTHLY ALL-ROUND WELLNESS AND COMMUNITY BUILDING INITIATIVE FOR THE CIOS. STATE-OF-THE-ART LOCATIONS| ULTRA-MODERN ACTIVITIES| HANDS-ON EXPERIENCES | LIFE-CHANGING TAKEAWAYS
FITNESS
WELLNESS
NUTRITION
ENGAGE
#TheChange NORTH GULF 28th JUNE
SOUTH GULF 3rd AUG
TRANSFORMATION IN
ASIA 26th AUG
AFRICA 27th SEP
SECURITY NETWORKING BUSINESS APPLICATIONS IT & COMPUTING TRANSFORMATION IN
TRANSFORMATION IN
TRANSFORMATION IN
www.btxshow.com