G I S E C 2 0 2 2 S P E C I A L D A I LY
BROUGHT BY
21 MARCH - 23 MARCH 2022
Day One
GEC Media stages Future IT Summit with close to 200 enterprise and industry executives Carrying forward its legacy of the past eight years, The Future IT Summit and Catalysts Awards 2022 was successfully held at Conrad Hotel, Dubai on 17th March 2022. The event brought together some of the major names of technology and included a series of insightful presentations, round table meetings, and incisive panel discussions. The event was started with an opening keynote by Ronak Samantaray, Co-founder and CEO, GEC Media Group and he extended a warm welcome to all the honourable guests and speakers with utmost gratitude for joining him in-person at FITS 2022. The event saw the participation of high profile industry and enterprise executives including Hanan Huwair; Arul Jose Vigin, Charbel Zreiby, Samer Semaan, Ehab Eid, Sheridan Moodley, Mohammad Qattash,
Taufiq Rahman, Dinesh Chandra, Mohammad Al-Jallad, Basil Ayass, Awais Bin Imaran, Damir Jaksic, Kashif Rana, Ahmad Alabbi, Loubna Imenchal, Thomas Gigi Mathew, Mario Veljovic, Shameema Parveen, Salma Awwad, Veronica Ustinova, Yasmin Al Rawi, Debbie Botha, Zaid F Ghattas, Manal Allam, Ali El Kontar, Shrenik Jain, Pratap Patjoshi, Binita Prasad, Sridhar Rajagopal, and Mario Foster, amongst others. The Future IT Summit 2022 event partners include Dell Technologies and Mindware; Zero & One and AWS; Epicor; HPE and Emitac; Logitech and Ingram Micro; freshworks and VAD; Ingram Micro and NetApp; Pure Storage and teksalah; AMD, Automation Anywhere, SecureNet, HTP Global Technologies, Nakivo, Scality, Virsec, Finesse, Infoblox, Raqmiyat, and Sherpa Communications.
01
GISEC DAY 1
Gisec 2022 opens with 270 participants, 70 countries, 100 ethical hackers, five stage areas 02
Gisec 2022 is poised to re-energise public-private sector collaboration as nations and companies explore disruptive new solutions to tackle growing global cybersecurity challenges. It has been organised in-partnership with UAE Cybersecurity Council, Dubai Electronic Security Centre, the Telecommunications and Digital Government Regulatory Authority and Dubai Police. Gisec 2022 will host over 270 exhibiting brands and bring together over 10,000 information security, technology professionals, business leaders and changemakers from over 70 countries. The latest edition of Gisec will focus on ethical hacking through a number of interactive onsite features and activations taking place
GISEC DAY 1
throughout the three days. One of the highlight activations comes in the form of the largest live Bug Bounty hunt ever to take place in the UAE. In support of the UAE Cyber Security Council National Bug Bounty Program, 100 ethical hackers are flying in to take part in the Gisec Bug Bounty programme, where they will be tasked to hack, identify, and fix certain software flaws in a number of different scenarios and mainframes – including electric cars, mobile phones and drones.
The MEA cybersecurity market expected to reach $2.89 billion by 2026 at a CAGR of 7.92% over the next four years, according to Mordor Intelligence, Now split across five stages, this year will feature the Government Stage Hosted by the Dubai Electronic Security Centre DESC, and new content tracks focusing on healthcare, telecoms, critical infrastructure and finance. Some of the headline speakers across other stages include HE Dr Mohamed Al-Kuwaiti,
Head of Cyber Security, United Arab Emirates Government; notorious hacker Jayson E. Street; Stephen Kavanagh, Executive Director Police Services, INTERPOL; MK Palmore, Former Head of FBI San Francisco Cybersecurity Investigative Branch, US; Mesfer Almesfer, Chief Information Security Officer CISO, NEOM; Prof Isa Ali Ibrahim Pantami, Federal Ministry of Communications and Digital Economy, Nigeria and HE Ambassador Amir Hayek, Israeli Ambassador to the United Arab Emirates, Ministry of Foreign Affairs, Israel among others.
03
GISEC DAY 1
(Left to Right) Avinash Advani, the Founder and CEO, CyberKnight and Vivek Gupta, Co-Founder and COO at CyberKnight.
CyberKnight highlights observability and visibility along with vendor partners CyberKnight will highlight to regional IT Security leaders, the importance of observability and visibility while addressing cybersecurity challenges. At the events, CyberKnight will also showcase its Zero Trust Security methodology – The ZTX Framework, alongside market-leading international cybersecurity vendors. “Due to the onslaught of ransomware and targeted attacks impacting customer operations in the region over the last couple of years, CyberKnight’s theme for GISEC this year is Business Interrupted: Insight into navigating the precarious cybersecurity landscape,” commented Avinash Advani, the Founder and CEO at CyberKnight.. The technologies that will be represented by CyberKnight.
• • • • • • • • • • • • • • • •
GISEC INCLUDE: Crowdstrike - EDR, EPP, Threat Intelligence and IR Armis - Agentless IoT and OT Device Security Lookout - Mobile Threat Defense and Mobile App Security, CASB, SASE and Zero Trust Network Access - ZTNA Netwrix - Data Access Governance, AD Security, File Integrity Monitoring Illumio - Zero Trust Microsegmentation Appgate - Zero Trust Remote Access Cyware – SOAR + TIP RedSeal – Cyber Risk Modelling PhishRod - Security Awareness, Training Platform and Phishing Simulation IronNet – Network Detection and Response Immersive Labs – Cyber Skills Development and Training Platform Utimaco - Hardware Security Modules and Key Management HelpSystems - Data Classification, Email Security, Managed File Transfer, VA,PT SolarWinds – IT Management and Remote Monitoring Seceon – aiSIEM, aiXDR BlueCat - Secure DNS, DHCP, IP Address Management
Lookout will demonstrate integration capabilities of SSE along with CyberKnight Lookout is participating at Gisec with CyberKnight and will speak on the X-Labs Stage about how to Achieve Enhanced Cloud Security and Protect Against Ransomware. Most organisations have lost control of their data security as they migrate to the cloud. Organisations have also left doors open in the collaboration tools. Lookout will use Gisec as a platform to showcase the Lookout SSE platform. The Lookout SSE solution enables organisations to secure their data while supporting a modern, anywhere anytime workforce with consistent cloud-delivered security policies regardless of where data is stored.
04
In addition to integrating Cloud Access Security Broker CASB, Zero Trust Network Access ZTNA and Secure Web Gateway SWG into a single platform, Lookout SSE integrates policy and data security enforcements deeply across web, SaaS and private applications. Lookout SSE consolidates CASB, ZTNA, and SWG with Endpoint Security into a unified platform that reduces cost and complexity while simplifying management of security and access across all endpoints, clouds and on-premises infrastructures. By analysing telemetry data from users, endpoints and the data they are accessing, Lookout dynamically enforces policies with varying degrees of granularity.
BAHAA HUDAIRI Regional Sales Director META, Lookout
GISEC DAY 1
Infoblox is securing digital transformation of enterprises by using DNS fabric Infoblox engineers had spotted weakness in the DNS many years back before this has become a major risk flagged by most of the security vendors today. Being ahead of the curve has allowed our R&D to develop protection mechanism on DNS that leverages artificial intelligence and machine learning which allowed us to extend our protection to our customers against 0-Day domains attacks. Such attacks today are being used by malicious activist to exfiltrate date, and infiltrate malwares to the enterprise networks, and Infoblox behavioural analysis and machine learning has allowed us to drastically decrease such threat that faces any modern network every single day. At the core of every digital transformation comes the adoption of cloud, multi cloud, and hybrid cloud and at the core of this adoption comes Infoblox. Infoblox has understood this need many years back, and that is why today we exist in every major public cloud provider around the world. Cloud adoption is not a flip of a switch, it takes many phases of planning and transition, and for that CIO and CISOs around the world need the technologies which can connect the dots of these phases. Infoblox is able to securely support traditional and multi cloud networks and can give the organisation security and control over all their network assist and payloads regardless of where it resides. Traditional datacentres security is great, but it becomes ineffective and costly for organisations to extend it to their network edge and remote work, and that’s where DNS security comes into picture. DNS is a fabric that by nature exists everywhere including your data centre, remote work, cloud, and network edge, and securing DNS is an effective and simple way of extending cyber security to the edge and to remote work allowing organisations keep up with the modern demand of their workforce and customers. IP-enabled networks connect the operational technology side at the utility and the information technology side, going back to the basics of how these devices communication is simply by using core network
SolarWinds to present updates on its Secure by Design initiative with VADs CyberKnight, Spire Solutions SolarWinds is participating at Gisec alongside its valueadded distribution partners in region, CyberKnight and Spire Solutions. SolarWinds will share updates on its Secure by Design initiative, showcase enhancements to its security portfolio, including SolarWinds
Access Rights Manager and SolarWinds Security Event Manager. The event will also offer presentations by SolarWinds Head Geek Sascha Giese on SolarWinds Secure by Design and Security Portfolio; From Monitoring to Observability.
AHMAD ALABBADI Regional Sales Manager, Gulf, Pakistan, Levant.
services such as DNS, that is where it becomes important to leverage Infoblox robust and intelligent DNS servers that was built with security in mind. A secured Infoblox DNS does not only minimises the risk of attacks targeted at the OT level, but also ensure 99.999% service uptime. Infoblox has developed selective and specialised programs that revolves around SaaS, the SaaS specialised partner program recognises and rewards partners that have demonstrated unique sales and service capabilities around cloud-based network management. The selective Infoblox Bloxcare Alliance Programme enables strategic Infoblox partners to provide excellent customer service and handle L1 and L2 support. Ensuring that their customer’s Infoblox products are always up to date. We are also running complimentary DNS for Security Practitioners (DSP) program around the world which is a protocol-focused and independent of commercial solutions, allowing partners to demonstrate their elite competency, regardless of career experience.
LAURENT DELATTRE Vice President EMEA Sales, SolarWinds.
05
GISEC DAY 1
ManageEngine presenting CASB, Desktop Central, Log360, PAM360 solutions ManageEngine will showcase its full range of IT security solutions, including the recently launched cloud access security broker component of its SIEM solution, Log360. The evolution of CASBs has brought about several benefits, including compliance, data security, threat protection and overall data and traffic visibility. Implementing a CASB goes a long way in preventing data leaks and gives much-needed visibility into the usage of shadow applications. Traditional security defense mechanisms are no longer adequate. ManageEngine will also showcase its unified endpoint management tool, Desktop Central; SIEM solution, Log360, which has user and entity behavior analytics capabilities for proactive threat analysis using AI and ML; PAM360, which enables enterprises to establish strict privileged access governance and monitor privileged operations. The company will also highlight Device Control Plus and Application Control Plus, which enforce the principle of least privilege for employees using various devices and applications.
NED BALTAGI Managing Director, Middle East and Africa at SANS Institute.
MANIKANDAN THANGARAJ Vice President, ManageEngine.
SANS Institute highlighting interactive cybersecurity training and workforce development SANS Institute will showcase a range of offerings, from core training courses, Capture-the-Flag events, security awareness products, knowledge assessments, NetWars tournaments and Cyber Training academies, to educate visitors on how SANS can support organisations in training, recruiting, and retaining cybersecurity staff. There is an ever-growing cybersecurity skills gap and need for trained personnel within organisations. With a growing shortage of people available on the job market, it is becoming increasingly challenging for organisations to find the right talent for the right jobs. SANS will offer visitors the opportunity to experience the SANS Secure Middle East 2022 training course, which will take place in Riyadh this month, through their Live Online training format.
06
GISEC DAY 1
Attivo demonstrating its new ADSecure-DC solution Attivo will be introducing its expanded Active Directory Protection portfolio with capabilities to efficiently detect identity-based attacks at the domain controller from all endpoints. Attivo is the diamond sponsor at Gisec 2022.
RAY KAFITY VP META at Attivo Networks.
During Gisec 2022, it will introduce the new ADSecureDC solution which provides threat protection from attacks originating from Windows as well as Mac, Linux, IoT, OT devices, and unmanaged devices which are limited in their ability to run traditional endpoint protection software. The Attivo Networks ADSecureDC solution identifies enumeration and attacks targeting Active Directory. It also detects suspicious user behaviours using deep packet inspection and behaviour
analytics and delivers high-fidelity alerts. Organisations gain AD security for attacks from managed and unmanaged systems, IoT and OT devices, and popular Windows and non- Windows Mac, Linux
systems without interfering with domain controller operations. The Attivo Networks ADSecureDC solution joins the company’s existing suite of Active Directory
protection products. These include ADSecure-EP, which operates on the endpoint and prevents attackers from seeing and accessing privileged credentials in Active Directory, ADAssessor for continuous AD exposure visibility, and ThreatPath, which identifies and remediates exposed and risky credentials on the endpoint. Organisations deploying these solutions gain easy, efficient, and effective protection for their AD environment.
Nozomi Networks to present Vantage scalable, cloud-based SaaS solution The company will highlight its expansive portfolio of leading OT and IoT security solutions at the exhibition and demonstrate how its technologies can benefit and be leveraged within visibility and security markets. Nozomi Networks will present Vantage at Gisec, its scalable, cloud-based SaaS solution that can eliminate blind spots and increase an organisation’s cyber threat awareness. Critical infrastructure defences are maturing significantly
– thanks in part to progress when it comes to public and private cooperative efforts aimed at tightening defences – and Nozomi Networks has made a significant contribution to this awareness with innovative security solutions. Additionally, government guidelines, mandates, and legislation in combination with self-governance at the sector level will help establish and enforce a standard baseline for critical infrastructure cybersecurity.
BACHIR MOUSSA Regional Director – MEAR, Nozomi Networks.
07
Barracuda to demonstrate Total Email Protection, Web Application Firewall, Cloud-to-Cloud Backup The 7th edition of Barracuda’s ‘Spear phishing: Top Threats and Trends’ report revealed that phishing and Business Email Compromise attacks are among the top three social engineering attacks, accounting for 51% and 9% of the 2021 total respectively. To enable Gisec attendees to effectively counter these threats, the company will showcase Barracuda Total Email Protection, a suite of powerful security solutions that offer protection against a wide range of email threats, at the event. The report also showed that through 2021, cybercriminals compromised approximately 500,000 Microsoft Office 365 accounts. Having recently announced the regional availability of its Cloud-to-Cloud Backup solution from Microsoft’s cloud data centres in the UAE, the company will use Gisec as a platform to raise awareness around this solution that delivers a fast search and restore experience for Office 365 data, including Teams, Exchange Online, SharePoint, and OneDrive. Earlier this year, Barracuda announced its partnership with Finesse, a global system integration company. The company will participate together with this regional partner and intends to showcase to customers how Finesse’s expertise in digital transformation, complemented by Barracuda’s cybersecurity solutions portfolio, can enable them to reduce cybersecurity risk on their digital journeys.
TONI EL INATI
In the weeks leading up to Gisec, announced that its Cloud-to-Cloud Backup solution will now be delivered to customers in the United Arab Emirates from Microsoft’s local cloud data centres making it possible for customers’ Office 365 backup data will be stored locally within the country, a key requirement for customers operating in regulated industries, and in complying with local regulations. Barracuda will leverage its presence at the show to highlight this development and the value it drives for UAE organisations.
Research by Barracuda has shown that 72% of organisations have been breached through web applications. With applications becoming a primary interface between consumers and the businesses they engage with, securing these critical interfaces is paramount. Through its participation at Gisec, Barracuda intends to demonstrate how its Web Application Firewall, and WAF-as-a-Service offerings help organisations secure their web applications from OWASP Top 10 threats, DDoS, bots, zero-day, and client-side attacks.
Virsec demonstrating Deterministic Protection Platform, CEO Dave Furneaux visiting Gisec Virsec will be showcasing their recently launched Deterministic Protection Platform. With DPP, dwell time is reduced to milliseconds in contrast to the industry average of 6.75 days. People in the UAE are tech savvy, hence a solution which is truly unique and innovative will catch their eye. CEO Dave Furneaux with be visiting Gisec, along with Bobby Gupta, Senior Vice President and MD of International Business.
RVP Sales, META and CEE, Barracuda Networks.
RAHIL GHAFFAR, Regional Director, Middle East and Africa, Virsec.
GISEC DAY 1
Delinea showcasing Secret Server, PAM solutions with VAD Shifra Delinea will showcase a number of its flagship privileged access management PAM solutions at Gisec, including live demos of its Privileged Account and Session Management, Privilege Elevation and Delegation Management, and Remote Access innovations and capabilities. Delinea Secret Server, which was updated just this January, reduces risk, complexity, and cost while securing organisations’ data, devices, and code across cloud, on-premises, and hybrid environments. As it looks to demonstrate to Gisec attendees how they can secure remote access for hybrid workforces, the company will highlight how PAM provides
central, policy-based controls that enable remote workers stay secure and productive. Delinea is co-participating at Gisec with its regional distributor, Shifra. Delinea was formed in 2021 through the merger of PAM leaders Thycotic and Centrify and rebranded in February 2022. Peter Geytenbeek, Director, EMEA Channel and Distribution at Delinea and Kamel Heus, the company’s recently appointed VP Sales for Eastern Europe, Middle East and Africa EEMEA are due to attend Gisec. With 61% or more breaches attributed to compromised credentials, Gisec attendees will be looking to solve the challenges they face around securing identities in an increasingly hybrid world.
MARK DE SIMONE Regional Director - MEA at Delinea
Qualys offering 30-day trials, demonstrating Asset Management, Vulnerability Management Detection, Context Qualys will be offering 30-day trials to Gisec delegates. A key message for Qualys this year will be the benefits of automation within the cybersecurity function. Visitors to the Qualys booth will get a chance to speak with our technical experts about our full solution portfolio, including Qualys CyberSecurity Asset Management, Qualys Vulnerability Management Detection and Response, Qualys Context. Tarek Naja, Security Architect for the Middle East at Qualys will give a talk on Gisec’s Dark Stage focused on Azure Active Directory Hacking. The session will cover the main methods used by threat actors to perform reconnaissance, get a foot hold, maintain access, escalate privileges and pivot between on-prem and the cloud. Organisations will be looking for security solutions that allow them to adapt their threat postures to cover newly adopted technologies and methodologies such as containers, DevOps, mobility, IoT, OT and cloud, while maintaining their traditional data centres.
HADI JAAFARAWI Managing Director Middle East, Qualys.
09
GISEC DAY 1
PETER FIRSTBROOK, Research Vice President, Gartner.
have brought organisations’ exposed surfaces outside of a set of controllable assets. Organisations must look beyond traditional approaches to security monitoring, detection and response to manage a wider set of security exposures. TREND 2: DIGITAL SUPPLY CHAIN RISK Cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge. In fact, Gartner predicts that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. TREND 3: IDENTITY THREAT DETECTION AND RESPONSE Sophisticated threat actors are actively targeting identity and access management infrastructure, and credential misuse is now a primary attack vector. Gartner introduced the term identity threat detection and response to describe the collection of tools and best practices to defend identity systems. Trend 4: Distributing Decisions Enterprise cybersecurity needs and expectations are maturing, and executives require more agile security amidst an expanding attack surface. Thus, the scope, scale and complexity of digital business makes it necessary to distribute cybersecurity decisions, responsibility, and accountability across the organisation units and away from a centralised function.
Top security and risk management trends for 2022 identified by Gartner Security and risk management leaders must address seven top trends to protect the ever-expanding digital footprint of modern organisations against new and emerging threats in 2022 and beyond, according to Gartner, Inc. The following trends will have broad industry impact across those three domains: TREND 1: ATTACK SURFACE EXPANSION Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and IoT, open-source code, cloud applications, complex digital supply chains, social media and more
10
Trend 5: Beyond Awareness Human error continues to be a factor in many data breaches, demonstrating that traditional approaches to security awareness training are ineffective. Progressive organisations are investing in holistic security behaviour and culture programs , rather than outdated compliance-centric security awareness campaigns. An SBCP focuses on fostering new ways of thinking and embedding new behaviour with the intent to provoke more secure ways of working across the organisation. Trend 6: Vendor Consolidation Security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase effectiveness. New platform approaches such as extended detection and response, security service edge and cloud native application protection platforms are accelerating the benefits of converged solutions. TREND 7: CYBERSECURITY MESH The security product consolidation trend is driving integration of security architecture components. However, there is still a need to define consistent security policies, enable workflows and exchange data between consolidated solutions. A cybersecurity mesh architecture helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centres or in the cloud.
PRESENTS
SEC_RITY IS NOT COMPLETE WITHOUT U!
17
MAY 2022
UNITED ARAB EMIRATES
BROUGHT TO YOU BY
REGISTER NOW OFFICIAL MEDIA PARTNERS