Security Supplements by GEC Media Group

security

Arbor Network | Page 04 Focusing on the Network Traffic Aruba Networks | Page 06 Addressing the #GenMobile Phenomenon ESET | Page 07 Delivering Safer Technology Fireeye | Page 08 Offering Real-time Threat Protection Comguard | Page 09 Providing end-to-end Solutions Kaspersky | Page 10 ‘Leader’ in Endpoint Protection WatchGurd | Page 11 Combining Layers of Security Control HID Global | Page 12 The Future of Access Control

a supplement of

Together towards a safer world

JOIN THE REGION'S FOREMOST PLATFORM FOR HOMELAND SECURITY, AND NATIONAL RESILIENCE 1 â&#x20AC;&#x201C; 3 April 2014, ADNEC, Abu Dhabi, UAE

MEET

NETWORK

EXPLORE

400+ renowned solution providers showcasing the latest technologies from over 40 countries

With 15,000+ security, safety and emergency professionals from across the MENA region

26,783 sqm gross exhibition space and witness 2 breath taking world class demonstrations

LEARN

DO BUSINESS

Network and share best practices at the dedicated conferences and specialised workshops

Pre-arrange face-to-face meetings with key suppliers through our Business Matchmaking Programme

1 SHOW | 3 DEDICATED FEATURES | 2 CO-LOCATED EVENTS | 2 CONFERENCES REGISTER TODAY AT WWW.ISNRABUDHABI.COM Organised by:

Strategic Partner:

Platinum Sponsors:

Gold Sponsor:

Digital Services Strategic Partner:

Official Hotel:

Co-located with:

Security & Authentication

I n fo m e dia published by PUBLISHER: SANJIB MOHAPATRA COO: TUSHAR SAH00 EDITOR: SANJAY MOHAPATRA sanjay@accentinfomedia.com M: +971 555 119 432 ASSOCIATE EDITOR: NIVEDAN PRAKASH nivedan@accentinfomedia.com ASSISTANT EDITOR: KARMA NEGI karma@enterprisechannels. com REPORTER: APARAJITA CHOUDHURY aparajita@enterprisechannels. com REPORTER: MANALI MISRA manali@accentinfomedia.com VISUALIZER: MANAS RANJAN LEAD VISUALIZER: DPR CHOUDHARY

SALES AND ADVERTISING RONAK SAMANTARAY ronak@accentinfomedia.com M: + 971 555 120 490 MARKETING ASSOCIATE VASSILIOS MAFILAS DIVERSIFIED MEDIA CORPORATION vassilios@accentinfomedia.com PRODUCTION & CIRCULATION RICHA SAMANTARAY + 971 529 943 982 SUBSCRIPTIONS INFO@ACCENTINFOMEDIA.COM

PRINTED BY AL GHURAIR PRINTING & PUBLISHING LLC. MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE

Welcome to ISNR Abu Dhabi

is Excellency Staff Major General Dr. Obaid Al Ketbi, Chairman of the Higher Organizing Committee of ISNR Abu Dhabi 2014 Abu Dhabi is increasingly playing an important role in the region, particularly for mitigating the concerns on homeland security and national resilience. In this context, the UAE capital one of the world’s most attractive business destinations, is set to host the largest edition yet of the International Exhibition for Security and National Resilience “ISNR Abu Dhabi”. In this upcoming edition, we are keen to bring together under the ISNR umbrella the entire spectrum of homeland security, safety and national resilience featuring over 7 specialised events. This year’s event has expanded 60% in gross exhibition space and 125% in exhibiting companies, reaching 400+ companies from 40 countries and we expect over 150 official delegations and government buyers from more than 20 countries. ISNR will welcome more than 60 prominent security and safety experts to address the 1st International Conference on Security Challenges, the 1st Occupational Health and Safety Conference & Workshops and the 5th International Cyber Crimes Conference. We expect ISNR Abu Dhabi in 2014 along with its 2 launch events namely Fire & Emergency Middle East Expo (FEME) and Occupational Health and Safety Expo (OSHME) to attract over 15,000 attendees from both private and public sectors across the region. We are happy to introduce, two of the main highlights of 2014 edition, the Aftershock, a wold class, live demonstration on responding to crisis and emergencies and the UAE World’s Fire Fighter Challenge Organising this specialised edition of ISNR Abu Dhabi is in line with our strategy to stay abreast with the latest global security & safety trends. We are confident that the event will serve as a platform to witness first-hand, the most advanced technology in homeland security and national resilience among others. The Higher Organising Committee are committed to producing an outstanding edition this year across all parameters and we look forward in welcoming you at ISNR Abu Dhabi 2014. ë

Sincerely, Staff Major General Dr. Obaid Al Ketbi

ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI,UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN.

a p r i l 2 014

Security & Authentication

Arbor Networks

Focusing on the Network Traffic Arbor believes that how much ever the security landscape may change; understanding network traffic remains the linchpin.

Security Trends The attacks themselves are the number one driver of growth. As more businesses are targeted, interest in new solutions grows. The other critical factor is that as more companies do business online, either on a transaction basis, or through cloud computing, they become more security conscious.

Demand for Enterprise Security Solutions We are seeing very strong demand for both DDoS and advanced threat protection solutions across the region. DDoS is a very high profile attack in that it is about denying service, or availability, of websites, applications and services. When the website is down, everyone knows it, from employees to customers to competitors. The consequences of being a victim to a DDoS can have a cascading effect, from lost revenue, to higher costs to attract and retain customers to overall brand damage. What companies are learning is that DDoS has become highly complex, multi-vector attacks that target not just connection bandwith with high volumes of traffic, but existing infrastructure and applications with low and slow attacks that are difficult to detect. What’s required today is multi-layered solutions that can address all types of attacks.

Vertical-wise Traction Without a doubt, demand follows the attacks. What I mean is that when an industry is highly targeted, or falls victim to a high profile attack, such as what has happened in Retail this year, interest in that vertical spikes as companies say,

a p r i l 2014

Mahmoud Samy

Area Head, Middle East, Pakistan and Afghanistan,

we don’t want that to happen to us. Typically, these high profile attacks get the attention of executive management, who start asking, “how prepared are we for this?”

Customers’ Expectations For more than fifteen years, the security industry has been chasing threats with new categories of solutions, from AV for viruses and worms to IDS/ IPS for known vulnerabilities to today’s Sandbox for malware analysis. The obvious problem is that threat evolution has dramatically accelerated and today’s “must have” solution will inevitably become yesterday’s news.

The result for customers is a multitude of products deployed in the network, with limited threat detection capabilities, protecting specific points in the network. This environment is expensive to maintain, increases the threat surface and adds to operational complexity all while slowing incident response times. Customers are looking for solutions that are easy to deploy and operate. They have limited staff and resources and need solutions that are intuitive, that don’t generate alarms and alerts without any meaningful security context.

Challenges: Clearly, there is a lot of competition in the market. This breeds confusion for customers who hear numerous, often conflicting messages from vendors about both the capabilities of their own solutions, as well as the competitions. A good example of this is around the issue of DDoS attacks, something Arbor has been focused on for more than a dozen years. As DDoS emerged as a popular and high profile attack type in recent years, many vendors looked to take advantage of that by suddenly claiming that their products could be used for DDoS protection. Firewalls and Intrusion Prevention Solutions, for example, suddenly were claiming DDoS functionality. While such security products effectively address “network integrity and confidentiality,” they fail to address a fundamental concern regarding DDoS attacks— “network availability”. What’s more, IPS devices and firewalls are stateful, inline solutions, which mean they are vulnerable to DDoS attacks and often become the targets themselves.

Unique Proposition Arbor believes security solutions today must be coordinated to mitigate attacks before they reach a customer’s network whenever possible, and then quickly identify and stop threats once they have made it past an increasingly porous perimeter. Arbor has leveraged its unique customer footprint and experience working with the world’s most demanding network operators to develop an enduring solution for the threats of today, and tomorrow. Arbor’s enterprise solution portfolio does not focus on specific threats or points in the network, but on networks themselves. No matter how much the threats and attackers have changed, security still comes down to understanding network traffic. We strive to be a “force multiplier,” bringing context to massive amounts of data, making network and security teams the experts. ë

G LO

A NEXTGEN PUBLICATION FROM ACCENT INFOMEDIA

W ID

ITS

/ 12 07 UE ISS 44 | OM ES A.C PA G M E 0 1 1 4 SME U NEL 20 VOL HAN RY RUA RPRISEC FEB E WW

W.E

YINEGD F I T YS IN DEMRE-DEFMENT TWANVIRON F O S E

i erv ss s s ll a we ddre a a as m ors up to EA d en red , M ents hv a nts Wit ll ge eme ploym yea a is ir e ers requ ee d ng th s t vid rti pro arke ed to d sta m ois ne p io s is is mm co

Read by more than 9000 industry leaders in 4500 organizations across 13 countries in Middle East & Africa and influences trillions worth market. It is time to be present in the magazine to be heard by the peers and competitiors. This premium ICT Technology Business Magazine will help you to be the best in the competition as it does not believe in being second best. M IN

ver

I N FO M E DIA

FOR MORE INFORMATION CONTACT: Advertisement at +971 555 120 490 or <ronak@accentinfomedia.com> Editorial : sanjay@accentinfomedia.com

.indd

MEA

T IN EA

L VA

Security & Authentication

Aruba Networks

Addressing the #GenMobile Phenomenon

Aruba Networks is witnessing interest for its wireless security solutions

Security Trends One of the big trends we’ve seen in the MEA region is the demand for wireless security solutions. This is understandable considering the mobility trend that is sweeping the region. Last year, we saw the tremendous growth of Bring Your Own Device (BYOD) in enterprises and organizations of all sizes – what Aruba terms as the emergence of #GenMobile. Users demand mobility, and experience shows that if wireless networks are not provided by the IT department, users will install consumer-grade equipment themselves. Typically this consumergrade equipment has no security turned on by default, and most users do not bother with additional configuration steps to turn on even basic security. These “rogue” access points (APs) effectively open an organization’s network to anyone in the parking lot. Connected to the corporate wired network, rogue APs become instant portals into the network, bypassing firewalls and other security systems. In the case of Wireless LANs, attacks range from simple RF jamming up to sophisticated “man in the middle” attacks where an attacker inserts himself into the communication path and is able to add, delete, or modify data in transit.

Demand for Enterprise Security Solutions As wireless LANs evolve into mission-critical infrastructure, organizations are becoming more concerned about managing network security in the most efficient manner. Most organizations implement strict policies banning the installation of unauthorized or rogue APs but often struggle

a p r i l 2014

IT secure, distribute and manage enterprise apps on mobile devices. A companion WorkSpace mobile app enforces policies, encrypts data and provides a single sign-on for all work apps.

Vertical-wise Traction Wireless security obviously goes hand-in-hand with wireless deployments and we are seeing a lot of traction for our wireless solutions (including security solutions) from regional growth sectors including healthcare, finance, hospitality and education.

Customers’ Expectations One of the key expectations from customers when it comes to security is that they want a simplified, automated solution which is easy to set-up and operate and provides ease of monitoring. They also want the security system to proactively identify problem areas and vulnerabilities before they occur so that they can troubleshoot these issues before it gets a helpdesk ticket. And based on this expectation we have designed the AirWave Master Console which provides IT with a single console for managing the entire wireless network, no matter how large it grows. It features Centralized network-wide reporting, centralized search, centralized configuration and consolidated alert management. All these capabilities have made it a very popular solution.

Challenges

Manish Bhardwaj

Marketing Manager, Middle East and Turkey, Aruba Networks

with enforcing these policies. The Aruba AirWave RAPIDS wired and wireless rogue detection feature detects and locates unauthorized clients and access points as well as attacks against the wireless infrastructure to dramatically strengthen network security and compliance requirements. When deploying our wireless solutions, all our regional customers also implement Aruba’s ClearPass Access Management that let enterprises create and enforce policies that extend across the network to devices and applications. The Aruba WorkSpace capability in ClearPass lets

Wireless security is a relatively new area for most enterprises, so at present the only real challenge boils down to educating clients about the latest threats and vulnerabilities and impressing upon them the need to draw up and implement a holistic security policy which includes approved devices, monitoring of uncontrolled wireless devices, authentication of wireless clients, encryption of wireless communication, access control policies, remote wireless access, client security standards and wireless guest access.

Unique Proposition Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise. The company’s Mobile Virtual Enterprise (MOVE) architecture unifies wired and wireless network infrastructures into one seamless access solution for corporate headquarters, mobile business professionals, remote workers and guests. This unified approach to access networks enables IT organizations and users to securely address the #GenMobile phenomenon. ë

Security & Authentication

eset

Delivering Safer Technology ESET urges its customers to deploy latest solutions to safeguard against emerging threats

indeed be capable of meeting the organization’s security needs, the complexity of its interface prevents administrators from utilizing and accessing the required features. We have found that providing a centralized management console is a great way for IT managers to easily manage the security of their entire organization’s network from a single point. We offer our ESET Remote Administrator for free when user purchase the ESET endpoint, server and mobile business products. It enables them to oversee their entire network of workstations, servers and smartphones, all from a single location. The built-in task management system enables timely responses to malware incidents. For the purpose of seamless integration, we can enable Network Access Protection (NAP).

Challenges One of the biggest challenges to security is that many organizations in the region follow a reactive approach to cyber crime which only makes it easier for attackers. In the last two years, IT budgets have grown but CIOs have focused their spending on technologies that help the business ‘innovate’ rather than first ensuring that their existing investments are secure. This is both a challenge and a cause for concern. Today, falling victim to attack is now a matter of ‘when’ rather that ‘if ’ so having the right security solutions in place is absolutely vital. I believe that the media will play a key role here. Unless the vulnerabilities are publicised, organizations will maintain their false sense of security.

Security Trends If we look at attacks on different industry verticals, then it will come as little surprise that banking and financial institutions remain the prime target for attackers. Consider for example the UAE which is seen as a leading IT market in the region. According to the UAE Ministry of Interior, banking topped the list of most targeted sectors with 35 percent of attacks in the country. Government e-services, telecommunication systems and educational institutions accounted for the remaining 65 percent. This does not come as a surprise given the potential value of targeting banks. Also interesting is that attacks are no longer just carried out by individuals. Rather, it is well-organized and well-equipped groups that are behind these attacks.

Growth Factors There has been a significant growth in the enterprise security solutions market in the region. According to reports, the Middle East Network Security market is expected to experience a growth rate of more than 18 percent between 2012 and 2018. One of the driving factors behind this is that the overall IT market in the region is growingthe Middle East expenditure on Information Technology (IT) is expected to cross US$20 billion this year, which represents a growth rate of over 10 percent year on-year. With security playing such a pivotal part of today’s IT infrastructures, it is no surprise then that the increase in ICT deployments has also meant a big growth of the security solutions market.

Vertical-wise Traction

Unique Proposition

Pradeesh VS

General Manager at ESET Middle East

We are seeing good growth in the sectors like Education, Government, Hospitality & Manufacturing. Positive momentum in the Middle East for these segments has also resulted in better traction. Also, the recent spate of attacks targeted at Middle East organizations has resulted in an increase in the overall security awareness of the region.

Customers’ Expectations Beyond robust security which is a given, stability is a key requirement of customers who want to deploy advanced security solutions. This is because in many cases, though the solution may

At ESET, we urge our business customers to ‘enjoy safer technology’. This means that we encourage them to deploy the latest solutions and embrace the latest IT trends such as cloud computing, BYOD and social media while guaranteeing that our solutions will keep their networks protected. Not only this, our solutions do so with minimal effect on system performance. The ESET Secure Enterprise solution provides the maximum level of protection for company endpoints and servers across multiple platforms. This solution combines the strengths of our endpoint antivirus, enterprise mobile security, file security, endpoint security, mail security and gateway security products to offer a complete security solution to our business customers. Some of the key advanced technologies features include cloud-powered scanning, device control, antivirus, personal firewall, web control, client antispam and mission-critical email filtering of spam and malware before they can reach users’ mailboxes. ë

a p r i l 2 014

Security & Authentication

FireEye

Offering Real-time Threat Protection FireEye finds that APTs target carefully selected, high-value data in every industry vertical

Security Trends The main drivers behind most of the recent incidents in the region tend to be of a political nature. The Arab Spring (wave of uprisings across the Middle East & North Africa) has resulted in many political conflicts. Entities within one country that are perceived as either ideologically aligned and in support of, or opposed to, a given regime in their own or a neighboring country could be attacked for their point of view. These attacks tend to target specific organizations or pieces of infrastructure in an attempt to achieve specific objectives.

a p r i l 2014

Vertical-wise Traction Our latest Advanced Threat Report shows that APTs target carefully selected, high-value data in every industry vertical: l APTs targeted more than 20 vertical industry segments, from aerospace to wholesalers l Education, finance, and high-tech were the most targeted verticals overall l The U.S., South Korea, and Canada had the highest number of distinct industry verticals targeted Based on our data, the following verticals were targeted by the highest number of unique malware families: Government (Federal), Services and consulting, Technology, Financial services, Telecommunications, Education, Aerospace and Defense, Government (State and local), Chemicals and Energy.

Customer’s Expectations What customers seek is real-time threatprotection that keeps their businesses and data safe, preserve their intellectual property and profitability.

Demand for Enterprise Security Solutions The Gulf States have been transformed by the wave of cyber-attacks that have occurred over the past two years. Oman has led the way by making its national Computer Emergency Readiness Team (CERT) the regional hub for cyber security, in conjunction with the International Telecommunications Union’s International Multilateral Partnership Against Cyber Threats (IMPACT). The UAE has created a specialist National E-Security authority, according to FireEye’s latest ATR Report 2013. The governments of Saudi Arabia and the UAE are also increasing their spending on cyber security, while the private sectors in both countries are forecast to increase their technology security budgets by 18% between 2012 and 2018, according to consulting firm Frost and Sullivan. FireEye team in the Middle East is involved in a number of high profile cyber security initiatives in the region. FireEye capabilities to bid for CERT projects in the Middle East is becoming much

For example, the 2012 Mahdi campaign, which infected targets in the Middle East, used malicious Word documents, PowerPoint files, and PDFs to infect targets. That approach is similar to many other attackers. But these attacks were accompanied by some imaginative elements such as games, attractive images, and custom animations specifically designed to aid in the attack.

Unique Proposition

Ray Kafity

Regional Director, Middle East, Turkey and Africa, FireEye

stronger with the formation of the local FireEye Labs team in the UAE compromising of world class IR and Forensics consultants.

Growth Factors As a region, the Middle East may not possess the arsenal of zero-day exploits available in Russia, or the brute-force numbers of China. Therefore, some Middle Eastern hackers may have to rely on cyber tactics that emphasize novelty, creativity, and deception. Many of these tactics are similar to those used by Chinese actors some years ago, or are currently still in use, e.g. spear-phishing and social engineering.

FireEye has discovered eleven zero-day attacks in 2013 – this is more than any other security company. This is made possible because the company invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyberattacks. These highly sophisticated cyber-attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber-attacks in real time. ë

Security & Authentication

ComGuard

Providing end-toend Solutions ComGuard has launched an initiative to safeguard the interests of all our associated vendors and channels

Jaydevan K

VP – Operations & Vendor Management, ComGuard

respective technologies and represent complimenting product lines within the Enterprise Security space. So in effect, the customer gets to choose from an assortment of eggs in one basket!

solutions ComGuard’s workforce quotient skewed heavily towards technically qualified professionals sets it apart as a niche in the Value Added Distribution segment. In addition to this, ComGuard has launched its Strategic Alliance & Quality Assurance (SAQA) initiative, the only one of its kind in the region dedicated to safe guarding the interests of all our associated vendors and channels. ComGuard, the flagship division of Spectrum Group, is a world leader in Information Technology products and solutions. A leading Value Added Distributor in the AsiaPac / MENA region, ComGuard represents over 25 vendors in the space of Information Security, Networking and Wireless solutions. The products span endto-end solutions (E2ES) in a range of the world’s leading web application security, compliance solutions, application delivery architecture, IP address management, wireless security solutions, UTM solutions, world class security certifications, enterprise investigation infrastructure, PC tune up software, data protection software, identity and access management, data security and control, information rights management, perimeter security and SIP based applications, VPN security, firewalls, antivirus, content security solutions, mobile security solutions, network monitoring, etc.

offering Security Trends Enterprises today are looking forward to deploy an end-to-end intelligent security framework with Cloud Security, SIEM (Security Information and Event Management) solutions, Anti DDoS & WAF (Web Application Firewall) being amongst the most progressing trends in the region; with threats like Malware, DDoS and cross-scripting attacks gaining momentum as we speak.

Growth Factors 2014 is seeing a remarkable growth in the Enterprise Security segment, which is directly proportional to the increasing focus in the region by numerous security vendors this year. Prime factors for this being a surge in the nature of sophisticated attacks originating from funded assets, compelling enterprises to tackle possible breaches within their networks.

Vertical-wise Traction Owing to the sheer nature of their business, Finance & Banking houses lead the race to deploy Enterprise Security solutions, followed closely by the Government sector that are reigned by compliances and Telcos.

Customers’ Expectations Beginning with acute security awareness, customers are looking to invest and innovate so they can more rapidly and securely deliver their products and services to their users.

Challenges We do not necessarily see it as a challenge offering Enterprise Security solutions from a fusion of vendor lines, since we offer the best in the

ComGuard offers an extensive range of pre-sales/ post-sales support and professional service possibilities to its channel base, thus warranting the value factor to the term VAD.

success in government projects ComGuard has been fortunate enough to be working with most of the notable Government firms in the region; including the Dubai Police, Ministry of Interior, Ministry of Foreign Affairs, Ministry of Education, Abu Dhabi Police, Abu Dhabi Investments Authority, Department of Economic Development, just to name a few. Our success in this particular segment is anchored to our expertise in understanding the security requirements of the enterprise and the ability to install, implement, train, commission and maintain E2E security solutions for the organizations. ë

a p r i l 2 014

Security & Authentication

Kaspersky

‘Leader’ in Endpoint Protection While devising solutions, Kaspersky focuses on the needs of customers and recent trends in cyberspace

Security Trends Based on the evolution of threats and the advent of new cutting edge technologies we have seen in 2013, we at Kaspersky Lab expect 2014 to be focused around the following threats: l Cybercriminals will continue to develop tools to steal cash – directly or indirectly. To plunder pockets directly, the fraudsters will further refine their tools designed to access the bank accounts of mobile device owners (mobile phishing, banking Trojans). Mobile botnets will be bought and sold and will also be used to distribute malicious attachments on behalf of third parties. To support indirect thefts, it is likely that we will see more sophisticated versions of the Trojans which encrypt the data on mobile devices, preventing access to photos, contacts and correspondence until a decryption fee is handed over. Android-based smartphones will no doubt be the first to be targeted. l Concerns about private data will lead to greater popularity for VPN services and Tor-anonymizers as well as increased demand for local encryption tools. l As more companies track and implement the cloud computing services for obvious benefits, new threats and concerns will focus on cloud networks, data breaches in the cloud have big damages. More questions will be arising about trust and privacy of public file-sharing services like Dropbox , Box.com and Google Drive, regularly used by employees and questioned in the light of latest government spying revelations. l Hacktivists will continue targeting government and commercial web sites with Denial of Service attacks – that is when web sites of organizations become unavailable – or defacement attacks to deliver political messages, instead

a p r i l 2014

volume and complexity, malware developers will transpose more attacks and infections from desktops and laptops (e.g. backdoors, Trojans, Spying tools) to mobiles and tablets.

Growth Factors: According to a report by Gartner, the security technology and services market is expected to grow to more than $86 billion in 2016. Factors responsible for this growth are as follows: l With the simultaneous boost in Bring Your Own Device, Mobile Malware will continue to grow even further with some analysts predicting mobile device security market to increase at a compound annual growth rate (CAGR) of approximately 21% over the next seven years as smart devices continue to gain ground forcing enterprises secure these devices. l Most corporations are fully aware of the cloud computing benefits and are looking into options to adapt entirely or partially to the trend and attain the productivity, flexibility and cost advantages. And with this adoption comes security threats which in turn will force enterprises to have secured networks in order to protect their data.

Challenges One of our key priorities is to build awareness around the significance of cyber security and the rapid evolution of the cyber threat landscape. Kaspersky Lab has invested in dedicated research and development to monitor and detect the latest cyber-criminal activity and help partners and customers stay safe.

Khalid Abu Baker

Managing Director, Kaspersky Lab Middle East

of using legal means. These groups will have bigger teams, better organization and processes in place, they will be able to develop more advanced attack tools and techniques. Hacktivists attacks will increase on Critical infrastructures like nuclear facilities, Oil and Gas, Water/ Energy facilities, attacks on which might have country or continent level damages. Hacktivists attacks will also have new prime targets like source code, intelligence sensitive information, geopolitical information, and military designs and intelligence. l In consequence of BYOD adoption, mobile malware will continue its evolution both in

Unique Proposition We are one of the four biggest endpoint security vendors in the world and named a ‘Leader’ in endpoint protection. Our world-renowned technologies are created with customer needs and recent trends in cyberspace in mind and they have received a huge number of awards and certification from independent testing laboratories such as AV-Comparatives, AV-Test, Dennis Technology Labs, etc. Kaspersky Lab meets the demand for could security with its Kaspersky Security for Virtualization solution; growth in smartphones use with Kaspersky Security for Mobile which helps eliminate the security breaches that can result from enabling mobile access to your corporate systems. Our recent Kaspersky Fraud Prevention platform is designed to help financial organizations and companies in the e-commerce sector to protect electronic payments on computers and mobile devices. ë

Security & Authentication

WatchGuard

Combining Layers of Security Control

WatchGuard makes it easier to manage all the different network and security controls you need to protect yourself

Security Trends The MENA region is currently a hotbed of cyber threat activity, especially as a target. Right now, the MENA region is a major target for malware and cyber threats. First, the region suffers all the normal malware infections (Trojans, worms, botnets, viruses) that affect the rest of the world, but also seems to suffer a higher infection rate than other regions. Besides suffering from normal cyber threats, the MENA region also is the target of higher than average amounts of industrial and government cyber espionage. As far as threats emerging from the region, we certainly see some, but it mostly seems relegated to hacktivist activity.

Growth Factors The increase of cyber threats together with the rise of BYOD are factors that have contributed to the increased demand for security software. The turnover of the global market for security software grew last year by 7.0 percent to $19.2 billion, according to Gartner. There have been endless breaches seen in 2013, far exceeding any other years. The attacks have targeted a selection of industries, and resulted in severe consequences – including financial losses. For this reason, we believe that people are taking a more proactive approach to securing their businesses. It is clear that we are looking at blended attacks, with hackers looking to gain entry to multiple areas of a network.

Vertical-wise Traction Considering the region is a major target for cyber

threat, we believe that security is key across all verticals, and enterprises should take information security seriously. We are noticing that more businesses across all industries are taking a more proactive approach to securing their information, and as a result there has been an increase in demand for WatchGuard’s UTM solutions. WatchGuard UTM solutions work to support and secure networks, while giving management real time updates on all aspects of the system, all of which ensure that control of sensitive data remains in the right hands.

Customers’ Expectations Key elements and expectations from customers for enterprise network security are having access to the best solutions available to secure their network from today’s advanced blended attacks. Additionally, one of the biggest challenges that refrain enterprises to invest in security solutions is senior management not grasping the influence cyber threats have on their networks. Another key expectation from customers is to receive the security their business needs and being able to justify the ROI of investing in security protection.

Challenges Although we are definitely seeing an improvement in the local market conditions, customers are still hesitant to invest heavily from a capital point of view and Operating Expenses are far more attractive to the finance managers. One of the challenges that withhold enterprises of investing in security solutions is upper manage-

Surender Bishnoi

WatchGuard, Regional Manager MEA

ment not realizing how big of an influence cyber threats have on their company network.

Your Unique Proposition The problem is, traditionally managing multiple layers of security was very hard. You’d need five different solutions with five different management paradigms, and all that cost time and money. That is where Unified Threat Management (UTM) comes in. We combine many layers of security control into one easy to management platform. This makes it much easier for you to manage all the different network and security controls you need to protect yourself. It also means you have a better chance of blocking the more advanced attacks, since you’d deployed all the security controls you need. On top of that, WatchGuard provides a best in breed UTM solution, because we partner with the best vendors in our industry for our security. Our AV comes from Kaspersky and AVG, our URL database from Websense, our IPS and application control from Trend Micro, and so on. So with WatchGuard, not only do you get all your layers of defense in one easy to control solution, but you get the best defenses the industry can provide. WatchGuard UTM was recently named a “leader” in Gartner’s 2013 Magic Quadrant for Unified Threat Management (UTM). ë

a p r i l 2 014

Security & Authentication

expert views

The Future of Access Control A Wave of the Hand, A Wealth of New Opportunities

hange in the access control industry, together with innovation, is occurring at a rapid pace. The latest high-frequency contactless smart cards deliver much stronger security than earlier 125 kHz proximity (or prox) cards, while enabling users to do far more than just enter buildings. The virtualization of contactless smart cards, and their residency on smartphones allows a whole host of new innovative thinking, along with the ability to combine many access control applications into a single, very convenient solution. Recent new developments include using hand gestures for access control, which in the future could enhance the next generation of mobile device-based access control credentials. Mobile access control will improve utility and convenience while reducing costs so the industry can secure more facilities, rooms and storage areas than ever before. Smartphones will be used in new and more effective ways, and for novel applications such as authenticating physical objects such as original documents and valuable physical items, containing embedded trusted tags.

Leveraging New Technologies to Improve Security and Simplicity Among the industry’s latest developments, gesture-based access control technology is particularly exciting. Just as mouse technology was a disruptive innovation that revolutionized the computer interface, gesture-based technology will change how users interact with access control systems. The industry is already seeing the impact of gesture technology in gaming. Further developments are underway in the interactive TV

a p r i l 2014

Nat Pisupati

Regional Sales Director, Identity & Access Management, Middle East & Africa, HID Global

market, where users are able to swipe through onscreen TV and game console menus by gesturing in the air from their seat on the couch. Other developing applications for gesture technology include robots that help care for the elderly, and digital signage that can see who the customer is and display content that is relevant to them. Now, perhaps, the access control industry is poised to experience a similar transformation. With a simple user-defined wave of the hand or other gesture, individuals will be able to control a variety of RFID devices. This will improve the user experience while increasing security by providing new authentication factorsthat go beyond something the cardholder

“has” (the card) to include a gesture-based version of something the cardholder “knows” (like a password or personal identification number). Gesture-based access control works with smartphones in a mobile access control environment, where it will be possible to use both two- and three-dimensional gestures by leveraging a smartphone’s built-in accelerometer feature. Because the phone’s accelerometer senses movement and gravity, it can tell which way the screen is being held. This allows for a novel way of adding another authentication factor to the existing authentication scheme. A user could present the phone to a reader, rotate it 90 degrees to the right, and then return it to the original position in order for the credential inside the phone to be read, and for access to be granted. Using a gesture as an authentication factor will increase speed, security and privacy, and minimize the possibility of a rogue device surreptitiously stealing the user’s credential in a “bump and clone” attack. Gestures could be used to unlock apps, to lock and unlock doors as an alternative to mechanical keys, and to secretly signal the system and security personnel when entry is occurring under duress. It is also possible, and perhaps desirable, to make gesture the only (single) authentication factor, although this likely would only be for access to areas within a building that have lower security requirements. In these and other access control applications, gestures will be an additive capability for ID verification. Mobile access control will be rolled out in stages. In the first deployment phase, also known as card emulation mode, smartphones will receive digital keys that the users can then present to door readers in the same way they present today’s ID badges. In the future, the phone’s on-board computing power and built-in network connectivity will be used to perform most tasks that today are jointly executed by card readers and servers or panels in traditional access control systems. This includes verifying identity with rules such as whether the access request is within a permitted time and, using the phone’s GPS capability, whether the person is actually standing at the door. Information is checked against cloud data, and the phone sends a trusted message over a cryptographically secure communication channel to open the door. With this model, mobile devices (rather than an access control system) become the access decision-makers, and doors (rather than cards) become the ID badges. This paradigm reversal, sometimes called duality, will change how access control solutions are offered. Organizations will no longer need intelligent readers connected to

Security & Authentication

backend servers through physical cabling – just stand-alone electronic locks that can recognize a mobile device’s encrypted “open” command and operate under a set of access rules. This will dramatically reduce access control deployment costs, and the industry will begin securing interior doors, filing cabinets, storage units and other areas where it has been prohibitively expensive to install a traditional wired infrastructure.

Enabling a Single Solution To Do More Both contactless smart cards and smartphones can be used for much more than physical access control. Cost and management efficiency, as well as the security experience, are greatly improved when the same solution can also be used for applications ranging from time-andattendance monitoring and secure print management, to building automation, medical records management and closed-loop payment. Today’s smart card platforms can support a variety of data, including credentials for access control, vending, time-and-attendance, and carry biometric templates. The ability to support biometric templates is particularly important when higher levels of security are required in response to elevated threat levels. In addition to PINs or gesture swipes, biometric technology provides yet another authentication factor that goes beyond the other traditional access factors, something the user possesses (example is a badge) and something the user knows (example is PINs and gestures), to include something the cardholder “is” (examples are fingerprint, iris, and hand geometry) which is unique to the individual, and therefore can’t be borrowed or stolen.Biometrics verify that a card holder has been bound to his or her card, and therefore offers enhanced security as compared to conventional identification methods. Biometrics could be very effective in the mobile access control environment. An important advantage is that templates can be stored directly on the devices, which are presented for authentication to the camera, scanner or other biometric device. Storing templates on phones also simplifies system start-up, supports unlimited user populations, and reduces installation

costs by eliminating the redundant wiring requirements for biometric template management. Additionally, the opportunity for the user to self-enroll if the mobile device sports a biometric sensor makes it more compelling. Another benefit of biometrics on mobile devices is being able to continuously monitor the user’s template data, which facilitates pre-authentication before arrival to speed and simplify the transaction at the door. In addition to opening doors, logging on to a computer, and performing other important tasks, phones will be able to support other secure identity applications, including authenticating documents and other valuable physical assets. Cloudbased services will be used to confer trust and provide security to readily available tags, which will be attached to physical objects and documents with an electronically signed and cryptographically secure digital certificate of authenticity from the owner or trusted certification entity. Impossible to clone or duplicate, these tags will be used to authenticate birth certificates, college diplomas and deeds of trust, as well as certificates of authenticity for expensive or unique items, plus highvalue works of art, asset service history and warranty records, and usage compliance documentation. It will be possible to perform the authentication process anywhere, at any time in the product’s or document’s lifetime, using a smartphone application that can also invoke other factors of authentication. Cloud-based services will not only enable issuance of an identity assertion to a tag, but also the revocation of that assertion at any time (for example, when a volume of high-value items has been stolen). Access control technology continues to advance in security and convenience, while bringing new capabilities such as gestures that will be used for multifactor authentication. As access control capabilities move beyond plastic cards to smartphones, users will be able to carry all of their credentials on an item they rarely lose or forget. This will drive new opportunities to more economically protect even more doors, drawers and other assets, while also enabling new services and applications, including authenticating documents and other high-value products and items, anywhere, anytime, using a mobile phone. ë

Increasing Number of Targeted Attacks

Megha Kumar

Research Manager, Software, IDC MEA

“Hacktivism becoming increasingly prevalent in the region as a whole.” Security Trends In the MEA region, the trend landscape is expanding as companies in the Middle East become more susceptible to advanced persistent threats while companies in Africa with increased and improved connectivity start dealing with malware and securing information assets. Currently, the market is dealing with a rise in threats especially with more targeted attacks in the Middle East and the hacktivism becoming increasingly prevalent in the region as a whole. Attacks like Stuxnet and Shamoon are seen as early signs of cyber warfare. The uptake in the region especially within the Middle East is around next generation firewalls, UTMs and predictive security solutions such as vulnerability assessment and risk monitoring. In Africa, other than South Africa majority of the companies are concerned more on securing their network and seeking protection from malware and data loss.

Growth Factors - Growing enterprise clutter- more devices (phones, tablets) and applications that need to be secured. Rise in advanced persistent threats- attacks now a day are targeted and aimed to do damage making them far more dangerous. - as more new technologies such as cloud, business analytics, social permeate into the enterprise, data protection requirements increase and the need to ensure proper security and identity policy rises. ë

a p r i l 2 014

Security & Authentication

expert views

Safer Internet Day = Think about your Privacy Day Privacy is not dead - you’re just doing it wrong.

Chester Wisniewski

Senior Security Advisor Sophos

ecurity and privacy are often conflated, and in many ways the two concepts do overlap, but they differ in an important way.Security is about being free from danger or threats. Privacy is about controlling what information about you is known and who you want to know it.Safer Internet Day occurs every year on the 11th of February and is intended to remind us to more carefully consider our online activities. And as far as privacy goes, a safer internet is in your hands. Because of this I

a p r i l 2014

ask you to think about your privacy choices next time you create a new online profile, load an app on your phone, or sign up for a frequent shopper card at your favorite retail establishment.When you sign up for an online profile, you are usually trying to connect with like-minded individuals on a hobby forum or find friends and family on social media.These sites ask for a lot of personal details to “help” you: name, country, city, where you went to school, gender, birthdate and even whether you are in a relationship. The more information you provide, the richer

experience you will have using the service, right?For each of us the information we choose to divulge will differ. Many of these pieces of information are likely optional to provide and we should carefully weigh the benefits of sharing them.It’s essential to remember that, while passwords can be changed, our birthdates, national identification numbers (SSNs, SINs, NI numbers, etc.) and other personal details cannot.And with the big data movement hell-bent on collecting as much information about us whenever possible, apparently innocuous or unimportant details can be pieced together in new and surprising ways. Phone apps are another story. An enigma.A mystery. Any company with a bit of cash can commission an phone app to make it easier to do business with them, but is it safe?Research shows that what is going on under the hood is often far more dangerous than you might imagine. Apps often ask for a bevy of permissions without any guarantee that these permissions won’t be misused. My advice is to try and break the app addiction. Wherever possible, use your mobile device’s browser instead. Lastly, we should reconsider our relationships with retail establishments.Does your coffeeshop need to know your birthdate for you to join their cup-a-day club?Is it worth disclosing your household income, address, favorite cereal, and postal code to join your supermarket’s points program?Most often it is as simple as questioning whether it is needed or desired.Do you require my phone number or simply wish to have it? Can I buy an item without telling you my postal code?What is your organization’s plan to protect this information if I choose to share it with you? Is it legal for you to ask me for this information?That last question is the toughest one, and we can’t easily provide you with a guide. Each jurisdiction has different privacy laws that explain the data that a company must collect, what it may ask for, and - importantly - what it is legally forbidden to request.If you are concerned, you need to know your rights.Look into the laws where you live and don’t be afraid to challenge companies overstepping their bounds in asking for your personal information.I believe this isn’t just about slowing down the erosion of our privacy: I honestly believe we can build it back up.If it feels wrong, it is wrong, so privacy is defined by each of us.Some of us want to air every detail of their lives, while others are willing to forgo some conveniences to keep life more private.Don’t be bullied: Ask questions and get informed. Your privacy is only gone if you stop caring. Freedom isn’t free - you have to make an effort! ë

Security & Authentication

Secure View

What do Malware and Mosquitoes Have in Common? Increasingly, blended threats that combine several methods –for example, phishing, malware and hacking– are being used tointroduce malware

alware seems to be everywhere and it’s incredibly challenging to combat. It can take many forms and is increasingly resistant to traditional approaches to detect and stop. Instead of relying on a single attack vector, malware will use whatever unprotected path exists to reach its target and accomplish its mission. Mosquitoes are quite similar. There are thousands of species and numerous ways to try to protect against them but each method has its limitations. You can’t walk around completely covered, sound waves and fans have mixed results and, increasingly, mosquitoes are developing resistance to many pesticides. Mosquitoes only need a very small gap in coverage to attack. Depending on the species, a bite can have serious health implications unless quickly diagnosed and treated. Malware is affecting more and more organizations every day. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common methodused– at 10 – followed by hacking and social engineering. Increasingly, blended threats that combine several methods –for example, phishing, malware and hacking– are being used tointroduce malware, embed the malware in networks, remain undetected for long periodsof time and steal data or disruptcritical systems. The evolving trends of mobility, cloud computing and collaborationare paving the way for new malware attacks we couldn’t have anticipated just a few years ago and that require new techniques

Anthony Perridge

EMEA Channel Director at Sourcefire, now a part of Cisco

to defend against. A growing attack vector, smartphones, tablets and other mobile deviceshave become essential business productivity tools. As their performance and roles in the workplace approach that of traditional desktop and laptop computers, it becomes even easier to design malwarefor them, and more fruitful. Extending networks to include business partners and an increasing reliance onInternet service providers and hosting companies are prompting cybercriminals to harness the power of the Internet’s infrastructure, not just individual

computers, to launch attacks. Websites hosted on compromised servers are now acting as both a redirector (the intermediary inthe infection chain) and a malware repository. Traditional defenses are no longer effective in helping organizations deal with today’s cybersecurity challenges including a greater attack surface, the growing proliferation and sophistication of attack models and increasing complexity with the network. Technologies to protect against threats must continue to evolve and become as pervasive as the attacks they are combatting. It’s more imperative than ever to find the right threat-centric security solutions that can work in your current environment and can easily adapt to meet the growing needs of your extended network, which now goes beyond the traditional perimeter to include endpoints, email and web gateways, mobile devices, virtual, data centers and the cloud. When evaluating your approach to security in light of pervasive malware, seek out solutions that addressthese daunting challenges: A greater attack surface.To deal with everexpanding attack vectors, you need visibility across the extended network with contextual awareness. The more you can see, the more you can correlate seemingly benign events and apply intelligence to identify and stop threats, for example detectingzero-day‘unknown’ malware that might enter through email or the web and taking action. Growing proliferation and sophistication of attack models.Policies and controls are important to reduce the surface area of attack but threats still get through. A laser-focus on detecting and understanding threats after they have moved into the network or between endpoints is critical to stopping them and minimizing damage. With advanced malware and zero-day attacks this is an ongoing process that requires continuous analysis and real-time global threat intelligence that is shared across all products for improved efficacy. Increasing complexity of the network. Networks aren’t going to get any simpler and neither will attacks. You can’t keep addingtechnologies without shared visibility or controls.To address mounting complexity while detecting and stopping modern threats, you need an integrated system of agile and open platforms that cover the network, devices and the cloud and enable centralized monitoring and management. Like mosquitoes, malware is everywhere and is a formidable adversary. I don’t have great insights into what’s happening on the mosquitofighting front. But I can say that the best minds in the cyber security industry are focused on the malware problem. ë

a p r i l 2 014

Security & Authentication

Industry survey

Embracing and Leading Change

In addition to an organisation’s foundational access control card-andreader platform, it is also important to consider current secure issuance requirements with an eye for tomorrow.

rganisations often avoid or delay change due to concerns about budget and the impact on productivity and workflow. This can be especially dangerous, however, in the access control infrastructure, where a combination of technology obsolescence and escalating security threats can quickly cripple an organization’s ability to protect its people, facilities and data assets. It is far more effective to be proactive, rather than reactive, about change. This requires building an infrastructure that presumes and prepares for ongoing change to support evolving access control needs, and enables the organisation to preserve investments in its current infrastructure as it moves to new technologies and capabilities. There are many reasons to embark on this path, including upgrading inadequate security, and enhancing investment value and user convenience with a platform that supports multiple applications on smartcards or, in the future, smartphones. The ability to embrace the positive aspects of change requires an access control platform that can meet today’s requirements with the highest levels of security, convenience and interoperability, while enabling organisations to adopt future capabilities without disrupting the ongoing business operations. Legacy security solutions can’t deliver this future, because they often use proprietary technology that is static. This makes them easy targets for attack, and precludes their evolution beyond current abilities and security levels. Organisations should pursue solutions that are dynamic and adaptable to the changing needs of their organisa-

a p r i l 2014

tion and the best practices in the industry.

Benefits of High-Frequency Contactless Smart Cards In contrast with legacy solutions, the latest high-frequency contactless smart card solutions are built for interoperability, as part of a larger identity ecosystem that is significantly more dynamic. These solutions also ensure that security is independent of hardware and media, making it much easier for organisations to evolve their infrastructure to support tomorrow’s needs. Today’s solutions also enable smart cards to be portable to smartphones so that organisations will have the option to use smart cards, mobile devices, or both within their PACS. For instance, HID Global’s iCLASS SE platform, powered by Seos, use a new Secure Identity Object (SIO) data model that represents many forms of identity information on any device that has been enabled to work within the secure boundary and central identity management ecosystem of the company’s Trusted Identity Platform (TIP). Any piece of data can be supported, including data for access control, cashless payments, biometrics, PC logon and many other applications. The combination of TIP and SIOs not only improves security, but delivers the flexibility to adapt to future requirements, such as adding new applications to an ID card. Additionally, iCLASS Seos credentials can be carried inside smartphones in a managed access environment, delivering a more hassle-free experience for users, who can carry the credentials for many

access control applications on a device they rarely lose or forget. The latest solutions minimize disruption during migration through the use of multitechnology smart cards and readers that leverage these extensible and adaptable platforms. Another advance is the availability of encoders that enable organisations to encode and instantly issue cards using a single device. Multi-technology encoders make it easier for organisations to migrate from current technologies to the security, adaptability and portability of new highfrequency contactless smart card platforms.

Future-Proofing Secure Issuance In addition to an organisation’s foundational access control card-and-reader platform, it is also important to consider current secure issuance requirements with an eye for tomorrow. Today’s printers, card materials and software incorporate critical visual and logical technologies so that organisations can implement multi-layered validation. There are a number of available hardware choices, including monochrome direct-to-card (DTC) solutions and high definition printing (HDP) retransfer technology for contactless or contact smart cards. There are also highthroughput solutions that optimise performance and productivity. Today’s desktop card printer/ encoder products also give organisations a single solution that can deliver the high-volume reliability and advanced credentialing features of large centralised printers, as well as the lower cost and smaller footprint required for the distributed printing model.

Security & Authentication

card. This not only speeds issuance but also eliminates the risk of waste as a result of human error during manual entry. Opting for field-upgradable units enables organisations that already own a card printer to add an encoder in the field so they can leverage smart card benefits well into the future.

Transition to a New Platform

John Fenske

Vice President of Product Marketing, Identity and Access Management with HID Global

Secure validation is another important consideration. Most ID card issuance systems simply compare the person presenting credentials with identifying data that is displayed on the card. This two-dimensional identifying data may be a simple photo ID or sophisticated elements such as higher-resolution images, or it might be a laser-engraved permanent personalization attribute that makes forgery and alteration virtually impossible. Smart card chips, magnetic stripes and other digital components add an important third dimension of security. With expanded data storage, cards also can include biometric and other attributes to further enhance validation. Another element to consider is speed and convenience. Printers with built-in programmers/ encoders combine what previously were multiple processes into a single in-line card personalization step, significantly boosting issuance speed, convenience and efficiency. Users simply submit a card into a desktop printer equipped with an internal smart card encoder to personalize the

When is a good time to start the transition? There are many possible entry points from which to begin the migration process, including: • Merger or acquisition: Mergers and acquisitions often involve rebranding and/or the merging of disparate administrative and other systems, technologies and processes. Usually at some point in the process, the organization will need to issue new credentials. With the cost of new technology being competitive with legacy systems, this would be a perfect time to migrate to a more secure, sophisticated and capable system. • Standardise on a single card: Due to rapid growth, decentralised administration systems and/or multiple physical locations, an organisation may end up with several different access control systems. Since new technology offers the ability to issue or change credentials remotely, it’s now possible to integrate access control into one system that is centrally managed. Standardising all locations and employees on one system can increase security and improve resource management. Going a step further to mobile access control delivers the benefits of over-the-air remote provisioning and management of secure identity credentials. • Facility consolidation: If a company is moving or adding a building, new credentials will have to be issued for that location. This is an ideal time to look at access control for the entire organisation. It may be time to standardise all locations into one system. • Re-issuance process: As new employees join, many organisations manage costs by purchasing additional cards that work with their old technology. Some organisations may also need to change their cards due to a new brand image or logo, at which point they can upgrade to newer technology. • New card applications: Organisations that want to add new applications such as time and attendance, secure print management

systems, or cashless vending functions will need to issue some type of associated card to users. They can migrate to a contactless smart card that combines access control with these other functions, enabling employees to carry a single card for many functions. Administration of these functions is centralised into one efficient and cost-effective system. Organisations also can seamlessly add logical access control for network log-on to create a fully interoperable, multi-layered security solution across company networks, systems and facilities. In the future, they can migrate to the convenience, flexibility and security of carrying digital keys and credentials on smartphones and other devices. • Risk management improvement: Either due to insurance requirements or to improve risk-management costs by reducing liabilities, moving from an outdated system to a current one can dramatically improve the security in an organisation. • Changes in security requirements: As a result of new legislation or regulatory requirements, an organisation may be required to increase its security. Similarly, if a company acquires a new client that requires a high level of security, it may need improved access control. A new building tenant may also trigger the need for greater building or campus security, either to protect the parent organisation or to comply with the tenant’s requirements. They also might want to add new visual security technologies to prevent counterfeiting. • Security event: The reality is that sometimes it takes an unexpected event or security breach to move an organisation to make the investment in a new access control system. Ideally, an organisation should migrate before there is a problem, especially if the system is still low frequency, which can be easily cloned. There is significant value that can be derived from shifting the traditional way of thinking about change, and looking at it as a leadership opportunity rather than something initiated in response to an adverse event. With the right approach, users can easily and inexpensively expand and upgrade their systems to meet changing needs while taking advantage of new technologies. By using dynamic rather than static technologies, security becomes independent of hardware and media, and the infrastructure can evolve beyond current abilities with the adaptability to combat continuously changing threats. Making the right technology decisions today will also help organisations meet new requirements with the confidence that they will be able to preserve investments in their existing infrastructure. ë

a p r i l 2 014

Security & Authentication

AccessData

Filling the Gaps in Traditional Security

To meet the emerging challenges in security, AccessData constantly upgrades its solutions and develops new technologies

Security Trends It is not what the trends are, but what do they need to be and why? To date, cyberspace has proved hardy to attacks, but the fundamental trend has always been that it is easier to attack than defend. Enterprises may be only one step away from attackers gaining the advantage, meaning that the enterprise environment would cease to be a trusted medium for communication or business. It is becoming clear that the increasing doggedness and sophistication of attacks and the threat of such attacks will require the creation of new settings and trends that go beyond the traditional.

uptake The uptake and interest in security solutions for enterprises is on the rise because experience shows that a reliable security solution opens up new business opportunities.

Growth Factors Organisations are concerned about malware, spyware, root kits, phishing, social engineering, and a multitude of scams resulting in account takeover, new account fraud, and identity theft. Why? The current losses resulting from cyber fraud have already topped a trillion dollars.

Vertical-wise Traction Industries can exist independently, but the playing fields are the same. For example, there are application technologies across verticals such

a p r i l 2014

as the utilities sector, transportation sector and government infrastructures, which means there is traction and an opportunity for security success stories to be shared.

Customers’ Expectations Enterprises under attack by criminal hackers need qualified professionals to help plan and develop solutions and customers want that because they need to know that their client information is secure.

Challenges The challenges come from the complexity of networks and the need to develop sophisticated tools to counter the emergency situation; us as a solution vendor are constantly upgrading our solutions and developing new technologies. AccessData has made those advancements in its InSight platform, which is the first continuous automated incident resolution platform, delivering comprehensive, real-time insight, analysis, response and resolution of data incidents. Insight fills the gaps that currently exist in the traditional security infrastructure by picking up where alerting and prevention tools leave off, automating response operations and providing a “virtual war room” within which all teams can collaborate in real time.

offering The InSight Platform is a Continuous, Automated Incident Resolution (CAIR) platform, delivering the workflows and capabilities necessary to detect, analyse, and resolve any data event—from

Paul Wright

Manager of Professional Services and Investigation Team, Middle East, India and Africa, AccessData

security breaches to e-discovery and other Governance, Risk and Compliance (GRC) issues. It is the industry’s only combined platform and works seamlessly across business units. InSight Platform integrates network, endpoint and malware analysis, end-to-end e-discovery and remediation technologies into a single, scalable solution. This makes it possible for all security, legal and compliance teams to do their jobs using one platform, automating tasks and collaborating in real time to address virtually any security incident or legal matter.

evolution When launching our security solutions we need to explain to our customers why any change is necessary, and we need to make changes these appealing to them. To make sure this message is got across, our partners have to be adequately prepared and we do that by providing them with clear information about our solutions. This has resulted in our partners embracing the idea and enthusiastically conveying it to our customers. ë

For deeper network security

look beyond the obvious.

Dellâ&#x201E;˘ SonicWALLâ&#x201E;˘ next-gen firewalls provide a deeper level of network security without slowing down performance. Not all next-generation firewalls are the same. To start, Dell SonicWALL next-generation firewalls scan every byte of every packet while maintaining the high performance and low latency that busy networks require. Additionally, Dell SonicWALL network security goes deeper than other firewalls by providing high-performance SSL decryption and inspection, an intrusion prevention system that features sophisticated anti-evasion technology, and network-based malware protection that leverages the power of the cloud. Now your organization can block sophisticated new threats that emerge on a daily basis. Go deeper at: sonicwall.com/deep

Deliver On