@entitworld
@enterpriseitworld
@enterpriseitworld
R S 2 0 | PA G E S 3 2 | V O LU M E 0 5 | I S S U E 0 9
WWW.ENTERPRISEITWORLD.COM
FOR THE CIOs. BY THE CIOs. DECEMBER 2020
EVERY RETAILER NOW NEEDS TO EMBRACE ‘CONTACTLESS’ WAY OF OPERATIONS.
CIO TALK P-22
UMAR ALI SHAIKH CEO, ATOS IN INDIA
ATOS PARTNER ONE STOP
FOR DIGITAL AND
5G TECHNOLOGY
P/16
FOR THE CIOs. BY THE CIOs.
&
PRESENT
SECURITY
SY M P O S I U M AND
CYBER SENTINEL AWARDS 2020
POWERED BY
TECHNOLOGY PARTNER
THANKS TO ALL
THE CISOs WHO JOINED THE EVENT AND CONGRATULATIONS TO ALL THE
Winners
ASSOCIATION PARTNER
MEDIA PARTNERS
CONTACT Accent Info Media Pvt. Ltd. 6/103, Kaushalya Park, Hauz Khas, New Delhi-110 016 E-mail: info@accentinfomedia.com / Website: www.accentinfomedia.com Phone No.: 011-40587445
www.enterpriseitworld.com
EDITOR’S LETTER
GROWTH IN COVID-19 CONDUCIVE FOR CYBER ATTACKS
Hello Friends.
Life is taking different turns amid this pandemic. After the first two rounds of Covid-19, there is third round of the virus with much power have started making rounds globally – at least in the European countries. In this situation things are becoming very uncertain. Taking the advantage and weak mindset of the CXOs, there has been surge in the attacks. In recent times, Indian companies have been the target of the cyber attackers. Companies like Dr. Reddy’s Lab, Haldiram, Mithaas, Aditya Birla Group, though have not come to the news publicly, etc., have borne the brunt of the attackers. The damage has extended from data loss to reputation loss to harassment from the attackers. The latest in the news is Brazilian company Embraer, the third-largest airplane maker after Boeing and Airbus, has become latest victim of a ransomware attack, the media reported on Monday. Hackers uploaded data of Embraer employees, business contracts, photos of flight simulations and source code, among others, on the Dark Web, reports ZDNet.
NEXT MONTH SPECIAL
After cyberattack on Cognizant there has been no abatement in the situation like the case of Covid19. Even though the CIOs and CISOs are taking ample precaution but somehow some company or other are getting targeted. Obviously the reason is aged infrastructure, which are getting updated but not at the pace that can easily avert the attacks from penetration. This is of course becoming a greater concern for the CXOs and law enforcement agencies. Seqrite Threat Predictions 2021 Reveal that Targeted Ransomware attacks on Healthcare and Pharma Sector to Surge. As per the report previously, advanced ransomware attacks like WannaCry, Petya, Ryuk, Grandcrab etc. used to only encrypt disks or files and demand a ransom payment in return for a decryption key. Now a new ransomware trend is observed which not only encrypts user files but also exfiltrates private and sensitive information. On denial of ransom, adversaries threaten to release hijacked information in public. This is double trouble for organizations – exposing sensitive data in public causes severe GDPR implications. In either case, businesses are likely to have to pay to move forward. This tactic is called RansomHack or Double Extortion. Maze, DoppelPaymer, Ryuk, Lockbit, Netwalker, Mountlocker, and Nefilim are few ransomware operators using double extortion techniques. The company expects this trend to continue in 2021 as well. As per HP report, in 2021, there will be more innovative phishing lures designed to trick users and make attacks harder to identify.
S A N J AY M O H A PAT R A S A N J AY @ A C C E N T I N F O M E D I A . C O M
COVER STORY
SUPPLEMENT
DC WORLD
QUOTES FROM TOP CIOS
The next issue is dedicated to Digital Journey of the CIOs. We would like to take feedback from the CIOs and OEMs and create our judgment on the same.
The supplement story of the magazine would have relevant quotes from the top CIOs in India.
PLUS
Interviews and Case Studies
Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.
Send in your inputs to sanjay@accentinfomedia.com 4
ENTERPRISE IT WORLD DECEMBER 2020
CONTENTS V O L U M E 0 5 | I S S U E 0 9 | DECEMBER 2020 | W W W . E N T E R P R I S E I T W O R L D . C O M
FOR THE CIOs. BY THE CIOs.
Publisher: Sanjib Mohapatra Chief Editor: Sanjay Mohapatra Managing Editor: Anisha Nayar Dhawan Sub Editor: Pooja Jain, Nidhi Shail Designer: Shadab Khan Web Designer: Vijay Bakshi, Sangeet Technical Writer: Manas Ranjan Lead Visualizer: DPR Choudhary MARKETING Marketing Manager: Vaishali Shukla SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-41055458 E-mail: info@accentinfomedia.com
CORPORATE STORY
16 ATOS: ONE STOP PARTNER FOR
EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New Delhi-110016, Phone: 91-11-41657670 / 46151993 info@
DIGITAL AND 5G TECHNOLOGY
SECURITY: /20 Majority of Indian companies reported over 25% jump in cyber threats while working from home: Cisco
Printed, Published and Owned by Sanjib Mohapatra Place of Publication: 6/103, (GF) Kaushalya Park, Hauz Khas New Delhi-110016
MORE INSIDE
Phone: 91-11-46151993 / 41055458
Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior written permission from the publisher. Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.
Editorial~ ~~~~~~~~~~~~~~~~~~~~~~~~~ 04 News~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06
22 CIO TALK
accentinfomedia.com
SECURITY
28
26
24 SECURITY
SECURITY
KAPPU JAYKUMAR
RIPU BAJWA
NIKHIL TANEJA
RAJESH GANESAN
“Every retailer now needs to embrace ‘contactless’ way of operations.”
“Dell Technologies Help Indian Businesses Safeguard Critical Applications”
“Gaming and Attack surfaces: what you need to know”
“ManageEngine Recognized Among “Providers That Matter Most” in Privileged Identity Management”
DECEMBER 2020 ENTERPRISE IT WORLD
5
ITWORLD
ROUND UP
IBM Launches New Innovative Capabilities B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M
IBM announced innovative new capabilities planned for IBM Watson designed to help scale the use of AI by businesses. Developed by IBM Research, the new capabilities are designed to improve the automation of AI, provide a higher degree of precision in natural language processing, and foster greater trust in outcomes derived from AI predictions. They include: n Reading Comprehensionis based on an innovative question-answering (QA) system from IBM Research. Currently in beta in IBM Watson Discovery, it is planned as a new feature that can help identify more precise answers in response to natural language queries from vast troves of complex enterprise documents. It also provides scores that indicate how confident the system is in each answer. n FAQ Extraction uses a novel NLP technique from 6
ENTERPRISE IT WORLD DECEMBER 2020
IBM Research to automate the extraction of Q&A pairs from FAQ documents. Currently in beta in IBM Watson Assistant’s search skill, it is planned as a new feature to help businesses keep virtual assistants up-to date with the latest answers and reduce the timeconsuming process of manual updates. n A new intent classification model is now available in IBM Watson Assistant. It is designed to more accurately understand an end-user’s goal or intent when engaging with a virtual assistant and to enable administrators to train the system faster. The model provides more accurate results from less data versus compared commercial systems1. This can help businesses go live with virtual assistants in a few days while achieving high accuracy. n Watson Discovery now includes support for 10 new languages including Hindi.
D ATA BRIEFINING
IT spending in India is projected to total $81.9 billion in 2021, an increase of 6% from 2020, according to the latest forecast by Gartner, Inc. IT spending in 2020 is expected to total $79.3 billion, down 8.4% from 2019. Source: Gartner
ITWORLD // NEWS BRIEF
SonicWall Capture Labs Threat Research Team Warns of Egregor Ransomware Attacks
SonicWall Capture Labs Threat Research team warns that Egregor Ransomware attacks will intensify. This ransomware steals system information, banking, online account credentials, deploys keyloggers, and remote backdoors on Windows client and server software. The library (Dll) is highly obfuscated and encrypted using Salsa20, ChaCha, and Rabbit stream ciphers along with RSA public-key cryptography. Egregor releases stolen data on the Egregor News website to increase pressure on the victims to pay the ransom. Egregor News is both used publicly and on the Dark Web aka the Darknet. Egregor News is used to post the names and domains, along with data sets of the Egregor victims. The financial and tech sectors are at the top of the target list because they are the most profitable this year and will be well into the future.
CIO
CMS IT Services – an award-winning RPA service provider – today launched its first-of-thekind shared service delivery model for Intelligent Automation, powered by Automation Anywhere with the aim of making IT automation affordable for organizations of all sizes. Remote Automation Centre for Enterprises (RACE) delivers the full power of AI-augmented robotic process automation technology amplified by the flexibility, scalability and support that empowers customers to start small, capture value and scale at their own pace with no risk. Speaking on the occasion Anuj Vaid Executive Vice President, CMS IT Services said, “CMS IT is committed to enabling a secure scalable digital business model for our customers who are taking the lead and changing the game by taking their business model digital. We have expertise across domains and our role is increasingly becoming that of a business enabler as it is of a technology enabler”
EVENTS
17 DEC 2020
11-14 JAN 2021
11-13 FEB 2021
What’s NEW in Veeam Backup for Microsoft Office 365 v5 webinar, an upcoming online event that we think you might find useful.
Kick off the new year by gathering a diverse and inspiring group of world leaders and forward thinkers to examine how we can rethink, rebuild and recover.
Virtual Exhibition on “Work From Home Expo” Exhibitor Entry: click here to send Stall/Booth Request
BY: VEEAM
8
Egregor targets systems within the Five-Eyes: Australia, Canada, New Zealand, United Kingdom, and the USA (North America). Other related targets are in South America, South Africa. Mostly countries and territories of the United States and their partners. Debasish Mukherjee, VP, Regional Sales – APAC at SonicWall, says, “Ransomware is one of the most prolific criminal business models in existence today, mostly thanks to the multimillion-dollar ransom criminals demand from individuals and corporations. Egregor is a RaaS (Ransomware as a Service) that’s why they have a news website on the public facing web and on the dark web. The financial and tech sectors will always be at the top of the target list because they are the most profitable. SonicWall Gateway Anti-Virus (GAV) provides protection against this threat.”
CMS IT Services makes Intelligent Automation affordable
ENTERPRISE IT WORLD DECEMBER 2020
BY: REUTERS
BY: WFH EXPO
NEWS BRIEF // IT WORLD
Matrix COSEC Employee Self-Service
S/HE SAID IT
MAHAVIR SHARMA
TIE GLOBAL CHAIR
“Bill Gates contributions are ginormous and invaluable, to list them out will be impossible. But the greatest, we at TiE feel is, that his work in computing has empowered anyone who uses a PC or any devices.
Matrix COSEC ESS is a comprehensive web-based employee portal that allows COSEC users to monitor and manage all their time-attendance and leave options. Employees and managers can access all their time-attendance information easily and perform related tasks intuitively reducing a significant amount of time they spent on such issues. Matrix COSEC ESS intuitive interface allows employees to view their attendance and shift-schedules, check their leave details, apply for leaves or tour and update personal and job-related information. Additionally, a reporting officer can approve or reject leave
QUICK BYTE ON
and tour applications, authorize attendance and plan work schedules of his subordinates. Key Features: n Employee Self Service Customization n Leave Status n Shift Schedules n Online Attendance Marking n Track Time-Attendance of Field Employees n Attendance on the Move – Face, QR and BLE based Credentials n Health Declaration
“We are enabling all the industry leading capabilities and intelligent software that have fueled the success of the VSP 5000 down market to our new E-series midmarket products, with aggressive price points and enhanced ease of use. ” B O B B Y S O N I , P R E S I D E N T , D I G I TA L I N F R A S T R U CT U R E , H I TA C H I VA N TA R A .
SECURITY
Tenable Celebrates a Successful Year as deepwatch’s Preferred Risk-Based Vulnerability Management Partner Tenable celebrates a successful year as deepwatch’s preferred risk-based vulnerability management partner. The strategic partnership combines Tenable’s industry-leading vulnerability management solutions with deepwatch’s innovative cloud SecOps platform and managed services to help joint customers see their systems, predict what matters and act to reduce risk, especially as they prioritize cloud computing. DECEMBER 2020 ENTERPRISE IT WORLD
9
ITWORLD // NEWS BRIEF
Veeam Announces NEW AWS Backup and Recovery Capabilities for Amazon RDS
Cisco Announces Wave of Webex Innovation to Provide Smart and Seamless Collaboration Today, at WebexOne, Cisco announced a wave of Webex innovations to help organizations collaborate seamlessly and transform their employee and customer experiences. Taking place on 9th and 10th December 2020, WebexOne is Cisco’s premier digital collaboration conference that brings together thought leaders, customers and partners to discuss the future of work. Webex has a rich history of helping employees innovate and remain productive wherever they are. Since the pandemic, Webex has not only continued to help businesses thrive, but has also been an integral platform for governments to continue to lead remotely, doctors to meet with patients safely, and educators to teach
EXECUTIVE
students at a distance. Jeetu Patel, SVP and GM, Security & Applications, Cisco, said: “Cisco’s purpose is to power an Inclusive Future, and collaboration technology plays a critical role in leveling the playing field so everyone is able to participate in the global economy regardless of geography, language and personality type. This is why we are driven to deliver a Webex experience that is 10x better than inperson—and at the same time make in-person interactions 10x better too. Webex enables a shift towards hybrid working and less reliance on geography-based hiring, opening the global economy and giving everyone a seat at the table—no matter where the table is.”
Veeam Software announced the availability of NEW Veeam Backup for AWS v3 — a fully automated and native backup and disaster recovery solution built on Amazon Web Services (AWS), designed to effortlessly provide additional protection and management capabilities for Amazon Elastic Cloud Compute (Amazon EC2) and Amazon Relational Database Service (Amazon RDS). Built with reliability, cost-effectiveness and security top of mind, Veeam Backup for AWS v3 is designed to drastically minimize the risk of data loss for data on AWS. This new support and feature set is available in two packaging options, allowing organizations to choose the data protection solution that best fits their needs: n Veeam Backup for AWS, a standalone AWS backup and recovery solution for protecting data on AWS n Veeam Backup & Replication™, unifying AWS backup and recovery with other cloud, virtual or physical data and unlimited data portability to, from and across clouds “We are excited to deliver Amazon RDS support in this latest version of Veeam Backup for AWS,” said Danny Allan, chief technology officer and senior vice president of product strategy at Veeam.
MOVEMENT
NTT appoints Abhijit Dubey as Global Chief Executive Officer, NTT Ltd. from 1 April 2021 10 ENTERPRISE IT WORLD DECEMBER 2020
Best Power Appoints Industry Expert Satyabrata Sahoo for Creating Footprints in Global Markets
Sharad Sanghi will be appointed Leader of the India business on 1 January 2021. Sanghi is the CEO – Global Data Centers and Cloud Infrastructure (India) of NTT Ltd.
NEWS BRIEF // IT WORLD
BOOK
SHELF
Mind Your Business: A Workbook to Grow Your Creative Passion Into a Full-time Gig
GLOBAL UPDATE
BY
ILANA GRIFFO
TiE Lifetime Achievement Award conferred to Bill Gates TiE Lifetime Achievement Award conferred to Bill Gates and Lifetime Achievement Service posthumously to Indian IT Industry to late FC Kohli, Father of Indian IT Industry and Lifetime Achievement Family Business Transformation to Bill Marriott of Marriott International While receiving the award, Mr. Bill Gates said, “It’s an honour to receive this prestigious award from TiE. I’m sorry I can’t be with you and my fellow recipients to be there to accept it but I want to share a few thoughts why your work is so important: Innovation is the key to solve the world’s toughest challenges – whether it is stopping a pandemic, avoiding a climate disaster or just raising human productivity. But as Paul Allen and I experienced with Microsoft, innovators can’t make it on their own. They need supporters and partners to make sure that their best ideas make it from the lab to the marketplace. For over 27 years, TiE has been doing just that. You support great entrepreneurs around the world and in some of the most important fields in technology today. Your work is essential in fostering innovation and creating the better world we all want. Thank you again. And I
hope you have a successful summer”. As a First Generation Entrepreneur Mr. Bill Gates has created a remarkable impact not only on the global economy but also has become an inspiration to many many entrepreneurs through generations. And the fact that he continues to give back to society, and what he has achieved is commendable. My Heartiest Congratulations to Mr. Bill Gates on being awarded the Lifetime Achievement Award”, said by Mr. Mahavir Sharma, TiE Global Chair. Mr. Bill Gates is a Visionary Entrepreneur who has overcome various challenges and failures to create a new world, and he has leveraged success to tackle health and poverty issues worldwide which are overlooked by society. He democratized the entire IT and Computer Technology ecosystem. He is a living legend and a role model for every entrepreneur. My Personal and Hearty Congratulations to Mr. Bill Gates on being awarded the Lifetime Achievement Award.” said Sridhar Pinnapureddy, TGS2020 Chair.
PRICE
$15.95 (HARDCOVER) About The Book Mind Your Business is the ONLY book that teaches you everything you need to know about how to build a successful business from scratch. From developing your brand to designing products to identifying your legal and tax needs,
Key Feature Author Ilana Griffo shares the formula that turned her creative hobby into a six-figure design studio. From initial planning to long-term business strategy, Mind Your Business includes: • Insider tips from successful entrepreneurs • Advice to identify your ideal market and customer • Legal guidelines to protect your ass(ets)
By 2050, India’s GDP estimated to reach 28 Trillion dollars: Gautam Adani
Gautam Adani, Chairman and Founder of Adani Group in his keynote address on the day two of the TiE Global Summit currently underway virtually called on Macro-economic factors favouring India, intersection of digitalisation green sustainable energy, and accelerated new possibilities for India in a post COVID world as three major areas
defining India in the next three decades. India’s population is expected to reach 1.6 Billion. That means 1 in 3 of world’s middle class consumer will be Indian, making this modern middle class the biggest driver of India’s consumption, he said. By the year 2050, Adani said, India’s GDP estimated to reach 28 Trillion dollars contributing 13% to the global economy. Speaking about the role of digitalisation and sustainability intersection propelling the growth of India, Adani said that India would enjoy cheapest rates for electricity compared to the world
due to the promising growth in green renewable energy. Adani also mentioned that the marginal cost of bits and bytes will keep decreasing, further improving information technology which is another factor favouring India’s future growth. India is set to position itself as a place of great opportunities of the 21st century and become even stronger 2050 onwards. The session on Innovation Engineering with Dr. Ikhlaq Sidhu – Founding Director & Chief Scientist, Sutardja Centre for Entrepreneurship & Technology. DECEMBER 2020 ENTERPRISE IT WORLD
11
ITWORLD // NEWS BRIEF
Seagate Designs RISC-V Cores Seagate Technology has designed two processors based on the open RISC-V instruction set architecture (ISA). One of the open standards-enabled cores is designed for high performance and the other is area-optimized. The high-performance processor has already been built with RISC-V-enabled silicon and demonstrated as functional in hard disk drives (HDDs). The area-optimized core has been designed and is in the process of being built. Because both processors offer RISC-V security features, the benefits add up to more robust edge-to-cloud data trustworthiness, security, and mobility—all essential in the era when so much data is on the move. The announcement, made at the virtual RISC-V Summit 2020, is the first public report on the results of Seagate’s several years of collaboration with RISC-V International. “Having shipped close to one billion cores over the last year, Seagate has developed significant expertise in system-on-a-chip design,” said Cecil Macgregor, Vice President, ApplicationSpecific Integrated Circuit (ASIC) Development.
Bharti Airtel Accelerates its Open Hybrid Cloud Network deployment with IBM and Red Hat IBM and Bharti Airtel have completed the first phase of Airtel’s Open Hybrid Cloud Network built with IBM and Red Hat’s portfolio of hybrid cloud and cognitive enterprise capabilities. With this deployment, Airtel’s customers and ecosystem partners will have a flexible foundation to build and deploy innovative applications on the cloud network. They will also gain enhanced performance, availability, automation and scaling, all the way from the core to the network edge. Telecom operators worldwide are expected to spend over $111 Billion by 2022 upgrading their network cloud and platform.1 With the ever increasing customer demand for seamless connectivity services and the continuing exponential growth in data traffic, Airtel has embarked on this massive cloudification program to make its network agile, robust and scalable. Airtel has been working with IBM to integrate end-to-end advanced automation and plans to embed AI capabilities in the future as a core part of its network transformation.
IceWarp to Invest USD 2.5 Million in Indian In a bid to strengthen its presence in India, IceWarp will invest USD 2.5 Million in the Indian market and is planning to invest another USD 1.5 Million in the local datacentres in the near future. Specialized in hybrid implementations, the company is enabling the enterprises in India to sail through adverse conditions that have occurred due to the COVID-19 pandemic. In the current work from home scenario, organisations from small, medium to large have realised the need for effective collaboration solutions and hence, adopting the same immensely. IceWarp’s collaboration tool has been successfully implemented in large BFSI, BPO’s, Pharma/Healthcare and many other Industries across the Indian Market. However, the top revenue drivers for IceWarp are BFSI, Pharma & Healthcare, Manufacturing, and 12 ENTERPRISE IT WORLD DECEMBER 2020
BPO’s. Some of its customers include IDFC Bank, Gujarat Narmada Valley Fertilizers & Chemicals (GNFC), Emkay Global Financial Services, CMS Info Systems, Fedbank Financial Services (Fedfina), and many more such big brands. “We have been working in the Indian market for over five years and have modelled a multi-million investments in the country. The Idea of investing in data centres in India is to make sure that our customers are able to maintain regulatory compliances and follow other government guidelines related to the security of data while using our solutions. India is an important market for IceWarp and we are sure that the investments are going to reap substantial revenue for the company” quoted, Adam Paclt, Global CEO, IceWarp.
DIGEST VEEAM BACKUP FOR MICROSOFT OFFICE 365 V5 AVAILABLE FOR MS TEAMS Veeam Software announced the general availability of the latest version of the company’s fastest growing product — Veeam Backup for Microsoft Office 365. Version 5 adds purpose-built backup and recovery for Microsoft Teams, making it easier than ever for users to quickly find and restore Teams data, including entire groups, specific channels and settings. Protecting this data is more critical than ever, as the shift to remote working has created an explosion in Microsoft Teams adoption over the past year, with 115 million daily active users last month, up 475% from 20 million daily active users almost 12 months ago. DELL TECHNOLOGIES HELP INDIAN BUSINESSES SAFEGUARD CRITICAL APPLICATIONS Dell Technologies introduces new Dell EMC PowerProtect DP series integrated appliances and PowerProtect Data Manager software advancements to help customers protect, manage and recover data from traditional and modern applications across core data centers, edge locations and public clouds. Dell, the industry leader in data protection appliances and software1, also announces PowerProtect Cyber Recovery is the first data vaulting solution endorsed by Sheltered Harbor to enhance cyber resiliency in the financial sector. MANAGEENGINE RECOGNIZED AMONG “PROVIDERS THAT MATTER MOST” IN PRIVILEGED IDENTITY MANAGEMENT Forrester Research has recognized ManageEngine as one of the “providers that matter most” in privileged identity management (PIM) and chatbots for IT operations. The Forrester Wave: Privileged Identity Management, Q4 2020 cites very high customer satisfaction for ManageEngine’s PAM360. Meanwhile, the Forrester New Wave: Chatbots for IT Operations, Q4 2020 notes that “ManageEngine customers report that they’re satisfied with the offering and impressed with the ease of integration and flexibility.” In addition to this recent recognition, ManageEngine previously made it to the The Forrester Wave: Enterprise Service Management (ESM), Q4 2019 and The Forrester Wave: Unified Endpoint Management (UEM) published in Q4, 2019. The two technologies are increasingly significant as more organizations look to ESM to improve overall user experience and productivity.
NEWS BRIEF // IT WORLD
MANAGEMENT
MANTRA
“There is some virtue to be learnt from every part of the world.” Sri Sri Ravi Shankar Management Mantras
Data Theorem Delivers Privacy Toolkit for Apple’s New Data Disclosure Rules
Lucideus Launches SAFE Me
Lucideus, a global pioneer in Cybersecurity and Digital Business Risk Quantification (CRQ), today announced the launch of SAFE Me, a one of its kind mobile application which will fundamentally change the way consumers secure and protect their digital life. The zero-permission and free of cost mobile application leverages Lucideus’ proprietary breach likelihood scoring algorithm built as joint research with MIT and relies on AI & Machine Learning to provide every individual with a cyber risk (or breach likelihood) score on a scale of zero to five based on a combination of
factors including device security, exposure on the deep and dark web, cybersecurity awareness and more. Cybercrime is one of the biggest threats to humanity and Gallup’s research has shown consumers agree. The public worries more regularly about the hacking of personal data (71%) and identity theft (67%) than non-cybercrime, such as robbery (25%) or assault (20%). At the same time, consumers are considered one of the weakest links in the cybersecurity chain with human negligence causing 63% of corporate insider threats. This dissonance between people’s understanding of cybersecurity and how they act speaks to the importance of changing the way the public engages in the cybersecurity conversation. Lucideus’ SAFE Me is designed to evolve this archaic way of managing humanrelated cyber risks into a mobile-first, unified cybersecurity experience personalized for every individual. SAFE Me gamifies the experience making cybersecurity easily accessible for consumers so they can understand their risk posture and take steps to improve. Beyond consumers, SAFE Me also empowers enterprises and executives to manage cyber risk proactively and objectively by offering a unique view into the organization’s risk posture, helping businesses prepare for and get ahead of threats.
Data Theorem, a leading provider of modern application security, announced its new application privacy solutions that streamline app publishers’ process to comply with Apple’s recently announced data privacy disclosure requirements for apps being distributed and sold on the Apple App Store. Apple’s data disclosure requirements go into effect Dec. 8, with the goal of helping users understand an app’s privacy practices before they download on any Apple platform such as iPhone, iPad, MacBook, etc. The aim is for users to learn about the data types an app collects, and whether that data is shared to third party SDKs. “There is a significant new burden added to security and developer teams for every new application launch or update going through the Apple App Store and Mac Store,” said Doug Dooley, Data Theorem COO. “The necessary level of data tracking and reporting of an application is not there for most companies. Data Theorem has new solutions to help customers with these changes. If we can pull together as an industry, consumers of apps will be the biggest winners without hurting app publishers for improper disclosure around data privacy.”
VergX Expands Relationship with Versa Networks to Deliver Enhanced SASE VergX, a leading software defined, wide area network (SD-WAN) and security service provider, has expanded its strategic relationship with Versa Networks, the leader in Secure SD-WAN and SASE. As a result of this expanded strategic relationship with Versa, VergX will offer new SASE and Secure SD-WAN bundles based on the Versa Titan platform to meet the growing demand for Home and SMB solutions during the continued work-from-home (WFH) environment. The new Versa Titan-powered offerings will be delivered through VergX’s large distribution channel and will further enable VergX to best meet customer secure network requirements and budgets with enhanced
VergX Home and SMB solutions. “VergX has been a strategic partner for years, and their knowledge and expertise of SD-WAN and security enables them to leverage our leading Secure SD-WAN and SASE technology to best meet enduser and reseller needs in designing next-generation SD-WAN networks,” said Kelly Ahuja, Versa CEO. “Versa has seen significant demand for its solutions supporting WFH and remote workers, and we are pleased to expand our strategic relationship with VergX to help them bring these Secure SD-WAN and SASE benefits to its growing Service Provider, Managed Service Provider and partner ecosystem.” DECEMBER 2020 ENTERPRISE IT WORLD
13
ITWORLD // NEWS BRIEF
Vi Business partners with Fortinet
Kodak Alaris and Newgen Software Technologies launch OmniDocs ActiveScript Kodak Alaris and Newgen Software Technologies Ltd have launched OmniDocs ActiveScript, a cloud-based SaaS solution that rapidly automates document-centric processes. This powerful system enables enterprise process automation in critical applications such as consumer loan processing, employee onboarding, policy onboarding, insurance claims, contract approvals, invoice processing, and more. OmniDocs ActiveScript – one of the first solutions to be developed as part of a global strategic alliance formed between Kodak Alaris and Newgen last year, is designed to help drive digital business for both companies’ customers and channel partners. In a jointly-hosted webinar attended by partners from 15 countries, Kodak Alaris presented its new Kodak S3000 Series Scanners and INfuse Smart Connected Scanning Solution, and explained how these operate in tandem with the new SaaS OmniDocs
ActiveScript offering. Document scanners from Kodak Alaris offer simplified start-up and scanning and enable personalized workflows. Innovative technologies such as Smart Touch functionality eliminate multi-step scanning processes with one-touch simplicity, while powerful on-board image processing delivers crisp, high quality images at full speed without depending on PCs, enabling faster, more accurate capture. Ashok Dash, Sales Director – India Cluster, Alaris division of Kodak Alaris, said: “Together, Kodak Alaris and Newgen empower customers to work in more effective ways, with pre-defined processes for different vertical sectors and cloud-based access, combined with contactless handling and mobile integration. This is just one of the many best-in-class solutions on our joint roadmap with Newgen, and we look forward to revealing further announcements over the coming months.”
Vi Business, the enterprise arm of Vodafone Idea Ltd. (VIL), today announced the launch of Managed Security Service and has collaborated with Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, as the technology cornerstone for the offering. Vodafone Idea’s Managed Security Service (MSS) delivers Next Generation Firewalls with advanced security features offering the first line of defense for any cyber-attack, thus ensuring that enterprise network is protected. MSS will provide the power that today’s networks require, built on Fortinet’s innovative security processing units (SPUs) and FortiOS operating system. The MSS includes both network-based firewalling with intrusion protection detection features and secure remote user access to enable remote workers to connect to their corporate network safely and securely through a VPN. Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet added “The sophistication of today’s threat landscape, coupled with the speed at which user traffic is increasing, requires organizations adopt advanced protection. With our integrated security platform, MSSPs and telecom service providers, such as Vodafone Idea, benefit from high-performance technology and an easy to manage security solution that provides comprehensive protection for the extended enterprise.”
Oracle Announces Integrated, High-performance Analytics Engine for MySQL
Oracle announced the availability of the Oracle MySQL Database Service with integrated MySQL 14 ENTERPRISE IT WORLD DECEMBER 2020
Analytics Engine, optimized for and exclusively available in Oracle Cloud Infrastructure (OCI). This is the only MySQL service that provides customers with a single, unified platform for Online Transaction Processing (OLTP) and Online Analytics Processing (OLAP) workloads to build and run modern applications faster and more securely. The MySQL Analytics Engine, developed for the MySQL Database Service by Oracle’s MySQL engineering team in collaboration with Oracle Labs, is a new, in-memory analytic accelerator that scales to thousands of cores, supports real-time analytics, and is at least
2 times faster and up to 66 percent less expensive than Amazon Redshift. Get started here. “MySQL is the most popular database among developers and is widely used by companies across industries. But, until today, MySQL users have been forced to move their data into separate incompatible data warehouses for analytics leading to higher costs and delayed answers,” said Edward Screven, chief corporate architect, Oracle. “With the MySQL engineering team’s latest innovations, Oracle is the only provider that offers developers and database administrators a single, unified platform.”
HYBRID CLOUD // CXO TALK
SACHIN WAINGANKAR
Head of Cloud, Web Werks India
“Organizations with on-premise data centers are now moving to the hybrid cloud because of its performance, stability, security, and quality.”
HYBRID CLOUD IS IN TREND TODAY
W
BY SANJAY@ACCENTINFOMEDIA.COM
As the organizations are facing a lot of business pressure due to the contraction of budget, their attraction towards cloud and Hybrid computing becoming natural as they are getting better business value. Sachin Waingankar, Head of Cloud, Web Werks India, explaining how cloud or hybrid environment offers better value over on-prem environment. With the constantly changing business environment, how do businesses decide between on-premise vs cloud? Decisions between on-premise or cloud are driven by criticalities, compliance policies and turnaround time. Cloud computing is a diverse computing paradigm incorporating the benefits of service-oriented architectures through virtualization. Hence if a business is required to deploy IT architectures in two days, procuring and deploying servers in such a short span is close to impossible. In such scenarios, cloud computing becomes the business’ best bet. In addition to that, organizations experience a major cost-benefit when they move to the cloud as they move from capital expenditures to operational expenditures. However, compliance issues can act as inhibitors concerning storage, usage, data protection, etc. Organizations can thus maintain benchmarks and compliance checklists with their cloud service providers, to ensure that their offerings are designed to comply with data regulations like ISC, PCI-DSS, HIPPA, TIA, SSAE, OIX-2, etc. One determining factor includes the duration of the project. In short-term projects that have huge requirements, investments in on-premise
infrastructures for minimal business applications are more like an aimless decision. On the other hand, the pandemic forced even well-established businesses to undergo digital transformations and mitigate risks, thus shifting even long-term projects to the cloud for its disaster recovery and business continuity plans. One of the latest trends in data centers is the Hybrid cloud. Can and should firms adapt it to suit their business needs? Hybrid cloud, the amalgamation of cloud services and on-premise data is gaining high popularity among users due to various reasons involving improved performance, flexible business operations, capacity expansion, optimized costs, and enhanced security. To maintain the confidentiality of data for security and compliance, organizations choose to maintain data on an internal network or a private cloud that will be hosted on-premise. This gives the firm access to both the physical and logical infrastructure. The Hybrid cloud is in trend today since it allows businesses to choose their computing models along with giving them the benefits of operational costs and management perspectives. Organizations however should move to the hybrid cloud after due diligence of their IT study. This includes understanding applications, understanding application dependencies, its portability followed by accessibility and compliance. This study will enable organizations to decide between which workloads and data could be hosted in a public cloud, the benefits, and risks it entails and, applications and data that are too sensitive, too specialized, or otherwise would be best hosted in a private cloud and thus helping them transition to the Hybrid cloud easily.
Since the pandemic, we have seen a 25% increase in cyber-attacks. How can the cloud deal with it? Any application or data that goes over the internet, whether deployed on-premise or in the cloud is exposed to an equal amount of risks. Data centers have multi-layered and constantly upgraded security systems in place to prevent data theft. Such a high degree of data security requires advanced tools and manpower which is unlikely to be available in-house for most companies. In addition to that, even if applications are protected with the best firewalls and IT policies, it is still susceptible to a cyber-attack if it isn’t updated to the latest security badge. What defines normal for the future of businesses in 2021? With the public cloud utilized mainly by e-commerce and, information and communication technology providers, more and more businesses are moving towards a hybrid cloud. Organizations with on-premise data centers are now moving to the hybrid cloud because of its performance, stability, security, and quality. This has been pushed by the pandemic that resulted in work from home policies and the inability to access systems in a lockdown. One great benefit of cloud computing is that lifecycle management, upgrades, and, replacement of used resources are taken care of by cloud service providers. This greatly reduces costs, labour, and time for organizations performing this task on-premise in a traditional environment and brings in business feasibility through virtualized architectures. DECEMBER 2020 ENTERPRISE IT WORLD
15
CORPORATE STORY // ATOS
ATOS: ONE STOP PARTNER FOR DIGITAL AND 5G TECHNOLOGY UMAR ALI SHAIKH CEO, ATOS IN INDIA
“5G will have to come in. Because of the shared way of the infrastructure,
Telcos will come together and share the cost making the implementation rollout faster, making the cost of implementation cheaper too.
BY SANJAY@ACCENTINFOMEDIA.COM
”
The growth in the digital economy amplified by 5G technology had created a demand for domain experts and many of the technology providers had latched onto the opportunity. But the unprecedented event of Covid-19 has certainly brought in a surge in the demand for the technology; and also the demand for the highly skilled work force and super specialists. In our quest to find out and understand the expertise in the digital technology along with 5G solutions capability, we found out some of the niche players and Atos India appeared one of the front runners. In my recent conversation with CEO, Atos in India, Umar Ali Shaikh convinced me about the 16 ENTERPRISE IT WORLD DECEMBER 2020
capability of this 33 years old technology provider. Today, Atos is a preferred solution provider for many of the large companies. Umar says, “One of the largest Oil & Gas retail companies, one of the world’s largest Automobile groups and India’s leading FI have taken Atos as their technology partners because of our unique solutions tailored for their needs. Along with this, we have pan India reach. We do not compromise in service delivery quality. On top of it we believe in long term commitments. Along the ways of service delivery journey, we keep on bringing innovations, which amplifies the satisfaction of the customers.” He added, “Digital adaptation of telecom during pre-Covid days has been one of the highest in Indian industries. According to a report published by McKinsey, it was around 50%. But due to Covid-19, there has been growth in the internet usage and OTT platforms, telecom players had to make themselves ready on a war footing. Also, the ARPU in pre-paid connections have improved owning to the high data usage.” Atos is servicing all these environments with efficiency. The company either has developed capability or acquired capability by virtue of its acquisitions including Siemens IT during 2010-11 or Xerox services, Bull or even Unify. Although these acquisitions are global in nature but these have bearing on its INR business – means India centric business. As a global Tier-1 service organi-
zation, Atos’ capability spans across applications, infra, HPC and UC business. Although UC business is dealt differently through partners. This OEM agnostic service delivery provider can integrate applications and also develop custom built applications for ERP, CRM or BI kind of solutions. Even they develop bespoke applications required for the customers. Giving an example, Umar add, “If a customer is looking
ATOS // CORPORATE STORY
hybrid and public clouds; and migrating the customers for different environments. We can literally lift and shift the customers’ datacentre from one environment to another.” “We also do network management, security management, end-user computing, SOC, NOC, technical service desk, etc. not only from the point of view of setting it up but also manage and monitor the existing set up.” Towards achieving the perfection and making it error free, Atos tries bringing in innovation by adding automation along with AI and ML. Atos’ customer base spans across all vertical markets. Today, it offers end-to-end IT services to one of the large German automobile manufacturing companies based out of India – including their assembly line application. Similarly, another luxury automobile manufacturing companies depends on Atos for managing and monitoring their datacentre operations and technical support. India’s largest Oil and Gas retail companies banks upon Atos to manage their automation solution. Atos here has developed this particular automation software for the client which helps them to check the quality and capacity of the fuel and on top of it, manages the dynamic price change of the fuel every day. Atos also offers the retailer analytics of individual fuel stations in more than 200 locations in India. Umar says, “Apart from managing so many locations for them, we are managing the world’s highest elevation fuel station, which is about 3700 to 3800 meters higher than the sea level and the farthest fuels station that the company manages is within the 5 kilometre of Indo – Bangladesh border. At the same time, Atos also manages the entire Datacentre and network of the largest FI in India. The service delivery company also manages and monitors datacentre of one of the very large payment gateways in India from end-to-end perspective. Umar adds, “If that is not enough, Atos has done ERP implementation of the India’s most prestigious technical institute.” As Atos is one of the Telco specialist, they manage end-user computing of one of the large Telcos in India. Umar says, “We are holding one of the largest end user computing contracts from them, which can go beyond sixty thousand devices across 200 locations.” for implementing SAP, we do not only sell the software and integrate it on the customer premise or on cloud but also customise and manage for over few years after it goes live.” Along with this, if the customer wants to upgrade the infra – may be for Hana or S4Hana, they also do that. He maintained, “We can be one stop shop for all the software, hardware and skilled manpower for application management and maintained.”
On the infra side, Atos strength lies in all the kinds of IT infra including laying out solutions for Telco. With 5G revolution happening and 3G – 4G infra converting to 5G, the billing systems are also migrating to a different platform. Atos owns the capability of managing and monitoring 5G billing system from an end-to-end perspective. Umar says, “Our strength also lies in managing and monitoring Data Centre, configuring private,
Interview What is your assessment of the market sentiment now? I think market has gone through a cycle from where we suddenly stopped due to the lockdown, but every industry has bounced back very well. We cannot generalize the market situation as far as Covid- 19 is concerned. There are certain industries which started doing very well because DECEMBER 2020 ENTERPRISE IT WORLD
17
CORPORATE STORY // ATOS
of this lockdown and there are certain industries which definitely bore the brunt of low sentiment due to the lockdown. But if you asked me, market has gradually improved. What are your views around the digital transformation and CIOs challenges? Digital transformation is a reality. We have got early adopters and we have players who adopt with caution. And then we have laggards but can we take away digital transformation from our tomorrow’s journey. The answer is absolute no. Every CIO is aware that they have to embrace digital transformation. Just that, the dynamics and the speed has changed due to the Covid-19 crisis. The challenges that the CIOs are facing is to upgrade from the legacy situation what they had – both in terms of their setup and the adaptability, which they would face within their organization or in the periphery the business they are operating. Second one is the faith of a CIO on a partner to help them transform to a real digital situation, how smoothly and how fast, it will get executed. That is another challenge which CIOs face because when you sit with a partner and integrator, things can be very positive but when you actually award them or engage them to execute what you are looking forward to in your transformation journey, the things can be very different. So the real challenge is choosing the right partner. I am certain that almost every organization has got right checks and balances, right evaluation criteria and right experience to decide and appoint the right partner in their digital journey, yet it is not smoothest yet. The third one in my opinion is the technology and the capacity is changing faster than before. What you planed when starting your transformation journey one year ago, something new come up. In summary, the legacy infrastructure, plus the mind-set, right partner in the journey to ensure smooth and faster execution and of course coping-up with the faster changing technology and capacity. These are the three top challenges. What are your views on keeping the organizations immune from cyberattacks by creating right architecture? Cybersecurity was always important and in the challenges around digital transformation, cybersecurity is even faster. CISOs always had a challenging task to cope up with this. But in today’s scenario their work and the sensitivity of their action has gone up multi fold. We are now talking about making work from home as one of the possible alternatives. That would mean that we are letting our people to come into our network 18 ENTERPRISE IT WORLD DECEMBER 2020
or our customers’ network from home. So a new set of challenges that will come up not only at the technical level but also at the level of awareness. How do you make your people aware that this email is a phishing email? Prevention is better than cure. So that is another challenge which CISOs are facing to make people aware that cyber security is a threat, and it can really jeopardize the way we are working. That realization is as bigger challenge as upgrading our infrastructure, bringing in right software, bringing in right expertise to block the cyber security threat. The other challenge is, it is very difficult for a CISO to maintain balance between security, business and implementing security control. It does not come cheap. Plus, it comes with lots of checks and balances. It may not help people to work in the smoothest possible way. So bigger task for the CISOs is to maintain a balance between business and implementing controls. The other thing is, can we fully eliminate cyber security threat. We cannot. So you are only working with best efforts. Meaning they are aware that some attacks may happen, which they are not aware of or which is new. So it is not only prevention or awareness but also damage control. They will have to face damage control and that is a bigger botheration. Because damage control is when damage has happened and you are controlling. The irony is, you do not know what damage is coming. In my opinion, cyber security like digital transformation is also a Number one discussion and Number one thought, in any organizations. Whether the management is understanding the relevance of cybersecurity? Of course. It is about being aware that this is damaging and also being aware how damaging it could be. There are two different aspects. We know it is harmful and being aware to what extent it can be harmful. Now the third part is what is the collateral harm that it can incur to your organization. Not only you as an organization, every organization which are connected to your organization can be affected. So I guess the journey has exponentially taken off from the step of knowing cyber security is important to what extent it can be harmful to what collateral damage it can cause. So, CIOs, CFO, CISOs, EMPLOYEES – both external and internal employees – all have to be made aware about cybersecurity. We at Atos have constantly been doing awareness campaigns. Our security team keeps bombarding all sorts of messages and if you by mistake click on an email that you could not recognize, we get an alert that you did this by mistake, please take the training again.
What is the kind of evolution being seen in the Telcos? With 4G or 5G, there are multiple beneficiaries. There are enterprise customers and there are end consumers. India plays on a volume game. We are one of the lowest ARPU countries as far as Telco is concerned, yet we have Telcos, who are sustaining the business in India. Now, if I have to look at the adaptability of technology, what does it need smartphone, better internet connectivity and then people who would be able to click the right icon to go where they want to go. You build the smartphone and if the person does not know how to operate the smartphone, it has no use or internet connectivity or 4G or 5G has no use. We as a country are very well aligned to all these three from the consumer side. Anyone, who is not very educated understands roman scripts on the screen or understand a few words in English. Plus, smartphones today are also coming with local language options as well. So we do not have the challenge there. Now 5G is a reality. Pandemic has brought in the adaptability of Indians to use their smartphones or use internet to the fullest extent. The cost of internet has also come down drastically. But there are certain things which still are away from being only in 4G. For example, e-health or augmented reality, we are able to operate in 4G, but are we able to do in a real situation in 4G answer is no. Therefore, you really need 5G to execute those applications efficiently. There can be robotics, autonomous driving, and so many other things, which are only possible in 5G. So whether to adopt 5G, the answer is definitely yes – at least at the enterprise – level. The other thing, which brings 5G is that there was a time when Telcos used to have their own infrastructure, own base stations, etc. but 5G brings in a scenario where operators can operate on an absolute shared mode – means the cost of infrastructure is shared among them. That will make it a lot more viable for us to get 5G implemented. So the first point is that, do we really need to 5G? The answer is: we will not be able to stay away from it. Three to five years ago, when OTT platforms including Netflix or Prime video came, it was a luxury. But today it has become so common. I know many people who have discontinued their satellite connections, because they are 100% gone on to OTT. So likewise, 5G will have to come in. Because of the shared way of the infrastructure, Telcos will come together and share the cost making the implementation rollout faster, making the cost of implementation cheaper too.
RANSOMWARE ATTACKS // SECURITY
SEQRITE THREAT PREDICTIONS 2021 REVEAL THAT TARGETED RANSOMWARE ATTACKS ON HEALTHCARE AND PHARMA SECTOR TO SURGE
2020 has been a year of unexpected events, with COVID-19 striking a blow to the world, and bringing overnight changes to our lifestyles. While going digital was one of the primary transitions for businesses, it also created an opportunity for cybercriminals to use pandemic as their new bait – and eventually inject malware in the systems to barge in and steal sensitive data. Strengthening cybersecurity hence became the need of the hour for most businesses as they gear up for 2021. To understand this better, Seqrite, a specialist provider of IT security and data protection solutions to corporates, SMEs, and governments, has release its threat predictions that will share the future of cybersecurity in 2021 and beyond. Threat Actors to switch from Ransomware to RansomHack: Double-Trouble for
Enterprises Previously, advanced ransomware attacks like WannaCry, Petya, Ryuk, Grandcrab etc. used to only encrypt disks or files and demand a ransom payment in return for a decryption key. Now a new ransomware trend is observed which not only encrypts user files but also exfiltrates private and sensitive information. On denial of ransom, adversaries threaten to release hijacked information in public. This is double trouble for organizations – exposing sensitive data in public causes severe GDPR implications. In either case, businesses are likely to have to pay to move forward. This tactic is called RansomHack or Double Extortion. Maze, DoppelPaymer, Ryuk, Lockbit, Netwalker, Mountlocker, and Nefilim are few ransomware operators using double extortion techniques. We expect this trend to continue in
2021 as well. Targeted Ransomware attacks on Healthcare and Pharma Sector to Surge Healthcare and Pharma sector companies that have been in the front lines working to fight against the Coronavirus pandemic are also facing a new wave of ransomware attacks and extortion demands lately. Though few ransomware operators agreed to not attack the healthcare sector during the COVID-19 crisis, several other attack groups have continued to use ransomware against this sector, largely because of the sensitive and personal data of patients they store. Numerous hospitals, COVID-19 research firms, and pharma companies have fallen victim to ransomware in the last quarter of ‘20, making it necessary for them to adopt or deploy a comprehensive set of security solutions. Techniques similar to Operation SideCopy In September 2020, Seqrite became the pioneer in discovering Operation SideCopy, an Advanced Persistent Threat (APT) attack targeting the Indian Defence Forces. The cunning nature of this attack had so far misled the security community into believing that this was in fact Transparent Tribe. Similar to Operation SideCopy, which attempted to use techniques similar to some other state-sponsored APTs, there will be similar attacks in 2021 that will attempt to breach critical infrastructure. CobaltStrike: Powerhouse of Ethical Hackers in the Hands of Cyber Criminals Cobalt Strike is a threat emulation toolkit that is often being used for post-exploitation, covert communication, and browser pivoting, among other malicious purposes. It can be repurposed to deploy any type of payload, be it ransomware or keylogger. Ransomware attacks that are now relying on this are Egregor, Ryuk, and Lockbit. We have also observed the involvement of ‘CobaltStrike’ beacons in the recent major backdoor and APT attacks. Recently, the source code of ‘CobaltStrike’ was leaked on GitHub. This will allow malware authors to make customized changes in the source code or tweak it to evade detections. So, the rise in the inclusion of ‘CobaltStrike’ beacons in major cyber-attacks will be observed in the coming future. To access the full content, Click: https://www.enterpriseitworld.com/ seqrite-threat-predictions-2021-revealthat-targeted-ransomware-attacks-onhealthcare-and-pharma-sector-to-surge/ DECEMBER 2020 ENTERPRISE IT WORLD
19
SECURITY // CISCO
MAJORITY OF INDIAN COMPANIES REPORTED OVER 25% JUMP IN CYBER THREATS WHILE WORKING FROM HOME: CISCO experienced a 25% or more jump in either cyber threats or alerts since the start of COVID-19. Cisco’s Future of Secure Remote Work Report revealed many Indian organizations were unprepared to make the accelerated transition to a remote workforce at the outset of COVID-19. About two-thirds (65%) of organizations adopted cybersecurity measures during COVID-19 to support remote working.
VISHAK RAMAN, DIRECTOR, SECURITY BUSINESS, CISCO INDIA & SAARC
Organizations in India are seeing a significant increase in the cybersecurity challenges they face amid the shift to mass remote working, a new study by Cisco shows. According to the study, 73% of organizations in the country have 20 ENTERPRISE IT WORLD DECEMBER 2020
The study is based on a survey of over 3,000 IT decision-makers globally, including over 1,900 respondents across 13 Asia Pacific markets, including India. It highlights the cybersecurity challenges companies faced as they shifted the majority of their employees to a remote working arrangement in a really short period of time. With users connecting from outside the corporate walls, secure access – defined as the ability to verify identity and establish trust no matter how, where, or when users log in, is the top cybersecurity challenge faced by the largest proportion of Indian organizations (68%) when supporting remote workers. Other concerns raised by organizations include data privacy (66%) and protection against malware (62%). “With organisations forced to shift to a new way of working almost overnight, the newly distributed workforce became a focal point for malicious actors. As a result, the pandemic has amplified the criticality of cybersecurity and brought new complexities to the fore. Now,
as remote work continues to garner traction, organisations are turning their attention to building a robust cybersecurity foundation, with cloud security emerging as the top investment for 31% of companies in reinventing their workplaces post COVID-19,” said Vishak Raman, Director, Security Business, Cisco India & SAARC. Endpoints are a growing challenge for organizations to protect, as users connect from their home Wi-Fi or use their personal devices to connect to corporate applications. About two in three respondents stated that office laptops/ desktops (66%) and personal devices (58%) posed a challenge to protect in a remote environment, followed by cloud applications at 42%. An opportunity to transform for the future One trend that emerged in recent months is that a hybrid workplace – where employees move between working remotely and in the office – is the future. The findings of this study further underlined that. Over half (53%) of the organizations in India said they expect more than half of their workforce to continue working remotely post-pandemic. This compares to an average of just 28% of organizations with more than half of their workforce working remotely before the pandemic. The good news is that as businesses prepare for this hybrid workplace, cybersecurity now tops corporate priorities, with 84% of organizations in India saying that cybersecurity is now a top priority for them. What is even better is that they are translating this into concrete action. The study highlights that 77% of organizations in the region plan to increase their future investment in cybersecurity due to COVID-19. There are still challenges, though, that need to be addressed. While almost all (97%) organizations have made changes to their cybersecurity policies to support remote working, further simplicity and education are needed. According to the study, 60% of Indian organizations said that having too many tools/solutions to manage was a challenge faced in reinforcing cybersecurity protocols for remote working, followed by a lack of employee education and awareness (55%). “Deploying multiple cybersecurity tools reinforces a fragmented and complex security environment that is prone to risks arising from human error. This calls for the implementation of a comprehensive and integrated security approach that can provide a seamless experience for users as well as IT teams. Further, greater focus must be laid on educating and building employee awareness as these endpoints will become the first line of defence for the organisation of the future,” Vishak added.
MACHINE LEARNING // SECURITY
RAFFAEL MARTY, HEAD OF X-LABS, FORCEPOINT
Raffael Marty is the Vice President Research and Intelligence at Forcepoint. Raffael heads up X-Labs at Forcepoint, the world’s first dedicated research division that combines deep security expertise with behavioral science research. X-Labs’ mission is to create the best behavioral-based analytics and security intelligence capability in the cyber-security world, enabling Forcepoint’s human-centric products and services to operate in a predictive fashion. Previously, Raffael led the Forcepoint Corporate Strategy team. Raffael brings more than 20 years of cybersecurity industry experience across engineering, analytics, research and strategy to Forcepoint. Raffael also provides strategic company growth counsel and guidance and is responsible for how Forcepoint creates value across the Human Point System of products. Prior to Forcepoint, Marty ran security analytics for Sophos, a leading endpoint and network security company, launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on established best practices and emerging innovative trends in the big data and security analytics space. Marty is one of the industry’s most respected authorities on security data analytics, big data and visualization. He is the author of “Applied Security Visualization” and is a frequent speaker at global academic and industry events. Marty holds a master’s degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.
INHERENT BIAS IN MACHINE LEARNING Cracks in Trust and How to Mend Them Looking at the cybersecurity landscape today, I have to say I’m glad I’m not a CISO. In an ever-evolving world of digital transformation, omni-connected devices and semi-permanent remote workforces, keeping critical data and people safe is a huge challenge. So huge, in fact, that it can’t be done without the implementation of machine learning and automation. At the core of understanding risk and exposure to an organization, we need to understand its critical data and how that data moves. We can only do so by collecting large quantities of metadata and telemetry about said data and the interactions with it to then apply analytics to make sense and translate it into a risk-based view. However, developing automated systems is not without its challenges, and in 2021 I believe that machine learning and analytics will fall under tighter scrutiny, as trust in their unbiased nature and fairness, as well as ethical boundaries will be questioned. Rage at the Machine We saw headline-grabbing incidents this summer. For example in the United Kingdom, where the government initially decided to let algorithms determine schoolchildren’s exam results. However, the bias which had been baked into this particular algorithm resulted in significant drops in grades: unfairly skewed to lower-income areas, and worse, not taking the teachers’ expertise into account. This resulted in an embarrassing U-turn, where people ended up trumping machines in grading exams. This is not the first time that algorithms and machine learning systems, trained on biased data sets have been criticized. You will have heard of Microsoft’s Tay chatbot and you may have heard of facial recognition software incorrectly identifying members of the public as criminals. Getting it
wrong can have life-changing effects (e.g. for the students or people applying for credit) or could be as “minor” as an inappropriate shopping coupon being sent to a customer. A number of cybersecurity systems use machine learning to make decisions about whether an action is appropriate (of low risk) for a given user or system. These machine learning systems must be trained on large enough quantities of data and they have to be carefully assessed for bias and accuracy. Get it wrong, apply the controls wrong, and you will experience situations such as a business critical document being incorrectly stopped mid-transit, a sales leader unable to share proposals with a prospect, or other blocks to effective and efficient work. Conversely if the controls are too loose, data can leak out of an organization, causing damaging and costly data breaches. Finding the Balance in 2021 To build cyber systems that help identify risky users and prevent damaging actions, the data we analyse comes for the most part from looking at a user’s activities. It’s worth saying upfront that user activity monitoring must be done appropriately, and with people’s privacy and the appropriate ethical guidelines in place. In order to create a virtual picture of users, we can track log on and log off actions. We monitor which files people open, modify, and share. Data is pulled from security systems such as web proxies, network firewalls, endpoint protection and data leak prevention solutions. From this data, risk scores are then computed and the security systems in turn flags inappropriate behaviour and enforces security policies appropriately. Click the link to read the entire article https://www.enterpriseitworld.com/ inherent-bias-in-machine-learning/ DECEMBER 2020 ENTERPRISE IT WORLD
21
CIO TALK // CONTACTLESS
KAPPU JAYKUMAR
Senior Director – IT, Lowe’s India
“When developing new products, start with the why. Why are you building this, what problem is it going to solve, and for
BY SANJAY@ACCENTINFOMEDIA.COM
W
whom? What are the measures of success for the product?”
hat is the future of retail and e-tail sector from a digital transformation point of view? Digital transformation has become imperative for all processes. It is not about replacing older systems with new technology. It involves integrating technology, revisiting all aspects of the business processes, and redefining how value is delivered to the customer. Beyond the integration of technology to business processes, the key to success of digital transformation is the mindset change, a culture shift where the company is ready to experiment new ways of doing things, thereby challenging the status quo. This may include moving away from processes that have been 22 ENTERPRISE IT WORLD DECEMBER 2020
followed for decades in an organization. As all industries are moving towards using technology to connect with their customers, retail is no exception. In the wake of the pandemic, as customers are moving towards safe ways of shopping, retailers who have a strong digital presence are way ahead of the curve and thriving. Retailers who have embraced digital transformation successfully have better agility and flexibility in adapting to the ever changing customer demands, deploying new tools and processes to serve them effectively by automating existing systems and processes. They will be able to better engage with their customers through multiple channels, including web, mobile, social media, provide a personalized shopping experience by leveraging tools like AI/ML, respond to supply chain disrup-
tions, resulting not in a higher quality of service but also increased sales and better ROI. What is your idea behind Omni-channel Retail? Browse, Search, Shop anywhere, anytime is the mantra of Omni-channel. Omni-channel is about creating a seamless, consistent experience across the various channels – desktop, mobile, social media, and in-store. Examples of omni-channel experiences include brick & mortar retailers offering digital shopping experience providing conveniences to the customers like ‘buy-onlinepick-in-store’ or ‘buy-online-return-in-store.’ As shoppers today prefer webrooming or showrooming, enabling multi-channel selling has become a necessity. Webrooming customers are
CONTACTLESS // CIO TALK
EVERY RETAILER NOW NEEDS TO EMBRACE ‘CONTACTLESS’ WAY OF OPERATIONS. those who research their products online and end up buying in the store. Showrooming customers exhibit the opposite behavior. They go to the store to physically touch and feel the product before shopping them online. Polling shows that 69% of shoppers webroom and over 46% showroom. It is undisputed that providing an omnichannel experience is essential for retailers to stay relevant. Leveraging the data retailers have about their customers, delivering an integrated experience across channels by recognizing them is vital to the success of a retailer’s omni-channel strategy. Throw some lights on contactless experience changing the future of the retail industry? ‘Contactless’ has become the buzzword during the pandemic. Every retailer now needs to embrace ‘contactless’ way of operations. While the shift started after Covid-19, this trend will continue long after the pandemic. Some of the trends that are fast evolving with contactless shopping are: n Curbside Pickup – While buy-online-pickup-in-store (BOPIS) was a prevalent fulfillment method, in recent times, curbside pickup has become a preferred way for picking up orders that they were placed online. Integrating geofencing technology with curbside experience, retailers can be alerted as the customers are approaching their premises, prompting them to keep their order ready, avoiding wait times. n Locker Pickup – Lockers are another form of contactless pickup of orders gaining popularity when customers are looking for safe ways to shop. Items ordered online are picked up and put away in lockers. Customers use a safety code to open the lockers to pick their items. Lockers housed in stores provide for a contactless pickup opportunity and increase footfall to the stores. n Wallet Payments – Though wallet payments have been around for a while, customers are now gravitating towards adopting it more. Customers often have to scan a barcode to pay using a credit
card attached to their wallet involving a no-touch payment. While safe, this is an efficient operation saving time during checkout. n Contactless Checkout – Scan & go technology is gaining popularity where customers pick items they want, scan them using the retailer’s app, and pay using their mobile wallet by scanning a QR code while exiting. While this experience is in its infancy, retailers need to invest in these technologies to continue attracting shoppers. Retailers need to pick the high-gear on these technologies and start investing in them if they haven’t already started to create a safe retailing environment. How AR and VR create value in retail? AR/VR is one of the trending technologies in retail, with smartphones readily coming with AR capabilities. AR allows the customers to use the real world environment in front of them overlaid with digital information. This is becoming very powerful for retailers, especially when they can let customers view their products in its new space creating a real life experience. For example, a customer who is looking to buy a couch can bring life into it by visualizing it in their living room with a AR enabled smartphone. When someone is looking to paint their room, AR can be used to try out different colors on their walls. Not only in home improvement shopping, AR technology is widely used in fashion and cosmetics retail, where the customers can virtually check out how a certain color of lipstick or clothes looks on them without actually trying them on. AR increases customer engagement with the brand but greatly aids the conversion and drastically reduces returns by allowing customers to understand what they are paying for. VR technology allows customers to have an immersive shopping experience. VR can be used to make the shopping experience more compelling, thereby creating a deep connection
for the customer with the retailer. With a VR device, customers can virtually navigate a store, checkout product information and complete their purchase. Combined with AI/ML, customers can experience a hyper-personalized store with products curated specifically for a customer. These technologies, which are expected to grow over $1.6B by 2025, are gaining further momentum as customers are leaning towards contactless shopping. How can companies leverage AI/ ML and analytics to serve customers better? The goal of any business is to attract new customers, retain their loyal customers, and sell more. To do this effectively, retailers need to understand their customers, their tastes, preferences, and offer them the right products at the right prices. Data is at the heart of providing a compelling customer experience. In retail business where seasonality and trends constantly keep changing, data plays a crucial role in defining its success. Today, all retailers depend on data for making key business decisions. Following are some areas where data analytics and AI play a vital role in retail n Smart customer experience – Understanding the customer from their previous purchases, browsing patterns, saved items lists, etc., to render a hyper-personalized experience, including showing their favorite brands, giving them personalized promotions and offers. Research shows that 44% of customers are likely to be repeat buyers if they are offered a personalized experience. n Smart Recommendations – When the product a customer is looking for a product that is out of stock, AI enables retailers to provide the customer with alternatives that cater to their tastes. n Smart Assortment – Having a customer-centric approach to assortment planning is key to not only to increasing sales and inventory turns but also creating brand loyalty. Aligning the customer data, including lifestyle, buying preferences, and pattern, along with inventory data, AI can power insights to localized assortment plans for a market that will best suit to increase the profit margins. n Smart Pricing – Pricing not only determines the bottom line of the company but a key factor in the customer buying decision. With AI, retailers will not only be able to predict the current pricing trends for a product but also compute the best prices based on its sales demand, seasonal trends, geographic location, release of newer models, etc. To access the complete article log on to: https://www.enterpriseitworld.com/ every-retailer-now-needs-to-embracecontactless-way-of-operations/ DECEMBER 2020 ENTERPRISE IT WORLD 23
SECURITY // DELL TECHNOLOGIES
Dell Technologies introduces new Dell EMC PowerProtect DP series integrated appliances and PowerProtect Data Manager software advancements to help customers protect, manage and recover data from traditional and modern applications across core data centers, edge locations and public clouds. Dell, the industry leader in data protection appliances and software1, also announces PowerProtect Cyber Recovery is the first data vaulting solution endorsed by Sheltered Harbor to enhance cyber resiliency in the financial sector. 24 ENTERPRISE IT WORLD DECEMBER 2020
“The current times have altered the approach of Indian businesses not only towards digital transformation but also towards data protection. With the rapid adoption of remote work culture and new-age technologies, the external threat environment has also grown exponentially, which has resulted in increased incidents of cyberattacks. Therefore, businesses have realized that in order to maintain their business continuity and to deliver innovative solutions they need to safeguard their data capital and hence deploy better data protection tactics”, said Ripu Bajwa,
Director & General Manager, Data Protection Solutions, Dell Technologies, India. “Data protection is not a one-size fits all proposition and Dell Technologies understands that. Thus, to better enable our customers and help them in protect, manage and recover their data from traditional and modern applications across core data centers, edge locations and public clouds, we have recently expanded our PowerProtect product portfolio. The new Dell EMC PowerProtect DP series will further allow businesses to manage explosive data growth, complexities,
DELL TECHNOLOGIES // SECURITY
RIPU BAJWA, DIRECTOR & GENERAL MANAGER, DATA PROTECTION SOLUTIONS, DELL TECHNOLOGIES
DELL TECHNOLOGIES HELP INDIAN BUSINESSES SAFEGUARD CRITICAL APPLICATIONS thereby reducing their operational costs.” Dell EMC PowerProtect DP series offers modern integrated data protection PowerProtect DP series is Dell’s next generation integrated data protection appliance, offering complete backup, recovery, replication, deduplication, cloud readiness with disaster recovery, and long-term retention to the public cloud. PowerProtect DP series appliances help customers manage explosive data growth, lower costs and simplify increasing com plexities with an all-in-one solution, offering: n Extreme performance: Delivers up to 38% faster backups and up to 45% faster restores.2 PowerProtect DP also offers instant access and restore of up to 50% greater IOPS3 (Input/Output Operations Per Second), compared to the previ-
ous generation, allowing customers to quickly and easily recover critical data. n Greater efficiency: Provides up to 1 petabyte of usable capacity with 30% more logical capacity4, with up to 65:1 data reduction, enabling customers to store more data in the same space with more cost-effective systems. n Energy savings: Consumes up to 23% less power than previous generation5, delivering significant energy and cost-savings. Sheltered Harbor endorses Dell EMC PowerProtect Cyber Recovery Dell Technologies announces that Dell EMC PowerProtect Cyber Recovery is the first on-premises turnkey data vaulting solution to receive a Sheltered Harbor endorsement. Sheltered Harbor is the not-for-profit, industryled initiative dedicated to enhancing the stability
and resiliency of the financial sector in the wake of increased cyber-attacks. PowerProtect Cyber Recovery protects customers from cyber threats ranging from ransomware to insider attacks. The solution’s CyberSense analytics and machine learning capabilities allow customers to monitor data integrity, ensuring the continued quality of their data. Forensic tools allow customers to discover, diagnose and remediate ongoing attacks. With this endorsement, U.S. financial institutions can easily deploy an endorsed vaulting solution to protect critical customer data from cyber threats. PowerProtect Data Manager delivers enhanced Kubernetes and cloud data protection PowerProtect Data Manager delivers new value to PowerProtect appliance customers that have cloud, VMware and Kubernetes environments. Data Manager now protects in-cloud workloads in Microsoft Azure and AWS, offering customers greater choice and flexibility in deploying the software. PowerProtect Data Manager now supports the VMware Tanzu portfolio to protect customers’ modern applications. New integrations make it the first solution to provide native vCenter Storage Policy Based Management integration for VM protection6. Customers can save time and better protect their VMs by using well-known workflows from within their VMware vSphere environment to assign data protection policies. Data Manager now also offers a VMware-certified solution to protect the VMware Cloud Foundation infrastructure layer. Data Manager also offers comprehensive protection for containerized modern applications with agentless, application-consistent protection of open source databases, including PostgreSQL and Apache Cassandra, in Kubernetes environments. Customers now can protect Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS) to back up Kubernetes cluster-level resources. Flexible Consumption with Dell Technologies On Demand With Dell Technologies On Demand, PowerProtect customers can choose how to pay for, consume and manage their appliances. With fully managed services, customers can leave their ongoing data protection operations to Dell experts to monitor, operate and optimize their environment, saving time and reducing risk. Flexible payment solutions enable customers to more effectively budget for IT spending, and only pay for technology and services as needed. DECEMBER 2020 ENTERPRISE IT WORLD 25
SECURITY // GAMING AND ATTACK SURFACES
GAMING AND ATTACK SURFACES: WHAT YOU NEED TO KNOW Normally, DDoS attacks inflict damage by impacting service availability. However, in gaming there is another unique value to DDoS: it is being used to create an unfair advantage to one or more players by slowing down others and kicking out competitors from gaming rooms. The entire gaming arena could be DDoS attacked from different surfaces, leaving players frustrated and potentially leading to a severe impact on the brand reputation. In recent months, we have witnessed more and more UDP, in-session, low volume floods targeting the online gaming industry, which even led a number of famous online tournaments to be canceled or postponed. There are 3 attack surfaces that can take your game offline:
NIKHIL TANEJA, VICE PRESIDENT & MANAGING DIRECTOR – INDIA, SAARC, MIDDLE EAST & GSI AT RADWARE
Gaming is a hot, profitable industry – now more than ever, since the pandemic has driven people to consume more streaming content. It’s why botters, manipulators and cybercriminals will go above and beyond to disrupt online gaming services and impact the multiplayer experience.
26 ENTERPRISE IT WORLD DECEMBER 2020
Gaming Server Surface Similar to every resource on the internet, gaming servers are also bound to bandwidth and hardware resource limitation. As powerful as it may be, once attacked, the game infrastructure can be saturated as any other network/CPU-operated environment. The gaming server is the pivotal connection between the user and the gaming company/platform and hence, it must always be available, always online. No matter if it resides in the public cloud or legacy data center, companies must protect their gaming servers against DDoS and other compromising attacks and ensure their constant high-availability and to provide the best user experience. Gaming Lobby Surface Such a unique, multi-layered architecture can
cause a real headache for a security team. Lobby room protection, over UDP or TCP, can be hard to monitor and even harder to detect attacks because in most cases, they are low volume, resource exhausting attacks that won’t ring any alarm bells. In addition, the authentication and initial login are, in most cases, encrypted. In general, encrypting the game authentication stream is mandatory in order to maintain data confidentiality and integrity. However, this also poses a problem as middle boxes are blind to the data stream. This inability to process the actual data might cause false positive or false negative detection where the server’s DDoS protection is based on traffic volume only. On the other hand, decrypting all traffic might result in higher latency, negatively impacting the user experience in multi-player games. Since the SSL/TLS problem is a big issue, many times security teams are left with a big problem that keeps them from doing their job properly. Companies need to monitor the regular usage of their lobby room, whether encrypted or not, focusing on the number of legitimate requests and their source IPs, so they can identify abnormal activities and In-Game Surface Protecting the in-game session is a hard skill to master. Security teams need to continually learn the normal distribution of UDP packets in the session itself in order to identify and block attacks, which makes the in-game attack surface lucrative for manipulators and hackers. As UDP is all about speed, learning the normal distribution of online games can be an almost impossible task to perform manually. Gaming companies need to know to look for this in-session DDoS attack that can cause a game to crash or manipulate the integrity of the game itself. There is nothing players hate more than an unfair advantage that makes them lose the game and getting a network DDoS warning message. Recommendations to protect your titles Gaming companies are exposed in three dimensions and must stay on a constant alert and monitor each one of them for each of their titles. Security teams need to be able to identify attacks automatically, whether encrypted or not, when they start and have the right solution to block the attack while allowing legitimate users to play the game with no added latency. When working manually or with rate limiting technologies, security teams need to choose between impacting the user experience and overlooking the potential threats.
MATRIX // CASE STUDY
MEDITERRANEAN SHIPPING COMPANY (MSC) USES MATRIX ACCESS CONTROL SYSTEMS TO ENSURE THE OVERALL SECURITY OF THE ORGANIZATION
BY SANJAY@ACCENTINFOMEDIA.COM
Industry Transportation and Logistics Customer Name Mediterranean Shipping Company Locations 1. Head Office – Geneva 2. Branch Office – Jeddah and 15+ locations Devices 35+ Access Control Devices Users 1000+ Company Profile AMSC Mediterranean Shipping Company S.A. (MSC) is the world’s second-largest shipping line in terms of container vessel capacity. It operates 480 offices across 155 countries worldwide with over 24,000 employees. MSC’s shipping line sails on more than 200 trade routes, calling at over 315 ports. Challenges MSc searched for options to manage attendance in the office spread across 15+ locations. A central server that can handle the capacity of 1000+ users and can seamlessly integrate with their accounting software – SAP. Additionally, they required a fool-proof solution that can assist them to manage multiple
shifts with automated shift correction options and work hour’s calculation in overnight shifts and more!. Solution Matrix addressed these challenges by proposing a Door Controller for the locations connected by a central platform. This Time-Attendance Solution helps them to procure accurate attendance details of an employee in no time! Furthermore, this attendance data is integrated with accounting software – SAP for seamless attendance and payroll management. The offered solution deploys the Access Control Solution that enables complete security of all their units. COSEC PVR Door Controller – a contactless biometric that is engineered to offer the utmost security, eliminates the risk for forgery or identity duplication. Results s Effortless Attendance Management of All Location from Head Office s Multiple Connectivity Options s Streamlined Shift Allocation and Automated Shift Correction s Seamless Integration with SAP s Customized Attendance Policy Formation s Real-time Alert on Attendance Related Event
& Auto Scheduled Reporting s No Correction Required for Overnight Shift Environment Products and Solutions Offered s COSEC PVR DOOR CONTROLLER s Palm Vein Door Controller s COSEC CENTRA LE s Application Server Platform with 1000 Users s COSEC LE TAM s Time Attendance Software Module s COSEC LE ACM s Access Control Software Module For further information, please contact: 394-GIDC, Makarpura, Vadodara-390010, India Toll Free -1800-258-7747 E-Mail: inquiry@matrixcomsec.com Website: https://www.matrixaccesscontrol. com/ DECEMBER 2020 ENTERPRISE IT WORLD 27
SECURITY // MANAGE ENGINE
MANAGEENGINE RECOGNIZED AMONG “PROVIDERS THAT MATTER MOST” IN PRIVILEGED IDENTITY MANAGEMENT RAJESH GANESAN, VICE PRESIDENT AT MANAGEENGINE
Forrester Research has recognized ManageEngine as one of the “providers that matter most” in privileged identity management (PIM) and chatbots for IT operations. 28 ENTERPRISE IT WORLD DECEMBER 2020
The Forrester Wave: Privileged Identity Management, Q4 2020 cites very high customer satisfaction for ManageEngine’s PAM360. Meanwhile, the Forrester New Wave: Chatbots for IT Operations, Q4 2020 notes that “ManageEngine customers report that they’re satisfied with the offering and impressed with the ease of integration and flexibility.” In addition to this recent recognition, ManageEngine previously made it to the The Forrester Wave: Enterprise Service Management (ESM), Q4 2019 and The Forrester Wave: Unified Endpoint Management (UEM) published in Q4, 2019. The two technologies are increasingly significant as more organizations look to ESM to improve overall user experience and productivity, while also looking to UEM to manage and secure
exploding endpoint populations. “As the objective of the IT organizations change to delivering holistic employee experience than just managing the technology infrastructure, a piecemeal approach to tools is not going to be effective anymore” said Rajesh Ganesan, Vice President at ManageEngine. “We understand this trend and have evolved the ManageEngine suite with capabilities that help IT teams drive the modern enterprise from the front line. And we believe this recognition from Forrester in multiple functional areas is a strong testament to our abilities in continuously solving our customers’ problems.” Managing privileged identities with PAM360 “ManageEngine [PAM360] has very high customer satisfaction. Customers like the user experience, the consistent and integrated environment, fast and easy deployments, solid integrations across many systems and applications. The vendor has established a reputation for being easy to work with, responsive, and having excellent customer support,” according to The Forrester Wave: Privileged Identity Management, Q4 2020.” ManageEngine launched PAM360 in October 2019 as a holistic approach to enable customers to successfully implement privileged access security across their entire IT infrastructure. PAM360’s enterprise-oriented highlights include privileged account governance, just-in-time privilege elevation, privileged session monitoring, privileged user behavior analytics, and SSL/TLS certificate management. Powering chatbots for IT operations with Zia “Zia best suits companies that are using ManageEngine and having development resources. For organizations using ManageEngine and looking to experiment with chatbots, Zia is an ideal solution/platform add-on and should steadily improve….[Zia, included with the ManageEngine platform,] competes with an extremely affordable option.” With Zia, ManageEngine aims to help IT teams of all sizes and complexities across industries reap the benefits of AI technology. Zia is offered with on-premise version of ManageEngine’s Unified Endpoint Management tool -Desktop central, ManageEngine’s Analytics Plus on-premise version, and is available with all IT instances of SDP Cloud versions. Zia is offered with all paid versions of ManageEngine and Zoho products. ManageEngine is one of the few vendors with a product portfolio that can integrate natively to provide an enterprise-grade solution for IT, security, and business challenges alike.
ARTIFICIAL INTELLIGENCE // SECURITY
SOPHOS ANNOUNCES 4 NEW OPEN ARTIFICIAL INTELLIGENCE DEVELOPMENTS SophosAI Advances the Practices and Language that Will Transform the Cybersecurity Industry with Much-needed Transparency and Openness
JOE LEVY, CHIEF TECHNOLOGY OFFICER, SOPHOS
Sophos announced four new open Artificial Intelligence (AI) developments to help broaden and sharpen the industry’s defenses against cyberattacks, including datasets, tools and methodologies designed to advance industry collaboration and cumulative innovation. This move accelerates a key Sophos objective to open its data science breakthroughs and make the use of AI in cybersecurity more transparent, all with the aim of better protecting organizations against all forms of cybercrime. While it is common practice to share AI methodologies and findings in other industries, cybersecurity has lagged in this effort, creating a noisy understanding of how AI truly provides
protection against cyberthreats. Sophos and its team of SophosAI data scientists are catalyzing this change toward openness, so that IT managers, security analysts, CFOs, CEOs, and others making security buying or management decisions, can discuss and assess AI benefits from a level and well-informed playing field. “With SophosAI’s new initiative to open its research, we can help influence how AI is positioned and discussed in cybersecurity moving forward. Today’s cacophony of opaque or guarded claims about the capabilities or efficacy of AI in solutions makes it difficult to impossible for buyers to understand or validate these claims. This leads to buyer skepticism, creating headwinds to future progress at the very moment we’re starting to see great breakthroughs,” said Joe Levy, chief technology officer, Sophos. “Correcting this through external mechanisms like standards or regulation won’t happen quickly enough. Instead, it requires a grassroots effort and self-policing within our community to produce a set of practices and language that will advance the industry in a disruptive, open and transparent manner.” It is difficult to overstate the criticality of this shift given the immense potential of how AI can benefit cybersecurity. Sophos evidence shows that defenders are increasingly facing human adversaries who are constantly upping their game, launching highly contextualized Business Email Compromise (BEC) forgery campaigns or relentlessly developing new ransomware attacks. Scalable and effective defenses against these and most other types of cyberattacks require assistance from AI. Openness and peer review among those applying AI to address these security threats
stimulate innovation and discoveries, driving the entire industry forward. Sophos is providing datasets, tools and methodologies in four important areas: SOREL-20M Dataset for Accelerating Malware Detection Research SOREL-20M, a joint project between SophosAI and ReversingLabs, is a production-scale dataset containing metadata, labels and features for 20 million Windows Portable Executable files (PE). It includes 10 million disarmed malware samples available for download for the purpose of research on feature extraction to accelerate industry-wide improvements in security. This dataset is the first production scale malware research dataset available to the general public, with a curated and labelled set of samples and security-relevant metadata. AI-powered Impersonation Protection Method SophosAI’s Impersonation Protection is designed to protect against email spearphishing attacks, where influential people are impersonated to trick recipients into taking some harmful action for the benefit of the attacker. This new protection compares the display name of inbound emails against high level executive titles – those most likely to be spoofed in a spearphishing attack, such as a CEO, CFO or president – that are unique to specific organizations and flags these messages when they appear suspicious. Sophos has trained the AI working behind the scenes on a large sample set of millions of known attack emails. SophosAI has opened up this innovative new protection method, which it has also discussed publicly at Defcon 28 and in an Arxiv paper. Digital Epidemiology to Determine Undetected Malware SophosAI has also built a set of epidemiologyinspired statistical models for estimating the prevalence of malware infections in total, which enables Sophos to estimate – and in turn enabling a better chance to find – the needles in a PE file haystack. SophosAI has pioneered and made publicly available this method that helps to determine malicious “dark matter,” malware that might be missed or wrongly classified, and “future malware” that is in development by attackers. The model is designed to be extensible to other classes of files and information system artifacts and is also discussed in the Sophos 2021 Threat Report. Click the link to access the article: https://www. enterpriseitworld.com/sophos-announces-4new-open-artificial-intelligence-developments/ DECEMBER 2020 ENTERPRISE IT WORLD 29
MARKET WATCH
HOW WE CAN HAVE SECURE BROADBAND CONNECTION?
BY SANJAY@ACCENTINFOMEDIA.COM
quence. To use the 5 GHz network, your phone, tablet, laptop, or USB adapters must endorse the frequency.
For everyone today, Internet access is essential. Hotels, schools, dorms, hospitals, airports, and private industries are areas where people are clustered and internet access is needed for almost all. Offering bandwidth to retail users in today’s situations has become a difficult challenge for internet providers as the time we spend at home has risen due to the pandemic. Our interests are shifting dynamically as digital life gets more and more prominent in our activities. According to a survey undertaken by Hotels. com, which facilitates worldwide hotel bookings through its global network infrastructure, the accessibility of Wi-Fi service at the hotel is the highest demand of travelers who book accommodation on both work trips and vacations. It is helpful to understand certain techniques to provide vast numbers of users at the same time with high capacity, high speed, and secure internet access. Also, even your daily usage. Knowing these critical points, you will have a system that runs seamlessly and efficiently as well as no problem will be observed if you are a business that offers free Wi-Fi connection. Below we mentioned certain methods to make a secure broadband connection. Having too many access points is not a solution at all Instead of increasing efficiency, adding too many access points (AP) can cause performance decline. This implies that you waste more money and do not achieve productivity. Hence it is not a 30 ENTERPRISE IT WORLD DECEMBER 2020
stand-alone approach to mount a wide number of access points. Since access points that transmit from the same channel will cause loss of output by allowing user devices to interact. Do not use older wireless networks on your network to access larger bandwidth, if possible You can utilize old standard devices with an 802.11n access point-based wireless network. With 802.11n adapters as well as existing 802.11g or even 802.11b systems, the 802.11n access point will operate concurrently. Systems that support existing standards are supported by the 802.11n standard. Except when slow devices are actively receiving the signal, then the 802.11n client speed reduces (50-80 percent). It is advised that only clients of this standard be used on the network for maximum efficiency on the 802.11n wireless network. Using the band at 5 GHz Dual-band Wi-Fi, dual-band 2.4, and 5 GHz access points are enabled by certain routers. At a frequency of 2.4 GHz, nearly all Wi-Fi networks run. The more gadgets that operate on the same band, the more they conflict with each other that greatly lowers effective communication. This assertion is particularly valid in apartments in which virtually every resident has Wi-Fi systems. The drawback of the 5 GHz frequency is that this frequency is seldom used, offering low intrusion and optimum connection efficiency as a conse-
Using VPN with unlimited bandwidth option Recently, the market for VPN services with unrestricted bandwidth has risen exponentially over the years. So if you are exhausted with bandwidth restrictions, choosing the best VPN provider for bandwidth will be an alternative option. Unlimited bandwidth ensures that at any moment you can upload or retrieve as much information or data as you want on a VPN server. All VPN providers, however, do not have unrestricted bandwidth. But knowing the ins and outs of Surfshark VPN would be a helpful reference to this technique since it is one of the industry’s best VPN choices. Sometimes it can also be good to reduce the strength of the Wi-Fi signal It doesn’t necessarily mean that the network can run efficiently and securely with so much transmitted Wi-Fi signal power. In the network, high signal intensity can create increased disruption and inconsistencies. The effect of cross-channel interference can be impaired if the signals that your access point is operating with are very strong ( you can see several wireless networks and the signal strength is high). This interference impacts the network’s efficiency as it greatly raises the noise level which, due to the intermittent transfer of data, results in low connectivity integrity. It is advised that the transmitting capacity at the access point be minimized in this situation. Switch the power-saving mode off On certain mobile devices with power-saving mode activated, low Wi-Fi connection speed can be seen (especially in sleep mode). It can impact the functionality of the wireless adapter of the Wi-Fi device. To check the connection, turn off this mode manually. The battery saving mode is enabled automatically on certain devices when the battery level is set below a certain limit (for example, when the charge is below 20 percent or 15 percent ). We suggest that you ensure that the remaining battery does not drop to a certain level if you do not know how to switch off the power saving mode in the settings.
Transforming telecommunications enriching the customer experience atos.net
Date of Publication: 28 of Every Month Date of Posting: 1 & 2 of Every Month
RNI NO: DEL ENG/ 2017/ 69906 Postal Reg. No.: DL-SW-01 / 4200 / 17-19
PMP
TM
Peak Throughput up to
1.2Gbps