SPECIAL SUPPLEMENT BY
OCTOBER 2015
SE.CUR.ITY Consumerisation of IT, BYOD, mobility has led to an information explosion and also blurred the line between work and play which is turn is creating challenges for the IT department. 06
EDITORIAL
WHY CYBER SENTINELS?
SANJAY MOHAPATRA sanjay@smechannels.com
INDIA IS THE LARGEST DEMOCRATIC COUNTRY from population point of view. It is also the largest country from market potential point of view. There are excess of 1.3 billion population living in more than 600,000 villages and there are more than 5000 cities in India. It is also the third largests martphone market in the world which is expected to reach 314 million mobile internet users by 2017. Within this backdrop lot of things happening. The entire country is becoming digitized. Soon there 500 railway stations will be wireless enabled. Similarly, there will be 100 smart cities. Villages will be connected with broadband, and there will be health card for the soil, and bank accounts for each citizen. This gives a lot of opportunity to the global and local IT companies in terms of projects. This also opens a sluice gate to the cyber criminals to inflict threats to the networks. This is very critical to the entire infrastructure. Another point is, the more you safe guard the gate the better it is for the infrastructure which should be continuously monitored. So there is huge opportunity in the market. In a way the growth of security market is quite proportionate with the growth of the projects or the implementation of the projects planned for the next 4-5 months. And there is no escape from this. This is about the growth of security landscape in the government sector and somehow the private organizations are serving the government and its citizens directly and indirectly. Therefore, the understanding of CISOs about the right security solutions should be paramount. By bringing this supplement - Cyber Sentinels - we are of strong conviction that this will grow (although it is the beginning) and bring in clarity about the entire landscape. Looking forward to supporting the community in bringing out valuable information about existing and new players in the cyber security and leaving up to your evaluation and judgment.
ENTERPRISE CHANNEL MAGAZINE
DOES NOT EXIST ANYMORE! So is it GOOD NEWS or is it BAD NEWS? IB
M
IN
TR
O
D
U
C
E
S
W
S AT
O
N
A
N
A
LY
T IC
S
/0
LD OR W IT IB
W
SE
|
|
It is indeed good news. Your favourite magazine Enterprise Channel has now changed to Enterprise IT World. What earlier used to focus on the enterprise channel eco-system would now focus on the CXOs including the CIOs, CEOs, CFOs and CTOs of the enterprise world.
6
| RS
PA
GE
VO
LU
ME
IS SU
PT
EM
BE
R 20
W W.
EN
TE
RP
RI
SE
CH
AN
NE
LS
.C
M
IN
TR
OD
UC
ES
WAT
SO
N
AN
YT AL
IC
/0
S
D
RL WO IT
OM
SEP
14
E 08
RS
02
20
|
PA G
ES
32
VOL
|
UME
02
|
ISS
6
UE
BE TEM
01 R2
4
WW
W.E
NTE
RPR
ISE
CHA
NNE
LS.
COM
08
S 32
20
D UD E LOU S20 R CLO ND C IT INRD09201E4R NDIVE IT UCTU SDI ADRIVETRUCTUEC A I SD O DR ASTRSS TIONFRANSESS I T NFR INE BUS I US B
to ed g t to ne ed e adin en th m e ne ing d is le ge d th lead ent an ty na ned an is em s ics ility ic agili ma efi ag -d an r man er ag man fined 4 e m he ture are de e dy gh dy hig uc ftw ris ith ”hi/2 ructur aree tr o w TS st ftw terp ris ith as f s so fra en less, Nin o rp s, w infr UIT ing a of O er ng e with nCin s IT era le e io the Cha or e in g m 4 olut E r in with n r th ev NCushe /18 do ” /2 tio he 8 ng re d an IE TS /1 R ul ers. to ha o volu us co UN m e ld C . nt atPE CO thX ce do an ou ters CE ta : “Eda IE N to at c cen K ER th ta XP LIN “E R da E N K:
014RS20
ECIND092
nte
C
O
M
P
U
T
CO
M PU
TE
R
LI
OCTOBER 2015
3
contents
Publisher: Sanjib Mohapatra Editor: Sanjay Mohapatra Associate Editor: Karma Negi Executive Editor: Smruti Chaudhury Copy Editor: Neil D’Souza Designer: Ajay Arya Web Designer: Vijay Bakshi Technical Writer: Manas Ranjan Satya Sagar Sinha Lead Visualizer: DPR Choudhary MARKETING Marketing Manager: Hemlata Lalwani Marketing Executive: Rajat Kumar
ER COV RY STO
Circulation and Printing: Panchanan Bhoi SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-41055458 E-mail: Hem@smechannels.com Bangalore #28/1, 3rd Floor, Sri Lakshmi Krupa, Near Shamanna Park, Model House Street, Basavanagudi, Bangalore - 560004 Ph. No. +91 88618 21044 Mumbai Tahmeed Ansari 2, Ground Floor, Park Paradise, Kay-Bees CHS. Ltd.,Opp. Green Park, Oshiwara, Andheri (west), Mumbai - 400 053. Ph. +91 22 26338546, Fax +91 22 26395581 Mobile: +91 9967 232424 E-mail: Info@smechannels.com Kolkata S Subhendu BC-286, Laxmi Apartment, Kestopur Kolkata-700101 Phone: 9674804389 EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New
se.cur.ity /06
Delhi-110016, Phone: 91-11-41657670 / 46151993 editor@smechannels.com
Consumerisation of IT, BYOD, mobility has led to an information explosion and also blurred the line between work and play which is turn is creating challenges for the IT department.
Bangalore Bindiya Jadhav #28/1, 3rd Floor, Sri Lakshmi Krupa, Near Shamanna Park, Model House Street, Basavanagudi, Bangalore - 560004
VENDOR WATCH D-Link/ 14
D-Link Enhances Enterprise Security Capability
VENDOR SHOWCASE Cisco/ 22
Ph. No. +91 88618 21044 E-Mail bindiya@ accentinfomedia.com Skype ID: b1diyajadhav
ESCAN/ 23 ESET/ 24
Printed, Published and Owned by Sanjib Mohapatra
BFSI ARRAY/ 16
“BFSI sector is one of the key growth engines”
INFOWATCH/ 17
“For BFSI we see very high time for DLP projects in 2015-2016”
INFOWATCH/ 25
Place of Publication: 6/101-102, Kaushalya
KASPERSKY/ 26
New Delhi-110016
more inside Editorial~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~03 PARTNERS~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 12
SYMANTEC/ 18
“Attacks aimed at financial institutes have increased”
Park, Hauz Khas
Phone: 91-11-46151993 / 41055458 Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior
GLOBAL MARKET SCAPE~~~~~~~~~~~~~~~~~ 19
written permission from the publisher.
TOP 20 CSOS~~~~~~~~~~~~~~~~~~~~~~~~~~~~46
Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.
4
OCTOBER 2015
Evolve. Innovate. Accelerate. Grab new growth opportunities Smart. Smart. Agile. Simple. Smart. Agile. Simple. inAgile. theSimple. evolving cyberspace
Agile. Simple. Smart. Agile. Simple. Smart. Agile. Simple. Smart. Simple. Smart. Agile. Simple. Smart. Agile. Simple. Smart. Agile. Smart. Agile. Simple. Smart. Agile. Simple. Smart. Agile. Simple. Agile. Simple. Smart. Agile. Simple. Smart. Agile. Simple. Smart. Simple. Smart. Agile. Simple. Smart. Agile. Simple. Smart. Agile.
Cyberoam Security 2.0+ ACTIONABLE SECURITY INTELLIGENCE
As businesses adopt the latest in cloud, mobility/BYOD, virtualization and Big Data, there are several new opportunities coming up in enterprise security space. Get ready to grab these opportunities.
Flaunt industry's best portfolio of security services.
Become a Cyberoam Partner. Winner of prestigious Network Security and Channel awards
Exhaustive Marketing & Branding Aid
Excellent Margins + Sales Incentives + Rebate Rewards
FREE Trainings & CertiďŹ cations
Rate contract with NICSI and NIC, Government of India
Comprehensive product portfolio
Cyberoam Product Line :
Network security appliances (Next-Generation Firewalls/UTMs)
Centralized Management (Hardware & Virtual)
For more information please contact marketing@cyberoam.com or visit www.cyberoam.com
Centralized Reporting
COVER STORY
SE.CUR.ITY Consumerisation of IT, BYOD, mobility has led to an information explosion and also blurred the line between work and play which is turn is creating challenges for the IT department.
From the mobile revolution to the pervasiveness of BYOD solutions, social media, Government initiatives like Digital India, Smart cities, digitization of banking and financial services, emphasis on e-Governance, and enterprises undergoing large scale digitization are creating new avenues of opportunities and giving a push to the Indian economy. This is giving rise to demand for comprehensive security products that protect network perimeters and safeguard an organization’s most sensitive data. An IDC report issued in March 2015 on digitization initiatives and IT spend forecasts across industry segments and enterprise applications indicates that security will see the maximum growth of 15% due to the vulnerabilities thrown open in today’s emerging technology landscape. The cost of losing data far outweighs the cost of securing it. And with the growing sophistication of the threats the market has evolved from point solutions to more comprehensive protection suites which encompass cross device security. In coming times the need for security will only increase and to cater to this there is no dearth of security vendors proving everything from DLP, IPS, antivirus, encryption. Apart from some big names like Intel Security (McAfee), Symantec, Websense, Kaspersky, Sophos and the likes; new start-ups are also setting up their shop in this market like Panzer IT which provides E1ndpoint security, Backup Solutions, DRM, DLP, Encryption with best ROI & TCO for Endpoints, Mobile Devices, Servers, Gateways & Complete Network. Girish Gargeshwari, Director – Sales & Chan-
6
OCTOBER 2015
nels (India & SAARC), Intel Security, says, “The level of cyber-attacks in the country has increased tremendously with more aimed at lucrative targets like financial services and IT organizations. A PwC report for 2015 suggests that the Indian market for security will jump to around $10 billion in 2015.” According to its Digital Asset Survey, 2014, almost half of the surveyed Indian respondents said they personally own three-to four devices in their homes. All these have collectively opened up new gateways of opportunities for the Indian IT security market answers Amit Nath, Country Manager, India SAARC, F-Secure. “Furthering the opportunities, the Indian Governments’ ‘Digital India’ initiative will further boost the security market. In view of this security is no longer a matter of choice but an absolute need. Vendors who provide comprehensive security, which is easy to use and yet affordable will win.” “The adoption is very high and the awareness is also increasing day by day. Earlier IT companies used to have limited budgets for security but now the budget have also increased exponentially,” informs Ajay Dubey, National Manager - Partners & Alliances, Raytheon I Websense.
Future Perfect With security playing a key role in every organisations strategy it is heartening to see the purse strings loosening. According to KPMG, India’s IT security market will grow by 50% in the next three years. Spending in IT security has already increased and will continue to increase.
“India security market is at an interesting stage, and among all the sub markets within IT there is a lot of interest across the board. This market is growing and probably has the fastest growth rate amongst its contemporary markets. But the problem is the base is very small,” says Dubey. And the way the country is slated for a massive digital transformation security becomes the most imperative part of any organisations strategy be it government, private or an individual. “There has been an increase in adoption of Big Data security analytics by enterprises, a renewed focus by the government on revamping security, privacy and regulations, and enterprises realizing the importance of digitisation to grow their business; all this will contribute to the growth of IT security sector in India,” informs Sunil Sharma, VP Sales & Operations, India & SAARC, Cyberoam. The enterprise IT security market in India has seen a considerable and consistent growth over the last few years. While the rise in use of technology enabled services/ solutions, increased internet penetration and evolution in digital consumption by enterprises, are some of the key trends redefining the Indian IT security market, this has also created a massive playground for cybercriminals who are streamlining and upgrading their techniques. According to Symantec’s Internet Security Threat Report (ISTR), cybercriminals prefer automated tools and the help of unwitting consumers to do their dirty work. “Till now even the basic cyber security policy is not in place ... However it can’t be denied that the level of awareness in India is slowing increas-
OCTOBER 2015
7
GIRISH GARGESHWARI, DIRECTOR – SALES & CHANNELS (INDIA & SAARC), INTEL SECURITY
SUNIL SHARMA, VP SALES & OPERATIONS, INDIA & SAARC, CYBEROAM.
SUNDAR RAM, VICE PRESIDENT, ENTERPRISE ARCHITECTURE, ORACLE INDIA
“The level of cyberattacks in the country has increased tremendously with more aimed at lucrative targets like financial services and IT organizations.”
“With cyber-attacks becoming increasingly advanced, the security solutions we need to adopt must have future ready capabilities that are able to handle every threat, thrown at them.”
“Enterprises in India have to re-engineer their thoughts to understand what is the right approach to secure information assets.”
ing in the country because of the evident threats; the Digital India campaign by the government has also managed to raise awareness amongst the masses. The India security market is growing in tandem with global growth,” announces Nath.
India market vs. global
In the global cyber security scenario India is the third most vulnerable country and is the easiest target for the cyber criminals. Nevertheless the security challenges that every individual or organisation faces whether in India or globally remain mostly the same though the scale may vary. In recent times CIOs and CISOs have started invest-
ing heavily, deploying the latest technology, and are continually upgrading to keep up with newer threat vectors; much the same as their global counter parts. “Specifically in the Indian context, we’re dealing with a lot of new economy enterprises such as e-commerce, rapid growth of mobility and mobile
FACTORS DRIVING SECURITY SOLUTIONS
Mobile first economy
8
OCTOBER 2015
ecommerce
BYOD
Digital India and Smart cities
IoT, cloud
based transactions etc. which pose new challenges,” informs Gargeshwari. Sharma feels that compared to other advanced markets there is still tremendous room for growth in India. “In fact, the Asia-Pacific, which includes India, is emerging as the key growth driver of the global IT security market.” The reason why India is on the hit list of cyber criminals and often named amongst the nations least able to defend themselves against cyberattacks F-Secure cites to the much delayed cyber security policies. “Consequently the legal and law enforcement agencies of the country have not been able to keep up with the rapidly growing internet usage in India,” replies Nath. Though he agrees the level of awareness is slowly rising because of the highly visible security incidences, increasing financially and politically motivated advanced targeted attacks and renewed regulatory focus on security and privacy. On the other hand Sharma retorts that India does have a cyber-security policy in place but there is reluctance amongst certain stakeholders to implement it with a degree of seriousness. He
further points to the concern that more than a third of Indian organizations lack the knowledge to prevent cyber-attacks. “Recently, the government has allocated a budget of Rs. 100 crore for banning email services like Yahoo and Gmail in official government communications to protect leakage of grave and insightful government data. This budget will include the expenses on ramping up security of servers and expanding infrastructure,” says Ashish Thapar, Managing Principal - Investigative Response at Verizon Enterprise Solutions. Intel Security doesn’t believe that India is more vulnerable than other countries on the security front because the scope of security breaches and the methods perpetrated by cyber criminals keep evolving rapidly so depending on the location, economic and social factors, one country can seem weaker than others at a given point of time. “However from a technology and security preparedness standpoint, I believe India is at par with the world. In fact, as a country that has pioneered the IT Services and outsourcing models that cater to global organizations, I wouldn’t hesitate to say
How well prepared are we? Cybercriminals are always on the lookout for one loophole which is enough to get them lucky, unfortunately individuals and organisations have to be on guard 24x7. The industry says while everyone is aware of the grave consequences of data breach in terms of preparedness against it is more reactive than proactive. This is something to be concerned off. According to Oracle India’s Vice President, Enterprise Architecture, Sundar Ramo oganizations are not considering long term strategies to
50%
$1.06
in next three years
billion in 2015
A recent research from Gartner highlighted that the security market in India is expected to grow from $953 million in 2014, and cross $1.06 billion in 2015.
that we are often ahead of the curve from a security standpoint,” adds Gargeshwari. In conjunction with the ‘Digital India’ initiative, the National Cyber Security Policy hasn’t matched the expectations in terms of its structure and its implementation, especially on the lines of creating skilled manpower to ensure cyber security opines Thapar. “Absence of robust data privacy legislation and mandatory data-breach disclosure laws definitely leaves security experts high and dry,” he adds.
$77
According to KPMG, India’s IT security market will grow by 50% in the next three years. Spending in IT security has already increased and will continue to increase
billion in 2015
As per a research conducted by the Industry body NASSCOM, the global IT security market is estimated to be worth $77 billion in the year 2015 with a growth rate of 8 percent annually. The India security market is growing in tandem with global growth.
$1 billion in 2015
A PwC report for 2015 suggests that the Indian market for security will jump to around $1 billion in 2015.
OCTOBER 2015
9
ASHISH THAPAR, MANAGING PRINCIPAL - INVESTIGATIVE RESPONSE AT VERIZON ENTERPRISE SOLUTIONS
“Recently, the govt. allocated a budget of Rs. 100 crore for banning email services ... in official govt. communications to protect leakage of grave and insightful govt. data.”
protect information assets especially the most crucial one – database. Most companies invest in perimeter and network defense because they believe database and application data are inherently safe as they lie deep within the firewall of the company. “This is a dangerous assumption,” he warns, “Enterprises in India have to re-engineer their thoughts to understand what is the right approach to secure information assets? In the new world, sensitive corporate data is stored and accessed from beyond the company’s direct control.” Sharma adds, “The use of advanced security solutions can help mitigate these threats, but there is a need to be on high alert all the time. While the level of preparedness against the onslaught of cyber-attacks is improving, it’s essential to keep evolving the levels of vigilance all the time.” Study shows that the majority of the data breaches occur using insider credentials with access to systems and its data. Oracle says examination of numerous security incidents has shown that timely examination of audit data could have
10
OCTOBER 2015
AMIT NATH, COUNTRY MANAGER, INDIA SAARC, F-SECURE
“Furthering the opportunities, the Indian Governments’ ‘Digital India’ initiative will further boost the security market.”
helped detect unauthorized activity early and reduced the resulting financial impact. “Hence we recommend deployment of solutions that ensure effective auditing inside the database,” says Ram. As there is no size fits all security solutions organisations need to opt for a solution that fits their operational processes and security posture. Sharma opines that with cyber-attacks becoming increasingly advanced, the security solutions we need to adopt must have future ready capabilities that are able to handle every threat, thrown at them. Nath informs study shows about 85% of cyberattacks could be avoided simply by patching vulnerabilities. However, even if a company or an individual has been hit, there is still a way to minimize the clean-up costs. “One should look for solutions which provide comprehensive security from gateway to endpoint and is easy to use and manage,” he adds.
Opportunities As the threat landscape becomes increasingly
AJAY DUBEY, NATIONAL MANAGER - PARTNERS & ALLIANCES, RAYTHEON I WEBSENSE
“Earlier IT companies used to have limited budgets for security but now the budget have also increased exponentially.”
complex, the need for security too is becoming a critical factor for organizations. Here channel partners can play an important role in becoming trusted advisors for customers in their security purchase decision. Intel Security wants to solve the problems of security with best-of-breed products and solutions to strengthen the security posture of India Inc. “This approach will also bring new opportunities for channel partners as both look forward to address the rapidly increasing market for security solutions and technologies,” answers Gargeshwari. “As a trusted advisor and knowledge partner, the reseller community is leading the way in assisting Indian organizations – both large enterprises and SMBs in managing their evolving technology requirements in the best possible and cost effective manner,” says Shrikant Shitole, Managing Director, India, Symantec. He feels the time is right for the partners to play a crucial role in providing the right guidance for business-owners in protecting their information from physical and digital disasters in the right manner. “Particularly in non-
THE VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT OUTLINES THE FOLLOWING RECOMMENDATIONS TO ORGANIZATIONS ON PREPARING AGAINST THE ONSLAUGHT OF CYBER-ATTACKS: Know your data:
Before you can protect your data, you need to understand exactly what data you have, where and how it’s stored, and who has access to it. Review user behavior: Implement processes to monitor use of systems and data so that you can identify any suspicious behavior. Establish a process for reviewing or revoking access when employees change role or leave. Secure the Data at Rest: Design the data processing framework in a way that data is rendered unusable for unauthorized access using technologies such as encryption or tokenization. Patch promptly: Attackers often seek to exploit software vulnerabilities — timely patching limits their opportunity. Monitor email links and attachments: Email scanning can identify any suspicious links or attachments. Use anti-virus and modern malware detection and remediation tools: Anti-virus won’t protect you from polymorphic or zero-day attacks and hence organizations need to implement advanced detection/prevention mechanisms to identify and stop attacks in time. Enable two-factor authentication: Both phishing and malware lead to lost credentials. Using twofactor authentication can break the chain of attack. Watch data transfers: Set up controls to watch for data transfers out of the organization — in our experience these controls have caught many incidents of insider data theft that would otherwise have been missed. Implement configuration change monitoring: Many of the methods used to breach your data can be detected easily by watching key indicators. Store IP securely and not on user devices: Laptops and desktops used to surf the internet often get infected with malware. Only store Intellectual Property on user devices if there is a strong business need.
SHRIKANT SHITOLE, MANAGING DIRECTOR, INDIA, SYMANTEC
“Particularly in nonmetro locations, the role of the channel partners bridges the customer’s need with the relevant solution.”
metro locations, the role of the channel partners bridges the customer’s need with the relevant solution.” The recent amendments in the cyber security law make it mandatory of enterprises to put up with certain security standards set by the government. This paves a way for the vendors and partners to offers their services to the growing number of enterprises replies Nath. It is beyond doubt that the demand for security products will only increase; partners and vendors can become close allies of organisations by ensuring these deploy the right security solutions and are able to leverage their potential to achieve critical business transformation.
Finally… With the recent data breaches still fresh in the mind Indian enterprises are becoming more serious about information security. While laws of the land surely need to be given more teeth and compliance made more robust and implemented strictly.
OCTOBER 2015
11
HOT 50 SECURITY PARTNERS
ACPL Systems Pvt. Ltd. Vishal Vindra, CEO visha@acpl.com 333 -334 , 3rd Floor Tower A, SpazeiTech Park Sector 49, Sohna Road Gurgaon - 122002, India +91.124.4088914 http://www.acpl.com
Comparex India Private Ltd NavinKapur Managing Director Plot no. 301, 2nd floor, UdyogVihar, Phase- 2 Gurgaon-122015 Haryana 91 124 4843000
Cache Technologies Alok Gupta Director 308, 3rd Floor, Siddharth Building, 96, Nehru Place New Delhi,110019 India, 011 2622 7898
Cubic Computing (P) Ltd MadhuMadhavan Managing Director # 5, Iind Floor, 7th C Cross, Ashwini Layout, Koramangala Intermediate Road, Karnataka,Bangalore,560047 India
Chabria Infotech Hemant Chabria CEO #209, AJC Bose Road, Karnani Estate, 2nd Floor, Room No.88, Kolkata -, West Bengal, 700017, INDIA Phone: 91-9830022890 http://www.chabria.biz
DigitalTrack Solutions Private Limited S.t.MuneerAhamed Managing Director 1st Floor, New#543, Old #350, Accord Building, Nandanam, Anna Salai, Chennai,TamilNadu,600035 India
Communication Links Year of inception: 1991 Key executives: Mr. Mathew Tharakan& Mr. Naveen Singh Location: Mumbai Head count: 20+ Major clients: Financial Technologies India Ltd, Air India, Alok Industries Limited, Tecnimont ICB Pvt. Ltd., Zoho Corporation Domain expertise: Across vertical Contact: 9821152104
Frontier Business Systems Ravi Verdes Director #3, Wood Street, Karnataka Bangalore, Karnataka,560025 India
12
OCTOBER 2015
Doyen InfosolutionsPvt. Ltd. Vikram Jain Director 701,Technocity (Greenscape), Next To Country Inn Suites Hotel, Navi Mumbai, Maharahtra,
400710, INDIA Phone: +91-9833585511 sales@ doyen.co.in http://www.doyen.co.in Embee Software Pvt. Ltd. Sudhir Kothari CEO 701, Advent Atria, Chincholi Village, ChincholiBunder Road, Malad (W), Mumbai,400064 India Gowra Bits & Bytes Subbaram Gowda CEO 1-8-144, First Floor, P G Road, Hyderabad,AP,500003 India Hitachi Systems Micro Clinic Pvt. Ltd. Tarun Seth Managing director E-44 /2, Okhla Industrial Area Ph.-II, New Delhi-110 020 India India Computer Technologies Pvt Ltd Kenneth Nadar CEO S-11 Super Mall SalunkheVihar Road, Kondwa Pune, Maharashtra,411040 India ITCG Solutions Pvt. Ltd. NileshKuvadia Managing Director 403, Atlantis Enclave, Near IDBI
Bank, Gurukul Rd. Ahmedabad, Gujarat,380054 India IT Solutions India Pvt Ltd Nakul Chopra Director D-88/5 Okhla Industrial Area Phase I New Delhi, New Delhi,110020 India Jainam Technologies Private Limited MehulDoshi MD & CEO 111/112 Bhaveshwar Complex, Vidyavihar (West) Mumbai,Maharastra,400086 India Kiosk Technologies Pvt. Ltd. Rajesh Gupta Director “Gupta Saachi” 26/A, Bhabananda Road, Kolkata - 700026 Phone: +91-33-2466 1109 / 2466 1150 Telefax: +91-33-2466 1109 Lauren Information Technologies Pvt. Ltd. Ratnakar Kanchan Managing Director 14th Road KharDanda, Khar West, 3F, Jains Arcade Mumbai, Maharastra,400052 India
Logix InfosecurityPvt. Ltd. Nitin Patil Director Unit No. 127, Building No.2, Millennium Business Park, Mahape, Navi Mumbai, Navi Mumbai, MH, 400 710, INDIA Phone: +91-22-4228-8600 http://www.logix.in Mass InfonetPvt.Ltd. Srinivas Hebbar Director 6, VeenaBeenaCenter, Guru Nanak Road, Bandra (W),Mumbai, India, 400001, INDIA Phone: +912222613008 http://www.massinfonet.in Magnamious Systems Pvt. Ltd. Jiten Mehta CEO Sigma IT Park, Unit No. 806, 8th Floor, Plot No 203/204, MIDC,TTC Indl. Estate, Rabale, Navi Mumbai-400701.Dist. Thane. Tel : 022-33835111 Micro Hard IT Solutions Pvt. Ltd. BhaveshRathore Director 320, Golden Point, Nr. Telephone Bhavan, Falaswadi, Ring Road, Surat,Gujarat,395002 India Mm9 Information Technologies Pvt. Ltd. Manoj Sharma CEO 7th Floor, Iris Tech Park, Sohna Road, Near Vipul Green, Opp. Fortune Hotel, Gurgaon, Haryana,122001 NCS ComputechPvt. Ltd. Manohar Malani Managing Director 3, Commercial Building, 23, N.S.Road Kolkata, WB, 700 001, INDIA Phone: +91-33-6633-6500 http://it.ncs.net.in/ Netcom Infotech Pvt Ltd SonuPoddar Director 95A AJC. Bose Road Kolkata,700014 India Neural Networks Pvt. Ltd. Director 37/1444,Emmanuel Road, Off. Kaloor-Kadavanthra Road,
Kadavanthra Cochin, Kerala/ India,682017 India, 0484 220 6267 Orient Technologies Pvt. Ltd. Ajay Sawant Managing Director 49H, New Haven, 2nd Floor,Parsi Panchayat Road Mumbai,Maharashtra,400069 India Power Centre Private Limited Sidhartha Ramachandran Director 749A III Floor Anna Salai Chennai,Tamilnadu,600002 India PC Solutions Pvt. Ltd. DevendraTaneja Director 12 Santh Nagar, East of Kailash New Delhi, Delhi,110065 India P J Networks Pvt. Ltd. Sanjay Seth CEO Q13, 2nd Floor, Rajouri Garden Delhi, 110027, INDIA Phone: 01125418860 http://www.pjnetworks.com Quadrasystems.net (India) Pvt. Ltd Prashanth S Directors #214B, 4th Cross, 12th Main, 4th Block, Koramangala, Bangalore - 560 034. Phones: +91-80-653355 22 / 44 / 66 India Raksha Technologies Pvt. Ltd. V. Anand CEO 1, 4, Th Main Road, Kasturia Bhai Nagar, Adayar, Adayar, Chennai, Tamil Nadu 600020 Phone: 044 2442 2336 http://raksha.co.in/ Rubik Infotech Pvt. Ltd Jitesh Chauhan Managing Director 206, Primate, Opp. Gormoh Restaurant, Judges Bun Ahmedabad ,Gujarat ,380 015 India SafeZone Secure Solutions Pvt Ltd CR Ramesh Director No.3 PalatMadhavan Road,Mahalingapuram Chennai, Tamilnadu,600034
India SearceCosourcing Services Private Limited Hardik Parekh CEO 78, Mistry Industrial Complex, MIDC Cross Road A, Andheri East Mumbai, MH, 400072, INDIA Phone: +91-22-6771-4900 http://www.consularis.co.in Secure Network Solutions India Pvt. Ltd N K Mehta CEO 14, 6th Cross Street, Lake Area, Nugambakkam Chennai, India, 600034, India Phone: +91 44 28171642 http://www.snsin.com Softcell Technologies Limited Sathish Director Ground Floor, 5th Cross Street, C-23, Thiru-Vi-Ka Industrial Estate, Guindy, Chennai, Tamil Nadu,600032 India Sonata Information Technology Limited Srikar Reddy MD & CEO # 1/4, APS Trust Building, N R Colony, Bull Temple Road, Bangalore, Karnataka,560 019 India SoftwareOne India Pvt Ltd Mayank Srivastava Managing Director Level 15, Eros Corporate Towers, Nehru Place New Delhi, India,110019 India S.K.International Hemant Kenia CEO DSP Road, SK House, 94-A, AvvalBaug, Dadar - East Mumbai, Maharashtra,400014 India SBA Info Solutions Pvt Ltd V.Anantha Narayanan Managing Director 52, 48th Street, Ashok Nagar Chennai, Tamil Nadu,600083 India Taarak India Pvt Ltd Harish Tyagi CEO 23/23, 2ND Floor, East Patel
Nager New Delhi, 110016, INDIA Phone: 911126561954 Team Computers Pvt. Ltd Ranjan Chopra CEO B - 74, Pocket - 4, KendriyaVihar, Sector - 82 Noida, UP,201304 Techcrux Solutions Pvt Ltd Prakash Padukone Director S. No. -484/1, A-Wing, Fl-502, GodawariChhaya, Keshav Nagar, Pune India TM Systems Pvt Ltd Saumil Shah Managing Director 804 Aditya Building Nr.Mithakhali Six Roads, Ellisbridge Ahmedabad, Gujarat,380006 India Trifin Technologies Pvt. Ltd. Nitin Aggarwal Managing Director 16, Nehru Place, 4th Floor Kundan House New Delhi, Delhi,110019 India 22by7 Solutions Pvt Ltd Venkat Murthy CEO #1748, 18th Main, 8th Cross, JP Nagar, II Phase Bangalore, Karnataka, India,560078 India ValuepointTechsol Private Limited R S Shanbhag Managing Director &Ceo #102, Brigade Corner, Yediyur Circle, 7th Block, Jayanagar Bangalore,560082 India VDA InfosolutionsPvt. Ltd. AshutoshDeuskar Director 76, ShakuntalaApts, 5th Road, Khar West Mumbai,Maharashtra ,400052 India VeerasInfotek Private Ltd SudarsanRanganathan CEO #1 Ramakrishna Street, N Usman Road, T Nagar, 5B Kences Towers Chennai,Tamil Nadu ,600017 India
OCTOBER 2015
13
VENDOR WATCH
D-LINK ENHANCES ENTERPRISE SECURITY CAPABILITY The company has entered into various alliances including with Gajshield and Moxa, in order to bring in complete solution for addressing the business needs.
D-Link always had a firewall in its offering but what it lacked was UTM which demands continuous updated versions. Currently, Firewall’s position has been taken over by UTMs and when a project comes-up, there is a demand for them, hence this is where the alliance with Gajshield becomes relevant. D-Link’s alliance is not restricted to UTMs only but has also tied-up for enterprise class solution too with Moxa, which offers industrial grade switching. There is another alliance with Ruijie, which is known for its high-end switching, routing and surveillance capabilities. This partnership with Gajshield gives D-Link the ability to fulfil enterprise requirements from the UTM perspective. Sumith Satheesan, AVP (Security & Storage Business), D-Link (India) Ltd., said, “D-Link did not have the capability to bring in continuous updates to the products and Gajshield does not only has a development centre in India but is also an Indian company; hence the collaboration can be stronger, and product requirement and time to market will be shorter.” “As the support team is based out of India the service escalation will be faster and customisation quicker. Along with that Gajshield has a certain USP which puts it ahead of the rest of the product. One of the key things is network DLP and Gajshield has a patent pending Context Sensitive Network based Date Leakage Prevention with cloud security, which is built in Gajshield UTM,” he added. Sumith further added that the SMB customers who cannot afford end-point level DLP can now access to DLP through the UTM. The only disadvantage of Gajshield is that it is not well known in the market
14
OCTOBER 2015
SUMITH SATHEESAN, AVP – Security & Storage Business, D-Link (India) Ltd. “The SMB customers who cannot afford end point level DLP can now access to DLP through the UTM. The only disadvantage of Gajshield is that it is not well known in the market which D-Link will fulfil soon and the market communication will be made stronger.”
which D-Link will fulfil soon and the market communication will be made stronger. As D-Link is positioning to bring in the enterprise capabilities, the alliance companies will also leverage its pan India and SAARC strength to revive their brand names. Gajshield will be available from D-Link only in India. With presence in Delhi and Mumbai a team has been created for Gajshield within D-Link and gelled with the former’s team as a single security team headed by Sumeet. Therefore, there is no overlapping and Gajshield will take care of RMA and support. He informs that the partners are happy as they get access to the security products to sell. As of now Gajshield is available in SAARC countries but soon the products will be available in MEA as well from OND quarter. Sumith maintains that there is a huge opportunity in India. He gives example of how after the
acquisition by Dell, SonicWall is not seen in the SME market and now the Supermassive series of SonicWall is being sold to the enterprise market and data centre. The company has moved out of the SME market which it used to sell its TZ series aggressively. Here the biggest gainer was Cyberoam but after being taken over by Sophos, and with October as the deadline of closer of the deal, the name might be changed, which might create a problem in the market. Another SME player - Watch Guard - moved out of India in terms of their direct presence and is relying on the distributors. The only vendor which focuses only on the SME market is Fortinet, therefore is a natural vacuum in the market and it offers a huge opportunity for D-Link for taking Gajshield to the SME market. The company needs to do a regular business and strengthening customer care, support and do developments. The objective of the company is to traverse the
journey of Cyberoam and Fortinet by first focussing on the SME market and then look at the larger enterprise market. In future also D-Link might bring in Gajshield engine to D-Link routers to offer security inbuilt routing platform as well. The company is already working with a Hyderabad based company TeamF1, which is doing customization and localization for D-Link and they might be given the task of doing future developments as far as bringing in secure access capability.
Finally… Enhancing the relationship and engagement with Gajshield, D-Link also had rolled out a multicity channel engagement program known as ‘SecureEdge 2015’. This roadshow provided a platform to showcase next generation security solution and engage with partners/ system integrators present PAN India.
OCTOBER 2015
15
BFSI
“BFSI SECTOR IS ONE OF THE KEY GROWTH ENGINES” Today, most of the banks are overhauling their IT infrastructure and legacy applications to create more advanced systems, thereby opening new opportunities for security providers like Array Networks says Shibu Paul, Regional Sales Director – India, ME and SEA
BFSI India Market
Security solutions
The BFSI sector has always been at the forefront of technology deployment and information security forms a critical element of their IT infrastructure. With rapid growth and expansion, the vulnerabilities and cyber threats are only going to increase. As a result, banking organizations will need to enhance their existing IT systems to provide for secure banking and fast delivery of data. Today, most of the banks are overhauling their IT infrastructure and legacy applications to create more advanced systems, thereby opening new opportunities for security providers like Array Networks. We provide solutions like application acceleration, security and performance optimization to all large public sector units. The BFSI sector has been one of the key growth engines for us and we will continue to focus on it.
l
Secure remote access – This solution provides greater levels of security, greater range of access methods, a broader range of device support and the ability to provide differentiated, identity-based access tailored to the needs of multiple communities of interest. l Application security and load balancing – Improves availability, scalability, performance and security for Web, cloud and mobile applications. l WAN optimization – This accelerates enterprise applications, improves backup and recovery times and reduces bandwidth and infrastructure costs by prioritizing business-critical functions, applying intelligent compression algorithms to site-to-site and mobile traffic and eliminating the transmission of redundant data across wide area networks. l Web application security Application delivery controllers can serve as a first line of defence against common web & application security exploits such as DoS and malformed URL attacks, as well as unauthorized access.
Main Drivers The major factors that have led to an increased adoption of BFSI security solutions are – increase in digital and online frauds, rising vulnerabilities at the application layer, need to upgrade legacy systems to keep up with changing market demands, and addressing the emerging risks due to lack of adequate network security, particularly at the application level.
Business Array Networks currently derives 45% of its revenues from the BFSI sector and we are making continuous efforts to strengthen our expertise in this domain. To meet the increasing demands of the banking sector, we are also working with other application providers to make core banking applications more secure, reliable
16
OCTOBER 2015
SHIBU PAUL, REGIONAL SALES DIRECTOR – INDIA, ME AND SEA, ARRAY NETWORKS and faster. Our focus on the BFSI sector helped us add 25 new banking customers in the last one year. Array Networks has a dedicated team which largely concentrates on offering core banking solutions to all large PSUs. We recently added two large nationalized banks to our portfolio.
BFSI Projects Among the largest deals we bagged recently was from a leading cooperative bank. As banks expand their branch networks to rural areas to meet the needs of the customers, network availability and security are going to become even more important. Array is working with other solution providers, partners and OEMs to enhance the security and reliability of their banking applications. We have also created a comprehensive solution suite to help banks firm up the quality of their banking services.
BFSI
“FOR BFSI WE SEE VERY HIGH TIME FOR DLP PROJECTS IN 2015-2016” In the Financial industry stakeholders know that data is money and that corporate internal information should be effectively protected says Olga Gorshkova
BFSI India market
product. Fortunately, InfoWatch has huge experience in providing high-end data security products and services to BFSI industry. Satisfaction of our long-term customers speaks for itself.
According to InfoWatch Global Data Leakage report 2014, BFSI sector is one of the most affected by personal data leaks. Industries leading in the number and volume of data leaks (BFSI and healthcare) possess big volumes of personal and highly confidential data (payment and account data, medical secrecy, etc). That is why they are most attractive for internal breachers and need advanced information security solutions in place. International analysts forecast the BFSI IT Market in India to grow at a CAGR of 14.15 percent over the period 2014-2019.
Solutions for BFSI: InfoWatch Traffic Monitor - A software solution (DLP system) monitoring information flows and protecting confidential information from leaks and unauthorized distribution. InfoWatch EndPoint Security information security for workstations, removable media and mobile devices, designed for quick deployment and ease of management. InfoWatch Appercut - automated audit of source code in customized business applications to detect vulnerabilities and bugs.
Main drivers As India is the country where many sectors in the economy are in active transition from paperwork to digital documents workflow – potential for internal information security is very notable. In BFSI segment all public banks are obliged to implement in 2014-2015 Core Banking systems, which obviously raise quite a bit a demand for full-fledged internal information security solution to protect information assets. Thus for BFSI we see very high time for DLP projects in 2015-2016.
Business Financial industry is the vertical where stakeholders know that data is money and that corporate internal information should be effectively protected. InfoWatch is addressing potential customers in this industry in order to provide them longterm support in keeping their data safe with the help of wide range of products and services. Level of awareness in this industry is very high so detailed explanation of InfoWatch advantages in technologies
BFSI projects
OLGA GORSHKOVA, PR DIRECTOR, INFOWATCH
is a must here. InfoWatch is participating in conferences and is engaged in active online and offline campaign to target BFSI segment.
Challenges and benefits As mentioned before, customers in the BFSI segment are having very high requirements in choosing a data security
Apart from existing customers, InfoWatch is engaged in several PoC projects and tenders in BFSI segment. Companies in the financial sphere are very sensitive to the subject of corporate privacy and confidentiality so we are not disclosing particular names without customer consent. Implementing a new Data Loss Prevention tool is news that many companies are reluctant to make public. Among customers in BFSI who agreed to share their positive reference about the long-term successful projects with InfoWatch are First Energy Bank in Bahrain, Central Bank of Bahrain, Kuwait Finance House, Raiffeisen Bank, etc. As soon as new InfoWatch customers in this sphere make a decision to share their feedback we will be able to mention their respected names.
OCTOBER 2015
17
BFSI
“ATTACKS AIMED AT FINANCIAL INSTITUTES HAVE INCREASED” Cybercriminals who are motivated by financial reward are using these advanced Trojans to commit large scale financial fraud, targeting institutions across the globe says Tarun Kaura, Director, Technology Sales, India, Symantec
Cyber attacks against the financial sector are becoming increasingly sophisticated and highly targeted. With today’s emerging channels, such as mobile and online banking, we are witnessing newer attacks vectors open for cybercriminals. This is triggering the need for a stringent information security strategy. While, financial institutions are held to a higher standard than most businesses, protecting privacy and meeting regulatory requirements is simply not enough. To decrease the effectiveness of new -age attacks and to gain the customers confidence, banks have improved awareness programs, communications systems and also the response time taken to address issues in case of an attack. However, what we are seeing is that cybercriminals are relentlessly finding newer ways to attack these institutions. Despite higher security awareness in the BFSI sector owing to the recent breaches along with the regulatory and compliance requirements of this industry, the Internet Security Threat Report Vol. 20 highlighted that there was an increase in targeted attacks aimed at financial institutes that went up to 17.1 percent in 2014, from 11.1 percent in 2013. In line with this, another research from Symantec on The State of Financial Trojans highlighted that India ranks 5th among countries with most financial Trojan Infections, moving up from rank 7 in 2013. Cybercriminals who are motivated by financial reward are using these advanced Trojans to commit large scale financial fraud, targeting institutions across the globe. Financial institutions are continuously striving to keep their customer data safe and secure in the face of data explo-
18
OCTOBER 2015
TARUN KAURA, DIRECTOR, TECHNOLOGY SALES, INDIA, SYMANTEC
sion, proliferation of endpoints and branddamaging data breaches. Forward-looking security companies, such as Symantec are joining financial institutions in this battle to resolve their biggest security challenge across the entire spectrum of defend, protect, detect and respond.
Symantec is moving beyond traditional software to help customers protect against a wider range of threats. The recently launched Cyber Security Services are made up of Incident Response, DeepSight, Managed Security Services, Advanced Threat Protection and a Security Simulation Platform that is operated by the world’s sharpest minds in cybersecurity. Our security business sees more, analyzes more, and knows more about security threats than any other company in the world and hence are better positioned to arm financial institutes in their battle against the cyber attacks. Symantec suggests financial institutions to be proactive and follow several recommendations that are listed below to secure their online game: l Protect your customer’s entire website visit by deploying SSL on all your web pages. Implement security precautions on all mobile devices including strong authentication. l Use encryption for data in transit and at rest (SSL does not encrypt stored data). l Protect physical and virtual data centers with host-based intrusion detection and prevention solutions. l Be sure to get your digital certificates from an established, trustworthy Certification Authority who demonstrates excellent security practices. l Deploy endpoint protection software and gateway antivirus and regularly scan for vulnerabilities. l Monitor the threat landscape and your infrastructure for network intrusions, propagation attempts and other suspicious traffic patterns. l Educate users about security policies and information use.
s
Global Cybersecurity Market scape $101 billion According to ‘’Gartner’’, a market research firm, global spending on IT security is expected to increase 8.2 percent in 2015 to $77 billion, and the world will spend $101 billion on information security in 2018.
$170 billion
$238 billion
(USD) by 2020
in 2014
The cyber security market is set to reach $170 billion (USD) by 2020 at a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical are expected to be the largest contributor to cybersecurity solutions.
Cybersecurity is expected to be the fastest growing homeland security market as North America, Asia and Europe invest in cyber defenses, according to ASDReports in its “The Homeland Security Market Forecast 20142024”. ASDReports says the global homeland security market size was $238 billion in 2014.
North America and Europe are the leading cybersecurity revenue contributors, according to a report from TechSci Research. Asia-Pacific is rapidly emerging as a potential market for cyber security solution providers, driven by emerging economies such as China, India and South-East Asian countries, wherein, rising cyber espionage by foreign countries is inducing the need for safeguarding cyber space.
$1 billion USD in 2015
The “PwC Global State of Information Security Survey 2015” found that U.S. information security budgets have grown at almost double the rate of IT budgets over the last two years.
India has the world’s second largest population, and a very small cybersecurity economy. But they are a nation to watch for cybersecurity market growth. According to a PwC report cited in The Economic Times, India’s cyber security market size will jump to $1 billion USD in 2015 (from an estimated $500 million USD last year). That is a whopping 100 percent year-over-year growth.
19
GOVERNMENT
“WE ARE AT THE PHASE OF PRODUCT EVALUATION” InfoWatch has started its development of the Indian market with the private sector. As far as government is concerned, it says it’s at the phase of product evaluation.
The latest governments’ initiatives like smart cities have opened up opportunities for security vendors. How big is this market? We are now entering a period when IT and data security solutions have become a compliance and a must-have for any agency and organization, therefore, the market is expanding rapidly. It opens new horizons for various vendors that are developing sophisticated high-end security solutions.
How proactive or serious, you think, the government is in dealing with cyber security issues? There is very high awareness of contemporary cyber security threats. Governmental agencies are seriously analyzing solutions available at the market and OLGA GORSHKOVA, paying very high attention to detailed PR DIRECTOR, INFOWATCH evaluation. Another aspect important for governmental agencies is compliance to regulations and norms.
How aggressively are you targeting this vertical? Government agencies and banks are the key industries of our interest in India, but we are not limited to those two only. Governmental structures and authorities operate highly sensitive data, for example, big volume of citizen personal data and therefor are an often source of data leaks. That is why InfoWatch sees this vertical among the key clients for its DLP solutions and closely works with governmental structure in pilot and commercial implementations.
What are the challenges that come from working in this vertical, and what are the benefits? The highest challenge is to compete with vendors with long history of business at the local market. Though govern-
20
OCTOBER 2015
mental agencies find it very important to thoroughly assess the functionality and usability of a solution, they are more reluctant to take a product from the vendor who is entering the market as compared to well-established players. But here at the same time we have a benefit. As soon as the governmental agency admits the effectiveness of the new solution, it leads to a significant breakthrough at the market.
What kind of security solutions you offer to government sector? They are: 1) our flagship InfoWatch Traffic Monitor Enterprise solution for protection against data leaks and internal information security threats; 2) InfoWatch EndPoint Security software providing information security for workstations, removable media and mobile devices, designed for quick deployment and ease of management; 3) InfoWatch Kribrum, social media monitoring and analysis system for online reputation management. These solutions solve the following tasks of government institutions: l Meet legal requirements on Personal Data protection, in particular the need to protect personal data from being leaked via technical channels and unsanctioned access by unauthorized employees. l InfoWatch solutions prevent confidential data leaks, and if information is still got by the media, InfoWatch can help managing an efficient campaign to reduce the public outcry and mitigate the consequences of the incident. l Using InfoWatch KRIBRUM will enable government structures to quickly identify incidents of important, possibly undesirable, information publication on the Internet and to immediately take appropriate measures to prevent or mitigate the consequences.
What all government projects are you working on? InfoWatch has started its development of the Indian market from the private sector. This is where we have all current projects in logistics, manufacturing, media and other segments. As far as government is concerned, we are at the phase of product evaluation and this is why we cannot disclose the exact names of organizations. After we prove effectiveness and quality of our products and services to first governmental customers this information may become public upon customer’s approval.
VENDOR SHOWCASE
CISCO Cisco India Facts
PROFILE
Cisco India commenced operations in 1995; India, as a region, is
Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow
part of the APAC theater
by proving that amazing things can happen when you connect the previously unconnected. An integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success. Chuck Robbins is the Chief Executive Officer of the $49 billion company. Cisco commenced India operations in 1995. There are seven Sales Offices in the region - New Delhi, Mumbai, Bangalore, Chennai, Pune, Kolkata and Hyderabad. The Cisco Global Development Center is in Bangalore and is the largest outside the US. It houses Cisco’s Research and Development (R&D), IT, Services and customer support teams and develops disruptive business models for Cisco to create new go-to-market channels, markets, processes and technologies for emerging markets.
l Cisco has seven sales offices in the region - New Delhi, Mumbai,
Bangalore, Chennai, Pune, Kolkata and Hyderabad. l The Cisco Global Development Center is in Bangalore; the larg-
est outside of the US. The centre houses Cisco’s Research and Development (R&D), IT, Services and Customer Support teams and develops disruptive business models for Cisco to create new go-to-market channels, markets, processes and technologies for emerging markets. The Advanced Global Briefing Center located here showcases Cisco’s latest technology solutions and proof-of-concepts.
PRODUCT PORTFOLIO ENDPOINT PROTECTION Advanced Malware Protection (AMP) for Endpoints provides advanced malware protection for PCs, Macs, mobile devices and virtual environments. UTM ISA550, ISA550W, ISA570 and ISA570W. DDOS The Cisco Guard XT 5650 DDoS Mitigation Appliance from Cisco Systems delivers a powerful and extensive distributed denial-of-service (DDoS) protection system. The Cisco Guard XT provides unprecedented levels of protection against today’s increasingly complex and elusive attacks. NAC Cisco Network Admission Control (NAC) solutions allow customers to authenticate wired, wireless, and VPN users and devices to the network;
22
OCTOBER 2015
evaluate and remediate a device for policy compliance before permitting access to the network; differentiate access based on roles; and then audit and report on who is on the network. IPS Cisco Services for Intrusion Prevention System (IPS)- Nonstop Network Security This service provides protection updates and intelligence to identify fastmoving threats before they damage your business. SECURE EMAIL GATEWAY Cisco product- Cisco Email Security offers high availability email protection against the constant, dynamic, rapidly changing threats affecting email today. MDM Cisco Meraki offers the only solution that provides unified management of mobile
devices, Macs, PCs, and the entire network from a centralized dashboard. WAN OPTIMIZATION Cloud-Ready Solutions for WAN Optimization- Cisco WAAS is a software- and hardware-integrated, WAN optimization and application acceleration solution, and part of Cisco Intelligent WAN (IWAN). APPLICATION CONTROL Cisco ACE Application Control Engine Module- Available, Scalable, and Energy Efficient Application Delivery- The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation loadbalancing and applicationdelivery solution. SIEM Cisco Identity Services Engine: Integration with SIEM and
Threat Defense Platforms. The Cisco Identity Services Engine (ISE) integrates with leading security event and information management (SIEM) and threat defense (TD) platforms to bring together a networkwide view of security event analysis and relevant identity and device context. DLP Cisco Data Loss Prevention for email and web are highperformance, comprehensive security solutions for data in motion. These solutions provide content, context, and destination knowledge. MANAGED SECURITY SERVICES Cisco offers security services from monitoring and management to comprehensive threat solutions and hosted security that can be customized to meet customer needs.
VENDOR SHOWCASE
ESCAN PROFILE eScan, one of the leading Anti-Virus & Content Security solutions for Desktops, Smartphone & Servers is developed and marketed by Microworld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats. eScan provides 24x7 free remote support facility, integrated in the software to help customers to get their malware related issues resolved in the fastest possible time-frame. It has achieved several certifications and awards from some of the most prestigious testing bodies, notable among them being Virus Bulletin, AV-Comparatives, ICSA,and PCSL labs. Combining the power of various technologies, eScan provides Multi-level Real-time Protection to Computers and Networks.
“Internet penetration in India has shown rapid progress. As per our research, we estimate that there will be 400 million internet users in India by 2018. While escalating internet growth has opened up multiple opportunities for India’s cyber citizens, it has simultaneously given opportunity to real threat of cyber-crime. In India, investment rate of IT security systems is quite low comparing to other developing countries. It has been seen that most organizations lack even basic cyber security systems in India. Almost 80% of Indian business enterprises have reported data theft through online hacking. The cost of such cyber-crimes has risen sky-high with $ 10 billion; India is ranked 5th in e-commerce security breaches. On the other hand, global cyber-attacks are also rising, with 50% of all attacks aimed at businesses with employee strength of less than 2,500. Reports from New York, London, Shanghai and other places around the world insist that organizations are focused on cyber security in a major way. As a result, the IT security market is definitely going to boom in the coming days.” Sunil Kripalani, Senior VP, Global Sales & Marketing
PRODUCT PORTFOLIO ENDPOINT PROTECTION Organizations need a proactive solution that can efficiently secure and manage the protection of the server and endpoints. eScan Endpoint Security (with Hybrid Network Support) is a Corporate product that offers cogent method to block access to unauthorized USB devices on managed endpoints with Windows or Mac Operating system and restrict execution of unauthorized applications on endpoints with Windows Operating system. DLP Data is the biggest asset of any organization. There can be numerous scenarios when data loss becomes unavoidable. Hard Drive failure, Malware attack, natural disaster or simple human error can create big losses to the companies through data breaches. Today major organizations,
be it small, large or medium, prefer to keep a secured and permanent back-up of all the data that they have in their record. To be further assured, a proper IT security solution is installed. eScan also has a total protection remedy for DLP with some products like eScan Corporate 360 (with MDM & hybrid Network Support), eScan Endpoint Security (with MDM & hybrid Network Support), eScan Enterprise Edition (with Hybrid Network Support) and more. MDM As far as the emerging trends are concerned, mobile computing, big data, virtualization, cloud services and social networking continue to be the emerging IT trends of 2015. The biggest driver of growth will be mobility that includes Smartphones and Tablets. Thus, securing these devices is very important for
smooth usability. Mobile Device Management feature of eScan allows administrator to create different groups for different location, add devices, move devices from one group to another group, define rules/ policies for setting Call & SMS Filter, Web Protection, AntiTheft, Password and Device Oriented policy. APPLICATION CONTROL This feature allows you to block/whitelist and defines time restrictions for allowing or blocking execution of applications on Windows endpoints. It helps in accessing only the whitelisted applications, while all other third-party applications are blocked. On Android by default, all downloaded applications are blocked and are whitelisted only by entering password. It is available in products like eScan Endpoint Security (with Hybrid Network support).
SECURE EMAIL GATEWAY In the era of e-mail communication, spam and phishing e-mails are big threats to business organizations as well as individual citizen. MailScan is an advanced Realtime Anti-Virus and Anti-Spam solution for Mail Servers. It protects organization’s network against Virus, Worm, Trojan and many other information security threats. Employing an array of intelligent filters, MailScan offers powerful protection against Spam and Phishing mails along with comprehensive content security. It performs Real-Time Virus Scanning at the Mail Gateway effectively round the clock. NEW PRODUCTS’ SHOWCASING eScan recently launched Mobile Security for iPhones & iPads.
OCTOBER 2015
23
VENDOR SHOWCASE
ESET ESET NOD32 Antivirus and ESET Smart Security. ESS Distribution is the first and currently largest distributor of ESET products in India. ESET is a globally known European brand with 25-year old history. According to Gartner, ESET is the Largest Vendor in Eastern Europe, ranking on the 6th position in terms of sales volume in 2013 worldwide, reports Gartner in their report titled Market Share Analysis:
PROFILE
Security Software Worldwide, 2013 from March 2014.
ESS Distribution Pvt Ltd is a software distributor focusing majorly on security and
In Indian market it is known especially for ts most popular consumer
some other software products. Headquartered in Navi Mumbai, the company has
products, ESET NOD32 Antivirus and ESET Smart Security.
pan-India presents through branch offices and representative in Delhi, Chennai,
ESS Distribution promotes software products through a large channel
Bangalore, Kolkata, Ahmedabad and other major cities.
network with product sales divided in 3 verticals: Paper License, Retail
ESS Distribution is the first and currently largest distributor of ESET products
boxes & Online licenses. At present ESS Distribution has an established
in India. ESET is a globally known European brand with 25-year old history.
network of over 200 direct channel partners for paper license business
According to Gartner, ESET is the Largest Vendor in Eastern Europe, ranking on
in SME, Enterprise, Government and Educational segments. In retail
the 6th position in terms of sales volume in 2013 worldwide, reports Gartner in
business it has six strong regional distributors each of them having vast
their report titled Market Share Analysis: Security Software Worldwide, 2013 from
channel network in its respective region. The total number of channel
March 2014.
partners associated with ESS Distribution in India has reached almost
In Indian market it is known especially for ts most popular consumer products,
3000 up to date.
PRODUCT PORTFOLIO PRODUCTS FOR HOME USERS l ESET NOD32 Antivirus, powerful and low footprint antivirus and antispyware for essential protection online or off-line, l ESET Smart Security, an advanced product with integrated antimalware and spyware scanner, two-way firewall, intelligent antispam, parental control and other features to eliminate all types of security threats. ESET Smart Security comes with a powerful Anti-Theft feature that automatically monitors a missing device and displays its position on a map based on visible Wi-Fi networks in range when it comes online. PRODUCT FOR MAC OXS
24
OCTOBER 2015
USERS l
ESET Cyber Security offering protection from threats with proven Antivirus and Antispyware technology and Anti-Phishing modules l ESET Cyber Security Pro adding another layer of protection with firewall, parental control and other additional features. CONSUMER PRODUCT l ESET Social Media Scanner Application to all consumer products. l ESET Mobile Security is another flagship consumer product gaining popularity due to growing number of smart mobile devices. ESET Mobile Security for Android offers antivirus protection and variable
depth scanning, from quick/ smart/deep scanning to scheduled and background scanning features that allow maintaining good performance without compromising on security. Anti-Phishing module protects against phishing attacks and web-based attacks via malicious SMS messages, QR codes, or URL links. Security Audit feature helps monitor installed app permissions such as location tracking, access to contacts, or in-app purchases to close any security loopholes. When installed from the official Android app store users will benefit for an unlimited period from some features of ESET Mobile Security for Android for free while upgrade to a full version of ESET Mobile Security for
Android from within the app will enable comprehensive protection against both digital and real-world threats. ENDPOINT SOLUTIONS (FROM 5 TO UNLIMITED NUMBER OF USERS ARE TREATED AS BUSINESS EDITION) l ESET Endpoint Security l ESET Endpoint Antivirus l ESET Endpoint Security for OS X l ESET Endpoint Antivirus for OS X l ESET Endpoint Security for Android l ESET File Security for Microsoft Windows Server l ESET Remote Administrator
VENDOR SHOWCASE
INFOWATCH PROFILE InfoWatch Group consists of five companies within the enterprise information security industry: InfoWatch (data leakage prevention software), Kribrum (social media monitoring and analysis aimed at online reputation management), EgoSecure (end-point security software), Cezurity (targeted attacks detection), and Appercut (business application source code analysis). With over 10 years of extensive real-world software development expertise InfoWatch Group is committed to becoming a leading enterprise-level IT security solution provider on the market empowering its customers with a mixture of world-class technologies and services.
Among InfoWatch clients in India are companies of various economy sectors, such as Busch Vacuum (manufacturing), Lanco (energy company), Gemini (software), Gateway Distriparks (logistics), MASPAR (retail), PrimeFocus (media), NDTV (media), and many other companies. InfoWatch is working with a professional and effective distributor SATCOM and developing a portfolio of resellers. In its partner and GTM strategies InfoWatch mostly relies on distributor deals and system integrators. We appoint new partners, we train partner engineers so that they would be 100% involved in InfoWatch products, and besides we rely on our local educated sale teams.
In February 2013, Gartner, the world’s leading information technology research and advisory company, has put InfoWatch into its Content-Aware Data Loss Prevention ‘Magic Quadrant’.
PRODUCT PORTFOLIO INFOWATCH TRAFFIC MONITOR ENTERPRISE: a. Forensic Storage database All data that is captured by InfoWatch DLP (at gateway level, at endpoint level, data at rest intercepted by InfoWatch Crawler) is analyzed and saved at unified Forensic Storage database. b. InfoWatch DLP data categorization and classification on fly All data that is captured by InfoWatch DLP is automatically categorized and classified by several analytical mechanisms that work simultaneously (linguistic analysis, text object detector, document templates analysis, optical character recognition, forms analysis, database extraction files analysis). c. Linguistic analysis Analytical mechanism of InfoWatch includes high level
of linguistic analysis of any message or text with support of many languages, including Hindi. d. Variety of interception channels InfoWatch DLP covers a huge variety of data transfer channels as well as data at rest that is located at storage or folder inside of the network.
f. Post-DLP After DLP system is installed InfoWatch continues full support of its customers in actions included but not limited to: InfoWatch DLP server support and maintenance - Updates - Customer team training - Data security consulting - System customization and help with policies configuration
INFOWATCH TRAFFIC MONITOR STANDARD APPLIANCE FOR SMB: Rich functionality: Control over most commonly used data transfer channels, Forensic Storage for data archiving, graphical reporting system, unified user identification Reliable identification of confidential data: Combined application of several analysis technologies, such as formal attributed analysis, digital fingerprinting, templates and linguistic analysis of data contents, allows more precise confidential data detection INFOWATCH ENDPOINT SECURITY: Reduction of business costs and financial losses: - InfoWatch EndPoint Security substantially reduces the risks associated with data leakage: client databases copied to flash drives and passed to competitors may well
put a company out of business. The product eliminates the risk of loss or theft of valuable information because its encryption feature can be used for any portable media and laptops, or for data transferred to cloud storage. - The solution reduces bandwidth consumption: InfoWatch EndPoint Security settings allow most trafficconsuming operations that are not job-related to be eliminated - INFOWATCH APPERCUT BENEFITS: CHOICE: InfoWatch Appercut is provided as both a public cloud service and with a standard software product license. RANGE OF FEATURES: InfoWatch Appercut is designed to cover a wide range of efficiency and security requirements for software development: PCI DSS and HIPPA requirements,
OCTOBER 2015
25
VENDOR SHOWCASE
KASPERSKY PROFILE Every business, regardless of size, is at risk from malware threats. Kaspersky Lab is in a unique position to see and discover many of these threats. And the threat level is escalating. New malware targeting individuals and businesses like yours now exceeds 325,000 unique threats– every day. At Kaspersky Lab, we are concerned about these threats and the risk they pose to your business — that’s why we are advising organizations like yours to ensure that their IT security strategy meets three key criteria: • First, you need access to superior threat intelligence. This is a deep understanding of what a threat looks like — how it is written and compiled. It’s important that your security system is continuously fed by expert information and that your vendor scours malware hot zones around the globe to see what’s coming next. • Secondly, your security must include tools and techniques able to detect and eliminate known, unknown and advanced malware. At the same time, your security software should minimize the burden on your systems and maintain fast scanning times, so your business is
not disrupted. • Thirdly, because business IT environments have become increasingly complex, this technology needs to extend its reach across physical, mobile and virtual endpoints, seamlessly and efficiently through a single platform, with no software conflicts, multiple consoles or security gaps. Only Kaspersky can offer the world-leading threat intelligence your company needs, and the technology to put it to work, built into a unique comprehensive security platform.
PRODUCT PORTFOLIO ANTI MALWARE The industry-leading performance of the antimalware engine built into the Kaspersky Endpoint Security for Business platform is proven through multiple, ongoing independent tests. Your own due diligence will confirm that Kaspersky security is unmatched. Here’s what m ENDPOINT SECURITY FOR BUSINESS Harnessing the expertise of the world’s best threat intelligence ecosystem, Kaspersky Endpoint Security for Business provides a tiered security approach based on a single integrated platform incorporating features including robust application, device and web control tools, data encryption, mobile endpoint security and MDM, and systems and patch management. Everything is managed from one central
26
OCTOBER 2015
console — Kaspersky Security Center.
managed centrally through Kaspersky Security Center.
Kaspersky Total Security for Business adds mail, web and collaboration server security, safeguarding your perimeters and securing your complete enterprise IT environment.
KASPERSKY SECURITY INTELLIGENCE SERVICES AND ENTERPRISE SOLUTIONS Leveraging Kaspersky’s threat intelligence, technical expertise, data and training skills to boost the security of your brand, your organisation and your employees Enterprise Solutions address security issues for specific industries and infrastructures, and specific forms of attack like Distributed Denial of Service (DDoS).
KASPERSKY TARGETED SOLUTIONS Standalone solutions allowing Kaspersky Lab security to be applied to specific areas of your IT system. Some solutions, like Kaspersky Security for Mobile, are also available as part of Kaspersky Endpoint Security for Business. Others, like Kaspersky Security for Virtualization, are available purely as targeted solutions. All are built on the same leading edge technologies and threat intelligence, and all physical, mobile and virtual endpoint security solutions are
SECURITY FOR MOBILE Kaspersky Security for Mobile ensures your device is safe, no matter where it is. Protect against constantly evolving mobile malware. Quickly and easily gain visibility and control over the smartphones and tablets in your environment, from one central location and with minimal disruption.
SMALL OFFICE SECURITY World-class protection made easy for very small businesses.
SECURITY FOR MAIL SERVER Kaspersky Security for Mail Server provides outstanding protection for traffic running through mail servers from spam, phishing and both generic and advanced malware threats, even in the most complex heterogeneous infrastructures. Protection
SECURITY FOR FILE SERVER Kaspersky Security for File Server provides cost-effective, reliable, scalable security for shared file storage with no discernable impact on system performance.
SECURITY FOR INTERNET GATEWAY Kaspersky Security for Internet Gateway is a world-class antimalware solution that ensures safe always-on Internet access for your entire workforce.
VENDOR SHOWCASE
NNR IT SOLUTIONS PROFILE NNR IT Solutions LLP, established in 2014, is a well - structured software development and distribution house in the field of Information Technology specializing in IT security. Being into product development & distribution in software and hardware security solutions, we have a dynamic team of professionals who strive hard to delight end customers through our dedicated and hardworking IT resellers by delivering better Product, Service & Support. NNR IT Solutions has signed an agreement with a Pune based company “M/S. Max Secure Software Pvt Ltd’’ and is responsible for Max Secure security range of products across India and Overseas. As the CEO, Jagannath Patnaik’s Strategic Business Partnerships, efficient management & constant innovative approach have constantly produced significant business value for NNR IT Solutions. Jagannath Patnaik has more than two decades of experience in the area of IT security. He is rewarded as the “Evangelist of the year 2012” in the antivirus category at the prestigious 11th Annual VAR India Star Nite Awards 2012 in New Delhi. He is a recipient of “Marketing Wizard of the Year” award in the year 2013.
The award honors the business leaders, who set the benchmarks in initiating and implementing business policies, strategies and initiatives.The award was adjudged on the basis voting by VARs and Channel partners across India. Mr. Jagannath polled maximum votes in the survey. NNR IT Solutions LLP is all set to come up with a new product named “mAppSecure – The Total Mobile Security”. NNR Mobileapp Secure Pvt Ltd, started its journey with a vision to provide complete mobile security to the users. Our product “mAppSecure- The Total Mobile Security” is a total mobile security for consumer Mobile Handset including Mobile Antivirus & Insurance. The constant growth of Smartphone market across India & Overseas, paved a way for Mobile security Industry. Security for mobile needs to be user-friendly, painless to deploy, easy to configure and manage, yet powerful in its protection and performance. With our extensive experience in IT security, we present you with products and solutions that suffice needs of the masses. Through our extensive channel partner network, which includes 1000 hardware dealers in 20+ countries, we are able to deliver any technology worldwide.
PRODUCT PORTFOLIO MAX SECURE TOTAL SECURITY FOR PC’S AND LAPTOPS Max Secure Total Security provides essential protection for your PC to keep it safe & secure from emerging threats. It’s Multi-layered Anti Spyware & Anti-virus protection checks every web page, email, files/ registry on your system to eliminate/block threats. Some of the exciting features of Max Secure Total Security includes l It provides fastest and lightest anti-spyware & anti-virus protection l It provides Email protection by checking mails delivered via POP3/SMTP/ IMAP protocols l Its two way firewall prevents threats at the point of entry l This feature protects against attempted online data thefts l It keeps windows
registry linear to work at its best FEATURES l Anti-Virus & Anti-Spyware The multi-layered AntiSpyware and Anti-Virus protection checks each web page, email, and files/ registry on your system and eliminates/ blocks threats. It protects against viruses, spyware, Trojan horses, worms, bots, and rootkits. It provides continuous automatic protection against new threats. The Reduced scan time with smart scanning keeps your pc light so you can work and play at the same time with no interruptions. l USB Manager Data theft prevention keeps your sensitive personal information, like credit card numbers and passwords safe. It allows you work safely on your PC and protect you from the fear of Data being stolen.
You can use USB devices like Pen Drive without any fear as nothing malicious can execute on your PC without your permission. l Web Filter Identifies unsafe websites and suspicious sellers so you can surf and shop with confidence. It also stops malicious downloads from websites along with finding and blocking malicious links in emails or IMs. l Firewall Max Secure Two way firewall stops threat at the point of entry. It helps secure and monitor your home network. l Privacy Guard Guards against identity theft. Erases sensitive data for complete privacy. It also assures confidentiality with the Secure Delete option. Boosts your system performance and clear all your, online and offline activities easily. l Registry Cleaner Safely clean, repair and
optimize the Windows registry. You can avoid common causes of Windows crashes, slow performance, and other error messages with a safe backup registry. Maintain your PC like its brand new! l RAM Optimizer It increases your PC’s available physical memory. It continuously monitors your computer’s memory to ensure that wastage does not occurs. l Internet Optimizer Boost Your Modem & Browser Speed. Being online can be a wonderful experience when it is optimized. l Parental Control URL filtering blocks unwanted websites according to a highly configurable database. This protects against web-based attacks that use vulnerabilities in your browser. You can Schedule, Control & monitor internet usage for your children.
OCTOBER 2015
27
CASE STUDY
“FOUNDED IN KOREA IN 1941,HANKOOK TIRE’S PRODUCTS ARE NOW AVAILABLE IN MORE THAN 180 COUNTRIES AROUND THE WORLD.” SECURE
Kaspersky’s security solution protects Hankook Tire employees throughout Korea, whether they are working in offices, production and R&D centers or are on the move
CONTROL Centralised management and control of the solution is a central element of the solution and a key priority for Hankook Tire
The large number of tires produced by Hankook Tire makes it one of the Top 5 companies in the mass production of tyres. With R&D centres in Korea, China, Japan, Germany and the United States, a total of seven large-scale production facilities in Korea, China, Indonesia and Hungary as well as offices in 31 different countries, Hankook Tire is a global power player in the tyre industry. Hankook Tire produces superior quality, high performance radial tyres for passenger cars, 4x4s, SUVs, light trucks, campers, trucks, buses and motorsport vehicles with approximately 21,000 employees around the world. Hankook Tire is famous for its extensive involvement in motorsports, sponsoring and supplying tires for numerous touring car, rally, endurance and single seater championships and events. Hankook Tire also has various records of developing and testing innovative highconcept technology and products that ultimately find their way into the mass market.
Challenge Hankook Tire’s global headquarters and
main research and development centre are located in South Korea, along with a substantial operational network to meet the needs of its fast-paced domestic marketplace. IT security is vital for Hankook Tire in its home territory. Korean businesses face significant malware and virus attacks, with 2014 figures showing that almost 13% of all global spam originated in South Korea. To combat this threat, the South Korean government has been investing heavily in cyber security resources to protect national infrastructure, utilities, power plants and the military. Hankook Tire’s employees work from both offices and remote locations, with employees accessing data 24/7, on PCs, laptops and multiple devices (both corporate and private) in the office, at home and on the move. Hankook Tire is heavily reliant on IT to stay connected and productive in a fast-moving and highly competitive sector, with confidential, business-critical communications and data constantly flowing between employees, offices and third parties. Its electronic activities are all vulnerable to viruses, spam, hackers, and
other attacks, bringing significant risk of interruptions to business continuity and potential damage to the performance, income and reputation of the company. Soon it became clear that the existing anti-virus software was no longer adequate, and that a much more comprehensive, robust, and flexible IT security solution was required. So Hankook Tire began looking for a partner capable of providing the products, services and infrastructure necessary to meet its increasingly complex business requirements.
The Kaspersky Solution That partner was Kaspersky Lab, and five years later, Hankook Tire is proud to renew its successful and productive long-term relationship, describing Kaspersky’s anti-virus software as “the global standard”. Hankook Tire selected Kaspersky’s multi-layered, fully integrated IT security solution, citing its ability to provide robust protection both within and outside the company’s corporate boundaries. The solution combines powerful endpoint controls with security for worksta-
KIM HUI JEONG, HANKOOK TIRE’S EMFRONTIER TECHNOLOGY TEAM.
“We selected Kaspersky both for the quality of its products and for their excellent service record. There’s no doubt that Kaspersky’s anti-virus software is the global standard, and the company’s central platform management console is very easy to use.”
28
OCTOBER 2015
CASE STUDY
HANKOOK TIRE GETS A GRIP ON IT SECURITY tions, along with file servers and provisions for rigorous mobile security. At its heart is Kaspersky’s market-leading, advanced anti-malware software, which constantly assesses threats and delivers automatic updates for a rapid response to new threats. There are separate web, device and applications controls and a centralised management platform which makes it easy to administer security tools across desktop, portable, mobile and virtual endpoints, providing advanced visibility and IT security control for managers.
IT security platform in Korea delivers benefits for global operations “A major attack could have severe consequences for Hankook Tire, with our entire
network potentially being infected, so it is vital that we have robust protection for our network, files, mail and devices,” explains Kim Hui Jeong of Hankook Tire’s emFrontier Technology team. “We selected Kaspersky both for the quality of its products and for their excellent service record. There’s no doubt that Kaspersky’s anti-virus software is the global standard, and the company’s central platform management console is very easy to use. “In addition we receive in-depth quarterly inspections by Kaspersky technical engineers who check the status of entire network, review policies, and investigate error logs to see if there are any underlying problems. “Hankook Tire also benefits globally from these
maintenance inspections carried out in Korea, as they often result in recommendations for actions in other countries too. For example, identifying and dealing with malware that originates in South East Asia can also prevent those programs from having a negative effect on our company’s activities elsewhere in the world.” “We particularly appreciate Kaspersky’s hacking sensing and deletion as well as its worm-blocking capabilities. We always have ready access to help and advice from Kaspersky’s experts, and that makes our job much easier. “We’ve been working with Kaspersky for a long time now. We see them as our partners, so communication between our two organizations is open and supportive. We fully trust them to protect us and our interests.”
OCTOBER 2015
29
CASE STUDY
“F-SECURE INCREASES EMPLOYEE PRODUCTIVITY AT INDIA GLYCOLS BY MORE THAN 20%”
OVERVIEW Company: India Glycols Limited Industry: Manufacturing Country / Region: Noida, India Branch Offices: Multiple locations across country Employees using IT (across different operating systems): 650+
Headquartered in the Indian city of Noida, India Glycols (IGL) manufactures green technology based bulk specialty and performance chemicals, as well as natural gums, spirits, industrial gases, sugars, and nutraceuticals. These products are manufactured in compliance with stringent global standards that govern plant operations – including product quality and employee safety, and all facilities have been certified by international agencies (such as Det Norske Veritas). The operations at all plants are closely monitored through distributed control systems (DCS), which facilitate a high degree of control over the quality of products.
Manufacturing is process-driven and employee-centric, and demands high levels of efficiency and productivity. Keeping in sync with global standards demands that all key processes at IGL are enabled and structured through information technology (IT), and according to IGL CIO AtulGovil, comprehensive security acts as the fulcrum for a robust IT roadmap.
Background The best quality products are manufactured in accordance with compliance standards that include traceability, which require operations to run through an automated IT
infrastructure that maintains employee productivity. IGL has deployed state of the art technology to fast-track the planning, execution, and overall performance of tracking processes, as well as minimize manual efforts and eliminate overlapping workflows. For key business transactions, IGL uses best-in-class ERP software. They also use business intelligence tools that facilitate fact-based decision-making, and a portal that allows the different business levels to communicate seamlessly with one another. And according to Govil, securing confidential data (as required by industry compliance standards and government regulations) is a
ATUL GOVIL, CIO, INDIA GLYCOLS LTD.
“Besides the corporate network becoming more secure, the key visible metrics were an approx. 40 % reduction in inci dents of hard disk formats, and an approx. 15 % reduction on calls landing on the IT help desk. Virus related issues were reduced by 50% after installing F-Secure’s solution.”
30
OCTOBER 2015
CASE STUDY
key IT requirement. “Security is of paramount importance for any organization, and a good, proven security technology acts as a fundamental catalyst. To establish a business edge through competitive advantages and brand loyalty, data and related transactions have to be secure and confidential at all times. Security cannot be compromised at any point,” said Govil. Established as a single mono-ethylene glycol plant in 1983, IGL has brought together cuttingedge technology, innovation and an unflagging commitment to quality, to manufacture a wide range of products that have found global demand. IGL’s state-of-the-art, integrated facilities manufacture chemicals including glycols, ethoxylates, glycol ethers and acetates, and various performance chemicals. These products are manufactured in compliance with stringent global standards of plant operations, quality and safety. The company’s facilities have been approved and certified by international agencies including Det Norske Veritas (DNV). The operations at all plants are closely monitored through distributed control systems (DCS), which facilitate a high degree of control over the quality of products.
Overcoming Pain Points In 2014, IGL needed to upgrade security across their multi-location corporate network. Their existing security solution was weak in several key areas, such as policy management and software updating. “There were no automatic updates. Employee productivity was a serious concern, as most of the IT team’s time was spent on patch management, formatting hard disks, and other manual activities with the existing software,” said Govil. Their security had additional shortcomings that needed to be addressed, such as support for the latest platforms (including Windows 8 and other operating systems running the ERP package), protection against emerging threats, and browsing protection for enhanced security against malicious sites. But according to Govil, the most important consideration was that the new security solution had to be future-proof to ensure it was able to absorb new SMAC trends. Choosing F-Secure IGL needed a solution that provided strong
SOLUTION
F-Secure Business Suite Premium
PROJECT TIME
45 Days
BENEFITS n Reduction in the number of hard disk formatting incidents by a significant 40% n Virus related issues reduced by 50% n Minimized IT staff time dedicated to endpoint security enhanced employee productivity by over 20% n Improved browsing protection for augmented security against malicious sites n Unique, automatic deployment of security updates with the possibility of exclusions and manual deployment n Installation of missing updates and patch management (not just for Windows, but also third party products) n Integrated management (no separate infrastructure needed)
security while having a minimal impact on performance. Email and web traffic scanning, as well as centralized management, were important security requirements. It also had to be easy to set-up and maintain. F-Secure was relatively new to the end-user business in India, so IGL studied the references of F-Secure’s global clients, and their success rate in the B2B space. “F-Secure did not have many Indian clients for references. We looked at the solution for its credibility, ruggedness and after sales support. And F-Secure truly fit the bill,” said Govil. F-Secure was selected as IGL’s new security vendor after a detailed comparison of various products. Key differentiators included F-Secure’s ease of use and cost-effectiveness. According to Govil, these benefits are significant considerations for Indian companies. He highlighted the automatic updates as a specific clincher, as solutions need to be complete packages and account for the different aspects of patch management, software alerts, and other automated protective measures. Implementation through a Trusted Partner Aarna Global Infotech provided implementation support, and was involved throughout the
whole project. They offered support and guidance, and Govil said they were able to provide detailed insights on F-Secure’s unique features, adding additional value to the solution. Both F-Secure and Aarna Global Infotech were keen to be associated with a successful project in India, and took an aggressive approach toward the endeavor. Pilot testing was used to validate the solution’s features and on-site functionality, and in the second half of 2014, IGL became an F-Secure customer using F-Secure Business Suite Premium.
Multiple Benefits IGL experienced immediate benefits after implementing F-Secure (with all the components of Business Suite being used for endpoint and server security). One key improvement was in the protection of physical servers, desktops and laptops. According to Govil, the automatic deployment of security updates (with the possibility of exclusions and manual deployment) greatly reduced the amount of time the IT staff had to dedicate to maintaining endpoint security. “The solution offers installation of missing updates. Patch management for both Windows
OCTOBER 2015
31
CASE STUDY
BUSINESS SUITE PREMIUM
and third party products is a real advantage. The solution offers integrated management, hence there is no need for a separate infrastructure.” There was an initial issue in pushing updates to the exchange server during deployment. But the issue was escalated, and the teams at both Aarna Global Infotech and F-Secure worked to rectify it quickly. There is now no need for manual updates as there are proactive alerts/product updates, and the security pack software ensures timely updates for both operating systems and applications. “This helps our IT team to dedicate their time to other projects. This is an indirect advantage of improved employee productivity across various departments to the tune of over 10–15%,” said Govil. Most applications in IGL are currently on-premise, and so F-Secure’s solution is now live for 650+ IGL users across multiple locations. However, Govil said the solutions have been validated
32
OCTOBER 2015
40%
REDUCTION IN INCIDENTS OF HARD DISK FORMATS
15%
REDUCTION ON IT HELP DESK CALLS
50%
REDUCTION IN VIRUS RELATED ISSUES
for future use on mobiles, smartphones and tablets. Buying technology is one thing, but deploying it successfully and within a project’s timeframe is vital. F-Secure and Aarna Global Infotech’s robust support framework enabled the successful and timely deployment of this enterprise-class security solution.
About the Partner
Supporting
Aarna Global Infotech deployed F-Secure’s solution at IGL, and played an important role through the decision-making and implementation process. According to Govil, they possessed detailed technical knowledge about IT security, and their Delhi-based team was prompt with extending support to IGL. He also said they were able to suggest additional tools and solutions to help IGL protect their network. India Glycols is a leading company that manufactures green technology based bulk, specialty, and performance chemicals, and
20% INCREASE IN EMPLOYEE PRODUCTIVITY
natural gums, spirits, industrial gases, sugars and nutraceuticals. Established as a single monoethylene glycol plant in 1983, IGL has brought together cutting-edge technology, innovation and an unflagging commitment to quality to manufacture a wide range of products that have found global demand. IGL’s state-of-the-art, integrated facilities manufacture chemicals including glycols, ethoxylates, glycol ethers and acetates, and various performance chemicals. These products are manufactured in compliance with stringent global standards of plant operations, quality, and safety. The company’s facilities have been approved and certified by international agencies including Det Norske Veritas (DNV). The operations at all plants are closely monitored through distributed control systems (DCS), which facilitate a high degree of control over the quality of products.
Business Situation
BUSINESS BENEFIT
India Glycols, on a rapid expansion spree, had a challenge with the existing security solution used by their multi-location users and branch offices. The solution had limited or non-existent software update capabilities and policy management. With no automatic updates, employee productivity was a serious concern as most of their IT team’s time was spent on providing product updates, patch management, and other manual activities to maintain the existing software. The growing number of hard disk issues and other related concerns with the security solution consumed lots of time and bandwidth at IGL. The IT team was spending too much time to keep the lights on with the earlier security solution. IGL wanted a sturdy security product that had proactive protection capabilities against emerging threats, and improved browsing protection for augmented security against malicious sites.
Date: NOV 6, 2015
MEET THE LEADERS’ UNDER ONE ROOF
Venue: HOTEL EROS, MANAGED BY HILTON, NEHRU PLACE
BOOK YOUR PARTICIPATION NOW! OFFICE: 6/103, Ground Floor, Kaushalya Park, New Delhi-110016, E-mail: info@smechannels.com, Phone: 91-11-41657670 / 46151993
Q& A
“DLP PROTECTS DATA ACROSS PRIVATE AND PUBLIC CLOUDS” As mobile is intrinsically woven into the fabric of enterprise, mobile security is less about protecting data and devices and more about protecting intellectual property, brand value, and customer trust. ADELE BEACHLEY Adele Beachley leads SOTI’s business and operations across Asia Pacific and India. Adele has 20 years of experience in telecoms, mobility, hardware and software services in enterprise and consumer sectors. Her career has seen her take on senior leadership roles in large multinational technology corporations all over the world, act as a strategist, negotiator, marketer and sales innovator. Holding a BA (Hons) Degree from the University of Salford, Adele is a multilingual, passionate, results focused and proactive leader with a strong track record in business development and partnerships, with a proven ability to market, grow and scale business, execute to plan, deliver positive solutions to complex problems and drive large corporate transformation projects.
What are the security trends seen in the global arena? With the evolution toward a mobilized enterprise, CIOs and IT organizations must ensure corporate security policies can accommodate the expansive mobile ecosystem – from form factors, to capabilities, operating systems, applications and communications protocols. As mobile is intrinsically woven into the fabric of enterprise, mobile security is less about protecting data and devices and more about protecting intellectual property, brand value, and customer trust.
How is security intelligence evolving in the market? Security intelligence is moving to the endpoint, which is both the main vector for attacks and the vehicle helping an attack to move around an orga-
34
OCTOBER 2015
nization via the Internet. Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. IT teams will be looking at devices—whether they’re PCs, tablets or smartphones—for indicators of compromise, and then enabling some form of incident response process. Businesses will deploy technologies to endpoints to prevent what they can. With billions more computing devices coming online every year, administrators face the challenge of making each comply with the security policies of their organizations. Application con-
“The technological precautions you take are only as strong as the people using them. Ensure that all features are being used and that the solutions you have deployed are functioning properly ...”
trol is also emerging as a key focus area with an emphasis on preventing malicious activity at the endpoint. As much as you may try to build user awareness of information security best practices, at some point someone’s going to click on something they shouldn’t so you need a way to be proactive about preventing such incidents from happening, especially on mobile devices.
Today, organizations are facing a hard job of adopting secure IT infrastructure to support an increasingly mobile workforce. What is your prescription for those companies? In addition to firewalls, data loss prevention, antivirus and other software and hardware protections, education is a crucial step. Employees need to be aware of how to protect themselves, their devices and the company’s data from common exploit tactics. Some of the largest hacks in
recent memory such as the Sony hack have been due to simple phishing techniques. The technological precautions you take are only as strong as the people using them. Ensure that all features are being used and that the solutions you have deployed are functioning properly in order to make sure your company and its data is protected.
What are the main drivers of enterprise mobility management market? The main driver of Enterprise Mobility Management (EMM) is a need to manage devices built across all mobile operating systems. As Original Equipment Manufacturers (OEMs) deliver purpose-built devices to market, the need to integrate those systems across multiple platforms presents unique challenges. By managing devices across a single interface, businesses can deploy devices nearly instantly and ensure that the devices are operating securely.
Now that customers’ data sit not only on devices but also on public networks, how vulnerable is cloud and all steps one should look at to keep the organization immune from threats? Data Loss Prevention is one of the key ways to protect data across private and “public” clouds as well as ensure that the data an employee creates or transfers secure. Businesses also need to proactively manage the security of the servers on which their data is stored. As companies scramble to find better ways to secure sensitive information, one of the key concepts to emerge is containerization—the separation of corporate mobile apps and data from personal files. Containerization has historically had its drawbacks, including security concerns and inefficient toggling between one’s personal and corporate accounts. However, a new and evolving breed of containerization—enabled via Enterprise Mobility Management—promises better security and ease of use. Essentially, companies are now switching to a “Managed App” model: Instead of having business and personal apps in separate workspaces, the container is all but invisible now, relegated to the background, creating a seamless user experience.
What are the trends which according to you will have an impact on EMM market? The continued evolution of Bring Your Own
Device (BYOD) and the implementation of purpose-built devices will be amongst the core trends we see in the coming future. Today’s workplace is evolving rapidly as employees require mobility at every touchpoint, whether it’s at corporate headquarters, out in the field or in a store, or behind the scenes in factories and warehouses. Controlling mobile capabilities is critical from the top floor to the shop floor. But this can be a daunting challenge as workers use disparate purpose-built devices, corporate-liable smartphones and tablets, and BYOD consumer devices running on various operating systems.
When it comes to bringing your products into the market how different is your approach from other competitors
“As companies scramble to find better ways to secure sensitive information, one of the key concepts to emerge is containerization—the separation of corporate mobile apps and data from personal files.”
in the market? Our customers are some of the biggest and most trusted corporations in the world, including the top OEMs, because we are committed to delivering the solutions that they need. We are continuously working with our customers, partners and prospective customers to develop and implement new security measures. We are able to deliver stable solutions that solve issues across multiple platforms through this integration as well as strengthen our close partnerships with original equipment manufacturers and systems integrators.
OCTOBER 2015
35
Q& A
“ESS PARTNER NETWORK HAS DOUBLED IN THE PAST ONE YEAR” After reaching out to many remote areas in North and East India ESS Distribution is now focusing on increasing its techno-commercial staff in all metro cities. Zakir Hussain, Head of ESS Distribution, official distributor of ESET products in India, talks more about the company.
ZAKIR HUSSAIN,
Head of ESS Distribution (official distributor of ESET products in India)
“We are also focusing on SOHO and SMB retail segments. Small business networks face the same threats as large enterprise networks, but they have very limited budgets for IT expenditures.”
Brief about your company? ESS Distribution Pvt Ltd is a software distributor focusing majorly on security and some other software products. Headquartered in Navi Mumbai, the company has pan-India presents through branch offices and representative in Delhi, Chennai, Bangalore, Kolkata, Ahmedabad and other major cities. ESS Distribution is the first and currently largest distributor of ESET products in India. ESET is a globally known European brand with 25-year old
36
OCTOBER 2015
history.
What are the competitive advantages of your products? ESET was ranked as 5th Largest Endpoint Security Vendor in 2013 and grew 23%, six times faster than the market average, according to IDC report titled ‘Worldwide Endpoint Security 2014-2018 Forecast and 2013 Vendor Shares’ from August 2014. As for advantages of security products promoted by ESS Distribution, in a B2B environment, the main focus is on saving administrators time and increasing their productivity and in consumer environment the focus is on allowing customers to enjoy a digital life with minimal interference with antivirus and other security products or disruption caused by threats. ESET products promoted by ESS Distribution offer the best balance between user experience and protection focus in the real-life usage of the products. Hence, the main four unique selling points are: l Faster and lower resource consumption (which leads to better performance). l Better detection/protection against known threats (which makes ESET products more effective than other solutions). l Better proactive detection (thanks to Advanced Heuristics, ESET LiveGrid technology) against unknown threats . l Better user experience (ESET is easy to use and has low false positives rate. It is simple and flexible solution for any user).
How do these products address various technology requirements of the market? Users in India are most vulnerable to malware spreading through Internet and storage devices, mostly USB flash drives, very often because of vulnerability in the operating system which is not patched or is not protected with up-to-date security software. In the latest version of ESET flagship products for consumer segment we have Removable Media control tool which is very demanded by the customers, according to the feedback from the market. We also see increasing in demand for mobile security software as threats for smartphones evolve rapidly. The number of threats for smartphones and tablets is growing and not only for Android platdorm, as it is believed, but even for Windows Mobile and iOS.
Spending on IT security is increasing at a gradual pace in India, especially in enterprise and SMB segment. More organizations are realizing the importance of securing their IT infrastructure with strong and comprehensive security solutions as the cyberthreats targeting enterprise sector have become more sophisticated with time. Our decades-long experience and industryleading expertise as well as extensive research among our current and future clients, help us deliver robust and unified business product portfolio. As cyber threats evolve constantly, ESET keeps investing in updating its technologies. Unlike conventional antivirus solutions that rely on up-to-date virus signatures alone, ESET uses two methods of detection (comparing known virus signatures plus using heuristics to anticipate new ones) instead of one. It helps ESET products detect and destroy threats that other products miss.
Who all are your major customers in the region? Corporate, government and educational segments account for about 60% of ESS Distribution business. In our corporate client portfolio we have has such brands as Southern Power Distribution Company of Andhra Pradesh Limited, BITS Pilani, S. A. Engineering College, Global Academy of Technology, KAL Puplications Pvt Ltd (Dinakaran), Century Communication Limited, Automotive Manufacturers Pvt Ltd, ICF (Integral Coach Factory), Kumaraguru College of Technology. Among our corporate clients are such known companies as Metro Shoes, and many others. We are also focusing on SOHO and SMB retail segments. Small business networks face the same threats as large enterprise networks, but they have very limited budgets for IT expenditures. Small companies might not have a system administrator sometimes, so it’s becoming really difficult to provide the efficient protection of company’s data. As for the consumer segment, our customers are regular and advanced user of PC who realize the importance of security and do not compromise on performance at the same time. While home, business and mobile users all have different needs, what they all share is a desire to live, work and play in a safer digital world, and our aim is to helpl them build an environment safe from digital threats.
Who all are your distributors and VADs? At present ESS Distribution has an established
network of over 200 direct channel partners for paper license business in SME, Enterprise, Government and Educational segments. In retail business it has six strong regional distributors each of them having vast channel network in its respective region. The total number of channel partners associated with ESS Distribution in India has reached almost 3000 up to date.
Tell us about your partner ecosystem and GTM strategy? ESS Distribution does 100% business through Channel Partners. The company has appointed distributors for retail offerings and system integrators and VAR’s for business and enterprise solutions. In general, the company divides India into four major regions - North, East, West & South appointing at least one major T1 partner appointment followed by multiple T2 & T3 partners. ESS Distribution has separate city and state distribution policies for region. ESS partner network has doubled within past one year that helped us to reach out to many remote areas in North and East India where we did not have a strong presence before. ESS Distribution is now focusing on increasing its techno-commercial staff in all metro cities to be able assist its channel partners in POC, negotiations, special prices & product deployment. We believe the channel community has to look seriously towards security segment paying attention not only to optimistic growth projections but to quality of services and the value additions required to cater this market. Channel education is a very important factor for vendors and their partner to get the maximum benefits from growing market. Understanding of this necessity is driving ESS Distribution to select performing partners and train them to work with security solutions we offer and even help building security policies for their clients. ESS Distribution has a separate Market Development fund (MDF) that allows allocation of marketing funds to partners willing to conduct separate marketing activities, and we always encourage channel partners to do so. Since 2012, ESS Distribution has been successfully running various channel schemes offering partners exotic international locations and totally unique experiences. This year itself ESS Distribution provided its partners a tour to Amsterdam, Netherlands.
OCTOBER 2015
37
INDIA VS
INDIA VS THE WORLD
IN MALWARE INFECTION H2 2014 India No 1 Host Country of Botnet-related malware in Asia l India is the No. 1 contributor of Sality malware (Botnet related) in Asia l India is also in the Top 3 contributor of the Ramnit malware (botnet related) globally l In line with the recent Europol takedown (February 2015) of the Ramnit botnet infrastructure where 3 million computers were believed to be infected: India was on the top of the list. l Ramnit stole banking credentials, cookies and other kinds of personal information from the machines it infected, while it could also open backdoors and steal FTP credentials
Other notable infection include: l
38
India is in the Top 3 country of Autorun infection
OCTOBER 2015
globally l Autorun is a family of worms that spread mostly via infected removables and hard drives, and can perform harmful actions such as stealing data, installing backdoors and so on.
Downadup (Conficker) is the most detected malware in the 2H of 2014 in the world (37%) l
Over the past 3 years, Downadup infection has reduced in India l Due to the following reason: l Windows XP (EOL) end of life in April of 2014 l More users are moving to new platforms like Windows 8.1 and mobile platforms like Android l India performed well in 2014 with one of the lowest contributor of Downadup malware over the years within APAC countries.
INDIA IS THE NUMBER 1 SALITY MALWARE (BOTNET) CONTRIBUTOR IN ASIA IN H2 2014 SALITY INFECTION 2014 (GLOBALLY) TOP 10 COUNTRIES
Brazil 22%
Others 39%
India 14%
Morocco 2%
Turkey 9%
Romania 2%
Pakistan 3%
Colombia 2% Tunisia 2%
Egypt 2%
Poland 3%
RAMNIT IN INDIA RAMNIT INFECTION H2 2014 (GLOBALLY) TOP 10 COUNTRIES
Malaysia 23%
Others 36%
Turkey 9%
Brazil 2%
India 8% Italy 3%
Indonesia 5%
Philippines 3% United Kingdom 3%
Tunisia 4%
Pakistan 4%
OCTOBER 2015
39
NNR IT
BEST PRACTICES FOR CYBER SECURITY: BY NNR IT 1
Monitor Applications with Access to Data
In spite of the fact that Applications help your business to expand the efficiency they can put your touchy information at danger. Ensuring discriminating data, generally includes setting up firewalls and building your foundation around the information you need to secure. At that point you give applications access to this information. At the point when hackers hope to take your information, they won’t attempt to pound their way through your firewall, they’ll search for the minimum secure framework with access to the information they require.
2
Create Specific Access Controls
It is always great to create specific access controls for your users so that they can have the access to only the systems they need to complete their task. It will help you to limit your sensitive data’s exposure.
3
Collect Detailed Logs
Always collect detailed logs and report data to track what goes on in your system. It will help you for security & troubleshoot-
40
OCTOBER 2015
ing purposes. This is especially the case for applications that don’t have internal logging. Add tools that can log the activities of these applications so that you will be able to plug any security holes those applications may create.
4
Maintain Security Patches
Cyber – criminals are constantly updating & inventing new techniques and constantly looking for new vulnerabilities. To keep your network protected, make sure your software and hardware security is up to date with any new antimalware signatures or patches.
5
Beware of Social Engineering
All of the technical IT security you implement can’t take the place of common sense and human error. Social engineering tactics have been used successfully for decades to gain login information and access to encrypted files. Rogers Communications recently faced a major breach when a hacker called an employee pretending to be the IT department and was able to get the employee’s log-in information. Attempts like this one may come from phone, email or other communication with your users.
6
Educate and Train Your Users
No matter how gifted, your users will always be your weakest link when it comes to information security. It is always good to educate your users on cyber security best practices. This training should include how to recognize a phishing email, how to create strong passwords, avoiding dangerous applications, taking information out of the company, and any other relevant user security risks.
7
Outline Clear Use Policies for New Employees and Vendors To strengthen and clarify the education you give your users, you should clearly outline the requirements and expectations your company has in regards to IT security when you first hire them. Include Security requirements in employment contracts and SLAs sections.
8
User Activity Monitoring
Trust but verify. While well trained users can be your security front line, you still need technology as your last line of defense. User activity monitoring allows you
to monitor users to verify that their actions meet good security practices. If a malicious outsider gains access to their log-in information – or if an insider chooses to take advantage of their system access – you will be immediately notified of the suspicious activity.
9
Create a Data Breach Response Plan
No matter how well you follow these best practices, you might get breached. In fact, nearly half of organizations suffered a security incident in the past year. If you do, having a response plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the breach can do.
10
Maintain Compliance
Hopefully these best practices are a useful guideline for keeping your business safe, but you do have another set of guidelines available to you. Regulations like HIPAA, PCI DSS and ISO offer standards for how your business should conduct its security. More than a hassle which you need to prepare audit logs for, compliance can help guide your business.
SYMANTEC
SECURITY BEST PRACTICES: BY SYMANTEC Why best practices? The Indian technology landscape is witnessing a dynamic shift with the influx of digitization, mobility and Internet of Things. Cyber attackers are leap-frogging defenses in ways companies lack insight to anticipate. The corporate world is also encountering a dramatic change with most of the offices going paperless and the increasing dependence on technology. With this increasing complexity, cybercriminals are constantly discovering newer ways to gain access to rich corporate data. Today, cybersecurity is no longer an issue that concerns only IT and security professionals, but is also an important topic for boardroom discussions. At Symantec, we believe
it’s time to go on the offensive, leveraging the next generation of both threat and information protection technologies to fight increasingly sophisticated adversaries. This aggressive and offensive posture would entail - keeping adversaries out; protecting the valuable information that’s inside; continuously gathering and applying intelligence to gain advantage; and providing comprehensive incident response and forensic support if a breach does occur. Thus, it is important for enterprises to partner with forward looking security companies who possess the proven expertise and a unified security strategy which is designed to simplify the company’s lives and increase their security
efficacy.
Caveats Today’s attackers are skilled enough and sufficiently resourced to have the persistence and patience to carry out their espionage activities over a period of months or even years. They have only to be successful once in order to breach their targets’ defenses. Symantec has observed that advanced attackers are using stolen email accounts from one corporate victim to spear-phish their next corporate victim. Businesses, today, are facing challenges as they lack in the desired holistic IT security practices and technologies to deal with the new set of threats. The understanding of the
CIOs and CXOs as to how security can be built into their IT practices to effectively manage the ecosystem is also limited in many cases. Unintentional causes, such as employees losing devices or accidentally exposing critical data, are still the most common causes of security breaches. Another challenge faced by organizations is of overworked and understaffed security teams that have so far been stitching together “good enough” security point products that were originally not designed to work together. Not only do these practices make an organization more vulnerable to breaches, but it also increases operational complexities- indicating a need to engage in unified security.
BEST PRACTICES For Businesses:
1
Don’t get caught flatfooted: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
2
Employ a strong security posture: Implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies. Partner with a managed security service provider to extend your IT team.
3
Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crisis.
4
Provide ongoing education and training: Establish guidelines and company policies and procedures for protecting sensitive data on personal and corporate devices. Regularly assess internal investiga-
tion teams—and run practice drills—to ensure you have the skills necessary to combat cyber threats.
For Consumers:
1
Use strong passwords: This cannot be emphasized enough. Use strong and unique passwords for your accounts and devices, and update them on a regular basis— ideally every three months. Never use the same password for multiple accounts.
2
Be cautious on social media: Don’t
click links in unsolicited email or social media messages, particularly from unknown sources. Scammers know people are more likely to click on links from their friends, so they compromise accounts to send malicious links to the account owner’s contacts.
3
Know what you are sharing: When installing a networkconnected device, such as a home router or thermostat, or downloading a new app, review the permissions to see what data you’re giving up. Disable remote access when not needed
OCTOBER 2015
41
NEWS IT Security: Are we leaving the main door open?
Mark Hickman, COO, WinMagic
WinMagic, a data security company, organised a roundtable on IT Security: ‘Are we leaving the main door open’. The Round Table was chaired by Mark Hickman, Chief Operating Officer, Winmagic and Vipin Kumar, Group CIO, Escorts.
The discussion was an effort towards understanding enterprise security landscape in India from CIO’s and security services provider perspective and centred on latest security trends both globally and in India. Various key trends pertaining to adoption of security
solutions in different areas like cloud, BYOD, Internet of Things (IOT) and IT security scenario in India were discussed. During the discussion, Mark Hickman, COO, WinMagic, stated, “Globally, the trend that has evolved over the years has been of adoption of cloud solutions for most businesses. The coming years will see the notion of security being a secure platform − rather than a series of point products or devices on the network – gaining traction. The expectation on security professionals will be to deliver a secure platform that allows the business to confidently run multiple applications, in a secure environment. He further added, “We will be happy to partner with Government of India for their various programs including Digital India.” Vipin Kumar, Group CIO, Escorts Ltd., commented, “CIOs always are interested to choose best of breed solutions to secure data for their organization. As a CIO I also foresee the key trend in the coming few years will see a shift towards cloud solution, be it private, public or hybrid. ”
Norton Security Launched in India In a move to streamline multiple core offerings into one flagship subscription service, Symantec has launched Norton Security in India. The new service is an advanced, multi-layered protection solution that helps shield consumers from sophisticated and evolving threats across all
42
OCTOBER 2015
platforms. Norton Security Premium is also available with secure PC cloud backup to provide extra protection against ransomware attacks and help ensure photos, address books and important files don’t get lost. Ritesh Chopra, Country
Manager, India, Norton by Symantec, said, “The changes we’re making to Norton are designed to keep us one step ahead of the cybercriminals and help keep information safe without sacrificing the performance of smartphones, tablets or laptops,” Chopra added.
Kaspersky Lab Discusses Business Strategy at Partner Pitshop Kaspersky Lab along with eCaps, National Distributor for enterprise products, successfully concluded Partners meet last week at Hotel Pearl Palace, Cochin, to discuss about their future business strategies with a focus to develop market in emerging geographies, for its rich and wide suit of offerings. Over 20+ partner companies attended this event with 40 participants. The objective was to make the technical team comfortable before taking the solution to market through the business team. The key solutions focused were Kaspersky Endpoint Security for Business (KESB) including Systems Management, Encryption, and Security for Mail Server & Security for Virtualization along with the implementation guidance for Kaspersky licensing policy. Explaining their strategy, Altaf Halde, MD- South Asia, Kaspersky Lab, said, “Kaspersky Lab will focus on an extensive range of services to provide end-to-end solution specifically suited to meet the needs of the particular segment especially larger enterprise clients, having 1000+ nodes, as we now have an excellent Endpoint product – KESB, which has taken us up a few notches higher in the Leader’s quadrant besides IDC and Forrester also naming us the top 3 Global Leaders in the endpoint market. Our ultimate focus is to expand the reach of our products by increasing our channel base.”
Armin Van Buuren Tops The Most Dangerous Cyber Celebrity: Intel Electronic Dance Music (EDM) DJ Armin van Buuren replaces comedian and talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online. For the ninth year in a row, Intel Security researched popular culture’s most famous people to reveal which of them generates
the most dangerous search results.
The Intel Security Most Dangerous Celebrities study revealed that searches for certain musicians and comedians tend to expose Internet searchers to more possible viruses and malware. Armin van Buuren is the first DJ and the third male, following Brad Pitt in 2008 and Jimmy Kimmel in 2014, to find his way to the No.
PerfectCloud Launches Cloud Security Solutions PerfectCloud, a provider of enterprise, cloud and mobile security solutions, has launched its security and privacy service offerings in India. It provides a range of services from enterprise-class cloud and mobile security solutions specializing in Identity Management, Security of IoT to data lifecycle encryption, guaranteeing complete security and privacy. MayukhGon, CEO, PerfectCloud, said, “Today, almost 53% of organizations in India indicate they are using Cloud Services, with
another 43% indicating plans to begin using cloud services in the next 12 months.” “While cloud computing has opened up many new opportunities, it also presents a number of new security risks to company information. In fact, security has been identified as the most important concern for Cloud adoption,” he added. PerfectCloud has introduced two integrated products in the Indian market – SmartSignin and SmartCryptor.
InstaSafe Gets CAN’s Backing CIO Angel Network (CAN) has made an undisclosed investment in Bangalore-based InstaSafe, a Cloud based Security solutions provider that helps mobile & remote workers securely access enterprise apps, email and web on a SaaS model. CIO Angel Network (CAN) has initiated this deal and co-invested with Indian Angel Network (IAN) in this round. Founded by Sandip Kumar Panda, Biju George, Prashanth Guruswamy & Deepak Panigrahy in Nov 2012, InstaSafe has built a cross functional team with deep business & technical domain expertise. Prior to founding InstaSafe, Sandip was with Blue Coat Systems, leading India & SAARC markets. He has also worked with Symantec & WeP (Wipro) where he led product businesses and multiple cross functional leadership roles.
1 spot (moving up from No. 2 in 2014). Usher takes the No. 3 spot between Luke Bryan at No. 2 and Britney Spears at No. 4. Rounding out the top 10 are Amy Schumer (No. 7), Betty White (No. 8), Lorde (No. 9) and Nina Dobrev (No. 10). Seven of the top 10 are musical artists, ranging from EDM artists to country, hip hop and pop.
Fortinet’s New WAFs to Prevent Identity Theft
Fortinet launched its new FortiWeb 4000E and 3000E Web Application Firewalls (WAFs), designed to help customers prevent identity theft, financial fraud and denial of service through specialized, layered application threat protection. FortiWeb appliances now offer advanced security services backed by FortiGuard Labs’ advanced threat intelligence, providing real-time threat protection at the application level. These new FortiWeb solutions are also integrated with Fortinet’s FortiSandbox and offer support for new enhancements in partnership with Acunetix’s advanced vulnerability scanning solutions. These new additions bolster Fortinet’s broad end-to-end cybersecurity platform that protects customer data at every possible entry point to the network.
Seqrite Unveils Upgraded MDM Seqrite, the Enterprise Security brand of a leading IT security solutions provider, has launched a new version of Seqrite Mobile Device Management (MDM). The MDM application enables enterprises to regulate and monitor
the growing workforce of smartphones and tablets that are used by enterprises all around the world today announced the press release. The new version of Seqrite MDM now has three new features which are aimed at boosting a network’s
monitoring capabilities and more. These features are Network Data Monitoring, Call/SMS Monitoring and Seqrite Launcher. Sanjay Katkar, CTO, added, “MDM technologies enable companies to not only secure the mobile
devices, but the data on them as well. Our MDM solution works on Android, iOS and Windows Phone, and these new features provide flexibility, user enablement and enhanced security.”
OCTOBER 2015
43
Research Warns Against the Web’s “Shadiest Neighborhoods” Blue Coat Systems has revealed new research for consumers and businesses that shows the TopLevel Domains (TLDs), or “neighborhoods,” most associated with suspicious websites. Among the key findings in the report are that more than 95 percent of websites in 10 different TLDs are rated as suspicious, with that percentage increasing to 100 percent for the top two highest ranking TLDs, .zip and .review. Blue Coat analyzed hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to create “The Web’s Shadiest Neighborhoods,” a new report that combines research with tips and tricks for Web users and enterprise security and IT departments looking to avoid viruses and other malicious activity. MOST COMMON MALICIOUS ACTIVITY
LESS COMMON MALICIOUS ACTIVITY
Spam
Malware
Scam
Botnet
Suspicious
Phishing
Potentially Unwanted Software (PUS)
Symantec Secures More Than 1 Billion IoT Devices Symantec announced it is securing more than one billion Internet of Things (IoT) devices, including everything from televisions and cars to smart meters and critical infrastructure. With IoT devices expected to number 25 billion by 2020, Symantec is leading the effort to protect consumers from hacks against their always-on, Internet connected devices. “As IoT innovation and adoption continues
to grow, so has the opportunity for new cyber security risks. This is the next frontier. In the automotive industry, hackers can literally steer the car and ‘hit the brakes’ from their keyboards,” said Shankar Somasundaram, Senior Director of IoT Security, Symantec. “Symantec is partnering with manufacturers in the automotive, industrial control, and semiconductor industries, in addition to our work in healthcare and retail markets.”
Kaspersky Lab’s Anti-Phishing Technology Appreciated The new version of Kaspersky Internet Security has received the highest Advanced+ award as a result of the anti-phishing technology test conducted by AV-Comparatives. The Kaspersky Lab solution did not produce a single false positive and successfully blocked 98% of phishing URLs, allowing it to stay well ahead of competitors.
44
OCTOBER 2015
The AV-Comparatives test assessed the anti-phishing protection offered by 10 security products from different vendors in a simulation that replicated typical web browsing conditions. During the testing, all products used default settings; to follow the links, Internet Explorer 11 with the disabled anti-phishing module was used to provide browser independent results.
WinMagic Partners with Bangalorebased Technobind WinMagic has partnered with Bangalore-based distributor Technobind. The partnership is intended to build visibility and increase reselling of its award winning product SecureDoc in India. The strategic partnership for WinMagic has been a key initiative in line with its company’s focus on innovation and investment, building up its partner ecosystem in India. It is expected to yield more benefits in terms of business growth for both the companies. WinMagic’s focus is on close cooperation and integration with partners and firmly implementing transparent and stable distributor partnerships across India. Commenting on the partnership, Rahul Kumar, Country Director & Manager, WinMagic India, stated, “Through this partnership we will be able to reach out to the large enterprise market in India to help protect their information assets. The synergies of the two organisations will help develop a credible channel relationship. We are delighted to partner with Technobind as one of our key distributors in India.”
Juniper Unveils New Security Solutions Juniper Networks unveiled advanced antimalware with zero-day threat protection from the cloud, redesigned security management and the latest firewalls for enterprise campus and branch networks, as part of its new Juniper Networks Unite architecture. The latest security solutions include Juniper Networks Sky Advanced Threat Prevention, Junos Space Security Director and Juniper Networks SRX Series Services Gateways to provide customers with the sophisticated threat protection, security management, automation and scale needed to defend against threats at any point in the network without hindering network performance. These advancements will deliver better visibility to the network through a simplified, intuitive management platform, as well as ensure pervasive, dynamic threat protection with intelligence from the cloud that is automatically distributed across SRX firewalls within the enterprise.
Gemalto’s Cloud-Based Encryption Solution Now On Azure Marketplace Gemalto released its SafeNet ProtectV solution on the Azure Marketplace. Gemalto’s SafeNet cloud-based encryption solution allows Azure customers to encrypt and protect their most sensitive data and applications in the cloud while maintaining compliance require-
ments and achieving high levels of data protection announced the press release. Todd Moore, VP (data encryption product management), Gemalto, said, “By working with Microsoft and a number of other cloud providers, we are making it simple for customers to deploy
a robust encryption framework, allowing them to move to the cloud with confidence and providing enhanced security without compromising convenience.” “ProtectV provides the audit controls and visibility to secure that confidence,” he added. “By adding companies like
PremiumAV Appoints SYS Com as Maharashtra RD In a strategic move to expand its partner network across India PremiumAV has appointed SYS Com as its regional dealer for Maharashtra region. The primary responsibility of SYS Com would be to generate and address the increasing demands of tier II and tier III cities in Maharashtra. PremiumAV further announced that Rajesh Patrike will be leading the team of SYS Com. SYS Com will be responsible for both sales and service zone of PremiumAV in Maharashtra.
Sanjay Garg, CEO, PremiumAV said, “We are glad to collaborate with SYS Com as our regional dealer for Maharashtra. It is one on the biggest business market to tap in and establish ourselves as one of the key market players there are huge chances of market opportunities in this State. We look forward for increased visibility of PremiumAV products in this region through SYS Com limited network. Our integration will shovel vibrant scope in upcoming market.”
Third DSCI Hyderabad Security Conference 2015 Concludes Recognized widely as an annual confluence of the security community from across Industry sectors to meet amidst the ever changing landscape of security, the Third Hyderabad Security Conference (HSC) 2015 was held on 11 September at Novotel & HICC Complex, Hyderabad. The conference theme, ‘Making sense of the threat landscape: Securing the Future’, ensured broad sectoral participation from Hyderabad and surrounding areas. On the occasion, Nandkumar Saravade, CEO, DSCI, said “Given the backdrop of ‘Digital India’ with its focus on empowerment, development, growth and governance, the Third Hyderabad Security Conference 2015 helped businesses realize the need for a focused, strategic and structured approach to security challenges, to generate a reassuring vision for the future.” “Information security continues to pose server problems to enterprises, as seen from cases reported to us. The solutions need to be at individual, enterprise and national levels. Cyber safety for young people needs special focus,” said C .V .Anand, IPS, commissioner of police in his special address.
Gemalto and its cloud-based data encryption solution, customers can benefit from a reliable technology that allows them to deliver new and innovative services to their end users,” said Nicole Herskowitz, Senior Director of Product Marketing, Microsoft Azure.
HP Releases Security Analytics Centered Solutions
HP is unveiling new solutions centered on security analytics and designed to help organizations shift from legacy security methods to a modern approach that focuses on protecting the interactions among users, applications and data to help protect enterprises’ most valuable assets. Organizations are inundated with security data on a daily basis and face the challenge of translating this data into meaningful insights to proactively manage threats that pose legitimate risk. With the growing volume and complexity of data, an intelligent security platform is critical – one that harnesses the power of world-class Security Information and Event Management (SIEM) capabilities for active monitoring with use-case driven security analytics that derive actionable intelligence. To help organizations automate the analysis of threat data, HP is introducing DNS Malware Analytics, a unique solution designed to identify infected hosts by inspecting an enterprise’s DNS traffic. Developed in partnership with HP Labs, and HP’s internal Cyber Defense Center, this clientless, algorithmic-driven service uncovers infected hosts without endpoint agents, helping customers to quickly detect high-risk threats, reduce data breach impact and enhance overall security posture.
OCTOBER 2015
45
TOP 20
CISOS 1
T Saravanan Chief Manager - IS Security & Compliance Hindustan Petroleum Corporation Ltd tsaravanan@hpcl.in 9820577747 Hyderabad
2
P N Sharma Chief Manager IS sharma_pn@indianoil.in Indianoil Corporation Ltd 9707211123 Guwahati
3
Satish Papnoi CTO Pathways Group of Schools satish.papnoi@pathways.in 9560172555 Gurgaon
4
Rajiv Malhotra Group CIO RSPL Ltd rajiv.malhotra@rspl.net.in 9910119160, Kanpur
5
Rahil Patel GM & CIO The Kalupur Commerical Co-op Bank rahilpatel@kalupurbank.com 7567020505 Ahmedabad
6
Jos Babu Vice President & CIO UAE Exchnage jose@uaeexchange.co.in 9847334264 Kochi
7
Anil Garg General Manager - Information Technology Dabur India Limited Gaziabad
8
Kinshuk K Hora Chief information officer GlaxoSmithKline, Dlf plaza tower Dlf phase - i Gurgaon
9
K. Balakrishnan Head - Information Technology Bata India Limited
46
OCTOBER 2015
Bata house 418/02 Gurgaon mahrauli road, Sector 17 Gurgaon Haryana 122002 India North 91 124 4120100 91 9910062809 Priya Narayanan Deputy General Manager Information Services Cairn India Ltd 3rd & 4th Floor, Vipul Plaza Sun City Sector 54 Gurgaon Haryana, 122002 India
10
Vikas Ojha Manager - Information Technology & Chief Information Security Officer Canon India Private Limited 2nd Floor, Tower A & B Cyber Greens DLF Phase III Gurgaon Haryana, 122002 India
11
12
Nandita Jain Mahajan Vice President - Information Security IBM Daksh Business Process Services Pvt. Ltd. 4th Floor, Tower-B, DLF Building No. 8 Phase II DLF Cyber City Gurgaon Haryana, 122002 India
13
Hemant Joshi Head Information Technology & Chief Information Security Officer Balkrishna Industries Limited , C/15, BKT House, Trade World, Kamala Mills Compound, Senapati Bapat Marg Lower Parel (West)Mumbai, Maharashtra 400013 India
14
Mangesh Shah Manager Systems Software Abu Dhabi Commercial Bank (ADCB) Rehmat Manzil 75-B Veer Nariman Road Churchgate Mumbai, Maharashtra, 400020 India
15
Rishi Jethva Executive - Information Security Aditya Birla Management Corporation Private Limited 3rd Floor, C Wing, Aditya Birla Centre S.K.Ahire Marg Worli Mumbai, Maharashtra, 400030 India AFL Private Limited AFL House, Lok Bharati Complex , Marol Maroshi Road Andheri (East) Mumbai, Maharashtra, 400059 India
16 17
Axis Bank Limited S.K.R.C. Prasad Chief Information Security Officer Bombay Dyeing Mills Compound, Pandurang Budhkar Marg, Worli, Mumbai, Maharashtra, 400025 India
18
Bank Of India Sameer J.Ratolikar Chief Information Security Officer C-5, Block G, Star House, Bandra - Kurla Complex, Bandra (East), Mumbai, Maharashtra, 400051 India
19
Bharat Bijlee Limited Vasudev Chief Security Officer 6th Floor, Electric Mansion, Appasaheb Marathe Marg, PrabhadeviMumbai, Maharashtra, 400025 India
20
Blue Star Infotech Limited Pawan Rai Security Consultant Prabhadevi Industiral Estate, Veer Savarkar Marg, Prabhadevi Mumba, Maharashtra, 400020 India