The way of business solutions www.insightssuccess.com November 2016
THE
10
Chalk Talk
FASTEST GROWING
Traits to Possess the Best Enterprise Security
SECURITY
Solution Provider Companies
Features
Editor’s Perspectives
Why Protecting Your Business from Cyber Attacks is no Longer Optional?
Network Security Threats & Solutions
Jack Zahran President
Pinkerton:
Perfect Partner for Risk Management Since 1850 Assured Motion For Any Vehicle
David Bruemmer
Technology and Network Convergence: Forging a Path to Smart Grid, Smart Cities and Internet of Things
Business Applications for Virtual and Mixed Reality
Jeff Carkhuff
Adam Sheppard
Since 1984
www.fossil.com
Editorial
D
igitalization has become a new frontier of customer experience for enterprises, and customer information/data is the most valuable asset of any company. There has been a massive increase in the volume of data generated from both webs and corporate operational systems in every enterprise. Cloud Services are bringing new waves of productivity growth and consumer surplus but also creating challenges related to data security.
Conventional Security Measures no Longer Adequate in the Era of Cloud
Usually, outsiders are restricted from getting access to Big Data environments by conventional security at the borders of a private network. But, with today’s advanced and sophisticated break-in strategies, perimeter security is no longer adequate. Malware like agent.btz and cryptolocker have proved the internet world that cyberattacks now no longer originate solely out of geeks’ dormitories and, as a result, organizations are now agreeing that defending their businesses requires them to extend beyond their virtual perimeters. However, with a motive to turn the tide, companies have started outsourcing IT security to dedicate managed security service vendors to help implement preventative measures. Utilizing tools and hardening firewalls would not suffice, but companies have to take steps beyond that. A comprehensive security risk analysis is essential to identify the risks to the network and apply an appropriate level of security according to the risk levels. Risk assessment allows companies to assess, determine and modify their overall security stance and to enable security, operations, organizational management to collaborate and view the entire organization from an attacker’s perspective. This helps to maintain a practicable equilibrium between security and required network access. Security experts also believe that well-established corporations need well-written security policies which assist in setting suitable prospects regarding the use and administration of corporate IT assets, set of rules established for employees and administrators and requirements installed for system and management which together ensures the security of an organization’s assets. After taking necessary measures, companies should attempt to discover loopholes in their network system and it's only possible with Network Security Audits and Vulnerability assessments which can help keep compliance programs on track.
Sugandha Sharma
Editor-in-Chief Pooja M. Bansal Senior Editor Ariana Lawrence Managing Editor Sugandha Sharma Co-Editors David Smith Vikram Suryawanshi Stephanie Andrews Abhijeet Parade Suhel Mashayak Visualiser David King Art & Design Director Victoria Co-designer Alex Noel Picture Editor Amol Kamble Art Editor Mahesh Suryawanshi Business Development Manager Mike Thomas Nick Adams Marketing Manager Chris Business Development Executive David, Peter, John, Brian Research Analyst Jennifer Circulation Manager Robert Database Management Steve Technology Consultant Vishal More sales@insightssuccess.com
November, 2016 Corporate Ofď€ ces: Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: Visit www.insightssuccess.com 6
Insights Success Media and Technology Pvt. Ltd. Ofď€ ce No. 513, 5th Floor, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: 020-69400110, 111, 112 Email: meera@insightssuccess.in For Subscription: Visit www.insightssuccess.in ,
Pinkerton:
Perfect Partner for Risk
Management Since 1850
8
Editor’s Perspectives
Network Security Threats & Solutions
24 Chalk Talk
Traits to Posses the Best Enterprise Security
Business Applications for Virtual and Mixed Reality
14 42 Features Why Protecting Your Business from Cyber Attacks is no Longer Optional?
32
CXO STANDPOINTS
Assured Motion For Any Vehicle
22
Technology and Network Convergence: Forging a Path to Smart Grid, Smart Cities and Internet of Things
34
BAI Security: Security Expertise that exceeds Client’s Expectations
Code Dx: A Software Vulnerability
18
Correlation and Management System
20
CodeSealer: Invisible end-to-end Web Security
28
MegaPath: Single Source for Cloud Communications and Managed Networks
Nanotech Security: Leader in Anti-Counterfeiting
30
with Advanced Authentication Products
38
Trianz: Execution Driven Security Firm
40
10
The Fastest Growing
Security Solution Provider Companies
Matter of IT Security The business IT panorama is increasingly getting disrupted due to the onslaught of Cloud, Data Science, AI, and IoT adoptions on both consumer and enterprise side. Hence, the talent community is keen on securing their career by moving to the Cloud and other latest techs to ensure their employability for a decade or even more. As more and more companies will embrace Cloud Technology, the number of connected IoT devices will multiply exponentially, and security issues will also be augmented. Hence, the security landscape is now changing because of the digital presence. Recent cyberattacks have demonstrated that more innovative hackers are adapting unique ways to evade security actions. Since invaders are rapidly improving their IT knowledge, organizations should focus on custom solutions and pre-emptive approaches that can protect their data and integrity. The importance and usefulness of the Security Industries have made us to shortlist “The 10 Fastest Growing Security Solution Provider Companies.” Our cover story ‘Pinkerton’, is one of the excellent global leader in Risk and Management Solution, global provider of corporate risk management services including security consulting and investigations, executive protection, employment screening, and protective intelligence. Jack Zahran, President of Pinkerton, is the person behind the success of the company. He has extensive experience in enterprise risk management; global operations, sales and marketing; global and national business and client development; mergers and acquisitions; and global finance and contract management. Under his leadership, Pinkerton has emerged as a leader in this very domain, providing a unique scalable blend of strategic and tactical solutions. It is always interesting to know the story behind every company. Insights Success Magazine, after an in-depth research and studies, has shortlisted; BAI Security: Security expertise that exceeds client’s expectations, Code Dx, Inc.: A software vulnerability correlation and management system, CodeSealer: Invisible end-to-end web security, Control Risks: A global risk consultancy, INFOWATCH: Leader in intellectual data protection solutions, MegaPath: Single source for cloud communications and managed networks, Nanotech Security: Leader in anti-counterfeiting with advanced authentication products, Pinkerton: Perfect partner for risk management since 1850, Trianz: Execution driven security firm, Votiro, Inc.: An intelligence-gathering and security organization. These are the companies that are on the forefront in recognizing their best security solutions with excellence while setting the industry standards. While flipping the pages of Insights Success Magazine, do not miss out ‘Traits to Possess the Best Enterprise Security, Why protecting Your Business from Cyber Attacks is no Longer Optional? and Network Security Threats & Solutions?’ from the Editorial Desk. Technology and Network Convergence: Forging a Path to Smart Grid, Smart Cities and Internet of Things, by Jeff Carkhuff, Business Applications for Virtual and Mixed Reality, by Adam Sheppard, and Assured Motion For Any Vehicle, by David Bruemmer from the Thought Leaders. Hope You all are ready to start off!
GRIP
That Truly Works.
+91-11-23311112-7 www.jktyre.com
Cover Story
Jack Zahran President
Pinkerton: Perfect Partner for Risk Management Since 1850
F
or corporate business leaders and decision makers, the terms risk management and strategy management could not be more different—and understanding those differences and their impact on business continuity is imperative for organizational success.
Threat x Probability x Business Impact = Risk Risk management involves focusing on identifying and preparing for potential threats and failures rather than opportunities and successes. Corporate risk takes into account threats facing an organization, which can range from natural disasters and health epidemics to cyber crime and economic uncertainty, and analyzes those threats in terms of their probability and overall business impact. Types of risk vary from business to business, but preparing a risk management plan involves a relatively conventional process: Threat x Probability x Business Impact = Risk. This equation can help an organization determine which risks exist that may impact business continuity and to what degree—and then create a plan to mitigate those risks moving forward so they have minimal impact on an organization’s ability to meet its objectives. By recognizing potential risks and creating strategies to minimize it, businesses are better prepared to prevent or overcome an incident should it occur. A risk management plan should detail the strategy for dealing with risks in business. It’s important to allocate some time, budget and resources for preparing a risk management plan and a business impact analysis. It will help meet legal responsibilities for providing a safe workplace and can reduce the likelihood of an incident negatively affecting the business. However, companies and firms often have a tendency to discount the future, and they’re hesitant to contribute time and capital now to avoid an unpredictable future problem that may or may not happen. Furthermore, mitigating risk typically entails dispersing resources and diversifying investments. For these reasons, most companies need a separate function or external help to handle corporate risk management strategy creation and execution, and, as the world’s leading provider of corporate risk management services, Pinkerton is just the agency to help organizations do just those. Pinkerton has more than 160 years of experience helping brands identify and manage risks that could potentially harm day-to-day operations. From investigative work to corporate risk consulting, Pinkerton prides itself on offering a wide variety
Cover Story
”
Every company is different, and security needs are always changing. Pinkerton tailors and adjusts its service to t what’s best for you. Options range from temporary personnel to full-time dedicated stafng
”
of services necessary to keep client operations safe. The company traces its roots to 1850 when Allan Pinkerton founded Pinkerton’s National Detective Agency. Throughout its rich history, Pinkerton created the forerunner to the U.S. Secret Service, hired America’s first woman detective, and has remained the industry leader in developing innovative security and risk management solutions for national and international corporations. With employees and offices around the world, the company has the resources to provide reliable and scalable protection for clients and their assets around the globe. The Leader Who is Steering a Clear Path to Success Jack Zahran, President of Pinkerton, has extensive experience in enterprise risk management; global operations, sales, and marketing; global and national business and client development; mergers and acquisitions; and global finance and contract management. Under his leadership, Pinkerton has emerged as a leader in this very domain, providing a unique scalable blend of
Pinkerton offers national and global organizations a vast selection of reliable risk management services, including: Employment Screening: The company implements solutions that incorporate standardized best practices, which helps streamline workflow and maximize productivity throughout the entire employee lifecycle. Security Risk Management: Whether an organization functions in a single, multi-story environment or operates facilities in locations scattered around the world, Pinkerton can develop comprehensive safety and security plans filled with effective strategies and programs designed to protect every essential element of a business: employees, customers, supply chain, the physical environment and products.
”
strategic and tactical solutions. Jack says, “Every company is different, and security needs are always changing. Pinkerton tailors and adjusts its service to fit what’s best for you. Options range from temporary personnel to full-time dedicated staffing. Pinkerton’s dedicated professional solution embeds highly-experienced professionals in the client’s organization to deliver superior, reliable and timely risk mitigation.”
We make it easier to anticipate and react to events that occur nearly anywhere around the world
”
Cover Story intelligence so that clients can prepare for risks arising globally. Pinkerton Success Secret: Making Strategies to Serve Clients in the Best Way Pinkerton provides a uniquely holistic approach to risk management, where the firm designs and continually upgrades its services and solutions to protect all areas that pose a risk to a business and its operation, both inside and outside of the company. The company has expertise in virtually every facet of risk management. The firm utilizes a single point of contact model: just one call gives clients access to Pinkerton’s entire breadth of risk mitigation and risk management services. And, as client needs change, just one call is all a client needs to scale services—allowing Pinkerton to ensure it always delivers the most effective and efficient solution based on current or expected conditions.
Protective Security: Pinkerton’s highly skilled agents serve as trusted resources to protect high-visibility business executives and celebrities, including Fortune 100 CEOs and their workforces, famous entertainers, athletes, high-net-worth individuals, royal families and diplomats. The firm’s services range from providing one-time personal protection to developing long-term comprehensive personnel and asset protection programs. Response Services: No matter where in the world a company’s assets and people may be, Pinkerton can help maximize protection during any emergency situation. Pinkerton’s Response Services team can work with companies to prepare for – and respond to – any emergency situation. Intelligence Services: Pinkerton incorporates actionable intelligence into every aspect of their service offerings. As a result, the company delivers increased protection to clients’ personnel, operations and assets. Pinkerton’s Global Risk Group compiles, analyzes and disseminates critical, timely
No matter where in the world a company’s assets and people may be, Pinkerton can help maximize their protection during any emergency situation
”
Investigations: Pinkerton provides in-depth investigation services that can help mitigate internal employee issues, external risks, and branding and intellectual property protection.
Pinkerton’s proven 360-degree support model incorporates components essential to be successful in today’s ever-changing risk landscape. It starts with attracting and retaining industry-leading risk mitigation specialists through extensive screening and training. It then integrates access to best practices; extensive resources; global connectivity; benchmarking; and much more. This performance cycle ensures Pinkerton always provides outstanding service and delivers outstanding value to clients. Pinkerton gives clients access to rich, timely and actionable intelligence: agents have access to vital information from their global network of resources via cutting-edge technology, including threat monitoring, real-time alerting and GPS tracking. The ability for
”
“
Just one call gives clients access to Pinkerton’s entire breadth of risk mitigation and risk management services. And, as client needs change, just one call is all a client needs to scale services—allowing Pinkerton to ensure it always delivers the most effective and efcient solution based on current or expected conditions
“
Pinkerton agents to filter and respond to relevant information provides business leaders and decision-makers with an added level of Protective Intelligence that only Pinkerton can deliver. This actionable information allows them to make risk-mitigating decisions that are more timely and accurate. The company features an exclusive global resource network: dozens of offices and a myriad of partners around the world that can provide “boots on the ground” support nearly anywhere, anytime. Pinkerton agents understand the local laws, languages or customs of every country and region, enabling them to gather intelligence faster and deliver more effective solutions. By leveraging this global network of comprehensive knowledge and resources, Pinkerton can access vast amounts of detailed intelligence and provide clients more accurate and timely information and analysis.
“We make it easier to anticipate and react to events that occur nearly anywhere around the world,” says Jack.
Chalk Talk
Traits to Possess the Best Enterprise Security
T
he founders occasionally forget about implementing important fundamentals of security and start running after shining technology. The security budgets are limited, so they need to be sure about covering highest breach areas before moving onto other things. IBM reported that more than a billion personal data was stolen and leaked in 2014 alone, which made it the highest recorded number in the last 18 years. Criminals are always a step ahead of the existing security systems. So companies should have best strategies and practices for enterprise security.
direction of flow of data. The firewall keeps harmful files from breaching the network and compromising the assets. The traditional process for implementing firewalls is at the external perimeter of the network, but to include internal firewalls is the popular strategy. This is one of the best practices of companies by making it the second line of defense to keep unwanted and suspicious traffic away.
So how do we ensure to have the best security systems? It all has to do with having a solid foundation, which starts with these basic practices.
Securing Router Routers are mainly used to control the flow of the network traffic. But routers do have security features too. Modern routers are full of security features like IDS/IPS functionality, quality service and traffic management tools and strong VPN data encryption features. But very few people use IPS features and firewall functions in their routers. To have improved security posture companies need to use all the security features of routers.
Strong Firewalls Firewalls are the first line of defense for any enterprise. It basically controls the flow of the data and decides the
Secured Email It is highly common to receive emails from the suspicious sources. The email is the main target for the criminals. An
14
November 2016
Chalk Talk
86 percent of the emails in the world are spam. Even if the latest filters are able to remove most of the spam emails, companies should keep updating the current protocols. If the no, of spam emails are large, then it only means the company is at greater risk of getting malware. Updating Programs To make sure your computer patched and updated is a necessary step if you are going towards fully protected enterprise. If you can’t maintain it right, then updating already installed applications is an important step in enterprise security. No one can create 100 percent perfect applications, but one can make changes accordingly trying to keep it with the pace. Thus, making sure your application is update will let you know the holes programmer has fixed.
that are fixed, laptops and mobiles are portable and thus are at higher risk of being stolen. Making sure you have taken some extra steps to secure laptops and mobiles is as important as implementing strong firewalls. Encrypting laptops and mobiles with the help of softwares is a great tactic to be followed for secured enterprises. Wireless WPA2 This is the most obvious feature of all. If companies aren’t using WPA2 wireless security, then they need to start using it. Many methods of wireless security are insecure and can be compromised in minutes. If companies have wireless WPA2 installed, then it will be difficult to breach for criminals.
Web Security Verizon Data Breach Investigations Report stated that the attacks against web applications in the recent years Securing Laptops and Mobiles have increased at an alarming rate, You may wonder that why securing laptops and mobiles is in the list. But it with over 51 percent of the victims. is true that securing laptops and mobile Simple URL filtering is no longer sufficient, as attacks are becoming phones that contain sensitive data of enterprises. Unlike desktop computers more frequent and complex. The November 2016
features that need to be considered for web security systems are AV Scanning, IP reputation, Malware Scanning, and data leakage prevention function. A web security should have the ability to correctly scan the web traffic. Educating Employees Making sure that employees are educated about safe and online habits is as crucial as securing enterprise with top class anti virus and firewalls. Educating employees about what they are doing and how to be pre-defensive is more effective than expecting IT security staff to take steps later. Because protecting end users against themselves is the most difficult thing to do. So, employees must understand how important it is to keep company’s data safe and the measures they can take to protect it. While the world is approaching with more and more cyber theft and crimes, these simple and standard tools based foundation of enterprise security can protect the companies from such attacks.
15
MAGAZINE SUBSCRIPTION FORM Global Subscription 1 Year
(12 Issues)
$250.00
6 Months
(06 Issues)
$130.00
3 Months
(03 Issues)
$70.00
1 Month
(01 Issue)
$25.00
Date :
Name : Address :
City :
State :
Zip :
Country :
Check should be drawn in favour of : INSIGHTS
SUCCESS MEDIA TECH LLC
Corporate OfďŹ ce Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754, (302)-319-9947 Email: info@insightssuccess.com For Subscription: Visit www.insightssuccess.com
10
The Fastest Growing
Security Solution Provider Companies
Company Name
Management
BAI Security baisecurity.net
Michael Bruck President & CTO
Code Dx, Inc. codedx.com
Anita D’Amico CEO
Code Dx, Inc. is making software more secure by helping software developers, testers and security analysts find vulnerabilities before the attackers can exploit them.
CodeSealer A/S codesealer.com
Tonny Rabjerg CEO
CodeSealer provides protection against Man-in-the-Middle and Man-in-the-Browser, with its unique product WSF.
Control Risks controlrisks.com
JIM BROOKS CEO
Control Risks is an independent, global risk consultancy specialising in helping organisations manage political, integrity and security risks in complex and hostile environments.
INFOWATCH infowatch.com
Natalya Kaspersky President & Co-founder
InfoWatch is a European Software Company, leader In Intellectual Data Protection Solutions, have experience in implementing extremely complex solutions at the largest companies and in government agencies.
MegaPath megapath.com
D. Craig Young Chairman & CEO
MegaPath is a leading cloud communications and connectivity company offering a comprehensive portfolio of Voice, Unified Communications, Hosted IT, and secure data networking services that increase productivity and customer satisfaction, while lowering costs.
Doug Blakeway CEO
Nanotech is a leading innovator in the design and commercialization of advanced security products and devices, specialized in nano-optics using proprietary micro and nanostructures, along with best-in-class thin-film, to achieve the best and most beautiful authentication technologies in the world.
Pinkerton pinkerton.com
Jack Zahran President
Pinkerton offers organizations a range of corporate risk management services from security consulting and investigations to executive protection, employment screening and protective intelligence.
Trianz trianz.com
Chris Mullaney Practice Head Information Security
Trianz is a global professional services firm specializing in full life cycle execution leveraging Cloud, Analytics, Digitization & Security.
Votiro, Inc. votiro.com
Itay Glick CEO
Established in 2010 in Israel, Votiro was founded by a team of senior security experts with extensive experience in the public and private sectors of intelligence-gathering and security organizations.
Nanotech Security Corp. nanosecurity.ca
Brief BAI Security is a pure-play security auditing and compliance firm and is a trusted resource in the finance, insurance, healthcare, utility, and other key industries.
BAI Security:
Security Expertise that exceeds Client’s Expectations
C
yber security threats are increasingly putting sensitive data at risk for businesses both small and large and every business expert is aware of it. The need for effective security solution providers has been on the rise in recent years. While the security of data assets are at risk, the scope for security providers is increasing every day. BAI Security is one such security solution provider delivering assurance and confidence to clients that their data is protected by an in-house team of nationally recognized security and compliance experts. BAI Security is armed with innovative auditing and assessment tools that lead the industry. The company is consistently delivering flexible, consultative service, user-friendly reports and helpful communication that goes well beyond the audit. BAI Security: Providing Pure-Play Security Services BAI Security is a pure-play security auditing and compliance firm continuously focused on being the best, most innovative, cost-effective solution in the industry. It’s this focus combined with dedication to exceeding their client’s expectations that propels BAI Security as a leader in the field. Specializing in IT security and compliance, governance, risk, and auditing services BAI Security has developed a solid reputation for cost-effective, market-leading services for the banking & finance sector, as well as many other regulated industries. BAI Security offers a surfeit of services and they are as follows: Breach Risk Assessment The Breach Risk Assessment identifies potential weaknesses of the technology, policies/procedures, and/or
18
personnel that could lead to system compromise, and ultimately the data breach. The process to determine these weaknesses, often referred to as a “Red Team” approach, is an extension of core audit components, such as external penetration testing, email and phone-based social engineering, as well as in-person social engineering and physical access. However, the goal of the Breach Risk Assessment is to combine these threat vectors to penetrate the environment, compromise front-line systems, and use those systems as pivot points to compromise other, more sensitive, systems and their data. This provides the organization with a better understanding of their true security posture and their potential exposure to a targeted attack. IT Security Assessment The security posture of a company has never been static because new threats are discovered throughout existing systems daily. Whether bringing on a newly acquired organization, implementing a new application platform, launching a new virtual environment, adding computers to the network or even leaving systems “as is”, new vulnerabilities constantly present themselves. BAI Security’s IT Security Assessment options include Vulnerability Scanning & Penetration Testing, Social Engineering, Firewall, Wireless Network and Antivirus Protection Evaluations, Network Administrative and Facility Security Best Practice Evaluations, Endpoint Compromise and Rogue Device Detection Exercises, as well as other enhancement options. Controls Audit BAI Security’s Controls Audit verifies an organization’s existing controls against specific compliance standards. It has developed multiple controls testing methodologies based on industry standards, current and upcoming
November 2016
10
The Fastest Growing
Security Solution Provider Companies
“
Our mission and goals revolve around the customer experience
regulations, as well as industry bestpractices.
collect all types of sensitive data. Whether you need a single engagement or an annual plan with frequent testing and multiple social engineering scenarios, they can help you build a security conscious culture.
“
Michael Bruck President & CTO
organizations protect themselves from Cyber security threats while exceeding customers’ expectations.
Standing Apart From the Crowd with Unique Services The company stands apart from its competitors due to factors including Thorough audits, leading edge security Marvelous Behind the Success capabilities, quality executive summary Michael Bruck, President and CTO and technical reports, thorough and of BAI Security, since forming the easy to understand, competitively company in 2007, Michael has led BAI priced, in-house audit team of IT Security as a trusted partner to more security experts rather than Threat Radar than a thousand organizations in highly outsourcing work, strong Threat Radar is a 24/7 managed service regulated industries within the US communication with clients, flexible that can find malware in real-time; alone. A fledgling IT services firm service and helpful communication even malware that is undetectable by became Cybersecurity Solutions beyond the audit. traditional antivirus systems. It’s based innovator with more than 20 years of on a new behavioral approach and can IT, business development, and BAI Security has been a trusted dramatically reduce the detection time customer relationship expertise. resource in finance, healthcare, of malware, so a breach does not have Listening to the specific needs of insurance, utility, and other key time to occur. clients and combining that with industries, with over a thousand expertise in modern-day threats to customers in highly regulated Social Engineering develop industry-leading services industries. They want to ensure that As a nationally-recognized audit firm, exceeding those available in the organizations of all sizes, that are BAI provides one of the most robust marketplace today, has been the keenly serious about their security offerings in the industry. The company passion Michael has always followed. posture, have access to truly top-shelf has dozens of real-world scenarios Michael works directly with BAI’s audit and compliance services in the used in actual breach activity or client base and continues to look for most cost-effective manner possible. custom scenarios can be created to new ways for the firm to help
Compromise Assessment The company’s Compromise Assessment helps clients to determine what malicious code exists within the enterprise through a short-term deployment of highly-specialized, nonintrusive forensic software on all endpoints.
November 2016
19
Code Dx:
A Software Vulnerability Correlation and Management System
M
ost computer security incidents can be traced back to weaknesses in software that were inadvertently put there when the code was developed. Attackers can–and very often do–find and exploit such weaknesses as a means to attack organizations’ applications. Information security has focused primarily on network security and less on securing the software that resides on networks and poses risks. Numerous Application Security Testing (AST) tools help software developers and security analysts find vulnerabilities during all stages of the software development lifecycle, but many don’t use these tools until it’s too late. Code Dx Enterprise is a software vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple static application security testing (SAST) and dynamic application security testing (DAST) tools, as well as the results of manual code reviews. Code Dx addresses several obstacles to deploying secure software: the high cost of using multiple AST tools; combining and correlating the results of multiple tools into one format; and prioritizing vulnerabilities for easy remediation and reporting. Code Dx overcomes these obstacles by first providing an easy-to-use and affordable tool that automatically selects, configures and runs open-source software tools for the user’s specific code base. It also correlates and de-duplicates the results of multiple commercial and open-source static source code and DAST tools. Finally, it provides a vulnerability management solution that helps
20
prioritize vulnerabilities, assign them to developers for remediation and track the remediation process. Uniqueness of Code Dx Code Dx differentiates itself from its competitors on ease of use, lower cost, the number and types of static and dynamic testing tools supported, and seamless integration into software development environments. In the business of making software more secure, Code DX helps software developers, testers and security analysts find vulnerabilities before the attackers can exploit them. It provides easy and affordable application vulnerability correlation and management systems that enable users to search for and manage vulnerabilities in software. The award-winning Code Dx solution integrates the results of multiple static and DAST tools and manual reviews into a consolidated set of results for quick and easy triage, prioritization and remediation. By offering the hybrid combination of findings from static and dynamic application security testing, Code Dx provides users with broader vulnerability testing coverage to better identify those vulnerabilities which are easily accessible to an external attacker. Service with Satisfaction Code Dx addresses a number of issues across its diverse clientele. For those who are relatively new to application security, Code Dx offers support for understanding the output of the testing tools embedded within Code Dx. In fact, the company has been lauded by several customers for
November 2016
10
The Fastest Growing
Security Solution Provider Companies
“
Find, prioritize, and manage software vulnerabilities – fast and affordably
its excellent support. For the veterans of application security, it addresses their need for customization. For example, Code Dx can be used to prioritize vulnerabilities based on an organization’s unique perception of threats to their applications, incorporate the results of manual code reviews, and produce reports customized to each organization’s needs. Prime Mover of Code Dx Anita D’Amico, CEO of Code Dx, is a Ph.D. in psychology and a thought leader in the cyber security industry. Information Security Buzz credited her with being responsible for one of the top five product names in cyber security; she ‘ingeniously thought of a simple name for a complex topic – software vulnerability management.’ Anita has been in the cyber security industry for more than 20 years – starting as the head of Northrop Grumman’s first Information Warfare
November 2016
team. She is a human factors psychologist, a specialist in cyber security situational awareness and a security researcher. She is also a selfproclaimed ‘starter-upper.’ She develops a vision and fuels it with the energy, communication and leadership that is needed to make that vision a reality. Anita has done this repeatedly throughout her 35+ years in advanced technology and is currently doing it as CEO of Code Dx. In just under two years, Anita has taken Code Dx from a product idea to a successful company offering multiple solutions being used by organizations of all shapes and sizes to protect software from malicious attacks. Under her leadership, Code Dx has won multiple awards for its innovation. Valuable for Customer Top Code Dx customers include large financial institutions, health care systems, defense contractors, and state and federal government agencies. They
“
Anita D’Amico CEO
see Code Dx as a valuable addition to their existing investments in AST. Code Dx increases the value of its commercial tool chest with the addition of results from open-source tools. It also enables enterprises to augment their application security testing program by economically distributing AST tools to a broader audience of developers in their organization while maintaining commercial AST tools within their quality assurance and security analysis functions. With this seamless integration and use of open-source and commercial AST tools through Code Dx, security reviews are performed earlier and more frequently in the software development lifecycle, reducing the time to develop and secure production-ready software, and decreasing organizational application security risk. Finally, Code Dx’s ability to automatically correlate, consolidate and de-duplicate results from multiple AST tools saves weeks of time.
21
CXO Standpaoint
Assured Motion For Any Vehicle G
PS has been a boon for the world of transportation in general and for the robotics industry in particular. Despite this, robots have failed to permeate our world. They still lose track of where they are and as we see in the news both military and commercial drones fall out of the sky. After years of using robots to solve difficult, real world problems such as landmine detection, mapping out the hazardous chemicals and detecting radiation, 5D came to realize that reliable, useful behavior is dependent on accurate positioning. GPS lacks accuracy and doesn’t work indoors. For instance, GPS systems often still think you are on the highway, even after you take an exit. Vision and laser systems can be used to aid in localization and 5D has incorporated a great deal of those technologies to aid in navigation. Unfortunately, neither lasers nor cameras can see around corners and are easily disrupted by dust, rain, snow, and dynamic environments. This lack of reliability reduces value of mobile robots across the board and impacts hopes of more efficient, autonomous driving.
been proven for landmine detection, squad support missions and hazmat environments for both ground vehicles and drones in the military. Now we are bringing the technology into a variety of commercial environments starting with heavy equipment and moving towards intelligent transportation. The technology can go onto people, robots, drones, automotive systems and anything else you might want to track.
To address this problem, 5D created and patented a technology that provides reliable, centimeter level accuracy and reliable behavior in any environment. The 5D module embodies this technology, including an innovative Ultra-Wideband necessary to provide accurate position, orientation and behavior software for safety and autonomous navigation. The reliability and accuracy have
The second way to use the technology is as an absolute position reference where modules in the environment can be a GPS enhancement. In this model, applications designed around GPS can work as intended, but with much higher reliability and accuracy. With the 5D module it is possible to accurately judge follow distance and perform predictive braking. Within minutes, it is possible to add the
22
There are two complementary ways to use the 5D module. The first uses relative positioning to allow safe motion, obstacle avoidance, follow, wagon training and a host of vehicle to vehicle applications. In this relative frame of reference the modules link to each other without any dependence on GPS or a global reference frame and no modules are necessary in the infrastructure. Like neuronsin the brain, modules that support a particular function work together and specific clusters of modules can dedicate themselves to a particular function while still maintaining recursive awareness to a larger ecosystem.
November 2016
CXO Standpaoint
CXO Standpaoint
modules to just about any environment. We anticipate building modules into light fixtures, traffic lights and roadside equipment. We are already contracted to move the technology into a variety of heavy equipment applications for forklifts, scissor lifts and other equipment. The technology has the ability to impact construction, mining, logistics and energy sectors. In the burgeoning drone world, 5D has shown that we can replace or enhance existing GPS dependency, allowing drones to provide more accurate surveying, mapping and data collection for surveillance, security and inspection. One of the most exciting future opportunities is smart mobility applications. Beginning in closed environments like campuses and resorts, off-highway personal mobility systems can meet you wherever you need a lift and drive you on dedicated routes to your destination using existing paths. You never have to go somewhere to pick it up or drop it off. It just goes on to the next closest person who needs a lift. Across all these applications, the 5D modules provide a crosscutting, interoperable solution and help us create intelligent ecosystems where everything is safer and more efficient. The benefits extend not only to robotics, but also include big data analytics where the 5D modules provide the ability to collect and accurately position a variety of data. The precision of this data allows for both analysis and prediction at a level never before possible, allowing increased efficiency and awareness across countless applications.
November 2016
David Bruemmer CEO & Co-founder 5 D Robotics
23
Editor’s Perspectives
Network Security
Threats & Solutions
N
ovember 3, 1988, is considered as a turning point in the world of Internet. 25 Years ago a Cornell University graduate student created first computer worm on the Internet, “Morris Worm.” The Morris worm was not a destructive worm, but it permanently changed the culture of the Internet. Before Morris unleashed his worm, the Internet was like a small town where people thought little of leaving their doors unlocked. Internet security was seen as a mostly theoretical problem, and software vendors treated security flaws as a low priority. Today, there is a paradigm shift, Morris worm was motivated more by intellectual curiosity than malice, but it is not the case today. According to a 2015 Report, 71% of represented organizations experienced, at least, one successful cyber attack in the preceding 12 months (up from 62% the year prior). According to survey report, discloses that, among 5500 companies in 26 countries around the world, 90% of businesses admitted a security incident. Additionally, 46% of the firms lost sensitive data due to an internal or external security threat. On average enterprises pay US$551,000 to recover from a security breach. Small and Medium business spend 38K. Incidents involving the security failure of a third-party contractor, fraud by employees, cyber espionage, and network intrusion appear to be the most damaging for large enterprises, with average total losses significantly above other types of the security incident. Let’s Take a Look at Recurrent Security Threats TypesDenial of Service Attacks A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource
24
they would normally expect to have. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report. A standard approach is to overload the resource with illegitimate requests for service. Brute Force Attacks Brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any inventive techniques. Identity Spoofing IP spoofing, also known as IP address forgery. The hijacker obtains the IP address of a legitimate host and alters packet headers so that the regular host appears to be the source. An attacker might also use special programs to construct IP packets that seem to originate from valid addresses inside the corporate intranet. Browser Attacks Browser-based attacks target end users who are browsing the internet which in turn can spread in the whole enterprise network. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application. Malicious and compromised websites can also force malware onto visitors’ systems. SSL/TLS Attacks Transport layer security (TLS) ensures the integrity of data transmitted between two parties (server and client) and also provides strong authentication for both sides. SSL/TLS attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information. Secure Sockets Layer (SSL) attacks were more widespread in late 2014, but they remain November 2016
Editor’s Perspectives
prominent today, accounting for 6% of all network attacks analyzed. Network Security is an essential element in any organization’s network infrastructure. Companies are boosting their investments in proactive control and threat intelligence services, along with better wireless security, nextgeneration firewalls and increasingly advanced malware detection. The U.S. Federal Government has spent $100 billion on cyber security over the past decade, $14 billion budgeted for 2016. Increased use of technology helps enterprises to maintain the competitive edge, most businesses are required to employ IT security personnel full-time to ensure networks are shielded from the rapidly growing industry of cyber crime. Following are the methods used by security specialists to full proof enterprise network systemsPenetration Testing Penetration testing is a form of hacking which network security professionals use as a tool to test a network for any
25
vulnerabilities. During penetration testing IT professionals use the same methods that hackers use to exploit a network to identify network security breaches. Intrusion Detection Intrusion detection systems are capable of identifying suspicious activities or acts of unauthorized access over an enterprise network. The examination includes a malware scan, review of general network activity, system vulnerability check, illegal program check, file settings monitoring, and any other activities that are out of the ordinary. Network Access Control Network Access Controls are delivered using different methods to control network access by the end user. NACs offer a defined security policy which is supported by a network access server that provides the necessary access authentication and authorization. Network Security is a race against threats, and many organizations are a
part of this race to help enterprises to secure their network systems. Organizations like IBM, Symantec, Microsoft have created solutions to counter the global problem of network security threat. These cutting-edge products show genuine promise and are already being used by enlightened companies. Good Network Security Solutions Traits A real security solution should have four major characteristics; Detect Threats Targeted attacks are multi-faceted and specially designed to evade many point technologies attempting to identify and block them. Once they are inside, the only way to find these cyber threats is to understand the behavior of the individual attack components and use analytics to understand their relationships. Respond Continuously Today it is not important that an organization will be attacked, but November 2016
Chalk Talk
Editor’s Perspectives
important and more crucial is to identify when and how much they can limit the impact and contain their exposure. This means having the capability to respond quickly once the initial incident has been discovered. Prevent Attacks Malware is gettings quick-witted day by day. They utilize heuristics to change their code dynamically. A capable solution should have an adaptive architecture that evolves with the changing environment, and threats today's business faces. Integration Today’s threats have multiple facets, and a single software or solution is not sufficient. Protection system should have the capability to integrate with other security tools from different vendors to work together as a single protection system, acting as connective tissue for today’s disjointed cyber security infrastructure.
November 2016
Solutions In Market Like infectious diseases, cyber threats will never be eradicated entirely, but they can be better contained and understood, and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive security architecture to battle today’s cyber pathogens. IBM has developed a vast fleet of products, QRadar, X-Force Threat Intelligence, Trusteer Pinpoint Malware Detection, IBM Threat Protection System a dynamic, integrated system to meddle the lifecycle of advanced attacks and prevent loss. The IBM Threat Protection System integrates with 450 security tools from over 100 vendors acting as connective tissue for today’s disjointed cyber security infrastructure.
Threat Protection. Symantec ATP operates via a single console and works across endpoints, networks, and emails, integrating with Symantec Endpoint Protection (SEP), and Symantec Email Security cloud, which means organizations do not need to deploy any new endpoint agents. Symantec says, ATP is the only threat protection appliance that can work with all three sensors without requiring additional endpoint agents. With ATP, Symantec’s goal is to deliver end-to-end threat protection, prevention, detection, and response in a single pane of glass, offering more value to businesses than individual point products can provide. Symantec Advanced Threat Protection combines multiple layers of prevention, detection, and response.
Symantec is another major player in catering enterprise network security systems with Symantec Advanced
26
CodeSealer: Invisible end-to-end Web Security
I
n the last few years, the rise of mobility and cloud has changed the human interface with technology. All the data is being stored in the sky, and customers all over the world has acquired the technology as it facilitate their every single act. Anyone can share data in the air and authorized person at the other corner of the world can access it in moments. But the presence of data in the cloud also demands the invincible security. Customers expect the companies—who invent technology—to close the loopholes in their own technology and protect them, customers also expects the legislators—they choose to govern—to enforce new and stronger regulations for their protection, but still there is nothing like a story on front of a newspaper, something than can cause a severe disruption in the customer’s business. This forced the Companies to invest billions to protect their own customer’s data and infrastructure, behind the firewall, but only a few have successfully secured their customers and users in front of the firewall. The whole scenario of the web security can be hence summed into –“Customers Expects It, Regulators Enforce It, Press Loves It!” A Company Founded Exclusively to Enhance Web Security According to an authentic market research, about 20,000 new malware versions are introduced daily. 75% of all devices are stimulated infected, and more than 40% of all users have been attacked–often without realizing it. Cyber crime has today surpassed physical theft and while physical robbery may lead to arrest, cyber criminals ordinarily continue doing illegitimate acts sitting in a remote area and in countries where it becomes difficult to prosecute them. Knowing that “Physically, you can rob one bank at a time; but sitting on a computer, you can rob 100 million bank users,” cyber crime is at the zenith today.
28
Realizing the need of the era, Martin Boesgaard, a well-known name within the IT security industry, founded CodeSealer in 2011 with the sole motive of minimizing cyber attacks. CodeSealer: A Trusted Partner in Web Session Protection CodeSealer, an international company residing in Copenhagen, protects its customers against Man-in-the-Browser and Man-in-the-Middle attacks. Where other companies protect by installing software on the device, CodeSealer is completely invisible to the user and also protects against unknown malicious malware and on infected devices. While protection of the customers and their data is becoming increasingly important, only a few companies provide security against web attacks. That’s when CodeSealer becomes the perfect choice for the customers which provides completely invisible protection. CodeSealer today holds several patents and where other solutions use traditional solutions including signatures and blacklisting, CodeSealer is going another way and today have what has been identified as a unique solution. The solution is deployed on existing platforms and infrastructure, without any additional hardware, and upon deployment, all the users get immediately protected. Highly Acclaimed Products Today when many companies have spread out their focus, CodeSealer remain focused on protection of web usage. CodeSealer offers two products providing full support against web attacks. Their product consists of a built-in and dynamic
November 2016
10
The Fastest Growing
Security Solution Provider Companies
“
We detect and prevent advanced attacks in online channels, Secure online banking, public & corporate institutions, and Online Session Security
boot-loader, which ensures the session and handling by running obfuscated JavaScript, setting up session keys and their own encryption all the way into the JavaScript engine at the client. The Bootloader was first sold more than 3 years ago and today process more than 30 million transactions per day, as part of a sector wide solution. The browser is protected by encapsulating the client and constantly monitoring illegal changes, using integrity checks. If an attack is seen CodeSealer aborts the session and provides notification to the company. CodeSealer’s solution has a built-in dashboard, but the flexible solution also allows integration to the companies existing SEIM solutions. Tonny Rabjerg: Highly Motivated Leader with Vast Experience Tonny Rabjerg, CEO of CodeSealer has a broad international leadership experience within IT. Working for more than 30 years with application development and operation within
November 2016
companies such as SAS, Amadeus, Star Alliance and Danske Bank, he has a deep insight in IT Management. In his latest role, Tonny was responsible for Creation and Management of Danske IT and Support Services Indian, Private Limited, a subsidiary owned by a large Danish bank, managing more than 750 IT consultants and employees. Being appointed as a CEO of Security Ensuring Company, Tonny asserts “Entering into the security sectors does not only allows me to use my previous experience from the IT industry, but also an opportunity to see our product grow and gain market position, in a very interesting and expanding market.” Widening the Reach across the World While CodeSealer has been a part of sector solutions for the past 3 years, the company is now expanding its focus to new sectors and markets. The company already has partners in Indonesia, Dubai, Poland and cooperation with
“
Tonny Rabjerg CEO
India, Italy, and Brazil and live customers in Indonesia. The firm was earlier focused on banks, but recently widened the focus to cloud solutions, such as HR and Financial systems, CRM and public sector, “Our solution isn’t specific to a sector as long as it is an online version using a web browser,” says Tonny. Growing With Unique Solutions CodeSealer has invested more than 50 years of development in its solution and today has a structured organization meeting requirements for an innovative solution and the highest of the quality in their solution. CodeSealers’ solution remains unique in the industry as it protects its end-users from the invisible - a key element in the solution. Along with the protection against unknown malware it increases the user acceptance and reduce the maintenance, and hence being accepted and acknowledged by the large spectrum of the industry.
29
MegaPath:
Single Source for Cloud Communications and Managed Networks
T
here comes a point when every organization must make a decision about its network management. It becomes important for a business to consider managed network solutions when the business connects multiple offices, stores, or sites; or is growing their business beyond the capacity of existing access lines. Companies also feel the need for network management if they strive to provide secure connectivity to mobile and remote employees, if they could produce cost savings by integrating voice and data traffic or they are preparing for more traffic from video and other high bandwidth applications. Becoming more difficult to manage and ensure performance and security, especially given limited staff and budget resources, also generates the need for a managed network solution. Whenever a situation mentioned above or similar condition provokes businesses, they try to search for a leading provider of secure access and managed network solutions, like MegaPath. MegaPath combines the best broadband connectivity, voice, VPN, cloud, and security technologies with unmatched network design, deployment, monitoring, management, reporting, and support capabilities. MegaPath’s managed network services reduce the cost and complexity of securely connecting remote sites and users to their network while providing a single point of contact for network operations and management. High Spectrum Services Offered MegaPath has a long history of adopting best-of-breed solutions to secure their customers’ data and networks, including MPLS, IPsec and SSL for businesses of all sizes and across various verticals. Currently, MegaPath is focusing its network and security on SD-WAN, or Software-Defined Wide Area Networking (SD-WAN), which has gained mass popularity because it’s easy to deploy and manage, and it’s much less expensive to deploy than traditional WANs. MegaPath’s SD-WAN feature set includes: IPsec – full-mesh or hub-spoke
30
topologies and routing policies, updated in a central fashion. Dual-WAN Uplinks – aggregates all WAN connections to distribute traffic over multiple pathways with built-in load balancing and auto-failover. Real-time Voice Failover – prioritizes VoIP traffic and routes calls over the cleanest ISP connection to eliminate dropped calls, choppy sound quality and echoes. Bi-directional QoS – optimizes bandwidth in both directions for optimal application performance. Application Performance Monitoring – Assesses the performance of critical applications with the ability to alert IT staff. Centralized Monitoring and Management – Simplifies the deployment and management of branch-office WANs. Managed Firewall – leverages CPE appliances and central management, to act as the first line of defense against intrusions and other network threats. Unified Threat Management – provides comprehensive, multi-layered security that safeguards a business’s network and information assets against viruses, malware, and emerging cyber threats. Along with the above services, MegaPath provides Managed WiFi, which includes the design, configuration, installation, monitoring, and management of a business’s secure wireless network. The solution provides full separation of guest and corporate access, thereby securing corporate data from unauthorized public users. The solution also supports Active Directory integration allowing identity-based firewall security, providing more flexibility to enforce policies based on user and group identities and the point of access. MegaPath provides managed solutions for Small & Medium Businesses and Enterprise Businesses. The company provides solutions for various industries like Healthcare, Insurance, Finance, Restaurant and Retail. Driving Force behind MegaPath D. Craig Young, Chairman and CEO of MegaPath has over 30 years of experience in the telecom and data communications industry. Since joining MegaPath in July 2004, his primary focus has been to create a world class
November 2016
10
The Fastest Growing
Security Solution Provider Companies
“
Reliable technology services and support from MegaPath help you keep your business up and running smoothly so you can deliver great service to your customers
managed IP services company that provides businesses the ability to easily and securely communicate between their headquarters, employees and business partners. Craig has driven the company’s growth by relentlessly focusing on improvements to the customer experience, ranging from the products and services offered to the solution design, installation and support processes that best benefit the customers MegaPath serves. Evolving with the Evolving Technology Since its inception in 1996, MegaPath has had a clear mission to provide the best technology solutions to businesses nationwide. They became a VoIP trailblazer before Internet telephony became a widely used and understood concept in the business world. They have evolved over the years due to growing and changing needs in the marketplace. Today, MegaPath is an all-in-one managed network and security services, UCaaS, Internet and cloud IT services provider. They are hyper-focused on delivering next-generation networking and cloud
November 2016
services. In addition to their broad portfolio of managed network and security solutions, they continue to offer one of the most expansive portfolios of nationwide business-class connectivity—including cable, copper, fiber and wireless—as well as cloud-based offerings including UCaaS and Cloud IT services. Unlike most of other communication service providers, MegaPath provides a unique combination of core services nationwide: Network / Internet access type diversity (e.g. wireless, broadband, T1, fiber), allowing their customers to serve all their locations based on their business needs and budget at each location; Fullyintegrated security and threat management services, leveraging bestof-class technology vendors; and Wide-scale SD-WAN capabilities, to leverage diverse access types while still maintaining application performance and data security. Winning the Clients Businesses are approaching MegaPath to resolve their multiple
“
D. Craig Young Chairman and CEO
issues – including controlling costs, increasing security, simplifying IT, supporting bring your own device (BYOD), refreshing outdated technology, and supporting mobility. MegaPath’s customers value them as a one-stop, full-service provider that delivers the quality and reliable solutions that simplify the way they do business – from improving collaboration and employee productivity to alleviating the in-house burden of network and security management. For 20 years, businesses have trusted MegaPath as their single source for cloud communications and connectivity. MegaPath guarantees its reliable technology services that help its clients keep their businesses up and running smoothly so they can deliver great service to their own customers. MegaPath assures customer satisfaction with Industry-Leading Service Level Agreements, Networking Performance Monitoring and 24/7/365 Support.
31
Features
Why Protecting Your Business from Cyber Attacks is no Longer Optional?
W
e live in a growingly networked world, including personal banking to government infrastructure. The world has been more connected than ever with the network of information, while information has been an essential resource for all businesses and is the key to the growth and success.
and also conventional efforts to shut down the systems and infrastructure. Only a few of the biggest cyber crimes get caught while many go untraced. A significant number of cyber crimes go undetected, considering industrial espionage where access to confidential data and documents of difficult to identify. A possible danger with this kind of breach is that companies might be at a disadvantage with trades for months or even years.
Making sure that companies have implemented security strategies to protect from cyber breaches is vitally important. The success of the businesses can be in jeopardy if enterprise security tactics are not involved in the business model. The migration of data to third party cloud providers has created a concentration of data in one place and thus, more The cyber risk is now considered at the top of the opportunity for cyber criminals to create large damage in a international listing as high profile breaches increase fear of single attack. The development of IoT that enables a endangering the business economy and subsequently global machine to machine communication has also raised the too. The cyber crime costs USD 400 billion to the global possibility of appliances being manipulated by the cyber economy, according to a report. hackers. Over 3,000 companies in the United States had compromised their systems in 2013 alone, and the number only included the companies that reported the breaches. While many companies avoid reporting the crimes keeping in mind the reputation of the company.
Despite the best efforts of cyber security experts and government agencies, cyber crimes are likely to increase. The expanding number of availability of online services and the increasing sophistication of cyber criminals who want to play cat and mouse game with the security experts.
Many of the breaches targeted high profile US retailers \and Home Depot and stole customer data and credit card information, while other companies lost money from accounts, and in some cases, criminals even took over the companies and demanded money to unlock them.
Today, 90 percent of companies are insufficiently prepared to protect their systems against cyber attacks globally. While the world is becoming more connected through a network of information, the protection of business systems from cyber crimes will be the main issue to tackle for many unprepared companies.
The cyber attacks are mainly categorized into-breaches in data security and sabotage. Personal data, trade secrets, intellectual property, prices and mergers, and bids related information fall in data security breach. Sabotage contains service attacks that flood web services with fake messages,
32
An implementation of a framework with a set of standards and best practices designed from an input of thousands of security experts will be the only way to protect and secure the businesses from cyber attacks. November 2016
CXO Standpaoint
Technology and Network Convergence:
Forging a Path to Smart Grid, Smart Cities and Internet of Things
I
n North America, utilities have installed nearly 70 million smart meters over the last decade. This technology investment has delivered tangible value to both utilities and consumers. But utilities have yet to realize the full potential of this platform and the value of the data these systems generate. This is primarily due to common challenges that utilities as well as technology providers have struggled with:
• Smart meters are viewed mainly as a cash registers and instruments of customer billing rather than as sophisticated sensors that provide a rich source of data and insight to improve grid operations. • For the most part, smart metering systems have been deployed in technology “silos,” meaning they run on purpose-built, largely proprietary networks that were designed for meter reading rather than on a standardsbased, multi-application IP-platform. • These systems have created a relative tsunami of new data-more frequent and detailed usage data, event data from power outages and voltage anomalies and meter tamper alerts-data that utilities are struggling to manage and create new business value from. • More than smart meters, the term “smart grid” implies grid devices,
34
Jeff Carkhuff VP Itron
November 2016
CXO Standpaoint
assets and data interacting in real time and with less human intervention to respond to changing grid conditions. This degree of interoperability and automation has been elusive or cost-prohibitive thus far for the low-voltage level of the network. · Most of these challenges are technology-centered, while some are cultural and organizational, but the upside is that these challenges are being solved. Information technology and operational technology are converging rapidly in the utility and energy space to create a new strategic and operational reality. This comes none too soon in light of significant business challenges utilities worldwide are facing as well as the economic and environmental challenges we all face. Led by companies such as Cisco and Itron, a growing ecosystem of smart grid technology providers have collaborated to evolve network architecture so that utility field area networks look and behave much more like enterprise IT networks. Solution providers are also introducing more distributed intelligence to grid operations that enable grid assets and devices that are currently “siloed” to work in concert with one another. In addition, the available value stream of this network infrastructure investment is broadening by connecting to emerging markets and applications such as smart cities and the Internet of Things (IoT). The heavy lifting really began four years ago when Itron and Cisco announced an agreement to work together to re-architect Itron’s widely-deployed OpenWay smart grid
35
network to IPv6 architecture from Cisco. This joint development effort, undertaken by the industry leaders in utility automation and networking, was a watershed effort in the industry. The smart metering network became a multi-application smart grid and smart city network, broadening significantly its usefulness and value. A growing ecosystem of leading smart grid technology providers can now build to a common reference architecture through the Connected Grid Cisco Developer Network to accelerate adoption and spark innovation. But standards-based, multi-application network architecture by itself was not enough to address all those challenges. Itron believes that for the smart grid to deliver on its promised value, data analysis and action must take place where it makes most sense–increasingly at the edge of the network rather than in the utility back office. That’s the whole idea behind ITRON RIVA™, a new distributed intelligence and advanced communication platform the company launched this fall. Distributing intelligence across the network allows us to economically solve utility problems that couldn’t be feasibly solved before, greatly increasing the value and timeliness of smart grid analytic applications as well as the utilization of network capacity. Specifically, these development efforts yield a new and common set of technology attributes for meters, grid sensors and other types of intelligent devices, whether they come from Itron or third-party partners who embed the technology or build to the standard.
November 2016
CXO Standpaoint
• “Multilingual” devices: A unified software platform supports multiple communication/application protocols, allowing a single meter or grid device to simultaneously speak the language of distribution automation, load control and smart metering. This enables highly localized communication and action among diverse devices, assets and grid control systems to respond to changing conditions at the edge of the network.
The ability for edge devices to know exactly where they are, process and analyze data independently and communicate with other types of devices creates many new possibilities for improving the accuracy, resolution and timeliness of analytic applications. A clear opportunity exists to deliver new business value in areas such as localized demand response/load control, asset monitoring and management, outage detection and response, renewables integration and diversion detection. This approach allows utilities to put intelligence where it makes the most sense, whether that’s in the edge device, the field area network itself or at the enterprise level, meaning analytics no longer must always take place in the back office where “tomorrow” or “next week” is no longer good enough. Perhaps most interestingly, the Itron Riva distributed intelligence platform has enabled Itron to revolutionize grid communications. Known as adaptive communications technology, this capability incorporates multiple communications media-RF Mesh, Wi-Fi and Power Line Carrier-on the same chipset, working in concert to solve key network performance and connectivity challenges. Running on the OpenWay smart grid network, adaptive communications technology always utilizes the fastest and most reliable communication path for every message and every link based on location, network operating conditions and the nature of the application or data. This is true whether communicating with an office application or
November 2016
“Led by companies such as Cisco and Itron, a growing ecosystem of smart grid technology providers have collaborated to evolve network architecture so that utility eld area networks Jeff Carkhuff look and behave much more like enterprise IT networks”
,,
• Edge processing power: Thanks to Moore’s Law, Itron is embedding the computing equivalent of a recent generation smart phone in high-volume meters and grid devices to enable advanced communications, data processing and analysis in the edge device.
,,
• Locational awareness: For the first time, smart meters and grid devices know where they are in relation to other grid assets (feeders, phases, substations, transformers, distributed generation, other meters, etc.). This “selfawareness” opens up an entirely new approach to smart grid use cases and applications.
another device on the grid. This makes deployment of network infrastructure easier, faster and less costly, while offering a single communications solution for both dense and difficult urban environments as well as lower-density areas. Adaptive communications technology flattens the cost curve during the latter stages of network deployment when the “hard-toreach” devices and areas must be addressed. In other words, it provides a network that continuously self-optimizes based on geography, topology, operating conditions and business requirements. Together, these developments mean that many utilities throughout the world are in a good position to leverage these recent and significant advancements in network architecture, edge intelligence and analytics as they implement their grid modernization strategies and connect to broader opportunities such as smart cities and IoT. There is absolutely no doubt that the convergence of information technology and operational technology in the global utility industry will continue and accelerate, and that technology advancement will continue to outpace the asset lifecycle paradigm utilities have so long operated within. Nevertheless, thresholds are reached that warrant a shift in thinking about how to approach and solve problems. For tomorrow’s grid, that time is now.
36
Nanotech Security: Leader in Anti-Counterfeiting with Advanced Authentication Products
C
ounterfeiting is estimated to be a $650 billion global market that is predicted to swell to over $1 trillion by 2017. To combat fraud, authentication technology needs to continually stay ahead of counterfeiters. And that’s what Nanotech Security is known for all around the globe. Nanotech Security is a leading innovator in nano-optic image technologies for use in anti-counterfeiting applications. The company’s technology counters ever-evolving threats from modern scanning, photocopying or photography based counterfeiting techniques. Nanotech operates through two segments: Optics and Tactical. The Optics segment provides nano-optics and optical thin film for use in anti-counterfeiting and authentication processes and products, including currency, legal documents and commercial products. The Tactical segment designs and sells surveillance and intelligence gathering equipment for the law enforcement and defense industries in the United States and Canada. The company is working to enhance security for banknotes, but also authenticates other potential commercial applications that includes, legal documents, designer merchandise, concert tickets, tax-paid stamps, medical & credit cards, government documents, passports, and pharmaceuticals. Integrated Technology Authenticating Security and Branding Images Nanotech’s KolourOptik® technology, inspired by a unique structure found on the wings of the brilliant Blue Morpho butterfly, creates ease to authenticate security and branding
38
images through a unique interaction and manipulation of natural light with a grid of nano-sized indentations. Nanotech uses patented algorithms coupled with electron and ion beam technology to embed hundreds of millions of nano-indentations into a master stamp to create this technology. The technology can be then used to secure and authenticate products of almost any kind. KolourOptik® technology is one of the first nano-optic technologies to seamlessly integrate into the commercial manufacturing process; meaning that organizations looking to add an advanced authentication feature to their products won’t have to invest significant resources to update manufacturing. Every KolourOptik image is unique, because the mastering process involves the most advanced nano-optic technology. This makes the image exclusive and matchless, and nearly impossible to replicate with other technology. In addition to its nano-optic technology, Nanotech also produces optical thin film, which offers a high security device with nano-meter thick layers designed to have precise color replay depending on the angle of view. This color-shifting film has been the standard for document security for over two decades because it is very difficult to reproduce or simulate, yet it is very simple to use. An Innovative Leader Showing the Way Doug Blakeway, CEO of Nanotech, is a lifelong entrepreneur, having launched and profitably sold a number of businesses since the beginning of his career as a draftsman in 1966. In addition to having an unwavering determination and commitment to all his projects, his success can be attributed to independent, innovative
November 2016
10
The Fastest Growing
Security Solution Provider Companies
“
We take care of your Security, so you can take care of your businesses
thinking, creative deal-making, and an ability to dream big. He is the inventor of over 10 patents. Doug has drawn loyal, smart people to him by helping others realize their dreams. Doug is a lifelong learner who believes in learning something new every day. In a few short years, he has turned Nanotech from a small business into a success, purchasing one of its larger competitors, Fortress Optical Features. Serving All Kinds of Clients Nanotech’s clients appreciate their great user interaction to help them understand and realize the value of this new ‘game changing’ technology. The clients usually can be divided into three groups: The first group is environmental, where the client appreciates the great benefits of the technology by not using inks, pigment or dyes composing the color used in the products. This turns out to be a huge benefit in case of embedded November 2016
indentations creating the color in the items, such as blue jeans where the material is made by using color dyes and the pollutants of those color dyes are injected into the rivers and oceans. The next group Nanotech serves is authentication types, which generally comments on how unique the technology is and how they like being able to incorporate the design directly onto any material with an ease to see the bright images, where even animation or motion can be incorporated into the authentication of design. Motion or animation of the image brings a whole new dimension to authentication, especially in case of securing documents as it is almost impossible to copy or imitate. The third group is branding that always focuses on the ability to combine colors to make flesh tones as well as black and white that are not available to them today. With Nanotech’s services, they can now create a full portrait image in bright
“
Doug Blakeway CEO
LED- like colors combined with long range viewing where one can see the image from across the table or even across the street. This allows the design to be very creative, incorporating brand recognition with authentication. Gaining Confidence of Investors and Industry “One of the challenges of being in the field of anti-counterfeiting solutions for banknotes is the necessity for absolute client confidentiality. The difficulties this condition has presented to expanding the company in a public company environment, where all investors want to know the details of all contracts the company has secured, are considerable,” asserts Doug on challenges one can face in this industry. Despite this Nanotech has gained the confidence of the industry and investors, winning top ten banknote-issuing authorities as clients, without publicly naming any of them.
39
Trianz:
Execution Driven Security Firm
A
s little as a decade ago, the primary focus of information security and application security was to assure the security of the data center and thereby protect corporate assets from threats. Today, the practice of information security has evolved into a board level imperative that has to both account for and provide assurance that all manner of information and assets, including people and applications, are protected from threat. CISOs and the entire C-suite are faced with the challenges of securing an ever-expanding set of assets encompassed in private, public and hybrid architectures, provided by multiple applications, data sources and a growing set of endpoints and users, and managed in alignment with a slowly evolving and increasingly complex global regulatory landscape. Knowing that Information security strategies must innovate and mature to become inclusive of people assets as well as application and data assets and account for a broader set of technologies and ways of working with internal and third party resources; Trianz was founded to help leaders in client organizations, formulate and execute operational strategies to achieve business results from a senior management perspective. A Company Enabling Strategic Execution Trianz is a dynamic and fast growing firm that helps leaders in client organizations formulate and execute operational strategies to achieve business results from a senior management perspective. Leveraging the Cloud, Analytics, Digital, and Security paradigms, Trianz brings the best of consulting and technology experiences, execution models and IP to deliver consistent success to clients.
40
Enabling clients to implement, govern and operate an information security culture from within is the purpose of the Security Practice at Trianz. Their practice is designed to help clients implement strategic information security solutions that address foundational and organizational business processes while executing typical information security, risk management, and assurance services. Trianz have assembled an experienced security practice team with exceptional execution capabilities in assessments, architectures, implementation, analytics and operations. A Leader Driven by Innovation Chris Mullaney—a multi-talented executive with 20+ years at Microsoft, with an outstanding record of leadership spanning a wide array of roles in global information security, regulatory compliance, risk management, antitrust compliance and program management-recently joined Trianz as Practice Head—Information Security. As a Head of information security practice at Trianz, Chris strengthens its existing information security framework and bring in global best practices to build a world-class information security practice at Trianz. C-Suite Responsibilities Today This innovation maturity strategy is at the heart of Trianz’ approach to information security. The goal of business is to enable: enable clients to do great things with the products and services they offer; enable employees to innovate and provide great support to customers; and enable third parties to securely provide innovative, new products and services in support of their clients’ businesses. To secure the environment against threats, many businesses are focused on developing information security programs
November 2016
10
The Fastest Growing
Security Solution Provider Companies
“
We bring business & technology perspectives and experience under one continuum to help clients achieve results from a top management perspective
that eliminate threats by disabling their employees — eliminating access points, restricting device usage, limiting application development and deployment, limiting or denying third party services in support of business programs. This practice has the impact of providing greater security for assets -if you can’t get to the information, it is secure by default. However, it also sets up an organizational “Culture of No.” The Culture of No is a clear deterrent to innovation which is a death knell for any business. Because the business imperative is to grow-to improve products and services, to improve experiences for customers — the Culture of No is an effective security program only as long as employees don’t find ways around the controls so they can do their job and innovate. Typical Security Practice Trianz’ security consulting services are focused on helping clients foster the Culture of Yes and the team is
November 2016
successfully making it true. Whether Trianz is engaged in assessing client’s readiness for a particular audit, standard, regulation or certification or working with them to implement a governance program that includes implementation of a secure operations center using a DevOps support model, the team focuses on helping their clients develop their own Culture of Yes for information security. This process starts with understanding the clients’ business goals and objectives, current security posture, risk analysis, risk management profile, architectures supported and technology strategy. It includes evaluating each of these areas for blockers to success in implementation, governance or organizational policy/structure, technology choices and regulatory-audit-compliance landscape. Next, in concert with the client, they envision the Culture of Yes for their information security program while leveraging guidelines, techniques, and technologies that
“
Chris Mullaney Practice Head Information Security
support the overall security engagement. Trianz Security is mainly focused on practice areas that includes assessments, architectures, implementation, operations, and analytics. Measuring Success Completely in Client Term With offices in Silicon Valley, Washington DC Metro, New York, Dubai, Bengaluru, Mumbai, Delhi NCR, Chennai and Hyderabad, Trianz serve a wide range of clients from Fortune 1000 to emerging companies in high tech, insurance, financial services, retail, manufacturing, life sciences, public sector and logistics industries. Over the past decade, Trianz has developed a reputation for excellence in execution, enabling global organizations to achieve results envisioned by their senior management. Trianz measures success completely in client terms-the impact created through business execution.
41
CXO Standpaoint
Business Applications for VIRTUAL and MIXED REALITY V
irtual and Mixed Reality technologies are stirring up quite a bit of excitement these days. Many investment firms and analysts say that Virtual Reality is the next big tech revolution after mobile, and predictions for the industry’s growth ranges from $70B to $150B by 2020. Virtual Reality (VR) refers to a completely immersed experience where you can’t see or interact with the world around you. It typically doesn’t let you interact with others, though some social experiences are now being developed for VR. Mixed Reality (MR) are experiences that let you place virtual content on top of the real world and interact with it as though it were a tangible object, creating a blend of the physical and digital world.
Adam Sheppard Co-founder & CEO 8 ninths
42
Traditionally, the development of these technologies has been driven by military and training applications. More recently, VR and MR is gaining attention from various industries and it is an exciting time for companies and organizations that are looking for an opportunity to translate business
November 2016
CXO Standpaoint
solutions into an immersive media format. New applications are surfacing across an array of verticals: Healthcare: Today, doctors often carry paperwork and consult charts in order to assess their patients. With MR, physicians and nurses could access this information digitally and hands-free, allowing them to share it with fellow staff or even consult doctors across the country. Education: With VR, complex systems could be visualized in three dimensions. Teachers can use virtual displays to show students how blood flows through the heart or take students on a field trip to a South American rainforest. VR could also allow realistic, complex training simulations that take minimal resources to create. Engineering: There are numerous potential applications for MR and VR in engineering, especially with remote collaboration. Oil rigs, for example, require constant monitoring, but it’s not always possible to assign expert technicians to every location. Equipped with an MR headset, a maintenance worker could be instructed by someone on the other side of the world to conduct repairs properly. Architectural and design projects could also benefit from MR where multiple people could manipulate and shape objects within a shared environment. As new technologies, VR and MR require a different approach. For any company who wishes to incorporate these new technologies into their processes, the following considerations are important to keep in mind: Comfort and Safety Most VR platforms require you to wear something on your face. This is a very intimate way to connect to technology compared to what most people are used to, which is a screen they can keep at a distance. Thus, ensuring a comfortable, enjoyable VR experience is important for your comfort and safety. VR and MR Do Not Replace Existing Workflows It can be tempting to consider VR a quick solution to problem solving. However, it’s important to remember that VR and MR are not about replacing existing workflows, but enhancing them. Companies should carefully consider their workflows and identify where MR or VR can be added as a discrete, important part of the workflow.
November 2016
Choosing the Right Agency to Work With Designing for VR and MR is not a simple task. It’s unlike any other popular software design from the last 20-30 years and requires an unusual skillset. Designers must think about the logistics of creating a 3D object; adding different behaviors and interactions to it that match people’s expectations of how the object would behave in the real world; and finally adding in digital properties such as the ability to resize, annotate, and transform it. In this environment, drawing on a combination of skills in gaming and cinema are key in conjunction with the ability to apply these skillsets to enterprise business problem solving. Right now people are focused on moving from web to mobile, but the big question is whether VR technology will become as commonplace as smartphones. Broader adoption will probably come in the next three to five years, driven primarily by the entertainment and media landscape. This means that finding ways to effectively integrate VR and AR into a business and operations context will require creativity to design solutions and a willingness to experiment. VR represents a real opportunity to improve the quality of human experience in two ways. First, integrating it into highly visual and hands-on remote collaboration processes can be a multiplier for human productivity. It can remove the need to be physically present, but offers more direct interactivity than teleconferencing or email. By improving the efficiency of communicating information, it can reduce time spent on extraneous workflow and processes. Second, VR and MR can be used to help people understand complex data in an intuitive way. Imagine if FedEx could visualize all of its operations around the world, and how quickly they could identify areas for improvement for transportation and logistics. This is only the tip of the iceberg as far as Virtual and Mixed Reality is concerned. Over the next few years, VR and MR will continue to evolve, changing the landscape of digital media as it finds its way into the hands of more and more users. To remain innovative and relevant to their consumers, companies should pay close attention to this space and begin exploring its potential to benefit their business today.
43