The way of business solutions
www.insightssuccess.com DECEMBER 2017
10
THE Paul J. Cella CEO
MOST
TRUSTED
COMPANIES in ENTERPRISE
SECURITY FOR 2017
THREAT-O-CURE How to Minimize CyberAttacks On Your Organisation
Jeanne A. Travis President
CHALK TALK Traits to Possess the Best Enterprise Security
Industrial Security Integrators Providing Proven and Reliable Security Solutions
Editorial
T
oday, we can see that introduction of emerging technologies in the enterprise space is simplifying the overall work process and culture within the organizations. These evolving technologies such as, cloud, demands strong safety tools to deal with ransomware, data thefts, and hackers. Enterprises have more critical information and they should be one step ahead to avoid data stealing. A small data breach may also cause a big trouble for any organization as there may be a chance of leaking or publicizing highly sensitive and confidential information regarding organization’s strategies, products, customers, vendors and many more.
Enterprise Security: Efciently Safeguarding the Businesses with Reliable Innovative Solutions
Generally, smaller firms install a firewall or antivirus with the belief that they will get well protected from cyber-attacks and threats. Similarly, large firms will go for the latest security product with a hope that it will solve all their problems. Technically, both methods put organizations at huge security risk, irrespective of their size. It is important to understand that only latest security solutions can’t provide better security, it can only be achieved with sufficient investments in the right technology with the selection of proper processes and people. Enterprise Security Companies will help you to get all of these done. Enterprise Security Companies provide end-to-end security solutions for the business irrespective of the type and size of the organization and fulfill all the enterprise needs. They are using advanced technologies such as Artificial Intelligence (AI) to detect drastically changing threats. Enterprise Security Solutions also serve with their start-to-end solutions for the enterprises and governments such as; communications, security, network optimization, payment security, infrastructure solutions, etc. In addition to the software solutions, Enterprise Security also includes hardware solutions too, such as CCTV cameras, fire alarms, and everything whatever any organization needs for their smooth functioning in an efficient way. With increased industrialization, Enterprise Security companies are also growing while fulfilling all Enterprise Security demands. In the future, we might witness further growth of the Enterprise Security industry with the increased incorporation of technologies such as automation, Machine Learning (ML), Artificial Intelligence (AI), etc., leveraging thoughtful opportunities for future-proof Enterprise Security Industry.
Suhel Mashayak
Editor-in-Chief Pooja M. Bansal Senior Editor Ariana Lawrence Managing Editor Suhel Mashayak Co-Editors David Smith Rajarshi Chatterjee Piyush Rishi Visualiser David King Art & Design Director Amol Kamble Co-designer Alex Noel Picture Editor Mayur Koli Art Editor Aparna Vanzul Business Development Manager Mike Thomas Nick Adams Marketing Manager Philip Walker Business Development Executives Joseph, Sophie, Judy Kevin, John, Sherin Research Analyst Jennifer Circulation Manager Robert Database Management Steve Technology Consultant Swapnil Patil sales@insightssuccess.com
December 2017 Corporate Ofces: Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com
Insights Success Media and Technology Pvt. Ltd. Ofce No. 513, 5th Floor, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: 020-69400110, 111, 112 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in
Copyright © 2017 Insights Success, All rights reserved. Copyright © 2017 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights success. Reprint rights remain solely with Insights Success.
Cover Story
20 MAESTRO’S TALK Are You Staying in Network Secure Zone?
08 Industrial Security Integrators: Providing Proven and Reliable Security Solutions
30 PROFESSIONAL’S OPINION IT and Communication Trends for Critical Infrastructure
Article’s 22
THREAT-O-CURE How to Minimize Cyber- Attacks On Your Organisation
EDITOR'S PERSPECTIVE: Educating Employees to Minimize the Risk of Cyber-Attacks
40
CHALK TALK Traits to Possess the Best Enterprise Security
32
38 EXPERT'S VIEWPOINT Managing Corporate Communications on Mobile Devices
Profile’s 28 Protenus: Using Access to the Electronic Health Record to Catch Bad Actors Inside Healthcare Organizations
18 Bluen Payment Systems: Providing the Most Secure Platform to Devalue and Protect Customer Payment Data
36 SaltDNA: Securing the Conversation
26 Paladion: AI Driven MDR Provider for High Speed Cyber Defense
42 Triada Networks: Securing Business Networks
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
Enterprise Security: Taking Care of Your Business
T
he Enterprise Security firms are playing a key role in safeguarding the organizations from every threat and attack by utilizing advanced technologies and tools. Today, every organization is considering Enterprise Security as the most important aspect for success of their business because factors such as stealing of their sensitive business information regarding patents, recipes, strategies, etc. may affect their business badly. To ensure business safety, organizations are appointing Enterprise Security expert who can protect their business effectively so that they can concentrate on their core process. Each type of business and organization demands Enterprise Security partner for smooth functioning of their businesses, making Enterprise Security providers more valuable. This increased demand for Enterprise Security has made us to introduce the issue “The 10 Most Trusted Companies in Enterprise Security For 2017”. We have highlighted the cover of this issue with Industrial Security Integrators (IsI), which provides Government and Industry clients with cost-effective and comprehensive options for full-service infrastructure solutions. IsI streamlines the entire security needs of the U.S Government and Contractor Community into a single platform—facilitating the management of their day-to-day National Security Program. IsI specializes in Managed Security Services while offering additional consulting with E-FCL Package Submission, Sensitive Compartmented Information Facilities (SCIF’s), Closed Areas, high-security rooms, and server room Construction Plans.
After doing in-depth research and studies we have enlisted; Bluefin Payment Systems: Providing the Most Secure Platform to Devalue and Protect Customer Payment Data, Paladion: AI Driven MDR Provider for High Speed Cyber Defense, Protenus: Using Access to the Electronic Health Record to Catch Bad Actors Inside Healthcare Organizations, SaltDNA: Securing the Conversation, and Triada Networks: Securing Business Networks. While going through our magazine you must not miss out the masterly written articles by our in-house editors such as Educating Employees to Minimize the Risk of Cyber-Attacks, How to Minimize Cyber-Attacks On Your Organization, and Traits to Possess the Best Enterprise Security from the Editor’s Pick. Are You Staying in Network Secure Zone?, IT and Communication Trends for Critical Infrastructure, and Managing Corporate Communications on Mobile Devices from the View of some the Successful Leaders. Hope this edition of ours will create a mark on your mind.
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY
Paul J. Cella CEO
Jeanne A. Travis President
FOR 2017
Cover Story
Industrial Security Integrators
Providing Proven and Reliable Security Solutions
With a focus to our core competency, we remain dedicated to providing all services as it pertains to protecting Classi ed Materials and National Security
I
ndustrial Security Integrators (IsI) provides Government and Industry clients with cost-effective and comprehensive options for full-service infrastructure solutions. IsI streamlines the entire security needs of the U.S Government and Contractor Community into a single platform—facilitating the management of their day-to-day National Security Program. IsI specializes in Managed Security Services while offering additional consulting with E-FCL Package Submission, Sensitive Compartmented Information Facilities (SCIF’s), Closed Areas, high-security rooms, and server room Construction Plans. Also, IsI’s Secure Web Fingerprint Transmission (SWFT) fingerprinting services are well recognized in the Industry. It has resulted in a 99 percent success rate with all fingerprint submissions to the Department of Defense (DoD) and Federal Bureau of Investigation (FBI). IsI provides more than 60 percent of all digital fingerprints being submitted to the Office of Personnel Management (OPM). Managed Security Services IsI’s team of Certified Facility Security Officers (FSOs) are well-versed in all aspects of Industrial Security, compliance, and management of day-to-day security
operations. Each client is initially assigned to the IsI Compliance Team for analysis and evaluation of their existing security program. Once the requirements are established, the client is then assigned a team of people through a helpdesk to provide support by phone and/or email 24 hours a day, 7 days a week. Policies and procedures are the backbones of a sound security program. IsI defines solutions, identifies and corrects security issues, develops and implements corporate policies and procedures to include Standard Practice & Procedures (SPP), Operational Security (OPSEC) Plans, and Operational Policies for client specific requirements and needs. IsI support includes but is not limited to the National Industrial Security Program Operating Manual (NISPOM), Director of Central Intelligence Directives (DCID), Intelligence Community Directives (ICD), and other Government and firm security policies and procedures. EFCL Package Submissions IsI specializes in working with companies to help them obtain their initial Facility Security Clearance (FCL). This is a highly critical item, as companies rely on IsI to provide this service to them in order to establish their footprint in the DoD space and to begin supporting classified contracts issued by the Federal Government. The FCL process is extremely labor intensive and can often be delayed significantly if not handled by a team of security professionals. IsI has a proven track record of helping companies obtain their FCL’s in an expeditious manner and without delays. This is a paramount service that IsI offers, as companies are often awaiting their FCL to be issued by the Federal Government before they can start generating a revenue stream from classified contracts they have been awarded.
Brilliant Duo of Industrial Security Integrators Paul J. Cella, the CEO and Jeanne A. Travis, the President of Industrial Security Integrators. While still being employed with other companies, Paul along with Jeanne began supporting a handful of clients starting with the application commencement for FCL’s required to work on classified Government Programs. The initiative, which started in Paul’s basement, soon witnessed both its pioneers completely dedicating themselves to growing IsI into the company it is today. Paul has almost 20 years of experience with the highest levels of security operations beginning his career in intelligence with the United States Marine Corps. After his career with the Marine Corps, he worked as the Director of Security for many organizations both large and small. Paul’s firsthand knowledge in Federal guidelines, defense contracting, finance, NISPOM, DCIDs, ICDs, Foreign Ownership Control or Interest (FOCI), Internal Traffic in Arms Regulations (ITAR), Defense Control Audit Agency (DCAA), and Federal Acquisition Regulation (FAR) compliance is unmatched and has been integral to IsI’s success. In 2010, Paul identified a need for specialized subject matter expertise in the field of Industrial Security. Bringing together his years of experience and vision for the ever-changing needs of companies working with the Federal Government, Paul founded IsI with a cross-functional team of security, infrastructure, and technical experts. Jeanne is responsible for providing strategic leadership for the company by working with the Executive Management Team to establish short and long-term goals and objectives. She is also responsible for communicating and implementing IsI’s vision, mission, and overall direction.
SCIF & Closed Area Services IsI can supervise and manage construction of SCIFs and Closed Areas along with working with the Defense Security Service (DSS) and various agencies for accreditation, as well as assist in developing security budgets and consultation on staffing and security project requirements.
Jeanne guides the direction on a level that includes and ensures that every member of IsI is a part of something bigger than their role and that their role is strategically important. Jeanne achieves this by providing professional and personal growth with emphasis on individual opportunities.
Distinctive Strategies of IsI In view of the recent developments, IsI, in partnership with Evans and Chambers Technology, has developed a state-of-the-art managed security service software called ‘Security Control’ that allows all the Defense and Intelligence Community Contractors to manage their security program while remaining in compliance with the DoD regulation. IsI’s software streamlines clearance processing, visitor control, document control, reporting requirements, and insider threats. Safeguarding the Critical Data The visionary and leader of IsI, Paul believes in benefiting from advancements in IT and application hosting to increase the effectiveness and speed of security programs. To achieve this, IsI is utilizing cloud technology while maintaining compliance with the Government’s top security standards. Additionally, the company is implementing the highest levels of encryption in transit and at rest to effectively reduce the risk of a data breach as demonstrated by the Office of Personnel Management (OPM). IsI’s software further uses multiple encryption keys to compartmentalize data ensuring that there can never be a full data breach. Benefit for Clients The end goal for IsI is to transition the entire United States Government and Contractor Community to a streamlined,
single platform, to manage their day-to-day National Security Program. This concept will allow for effective management of all insider threats, counterintelligence concerns, to be shared across the Intelligence Community, while reducing the risk of loss or compromise of classified materials. With a focus on core competency, IsI remains dedicated to providing all services as it pertains to protecting Classified Materials and National Security. Employing a FSO or Security Team can be expensive and frustrating when spending more time than desired on non-revenue generating activities. IsI’s team of security professionals provides the necessary support to manage small to large security programs at a fraction of the cost. IsI allows their clients to reallocate both time and money that can be dedicated to growing and maintaining the business during this time of ever-changing security requirements. Inspiring Journey of IsI For any startup, there are many general hindrances or difficulties that can be very big hurdles to overcome. Issues that arose in the beginning for IsI, in no specific order: • Researching and soliciting new clientele to enroll in service. This revenue generation helped get the business off the ground. IsI offered their clients additional contract discounts in return for enhanced payment terms, whether it was shorter NET days or
payment type (ACH, Credit Card, and Direct Deposit). This eliminated paper, the past due status, or slow pay of any clients. • With a small budget in the beginning, an office space was not in the cards. When established, the Company started in Paul’s basement. Once the Company was starting to grow and adding supplementary staff members, it proved troublesome with the lack of space and privacy for phone calls, and holding client meetings. As of December 2017, IsI will occupy a 15,000-square foot state-of-the-art facility. • A lot of the battles in the Government and more specifically Congress these days seem to be with healthcare. With a small census, healthcare plans are very limited and extremely costly. It is now a due diligence that the Company offers its employees with a cost-effective option to support their families. IsI was able to connect with a Human Resources company that in-house brokers health insurance plan from some of the top names in the Industry. While still expensive, it was a viable option for the Company to work with. • The absolute biggest hurdle that IsI to overcome has been with their staffing needs. With growth, there was a need for something more, in which IsI collaborated with professional staffing agencies who specialize in Cleared Personnel. This filled the void in the staff and helped to ‘weed out’ the candidates who were less than their established mission.
Team IsI’s Advice for Young Entrepreneurs “The best advice to give a young Entrepreneur in this Industry is to research every avenue possible. This is absolute most important key to a successful startup. Everything needs to be planned out from the incorporation of the business, tax planning, healthcare, payroll, generating and collecting of revenue, staffing, and your committed office space. With their research, they should confer with another growing business to learn the trials and tribulations they are experiencing and how they are overcoming them,” – Team IsI. Future Prospects Enterprise Security, streamlining, and compliance are becoming more and more critical for companies to meet the Government requirements and regulations. More companies are finding that hiring a firm that specializes in specific security protocols actually reduces the risk of not having the experience internally. IsI’s new software, Security Control is paired with their Managed Security Services and allows for 100% compliance of a client’s program with true security professionals on staff that manage the day-to-day operations. Some of the new products include the use of Co-Utilized SCIF space for additional capabilities of small businesses.
Read it First Subscribe Today Never Miss an Issue
Yes I would like to subscribe to Insights Success Magazine. Global Subscription 1 Year.......... (12 Issues) .... $250.00
6 Months ..... (06 Issues) ..... $130.00
3 Months ... (03 Issues) ....
1 Month ...... (01 Issue) .....
$70.00
$25.00
Date :
Name : Address :
Telephone : Email :
City :
State :
Zip :
Country :
Check should be drawn in favor of : INSIGHTS SUCCESS MEDIA TECH LLC
CORPORATE OFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754,(302)-319-9947 Email: info@insightssuccess.com For Subscription : www.insightssuccess.com
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
Company Name
Management
Brief
Allied Universal aus.com
Steve Jones CEO
Allied Universal provides unparalleled service, systems, and solutions to serve, secure, and care for the people and businesses.
Bluefin Payment systems bluefin.com
John M. Perry CEO
Bluefin Payment Systems is the leader in payment security, specializing in point of sale solutions for retail, mobile, call center and kiosk/unattended environments, and secure E-commerce technologies.
Clearswift
clearswift.com
Heath Davies CEO
Clearswift is trusted by organisations globally to protect their critical information, giving them the freedom to securely collaborate and drive business growth.
Covenant Security covenantsec.com
Danyetta Fleming President & Founder
Covenant is protecting client’s information with a holistic security approach combining policies, technology and education.
Industrial Security Integrators (IsI) dodsecurity.com
Paul J. Cella Ceo Jeanne Travis President
Industrial Security Integrators (IsI) provides Government and Industry clients with cost-effective and comprehensive options for full-service infrastructure solutions.
Paladion paladion.net
Rajat Mohanty CEO
Paladion is a global cyber defense company with over a decade of experience in cyber security. Paladion provides AI driven Managed Detection and Response services, DevOps security, Cloud Security, Red Teaming, Blue Teaming, Cyber Security Compliance, and more.
Palo Alto Networks paloaltonetworks.com
Mark Anderson President
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches.
Protenus protenus.com
Nick Culbertson CEO
Protenus is a healthcare compliance analytics platform that uses artificial intelligence to detect and eliminate inappropriate behavior inside hospitals, insurers and health information exchanges, helping healthcare organizations to build trust with their patients.
SaltDNA saltdna.com
Joe Boyle CEO
SaltDNA, a Cybersecurity 500 company, based in Belfast, Ireland. SaltDNA has been building secure enterprise mobile communications solutions since 2013.
Triada Networks triadanet.com
Raffi Jamgotchian Chairman & CEO
Triada Networks provides an alternative for investment firms and other financial services businesses from the drudgery of IT management.
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
BLUEFIN PAYMENT SYSTEMS: Providing the Most Secure Platform to Devalue and Protect Customer Payment Data
B
luefin Payment Systems is the leader in payment security, specializing in PCI-validated Point to Point Encryption (P2PE) integrated and stand-alone solutions for retail, mobile, call center and unattended environments, and secure E-commerce technologies including payment iFrame and tokenization. The company was the first to introduce Decryption as a Service (DaaS) P2PE with their Decryptx® product, which enables payment gateways, processors and software providers to connect to Bluefin via an API and provide the company’s validated P2PE solution through their own platforms. Bluefin has more than 50 companies enabled for P2PE through their Decryptx partner network worldwide. Bluefin offers a variety of payment security solutions for card present and card not present businesses around the world, including tokenization to protect data at rest, PCI-validated P2PE to protect data in motion, and EMV to authenticate credit and debit cards. About the Team John Perry is the CEO of Bluefin Payment Systems. He is responsible for leading all aspects of the company’s strategic planning, including spearheading key alliances and acquisitions. He is an innovative
DECEMBER 2017
leader with extensive P&L, financial, E-commerce, and technology experience. He is noted for creating a clear vision and recruiting exceptional teams to exceed launch and service targets, for executing process re-design initiatives, and for generating profitable new products. Prior to Bluefin, John was the Chairman and CEO of Spectrum, an independent electronic bill-payments company; President and COO of NOVA Information Systems, a US Bancorp company; and has held executive positions with First Data, Visa USA, and Wells Fargo Bank. John holds a Bachelor of Science degree in engineering from the United States Military Academy at West Point and an Executive Masters in Management (MBA) from the Kellogg Graduate School of Management at Northwestern University. “We are truly making the ‘Enterprise Security Industry’ safer in its ability to accept and send payments. There still needs to be a universal requirement to adopt encryption with specific requirements. We believe that the government in the US can provide that nudge to the private sector through incentives, and we also believe that Europe will adopt their best practices regarding encryption as part of the
18
General Data Protection Regulation (GDPR),” stated John about the current scenario of the payment security industry. Exclusive Payment Security Solutions from Experts Bluefin’s PCI validated P2PE solution functions completely as a Service through Decryptx. An enterprise can access Bluefin’s P2PE solution through a direct connection, including through Amazon Web Services. Bluefin has more than 50 connected partners serving hundreds of thousands of businesses worldwide, with partners including payment gateways, processors, and software providers. The company expects that their partner network will rise to 60 by the end of 2017. Benefits for Customers Bluefin is the leader in payment security, specializing in solutions for retail, mobile, call center and unattended environments, and secure E-commerce technologies including payment iFrame and tokenization. Bluefin uses industry best practices and works with a variety of security and technical partners to continue to build and provide the best solutions for the ‘Enterprise Security Industry’. “We do our best to understand what is important to the payment security
Bluefin is also considering offering other solutions as a service to add to their P2PE offering. The key to the company’s success is their delivery as a service model, allowing the business customer and their provider to maintain their existing relationship with no disintermediation from Bluefin
John Perry CEO
market in general and our clients specifically, now and into the future. We always attempt to speak with current clients and prospective ones to understand what is important to them, and how can we be better. Then we use that input and bring innovative products to support those needs to market,” John added. Bluefin Intellectual Property Bluefin has received 6 U.S. patents on its Decryptx and P2PE Manager products, with additional patents pending in the U.S., Europe, and Japan. • US 9,355,374 Systems and Methods for creating fingerprints of encryption devices • US 9,461,973 Systems and Methods for decryption as a service • US 9,531,712 Systems and
‘‘
‘‘
Our Technology is Universal and Works with any Software System, Payment Gateway or Processor
Methods for decryption as a service via a message queuing protocol • US 9,531,684 Systems and Methods for decryption as a service via a configuration of read-only databases • US 9,686,250 Systems and Methods for decryption as a service via a hardware security module • US 9,692,735 Systems and Methods for decryption as a service via a message queuing protocol (Cont)
Bluefin is growing quickly and the company is focused on bringing their solutions to markets outside of North America. Bluefin currently has a small footprint in Europe and Asia, which they expect to grow dramatically over the next three years.
Future Plans Bluefin believes that the future of the ‘Enterprise Security Industry’ will be about encrypted solutions and keeping data safe. Whether those solutions focus on payment or other types of PII, encryption will be the clear focus.
19
DECEMBER 2017
ARE YOU STAYING IN network O SECURE ZONE?
ne word can sum up the most common strategy for network defense - “boxy.” Building and maintaining a strong perimeter has a long and storied history. Consider a castle with its moat, high walls and drawbridge. That is how most networks are defended. In a box. Currently, the mentality is: “Do you want to protect a new system?” Put it inside the box. “Processing personal information?” Put it inside the box.
While the “box” approach was successful in the past, it’s an antiquated model. And, while the conventional approach has been occupied with defending the castle from a ground attack, adversaries have deployed an air assault with the latest modern weapons. User’s choice Over the past decade, there has been a quiet revolution with how IT systems and services are used within organizations. Fed up with a lack of options, viable solutions and a general disconnect with the business, users have taken matters into their own hands. This evolution started with the rise in mobile usage. Early on, traditional security teams focused efforts on stopping mobile usage. Eventually, they acquiesced and accepted mobile devices, but only those that were “approved.” Ultimately, reason triumphed and mobile is now treated in a more logical fashion. While still four letters, “BYOD” is no longer a bad word. Unfortunately, we are now seeing the same cycle with cloud services.
Mark Nunnikhoven
Consumer is the new business Consumer-focused services are making significant inroads into enterprises around the world. It is fairly common to see large volumes of outbound network traffic utilizing services such as Dropbox, Google Apps, Github or any number of other cloud-based applications. In fact, these services have begun to incorporate features and functionality specifically targeted to the size and scope of various business operations. Think of this as a “bottom-up” approach. It is a sign that users in organizations are pushing technology adoption just as much - if not more - than a traditional “top-down”
DECEMBER 2017
20
MAESTRO’S TALK
approach. Overall, this should be seen as a positive. The shift is now aligning IT with the actual focus of the organization. It is a move toward technology that works in the “real world,” instead of simply looking good “on paper.” However, it’s not all unicorns and rainbows.
account the realities of today’s networks. Now, shopping carts are provided via PaaS, payments are provided via SaaS ans all shipping is done through a third-party API. These providers inherently change over time cteating more variables and avenues for breaches.
Crumbling walls While productivity might be up, it is extremely difficult to maintain a strong perimeter around this new blend of traditional, mobile and cloud infrastructure. There action to this is: “Then why try? Isn’t there a better approach?” This response is rational, but not the sentiment of a vast majority of the security industry.
Data flow In addition to adding basic security to each system or service, it is critical to examine how data flows. When a high-level view of data flow is incorporated into the typical e-commerce transaction, the following occurs: It is immediately apparent that there is a variety of information shared across multiple systems. Some of the systems are controlled by the enterprise, some are not. With this view, the real challenge comes to the forefront - how can the safety of orders (items purchased, quantities, shipping info, etc.) and processing data be ensured by at least three different entities? In addition, payment information resides on at least two systems. How does that affect Payment Card Industry compliance? This is the level where security should be applied - and it must be acted upon holistically.
Just as with mobile adoption, the common security response to cloud services is to attempt to block user’s access and, instead, guide them toward an “approved” (and typically less usable) server. That isn’t embracing reality and, quite simply, is no longer feasible. The architecture diagram for current networks no longer fits cleanly into a simple box. Trying to wedge it into one is counterproductive and can lead to frustration among employees. It is imperative to accept the fact that the perimeter as it has been known is now gone. Which leads to the core of the issue -what strategies can be adopted to defend today’s networks?
Next steps The top priority for security must be monitoring. It is clear that controlling every element of the network can be overwhelming. With the variety of services, endpoints and connections, the aforementioned “box” model has been demolished. Thus, the traditional perimeter is gone. What takes place in networks requires more transparency to read and react accordingly.
Level up First, it is important to understand that traditional controls still have a place in modern defense. There is a need for firewalls, intrusion prevention, anti-malware, filtering, etc. These traditional elements serve as a strong component, but they play a smaller role and cannot be considered the endall, be-all of security. Instead of focusing on individual components of the network, it should be viewed according to the way specific data flows. Security in isolation Take a typical e-commerce transaction, for example: In a traditional approach, each of these systems would reside in relative isolation. First, there must be a firewall on the site and anti-malware so it is “secure.” Second, the shopping cart is delivered to the user via HTTPS so it is “secure.” Third, the payment information is encrypted, thus it is “secure.” Finally, the shipping system is only internal so it is “secure” through access control. While none of these controls are bad, they do not take into
21
A modern monitoring practice not only pulls in log data from network devices and application servers (as has traditionally occurred), but also logs and reports from IaaS, PaaS, SaaS and mobile systems. This in itself cteates a new challenge with an immense amount of diverse data needing to be processed. Fortunately, “big data” analytics can be applied to resolve this issue. There is very little value in denying where network infrastructure design, and access, is headed. The soundest strategy is to welcome this reality and work to increase security of the current network to focus on monitoring. It is essential to be cognizant of data workflows within the overall enterprise. Once that is established, taking steps to protect data, regardless of where it is stored and processed, is far less daunting. DECEMBER 2017
C
yber security plays a massive role in today’s tech savvy world. According to industry insiders, average cost of data breach for various companies has increased from $3.8 million to $4 million recently. Most of the companies today have embraced open source for infrastructure software; additionally they have also embraced cloud storage. Both of these comes with their own blend of positives and negetives. Like if a data centre gets attacked or fails then it could be deadly for a company, and most of the open source softwares are vulnerable to cyber attacks which posses a massive threat. So, here we are listing out some of the cyber security threats and their potential solutions, that can change the cyber world.
DDoS Attacks Targeted On Internet of Things Devices As per recent trend, cybercriminals have got all out to target various IoT devices, that includes survellience cameras, security systems, electronic appliances, cars, commercial enviornments, vending machines, robots in various
DECEMBER 2017
22
THREAT-O-CURE manufacturing plants etc. There are more than 12 billion IoT devices that can be connected to the Internet and researcher’s estimate there would be 26 times more IoT devices than people by the end of 2020. This threat came into spotlight recently after a revelation, where thousands of low security IoT devices were being used to launch massive-scale DDoS attacks. These attacks impacted various DNS service providers.
BEC attack is completely different from other attacks, in case of BEC attacks, the attackers are highly motivated and these kind of attack mostly passes through spam filters and even evades email whitelisting campaigns. All these together makes it hard to recognize that the email is not from an authentic source. So how can one be safe from a BEC attack? Don’t worry there are few guidelines which will make life a bit easier.
DDoS is a kind of DOS attack which makes sure that multiple systems are compromised, with the help of Trojan virus. Ultimately, the victims of DDoS attack gets maliciously controlled and used by the hackers.
A company must implement a multi factor authentication, as a security policy, the authentication system will make the hacker’s life much more difficult and ultimately it will prevent the criminal from gaining access to a employee’s mailbox. One must also check on organiztion’s spoofability, that helps to know how secured the company is. There’s nothing like teaching employees how to spot phising attacks which will eventually help employees and the company to be safe.
To counter the threat, FTC has started targeting some IoT device manufactures, whose products come without adequet security. Ransomware Ransomware has seen steady improvement over the years since its first appearance way back in 2005. In its early days, cybercriminals would use fake apps and fake antiviruses to alert victims, and then they ask for fees as a charge for fixing some fake problems. Even it showed FBI warnings, which contained threat messeges. Ultimately, they began to lock down systems or any specific app until the demands were met.
Risk Of Using Cloud Recently most of the companies have started using cloud services. Popular apps like Dropbox and Google Drive are being used by companies, and sadly there are many users who are using these services from their non-corporate mail accounts which eventually expose sensitive data to outside threats. Companies also lack specific usage policies when it comes to cloud service, that can lead to sharing sensitive information to unapproved apps, which can lead to severe data breach.
However, the main threat these days are crypto ransomeware, where the attacker encrypts the file and the victim needs to pay in order to get the key and unlock their own file. According to various agencies, Ransomware has caused damages of around $325 million till date. In order to stay safe from the Ransomware, the user must use reputed and original antivirus and anti maleware softwares. Users shouldn’t open email attachments, until they are completely sure. Use of storng password is must and one should not reuse older passwords. Keeping all the softwares up to date is another thing one must follow, and last but not the least a user must backup all the data to prevent data loss.
So, to get rid of risk related to clouds, one organization must have a strict and clear policy about how and when to use it. An employee must be barred from sharing sensitive data to unapproved apps. Third Party Vendors Increases Risk A company might build brilliant security system with great policies to keep their customers and their data safe, but unless and until their third party vendors use the same level of security the data and customers will always be at risk. Just look at the recent Wendy’s incident, where more than 1000 franchised location of Wendy’s were hit by a Point-ofSale malware attack, that eventually led to massive data breach.
Business Email Compromise Schemes A BEC attack is a form of fishing attack where the offender pretends to be an executive and targets a vendor or a customer who would transfer funds or classified information to the attacker.
Until companies make sure that policies are tighted up enough and the third party vendor is taking all the needed security measures, these kind of attacks will continue to
23
DECEMBER 2017
take place. To prevent cyber attacks, organizations should come up with a policy, by which one should ensure that third party vendors are taking same security measures as the company. In addition to all these, stortage of skilled IT professionals is also hurting to a great extent; there are more than a million vacant IT professional jobs across the globe. So, with more skilled professionals and by filling the vacant positions, the cyber threats can be minimized to a great extent. However, one still has to religiously update and patch firewalls, firmwares, changing the default password of the router and setting up strong passwords to not to get trapped in the world of web. So, these are the type of cyber attacks that could hurt your company to a great extent, we have also listed out the prevention methods, that will eventually help you to be safe in the web.
DECEMBER 2017
24
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
PALADION: AI Driven MDR Provider for High Speed Cyber Defense
T
oday, the cyber security industry is undergoing a huge shift. Traditional defenses, processes, and security technologies are not holding up against today’s sophisticated cyber threats. The need for better defense has paved the way for a new model that the industry recognizes as Managed Detection and Response or MDR, a service that provides deeper threat detection and rapid incident response. The Enterprise Security industry is therefore moving away from traditional, purely preventive cyber defense systems to a more proactive approach by adopting a Incident Detection and Response approach. While preventive security technologies will remain and support a more advanced security program, enterprises need more. Paladion delivers AI driven Managed Detection and Response services to help enterprises to create resilient cyber defenses. They are a pioneer in the use of an AI platform that uses 4 different analytics or sources and still remains the only MDR provider to offer such a platform. Global Cyber Security Expert Paladion is a global cyber defense company with over a decade of experience in cyber security. They provide AI driven Managed Detection and Response services that include Threat Anticipation, Threat Hunting, Security Monitoring, Vulnerability Management, Incident Forensics,
DECEMBER 2017
Incident Response, and Breach Management. The company also provides several point managed security services such as DevOps Security, Red Teaming, Cloud Security, and more. Paladion is currently the only MDR provider to integrate user behavior analytics, end point analytics, application threat analytics, and network threat analytics into a single AI platform to provide deep threat discovery and swift response to cyber threats. The big data AI platform combines 4 different analytics sources and looks at the entire IT stack of an organization to achieve high speed cyber defense. The platform is driven by a large MDR team that has over 17 years of experience under its belt. Paladion currently services over 700 plus enterprise customers globally. Architect of Paladion Rajat Mohanty is the Co-founder and Chief Executive Officer of Paladion. With highly developed business acumen, deep knowledge of the strategic advantages of technology and strong leadership, Mr. Mohanty has transformed Paladion’s business model from its initial focus on high-end security consulting into today’s managed cyber security business with Paladion’s proprietary RisqVU and Newton platforms. This transformation is in response to both customer needs and market opportunities. World-class services in Managed Detection and Response, security operations, vulnerability management, and more
26
have been pioneered by Paladion under Mr. Mohanty’s vision as an industry veteran. Under Mr. Mohanty’s leadership, Paladion has amassed a long track record of successful customer acquisitions and partnerships to expand Paladion’s portfolio, enter new market segments and enlarge the company’s addressable market opportunity. He has expanded the company’s marketplace beyond large enterprises to commercial and small-medium businesses, broadened the company’s industry alliances, and established new sales partnership and distribution channels in the US, India, Middle East and South East Asia. He has championed Paladion’s commitment to the Total Customer Experience, to consistently exceed customers’ expectations for quality, service, innovation, and interaction. Acknowledging Paladion’s growth under Mr. Mohanty’s leadership, Deloitte awarded the fastest growing start-up award seven times in a row and analysts such as Gartner, Forrester, and IDC has placed Paladion in some of their most respected market reports. Mr. Mohanty has received a Bachelor of Technology in Manufacturing Science and Engineering in 1993 from the Indian Institute of Technology (IIT) Kharagpur and a Post Graduate Degree in Marketing and Finance from XLRI Jamshedpur, India in 1998. He possesses over 22 years of experience
Rajat Mohanty CEO & Co-founder
in Information Technology and over 18 years of experience in the Information Security domain.
take in information from all available sources for comprehensive, effective cyber protection.
Distinctive Strategies for Success Paladion’s team believes that cyber defense is not a problem that can be solved by just throwing people at it, especially when there is a growing shortage of skilled cyber security resources. So, automation and AI are the ways forward and are already the top priority for Paladion. Their cutting-edge Newton platform which was the result of their past cyber battles is addressing this need. The platform is already validated by leading technology advisories and is recognized for innovation, strategic application, and user-friendliness. They are currently the only large MSSP that is recognized as a mature MDR player with a proprietary AI platform that can
Safeguarding Consumer Data with the Integrated Shield of Emerging Technologies Paladion uses its own proprietary technologies and leading third-party solutions to protect customers’ data. Paladion provides the most comprehensive and integrated managed detection and response service in the industry by combining AI, Security Automation, and a large MDR team. Paladion’s offering covers every phase from intelligence, analytics, SIEM, incident forensics, and response playbooks to breach management. Paladion’s SOCs are also regularly audited for top security performance and to maintain their extensive industry certification.
27
‘‘
‘‘
We provide the most comprehensive and integrated managed detection and response service in the industry by combining AI, Security Automation, and a large MDR team
Benefits for Clients Paladion clients get the benefit of full, next-generation detection and response technologies. Their MDR uniquely integrates these technologies into a single platform, ensuring there are no lags for customers when performing tasks across different products. “We respond to attacks on our customers in minutes – not days. No traditional MSSPs or other MDR provider can give customers this,” asserts Mr. Mohanty. Future Plans The new technology areas of interest for cyber security are in security autonomics and IoT device security. For IoT security, Paladion is building blockchain based technology for device authentication, registration, and security analytics. Paladion is building these platforms on the Azure cloud for global delivery and scale.
DECEMBER 2017
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
PROTENUS: Using Access to the Electronic Health Record to Catch Bad Actors Inside Healthcare Organizations
H
ealth care has experienced an increase in data breaches over the past decade; as medical records become increasingly digitized and shared, access to sensitive health data has skyrocketed. As a result, it’s becoming increasingly difficult to understand who is accessing patient data and whether or not they are doing so appropriately. Improving the state of the industry is about trust, and trust starts with increasing visibility into who is accessing patient information. Protenus is a healthcare compliance analytics platform that helps hospitals maintain that trust by monitoring all accesses to health data, understanding the clinical context necessary to differentiate normal from anomalous behavior, and elevating only true threats for human review, resulting in reduced overall risk to healthcare organizations and their patients. Building Trust with Incorporation of Advanced Tools Protenus uses artificial intelligence to accomplish this task. The firm detects and eliminates inappropriate behavior inside healthcare organizations, helping hospitals, insurers and health information exchanges build trust with their patients. The Protenus team uses artificial intelligence to audit every access to electronic medical records to identify patient privacy violations,
DECEMBER 2017
employee theft of narcotics, and more, and they do this by developing a deep understanding of how individuals access some of the most sensitive and valuable information on the planet: health data. Critically Identifying Internal and External Malicious Actors Protenus brings big data technology to healthcare data compliance, with unprecedented levels of security controls. It’s well known that the best security programs come in layers. While health systems deploy firewalls, network controls, anti-virus and antimalware software, and more, these organizations have historically not had the tools necessary to distinguish appropriate from inappropriate enduser behavior in clinical settings. The Protenus platform fills this gap, serving as an immune system for health data by identifying internal and external malicious actors, and ensuring that everyone who has access to health data is using their privilege appropriately, giving leaders full visibility into health data access and building trust across each healthcare organization. Architects behind Protenus Protenus is led by Nick Culbertson, co-founder and CEO, who together with co-founder and President
28
Robert Lord took a leave of absence from the Johns Hopkins Medical School to start the company in 2014. As medical students, they saw firsthand how electronic medical records created a new slate of serious security and privacy concerns, and developed the initial prototype and predictive algorithms that launched Protenus, fulfilling a critical need to better protect patient data. Prior to medical school, Nick served eight years in the military, including service in the U.S. Special Forces as a Green Beret with a specialization in Human Intelligence networking. Knowing that mission success is driven by successful teams, Nick prioritizes the recruitment and retention of talented data scientists, big data engineers, and business operators who specialize in artificial intelligence and enterprise data security. Strategies and Principles for Success Protenus knew from day one that to be trusted with protecting health data, being a leader in enterprise security was critical to success. To build a technology product with world-class enterprise security features, Protenus recruited a team with experience securing large amounts of sensitive data: 78% of its engineering team has worked with the DOD and US Intelligence community to secure and
Protenus is helping instill trust and transparency in healthcare. The nation’s top hospitals use the Protenus platform to ensure that everyone who has access to patient data is using that access appropriately, and to keep their health data secure.
Nick Culbertson Co-founder & CEO
process some of our country’s most sensitive national security information. “It’s this deep bench of enterprise security talent that has allowed Protenus to build a technology platform that keeps electronic medical record data safe,” Nick said. “Security remains at the core of our company ethos today.” Protenus follows three core principles to safeguard the data of customers, and earn their trust. • The firm takes a holistic approach to enterprise security. From twofactor authentication to network defensibility to employee training, Protenus evaluates each element of the company, its contribution to overall security posture, and work to mitigate any potential gaps. • Through their SecDevOps
‘‘
‘‘
Building Trust in Healthcare
practice, Protenus automates security whenever possible to ensure the latest patches are applied before they can be used to compromise their network. • Protenus evaluates technology choices for suitability in enterprise applications, and even then, rarely use products ‘as is’. Protenus meets and exceed the HIPAA Security Rule, HITECH, and Meaningful Use 3 requirements for auditing controls, and follows OCR protocol recommendations. The firm is SOC-2 certified and is regularly pen tested, most recently by Rapid7. Benefits for Healthcare Organizations By using artificial intelligence to audit every access to health data inside a healthcare organization and elevating only true threats for human review,
29
Looking towards the Future Healthcare compliance analytics can identify any anomalous activity inside an electronic health record; understanding how digital health records should be accessed, and by whom, is only the first step to ensuring that patient information is safe. For example, healthcare providers with access to a patient’s electronic medication administration record can use that information to divert—or move from a legitimate use to an illicit one—narcotics into their personal possession. Protenus has already established itself as a leader in protecting health data and preventing patient privacy violations, and is now using its AI-empowered platform to identify and prevent other types of fraud, waste, and abuse, like drug diversion, throughout healthcare.
DECEMBER 2017
ABOUT BOBBI HARRIS Bobbi Harris is the VP of Market Strategy and Development at UTC. She is a smart city industry expert with more than 15 years of experience focusing on environmental issues and sustainability technologies to address water and energy challenges, including smart water infrastructure, smart grid, cleantech and green building initiatives. UTC is a global trade association dedicated to creating a favorable business, regulatory and technological environment for companies that own, manage or provide critical telecommunications systems in support of their core business. Founded in 1948, UTC has evolved into a dynamic organization that represents electric, gas and water utilities, natural gas pipelines, critical infrastructure companies, and other industry stakeholders.
Bobbi Harris VP of Market Strategy & Development Utilities Telecom Council
IT & Communication TRENDS FOR
C
ritical infrastructure such as electric, gas and water utilities rely on Information and Communications Technology (ICT) solutions to deliver reliable, efficient and affordable services throughout the world. UTC is the trusted resource for
DECEMBER 2017
Critical Infrastructure
ICT solutions, collaboration and advocacy for utilities and other critical infrastructure industries. The growing convergence of IT and OT within utilities is quickly becoming a catalyst for greater interoperability and real-time communications.
30
New discussions involving “smart city” technologies are starting with the electric utility infrastructure. The new Envision America initiative announced by the White House is issuing a challenge to America’s cities to become smarter by accelerating
PROFESSIONAL’S OPINION
d
eployment of innovative technologies that tackle energy, water, waste, and air challenges. UTC brings together government, the research community, utilities and cities to discuss innovative solutions to problems citizens care about – like reducing traffic congestion, fostering economic growth, improving sustainability, fighting crime and improving the delivery of important critical infra-structure services. Quickly emerging issues around cyber and physical security are bringing a new challenge to cities and utilities large and small. Not a single week goes by without a news story about a company or government agency being hacked and millions of personal,
customer or otherwise sensitive information exposed. Disruption of critical infrastructure by a cyber-incident is a serious concern for utility executives and technical practitioners. UTC believes that cyber security is the 21st century reliability challenge. To help our members address this challenge, UTC is implementing a comprehensive, holistic strategy that provides practical tools and information about handling cyber security challenges in a utilities environment. With billions of data packets and millions of endpoint connections, utilities are exploring optimization and efficiency solutions from a multitude of vendors, including large established companies as well as entrepreneurial
31
solutions built on the latest protocols. The key decision point for packet-based communications networks is not only cyber security, but also latency with the communications network. Machine-to-machine and grid edge computing interacting with central computing and data analytics demands real-time communications over secure networks. How will telecom providers address the massive growing list of smart devices, which gather terabytes of data for critical infrastructure processes? Join the conversation at UTC Telecom & Technology 2016, which will take place in Denver at the Colorado Convention Center May 3-6, 2016.
DECEMBER 2017
DECEMBER 2017
32
EDITOR'S PERSPECTIVE
D
uring 480 B.C., in The Battle of Thermopylae, merely three hundred Spartans held off a huge Persian army. However, in reality Spartans were not alone in the battle, alongside them fought Athenians, Thebes and other Greek forces. Until the last day Greeks had a force of around seven to eight thousand soldiers at the battle ground. The key differentiator in the battle was that, Spartans were already professional soldiers, whereas the Greeks were not professional soldiers and they fought in the army while called upon.
33
DECEMBER 2017
tablet as this is one of the most-easy ways in which malicious apps can gain access to the personal information of a user. An app can always ask for a big list of permission in order to function, but it’s important to be aware of what types of information the app is accessing for better safety.
Cut to modern days, the world is now completely dependent on internet, and it posses a massive threat from a modernday nuisance which is called Cyber Attacks. The worst part is, sadly the users are not Spartan warriors, instead most of them are working professionals or casual users. These professionals are not at all security geeks, most of them don’t understand what cyber security is, and for that we can’t blame them either as their jobs aren’t focused on information and cybersecurity.
Always be aware of phishing scams. When it comes to phishing scams, cyber criminals design a website or emailid to steal sensitive data. Most of the time the attacker installs malicious software onto the user’s pc. The worst part is, one can barely differentiate these websites or email from the genuine ones. However, phishing scams are quite easy to spot, but for that one must know what to look out for.
So, in order to be safe in the bad world of cyber attacks and breaches, one just can not develop a single cyber security program and claim that his staff is well-trained to tackle the security breaches. In real world, not everyone is a Spartan warrior, so one needs to educate his employees and start awareness programs that will eventually help to educate users to be safe from security breaches.
Companies must also tell their employees to avoid logging into any of their important accounts from public computers or public networks. A public pc or a network is open to all the users, which eventually leaves many security holes in them. However, sometimes people might not have the access to a private pc or a network, so in that case the user must delete the browser history once done and only log into a network after making sure that it is completely safe.
Already confused? Don’t be, we are here with few steps that can eventually help to ensure safety in the risky cyber world. An organization might interact with several vendors, which can involve various purposes. So, the first step towards safety is to determine which members would be of highestimpact to the organization in case of a breach. Additionally, it is also important to consider what type of data the vendor is handling, which can be anything from cardholder data to protected health information.
Applying necessary software updates are very critical nowadays. Tech giants like Microsoft, Google, Apple, etc. releases bug fixes, security patches in their recent updates. These fixes mostly help users to be secured in the risky world of web.
One always need to reinforce messages through policy, internal videos, in staff meetings and other sources that works in the environment. In order to create an awareness program, one must understand that awareness is a process and it always takes time. Lastly one must Set the expectation that the elements of the awareness program will be updated, and repeated on a regular basis.
Above all these key points, one must remember that one must train his employees such a manner that it eventually increases the staff’s ability to make much more secured decisions that to consciously. Employers must remember that they are not making any cyber security experts, for that role the company already has specialized geeks. They only need employees who are good and has the enough presence of mind so that they can help to protect the organization.
Another blunder most of the internet users commit is using same password for multiple services. Same passwords always tend to leave the entire digital life at a stake and vulnerable to breaches. As if one hacker has got the hold of a single password, then he can access all the accounts of the user.
So, here are few points from us that can eventually help you to minimize risks of cyber-attacks which can wreak havoc in your organization.
Nowadays hand-held devices like cell phones and tablets have become a necessity and many of the employees use them for official purpose. However, the user should always be extra careful while installing new apps in the phone or
DECEMBER 2017
34
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
SaltDNA: Securing the Conversation
W
ith ransomware being a hugely publicized issue in 2017 many organizations are rushing to protect themselves against this threat. The Cybersecurity industry is growing and with that, we will see the overall performance of the ‘Enterprise Security Industry’ grow. The increased publicity into the importance and threats of cyber security attacks have elevated the importance of enterprise security within global organizations. The boards are now seeing the extent of the threat and are reacting to this. Enterprise Security is now being discussed widely at the C-Suite level and is being given the attention it deserves now. With this being said, there is still a long way to go within enterprises across all industries to fight against the threats of cyber security hacks. Effective solutions need to be put into place to protect the information of the enterprise and incident response plans need to be designed in the case of a cyber attack. The notion that ‘it won’t happen to me’ is being to decrease, but the rate at which cyber attacks are occurring within global enterprises is growing at a much quicker rate. SaltDNA, a Cybersecurity 500 company, based in Belfast, Ireland. SaltDNA has been building secure enterprise mobile communications solutions since 2013. Their product provides secure voice, messaging, conference calling and image/file transfer for busy professionals, who
DECEMBER 2017
need to make important decisions while on the move. SaltDNA’s customers include; Large Oil & Gas companies, Security Services, Enterprise Executives, Government Bodies and Legal Firms. Fully Enterprise-managed Software Solutions from the Experts SaltDNA provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The SaltDNA Desktop and Mobile apps are intuitive and easy to install and use. The SaltDNA Communication Manager provides a console for tight management of users and can be configured for the management of regulatory compliance. SaltDNA’s product provides secure voice, messaging, conference calling and image transfer for users, who need to share information and make important decisions while on the move - using the highest grade open-source encryption protocols. Motive Force of SaltDNA Joe Boyle is the CEO of SaltDNA whose career has been focused on enterprise communications, security, and network optimization. He has experienced considerable success bringing innovative new technologies to market, and helping customers adopt
36
those technologies. Before SaltDNA, Joe was the director of product management for Silver Peak Systems and Blue Coat Systems, both in the network optimization space. Joe had worked on secure communications technology at F5 Networks, Aepona (acquired by Intel) and Apion (acquired by Phone.com). His expertise in this field has been key to SaltDNA solidifying their position as a leader in secure mobile communications for the enterprise. Joe works closely with clients and partners to ensure that the SaltDNA solution is constantly meeting the needs of its users to secure their communications and business documentation. Exclusive Approach Team SaltDNA is continuously working to improve the quality of their applications, but also to expand out the capabilities of their product. “We listen carefully to our customer’s requests and work to deliver a product that exceeds their expectations. We proactively work to remain compliant with upcoming regulations as well as working closely with our clients and partners to develop the most relevant features for market,” asserts Joe. SaltDNA Team believes that encryption alone is not sufficient for enterprise use, and they understand that security is encryption along with the control. This is why SaltDNA uses the latest encryption technologies available in the industry along with the tightest enterprise control so ensure their
‘‘
‘‘
Built from the ground up - for the enterprise
highest level of product to its customers. Joe Boyle CEO
solution is rock-solid. This method allows SaltDNA to offer their clients with the highest level of security, but is also the key reason why they are unique in the market. Ensuring the Data Safety with Incorporation of Advanced Technologies SaltDNA uses the latest technologies available in the industry along with the tightest enterprise control so ensure their solution is rock-solid. While encryption alone is not enough, it is still of paramount importance in an enterprise-grade secure mobile communications platform. SaltDNA uses an encryption mixture using multiple encryption algorithms for maximum security. Compliance and control are essential in the enterprise that’s why user contact lists and circles are controlled using the secure SaltDNA Management Portal by
an Administrator you assign. There are no hooks into personal contact lists, ensuring complete control over communications in and out of your business. SaltDNA also ensures that the enterprise has full control over how their communication metadata is stored and managed. “We understand that not every organization follows the same data protection regulations, and because of this we offer three account management options to allow companies to manage their metadata differently,” says joe about their distinct offering. Benefits for Clients SaltDNA continues to grow as a company each quarter and continue to expand their sales as well as building relationships with their current clients. By taking in feedback from current clients and implementing new features based on this into their solution SaltDNA continue to deliver the
37
In recent years SaltDNA’s clients have benefited greatly from the assurance that their communications are private, but also that their voice is being heard with the release of customer-driven features. Future Prospects With the emergence of data collection regulations such as MiFID II and GDPR, compliance alongside security has quickly become a necessity within enterprises. With an increased need for enterprises to remain compliant and secure, in many cases, one of these essential principles are lost. With the new SaltDNA ‘Compliance’ management option SaltDNA can provide companies with a securely archived version of all their mobile communications. With the importance of Cybersecurity only growing the ability for organizations to implement a compliant and encrypted communications system is crucial.
DECEMBER 2017
Managing
Corporate Communications
By Andrew Silver, CTO Tango Networks
on Mobile Devices
T
In both cases, the company is acting as a service provider for its employees - delivering and supporting essential communications services.
With traditional voice communications and data communications, we directly control how communications are deployed and used by our employees. But for mobile devices, we give up this control to external mobile service providers, creating expensive management and regulatory headaches.
But this model has remained broken when it comes to mobile communications.
here is a strange inconsistency in how enterprises manage mobile communications compared to other types of business communications.
The Broken Mobile Model In more traditional situations, the company will contract with a mobile communications service provider and buy or lease mobile phones and service for employees. The company pays the provider to handle support, configuration and management of the phones in addition to the primary voice and data service costs. While the company is incurring these expenses, the company does not have direct control over the devices to ensure that corporate policies are followed. Companies that must monitor employee voice calls and data sessions, or archive them for regulatory purposes, face added expenses.
It doesn’t have to be this way, which is why I founded Tango Networks a decade ago to revolutionize business mobile communications. The Company is The Service Provider Consider how other forms of communications are managed for employees. For typical desktop phone service, the company purchases phones from a vendor along with a central system to provide voice calling, conferencing, in-office dialing, and other features. The company or its contractor will run cabling and power for the phones. Then the company contracts with a service provider for voice services. The enterprise is in control of the communications system, and sets the policies for each user.
In some companies, this model has evolved into Bring Your Own Device (BYOD) programs, often when IT departments have simply given up trying to gain control over corporate mobile communications the way they have always been able to manage their other services. Instead of contracting for phones with a service provider, the employees are permitted to use their own devices. Then the company reimburses or otherwise subsidizes services. While this can be less expensive than a company-owned phone approach, it makes enforcement of policies very difficult, especially for regulated industries requiring communications recording.
It’s the same for data communications. The company will contract with a service provider for Internet service. But then the company will install routers, firewalls, SBCs and Ethernet cabling, or Wi-Fi access points and similar infrastructure to get its employees online. The company similarly is in direct control of its local and wide-area networks, and sets the policies for each user.
DECEMBER 2017
In both cases, the mobile devices and service subscriptions remain separate from the main form of corporate
38
EXPERT'S VIEWPOINT
communications. If I call you from the office, you see my corporate number as the caller ID. If I call you from my mobile, you see my personal mobile number, or another number you don’t recognize. If you call me on my mobile but I need to take the call from my desk phone for recording compliance, I need to call you back, or else start up a special app on my phone to record the call.
on the mobile communications in the service provider’s network. This provides great advantages for both companies and their service providers. For service providers, it means that companies are taking on much of their own support and management tasks. For the companies, it means the IT staff is more directly in control of this critical form of corporate communications. Our system is supported by many Tier 1 mobile service providers around the world and is serving hundreds of thousands of users with enhanced mobile communications today. On networks where our solutions are not yet supported, we also offer many of the same control capabilities for employees that use Android, BlackBerry and IOS (Apple) devices.
In short, the user experience is messy, unwieldy, and less professional in appearance. The Better Way Imagine instead that your mobile phone could be an extension of your main corporate communications systems.
You could make and receive calls using your corporate For the first time, mobile communications can be managed number. You could transfer, conference, call with in-office by your company precisely the way traditional fixed voice dialing. You could send text messages from your corporate and data communications. In the end, this means easier number and receive incoming texts to your corporate regulatory compliance, lower mobile communications number - something your desktop phone probably cannot costs, and a better user experience that maximizes the do. Your calls and texts could be archived for compliance. productivity of your employees on the go. Your IT staff would have direct control over when and where you could make toll calls, or even route them through the corporate networks to reduce costs. Suppose all this were possible even with your own About the Author personal device. Your business communications A company co-founder, would operate as an extension of your corporate Andrew Silver now serves phone system while your personal communications as Tango Networks' Chief remained totally private. Technology Ofcer. Silver is That’s exactly what Tango Networks’ solutions do. an entrepreneur and Our Kinetic Communications Platform enables a business technologist who company to control mobile communications in an has held senior entirely new way. management and director roles in large and small Shared Control wireless companies The breakthrough is an innovation in how including Ericsson, Nortel communications signaling and routing are managed. Networks, Comverse and Our Kinetic platform creates a communications Spatial Wireless. He is an control system that is shared between your company accomplished speaker at and your mobile service provider, enabling the wireless industry forums enterprise to be the service provider for their and has been granted more employees. than 50 patents in wireless communications systems. This means your IT staff sets policies, determines Silver holds an electrical call routing rules, turns on features, and executes engineering degree and an similar control steps. These enterprise-managed MBA from McGill policies and configuration settings interface directly University. with the service provider where they are enforced
39
DECEMBER 2017
Traits to Posses the Best Enterprise Security
T
he founders occasionally forget about implementing important fundamentals of security and start running after shining technology. The security budgets are limited, so they need to be sure about covering highest breach areas before moving onto other things. IBM reported that more than a billion personal data was stolen and leaked in 2014 alone, which made it the highest recorded number in the last 18 years. Criminals are always a step ahead of the existing security systems. So companies should have best strategies and practices for enterprise security.
direction of flow of data. The firewall keeps harmful files from breaching the network and compromising the assets. The traditional process for implementing firewalls is at the external perimeter of the network, but to include internal firewalls is the popular strategy. This is one of the best practices of companies by making it the second line of defense to keep unwanted and suspicious traffic away.
So how do we ensure to have the best security systems? It all has to do with having a solid foundation, which starts with these basic practices.
Securing Router Routers are mainly used to control the flow of the network traffic. But routers do have security features too. Modern routers are full of security features like IDS/IPS functionality, quality service and traffic management tools and strong VPN data encryption features. But very few people use IPS features and firewall functions in their routers. To have improved security posture companies need to use all the security features of routers.
Strong Firewalls Firewalls are the first line of defense for any enterprise. It basically controls the flow of the data and decides the
Secured Email It is highly common to receive emails from the suspicious sources. The email is the main target for the criminals. An
DECEMBER 2017
40
CHALK TALK
86 percent of the emails in the world are spam. Even if the latest filters are able to remove most of the spam emails, companies should keep updating the current protocols. If the no, of spam emails are large, then it only means the company is at greater risk of getting malware. Updating Programs To make sure your computer patched and updated is a necessary step if you are going towards fully protected enterprise. If you can’t maintain it right, then updating already installed applications is an important step in enterprise security. No one can create 100 percent perfect applications, but one can make changes accordingly trying to keep it with the pace. Thus, making sure your application is update will let you know the holes programmer has fixed.
that are fixed, laptops and mobiles are portable and thus are at higher risk of being stolen. Making sure you have taken some extra steps to secure laptops and mobiles is as important as implementing strong firewalls. Encrypting laptops and mobiles with the help of softwares is a great tactic to be followed for secured enterprises. Wireless WPA2 This is the most obvious feature of all. If companies aren’t using WPA2 wireless security, then they need to start using it. Many methods of wireless security are insecure and can be compromised in minutes. If companies have wireless WPA2 installed, then it will be difficult to breach for criminals.
Web Security Verizon Data Breach Investigations Report stated that the attacks against web applications in the recent years Securing Laptops and Mobiles have increased at an alarming rate, You may wonder that why securing laptops and mobiles is in the list. But it with over 51 percent of the victims. is true that securing laptops and mobile Simple URL filtering is no longer sufficient, as attacks are becoming phones that contain sensitive data of enterprises. Unlike desktop computers more frequent and complex. The
41
features that need to be considered for web security systems are AV Scanning, IP reputation, Malware Scanning, and data leakage prevention function. A web security should have the ability to correctly scan the web traffic. Educating Employees Making sure that employees are educated about safe and online habits is as crucial as securing enterprise with top class anti virus and firewalls. Educating employees about what they are doing and how to be pre-defensive is more effective than expecting IT security staff to take steps later. Because protecting end users against themselves is the most difficult thing to do. So, employees must understand how important it is to keep company’s data safe and the measures they can take to protect it. While the world is approaching with more and more cyber theft and crimes, these simple and standard tools based foundation of enterprise security can protect the companies from such attacks.
DECEMBER 2017
1 T H E
MOST TRUSTED
COMPANIES IN
ENTERPRISE
SECURITY FOR 2017
TRIADA NETWORKS: Securing Business Networks
I
t’s often noticed that smaller firms install a firewall or antivirus and they believe they are protected from cyber-related threats. In the same way large firms will purchase the latest security product thinking it would solve all their problems. But both methods leave organizations at risk, regardless of their size. Better security can only be achieved with practical investments in the right technology, people and processes. A difficult part is understanding the people equation. Smaller companies have immense difficulty getting the right security talent for their team. The team at Triada Networks helps bridge that gap. Triada Networks services the Cyber Security and Information Technology needs of small and medium independent asset managers, such as private equity firms, venture capital companies, CLO investors, and small hedge funds in Metro NYC, Northern New Jersey, and Southern Connecticut. Triada’s Distinctive Approach Triada Networks focuses on helping boutique investment firms and small businesses looking to defend themselves from cyber risk and supporting compliance through thoughtful and pragmatic solutions that protect and check the box. Triada Networks packages together a unique blend of policy and procedural development, active network monitoring and logging, advanced endpoint protection/detection/response,
DECEMBER 2017
end-user security training and testing, dark web monitoring, and continuous vulnerability scanning. Triada (which means trinity) is guided by three pillars; Protect The first pillar of Triada Networks’ is to protect. Like the hippocratic oath says do no harm; team Triada Networks work tirelessly to ensure that their client’s business is protected from unnecessary risk. This initial and most important pillar is the foundation of the services that Triada Networks provides including: • Backup/Disaster Recovery Services and Business Continuity Planning • Managed Anti-Virus/AntiMalware • Automated Patching and Updating of Systems • Managed Firewall/Perimeter Security • Mobile Device Management and Laptop Encryption Optimize Triada Networks’ second pillar is the optimization of technology. This includes ensuring that the existing investments made by clients are being used to its greatest ability and that their future investments are made properly with their business in mind. These services build on the first pillar:
42
• Weekly desktop and server optimizations • Automated malware scanning using a secondary system • Virtual CIO Services including budgeting • IT Consulting and Project Planning • Manage all of your other technology vendors Empower The third pillar is empowerment. Triada Networks make sure that their clients’ use the right IT to empower their business, streamlining their daily operations, automating their most routine practices, and freeing their staff to focus on their important work and not their technology. • Cloud Computing Services • Microsoft Office 365 • VoIP Phone Systems Creator of Triada Networks Raffi Jamgotchian is the Founder of Triada Networks. He has been working in Information Technology sector since 1995 and began his cybersecurity career a year later building Solaris based Checkpoint firewalls. Raffi founded Triada Networks in 2008 to bring enterprise security practices and solutions to smaller investment firms that did not have the resources to do it themselves. Triada Networks was founded in 2008 with the aim to provide an alternative
‘‘
‘‘
We empower your business and employees to leverage the best technological solutions so you can grow
would be most financially feasible for their clients. Raf Jamgotchian Founder
for investment firms and other financial services businesses from the drudgery of IT management. “We understand how critical it is for businesses like yours to have a solid foundation of technology to support you, but we also know you want to be able to focus on running your business and not worrying about your IT,” asserts Raffi about their service objectives. “That’s why we love what we do. We understand the baseline things that need to be done to build you that foundation you need, and we enjoy not only serving your IT needs, but also helping you leverage your technology to achieve your goals,” Raffi added. Fulfilling Advanced Safety Demands Security and technology are ever changing. Podcasts are a big part of staying on top of what is going on in the industry. Triada Networks is also
involved in a number of industry organizations. Lastly, Triada Networks is a member of the US Secret Service Joint Electronics Task Force (USS-JECTF) in New York/New Jersey. This provides the Triada Networks team access to collaboration between industry and law enforcement. They are a security-first managed services provider. Triada Networks come in with the mindset that they are going to help the company defend and protect its most important assets. But unlike other security-only firms, they can help with their IT infrastructure decisions as well. Benefits for Clients Triada Networks’ clients get the benefit by working with a firm that isn’t going to convince them to buy something just for the sake of buying it. Triada Networks will work with each decision maker to find the best solution that
43
The Triada Networks team focuses on delivering the best end result. They give clients a solid foundation of security and preparation, using proactive solutions to catch problems before they start and eliminate downtime and disruption of their business. Then the team will add the features that the client needs, helping them to discover what technology serves best and ensuring business will always be ready to compete and grow. Future Objectives “We’re always looking to see what’s on the horizon. How will Internet connected sensors (IoT) or other kinds of single purpose embedded devices affect our security investments? How can we leverage data that is collected across customers to improve threat intelligence. How can machine learning and artificial intelligence help security practitioners make solid decisions or come up with their own solutions? How will blockchain be used to provide integrity to our processes?” asserts Raffi about their future strategies.
DECEMBER 2017