BUILDING CYBER RESILIENCE IN THE AI ERA
Celebrating the Past, Shaping the Future
Jose Menachery, Founder and MD of Bulwark Technologies writes how the company while celebrating its silver jubilee this year will continue to embrace new opportunities and challenges in the ever-evolving cybersecurity landscape
Generative AI in Cybersecurity
Jenko Gaviglia, Director of Channel – EMEA at Fortra, writes about facing the future of Generative AI with Fortra
Securing APIs
Patrick Vandenberg , Director of Product Marketing at Invicti Security discusses Invicti’s unique approach to API discovery and security testing
Securing the Fintech boom in Saudi Arabia
Harshit Agarwal, co-founder and CEO of Appknox, a mobile security suite that helps enterprises automate mobile security discusses the cybersecurity scenario as Fintech sees a boom in Saudi Arabia
Always a Step Ahead
05 10 12 14 16 18 20 23 24 26 06 08
Enhancing VDI security
Vijender Yadav, Co-founder, Managing Director, and CTO of Accops discusses their focus on securing remote work including VDI deployments, and data, ensuring the highest compliance, and working closely with customers
Enhancing Network and Data Security with FIDO2 Passwordless Authentication
There is an urgent need to adopt passwordless Multi-Factor Authentication across the industry to enhance cybersecurity writes JS Wong, CEO SendQuick
Champion strides
Making significant strides, Bulwark Technologies has proven its resilience over a quarter century of operations, emerging as a distributor powerhouse in the cybersecurity domain across the region.
Zero Trust Strategy is a pivotal shift in cybersecurity
Varkeychan Davis, Technical Manager, Bulwark Technologies discusses what makes Zero Trust an essential approach today for organizations
Resecurity Partners with Bulwark Technologies
The companies will collaborate to deliver comprehensive security services in ME Region
Cybersecurity Outlook
Bulwark Technologies is at the forefront of delivering world class cybersecurity solutions from leading vendors. It also boasts of a team of cybersecurity experts who are integral to the company’s success. Read on for views of the cybersecurity landscape as shared by some of these experts
Events
Snapshots of the year’s highlights
Votiro Shapes Data Security with CDR and DDR Together
Celebrating the Past, Shaping the Future
In this momentous silver jubilee year of our organization, I am filled with immense satisfaction to reflect on the remarkable strides Bulwark Technologies has made since our modest beginnings in 1999 as the region’s first cybersecurity-focused distributor. This milestone is a shared success, and all of you—our vendors, channel partners and customers—have been equal contributors to our growth and success over the past 25 years. As we look forward to the future, we remain committed to the same values that have defined us, while embracing new opportunities and challenges in the ever-evolving cybersecurity landscape.
We have seen major shifts in the cybersecurity landscape over the years of our operations in terms of an expansive attack surface and AI-driven threats. Combating these sophisticated threats requires a very focused approach with the best-ofbreed cybersecurity solutions which we are committed to. Our team of experts continues to upskill in all emerging areas of cybersecurity to address the changing requirements of our customers.
Behind our success lies a dedicated team of professionals at Bulwark who work tirelessly to deliver on our promises. Our sales, pre-sales and technical teams are the backbone of our operations, providing expertise, guidance, and support to both our partners and our customers. Their technical knowledge, coupled with a deep understanding of the market, has been instrumental in designing and implementing solutions that meet the unique challenges faced by businesses in the Middle East. Our ability to provide localized support has been one of our greatest strengths and is a capability we continue to invest in.
While cybersecurity was not always a top priority for organizations, we have worked tirelessly to raise awareness about the critical importance of securing IT infrastructure and data. Today, we are proud to see a significant shift in understanding, as more organizations recognize the need to safeguard their digital assets.
In an era when GenAI is being weaponized to deliver sophisticated cyberthreats, we continue to forge new partnerships with vendors and offer cutting-edge AI-powered, machine learning, and automated solutions. We have long-standing partnerships with many of our vendors, who are global
leaders in their fields, and we greatly value each of these relationships.
Looking at some of the major trends, cloud security, data encryption, and remote workspace security are among the focus areas of Bulwark. The increasing migration of enterprises to the cloud presents a tremendous opportunity that Bulwark is capitalizing on with its cloud security offerings. Additionally, the rise of remote work has opened doors for solutions, that provide security for remote workspaces, a trend likely to gain further traction as organizations explore long-term remote working options.
Bulwark’s portfolio already includes some solutions addressing Operational Technology (OT) security and we recognize the growing importance of this sector. With the emergence of smart cities, autonomous vehicles, and other connected technologies, you can expect new vulnerabilities susceptible to cyberattacks. Securing such possible attack vectors becomes a top concern and we are enhancing our focus on OT / IoT security to help address such threats.
Mobile applications have become an integral part of modern life, with sectors like banking, government, and hospitality rapidly developing user-friendly super apps. However, with the rise of mobile app usage, there is a critical need to secure sensitive data. We are addressing this growing need with some of the solutions in our portfolio to help safeguard applications and user data.
Bulwark has been able to expand its Saudi operations ever since we opened an office there over three years ago. While the UAE remains the hub for regional operations, the company’s strategic focus on Saudi Arabia and other GCC countries has been supported by dedicated teams and shared support systems between the regional offices, fostering stronger regional connections and operational efficiency.
While we have always striven to innovate, adapt, and lead, we have also ensured to foster a culture with shared values of integrity and commitment to make a meaningful impact in the industry we operate in and beyond. As we celebrate 25 successful years, we see it as the beginning of many more milestones to achieve in the years ahead.
“Celebrating 25 years of innovation, resilience, and partnership—protecting digital frontiers and empowering businesses to thrive in a secure world. Together, we’ve built a legacy of trust, and the journey continues...”
Here’s to another 25 years of innovation, collaboration, and success.
All The Best!
Jose Menacherry Founder & MD
Bulwark Technologies
GENERATIVE AI IN CYBERSECURITY
Jenko Gaviglia, Director of Channel – EMEA at Fortra, writes about facing the future of Generative AI with Fortra
Generative AI, exemplified by tools like ChatGPT released in November 2022, has revolutionised the digital landscape, impacting business operations, information sourcing, and cybersecurity. Like any powerful technology, Generative AI (GenAI) can be a double-edged sword, offering opportunities for both cybercriminals and defenders. Understanding these risks and leveraging AI’s potential is crucial for organisations aiming to navigate the evolving digital terrain.
Risks Associated with Generative AI
The rise of generative AI introduces several cybersecurity challenges:
1. Phishing: AI can craft highly convincing phishing emails, making it harder to detect fraud based on grammar or language errors. Tools like ChatGPT enable cybercriminals to create personalised phishing attempts that can deceive even the most cautious users.
2. Polymorphic Malware: ChatGPT has been used to generate polymorphic malware—malicious software that constantly evolves to evade detection. While AI models are improving at avoiding misuse, they still enable even novice hackers to create sophisticated malware, posing a significant threat to cybersecurity.
3. Low-Quality Applications: Some developers are using AI to create seemingly functional applications that are actually scams. These apps may lack proper security or compliance measures, leading to vulnerabilities. Research has shown that a significant portion of AI-generated code contains security flaws, highlighting the risks of relying on AI for software development without thorough scrutiny.
4. Unintentional Data Leaks: Users must be cautious about sharing sensitive information with AI models like ChatGPT. Data input into these systems could be exposed to the public if not properly protected, potentially leading to significant privacy breaches.
5. Deepfakes: The ability of AI to create realistic deepfakes—manipulated media that can mimic real people—poses a serious threat. These deepfakes can be used to fabricate events or statements, potentially causing widespread disruption, damaging reputations, and undermining trust in digital communications.
Leveraging Generative AI for Security
While GenAI presents risks, it also offers powerful tools for enhancing cybersecurity:
1. Automating Redundant Tasks: Security analysts often spend considerable time on repetitive tasks, such as writing scripts for various tools. Generative AI can automate these processes, allowing analysts to focus on more complex tasks that require human judgment, such as integrating threat intelligence with business priorities.
2. Addressing the Cyber Talent Shortage: The cybersecurity industry faces a talent shortage, with a high demand for professionals skilled in various technologies. AI can assist less technically experienced analysts by answering complex queries, enabling security teams to prioritise critical thinking over technical expertise.
3. Improving Security Analytics: Before analysts can interpret data, they must often write signatures and rules to filter out irrelevant information. AI can automate the creation of these signatures, speeding up the analysis process
and enabling faster responses to threats.
4. Enhancing Security Program Analysis: AI can assist in decision-making by synthesising complex security data, helping organisations identify the best tools and strategies to adopt. This allows security teams to make informed decisions based on comprehensive, data-driven insights.
5. Detecting AI-Driven Threats: As AI becomes more sophisticated, it may eventually be necessary to use AI to detect AI-generated threats. Generative AI’s ability to process vast amounts of data and identify patterns makes it an invaluable tool for detecting and mitigating advanced cyber threats, such as ransomware.
The Future of Generative AI in Cybersecurity
As generative AI continues to evolve, it will remain a focal point in cybersecurity discussions. By adopting AI-driven security measures, organizations can stay ahead in the ongoing AI-arms race.
Fortra helps organisations implement AI into their strategy, creating success out of a constantly changing situation. For example, Fortra offers advanced intelligent capture software that improves the accuracy of its customers’ data. Fortra’s PhishLabs uses AI/ML algorithms to filter out noise, reduce false positives, and automate workflows improving digital risk protection. But above all. Fortra supports organisations by finding and mitigating cyber threats so well-guarded enterprises need not fall victim to an onslaught of exploits, no matter how fast AI can churn them out.
Securing APIs
Patrick Vandenberg , Director of Product Marketing at Invicti Security discusses Invicti’s unique approach to API discovery and security testing
How is Invicti helping address the challenge of securing APIs?
Invicti has introduced a new capability: Invicti API Security. As the volume of APIs has surged with modern and mobile applications, so has the use of APIs. Combined with the pace of development, this has created a massive blind spot in organizations’ application attack surface as the volume of undocumented APIs expands. Invicti is attacking this challenge head on for customers with a comprehensive approach to API discovery that enables inventorying of documented and undocumented APIs for security testing. While this capability is highly needed, companies can realize an added benefit as Invicti provides web application and API discovery and security testing all in a single solution-helping tool complexity challenges.
Discuss how the web application security market as well as API security has evolved over the years and the outlook ahead?
Over the years, the web application security market has shifted significantly with the evolution of application architectures. Initially dominated by monolithic applications that consolidated all code into a single entity, the industry saw a rise in microservices due to their modularity and scalability benefits. However, as the microservices model became prevalent, organizations began to encounter challenges related to cloud costs, performance, and especially security. For many organizations, the shift to microservices—which are tightly integrated through APIs—has expanded the attack surface and introduced complexities in managing and securing numerous independent services. Research shows that most organizations have an average of 26 APIs per app, yet only 25% accurately inventory their APIs. With the increasing number of APIs woven into web applications to speed up the development process, simply keeping tabs on APIs can be a major challenge. As organizations reassess their cloud strategies and application architectures, security considerations will be crucial. Teams will look for solutions that put web asset discovery and security testing within a single
cohesive platform, gaining visibility into the actual security status of their application environments.
What are the key products Invicti offers for web application security and API security?
Invicti’s Dynamic Application Security Testing (DAST) solutions are renowned for their accuracy and comprehensive coverage across web applications and websites. Our advanced proof-based scanning approach minimizes false positives, ensuring that developers receive only relevant vulnerability tickets and reducing remediation distractions. Recently, Invicti also expanded its offerings to include API Security capabilities. This enhancement introduces a comprehensive API discovery mechanism that identifies both documented and unknown (shadow) APIs, bringing them into the security inventory for thorough testing. This integration empowers organizations to manage both web application security and API security within a single, unified solution.
How easily does Invicti’s products integrate with other security tools and platforms typically used by organizations?
Invicti offers a wide range of integrations designed to enhance the efficiency of an organization’s application security (AppSec) program. Key integration areas include:
• Ticket Tracking: Seamlessly share vulnerabilities and remediation guidance with development teams through systems like ServiceNow and Jira.
• Continuous Integration Systems: Integrate security testing into the development workflow using tools such as Jenkins and CircleCI.
• API Management Systems: Support API inventorying with integrations to systems like Amazon API Gateway, MuleSoft Anypoint Exchange, and Apigee API Hub.
• Additional Integrations: Access a variety of other integration types, such as Single Sign-On (SSO), communication tools, Web Application Firewalls (WAFs), and more here.
What are the advantages and highlights of the application scanning approach offered by your solutions?
Making decisions based on probabilities and hunches instead of solid facts is bad not just for business but also for security. Invicti DAST uses proofbased scanning to cut through the uncertainty and show security teams which web vulnerabilities are real and exploitable. Our in-depth technical guide provides more details for partners and interested customers.
What are some of the typical vulnerabilities that Invicti’s tools help to identify and remediate? What best practices would you recommend for organizations looking to strengthen their web application security?
Manual penetration testing is expensive and time-consuming—especially for timing-based attacks, where a single penetration attempt may take several hours and still fail. That’s why Invicti helps security and development teams automatically find and eliminate both typical and hard-to-detect vulnerabilities, such as SQL injections, cross-site scripting (XSS), directory traversal, command injection, remote file inclusion, and more. Organizations looking to strengthen their AppSec programs should invest in a strategy and solution that balances comprehensive coverage (identifying as many web assets and vulnerabilities as possible), accuracy (minimizing false positives), and speed (completing discovery and testing quickly).
With a single solution like Invicti, pen testers and bounty hunters can spend their time identifying and reporting more advanced issues that truly require human expertise.
What best practices should organizations follow for enhancing their web application security posture?
The proliferation of service-based architectures has significantly increased the number of APIs in use. According to ESG’s report, Securing The API Attack Surface, 76% of organizations report an average of 26 APIs per application. As this number continues to rise, maintaining effective oversight becomes increasingly challenging.
To address this pressing issue faced by security and development teams, Invicti offers a leading API security and application security testing platform that helps cover more ground. This solution enhances your ability to identify and manage APIs, conduct thorough vulnerability assessments, and resolve security issues before they escalate into costly incidents. With comprehensive visibility across both the UI and API attack surfaces, Invicti transforms application security from a reactive process to a proactive strategy.
Discuss how strategic is the Middle East market as a focus for Invicti?
The Middle East represents growing markets with increasing demand for application security solutions:
Growing Markets: These countries represent burgeoning markets with
increasing demand for application security solutions due to the rapid digital transformation and adoption of technology across various industries.
Strategic Locations: Situated at the crossroads of different regions, they serve as hubs for business activities, making them ideal entry points for expanding Invicti’s presence in the broader MEA region and beyond.
Economic Development: Countries like Saudi Arabia and UAE are investing heavily in technology and innovation, creating fertile ground for the adoption of advanced security solutions.
Diverse Industries: These countries boast diverse economies, encompassing sectors such as finance, healthcare, government, and manufacturing, each with unique security needs and compliance requirements.
Government Initiatives: Governments in these countries are increasingly prioritizing cybersecurity and implementing regulations to safeguard critical infrastructure and data, driving the demand for robust application security solutions.
How strategic is your partnership with Bulwark for the region?
The Middle East and Africa (MEA) regions serve as pivotal areas for Invicti’s growth strategy, given their significant and expanding market for our best of class Dynamic Application Security Testing (DAST) solution. With our strategic partnership with Bulwark, we’re able to tap into a robust network of channel partners, we’re able to enhance customer satisfaction and instill market confidence through localized language support and differentiated services delivery.
This approach enables us to efficiently cater to these markets, engage with new clientele, and accelerate our collective presence. Our commitment to MEA remains steadfast, with ongoing investments aimed at bolstering our regional presence.
Securing the Fintech boom in Saudi Arabia
Harshit Agarwal, co-founder and CEO of Appknox, a mobile security suite that helps enterprises automate mobile security discusses the cybersecurity scenario as Fintech sees a boom in Saudi Arabia
What do you see as major cybersecurity challenges amid the tech revolution unfolding in Saudi Arabia toward the realization of Vision 2030?
As we witness the tech revolution unfold in Saudi Arabia, driven by Vision 2030, the landscape is changing rapidly. While it opens up exciting opportunities, it also brings a host of cybersecurity challenges.
Open banking initiatives enable third-party developers to create apps using APIs and SDKs, increasing connectivity but exposing financial data to cyber threats, particularly from supply chain risks.
Many institutions still use outdated technology lacking modern security features, making them vulnerable to cyberattacks.
The Saudi Arabian Monetary Authority (SAMA) enforces strict guidelines requiring regular security assessments and strong data protection measures; non-compliance can lead to significant penalties.
Vision 2030 stresses digital transformation, which in turn means fasttracked innovation, sometimes leveraging third-party development. What are some best practices required to ensure there are no security risks?
When accelerating digital transformation and leveraging third-party development as part of
Vision 2030, ensuring robust cybersecurity is critical. Some best practices to minimize security risks and vulnerabilities include: Evaluate and enforce third-party security practices, secure coding standards, and compliance with regulations like ISO 27001 and GDPR. Conduct regular audits and penetration tests on third-party systems.
Prioritize vendors with security certifications such as SOC 2 and ISO 27001.
At Appknox we work with large enterprises who prefer to use our platform as a robust QA tool to ensure that any third-party development is secure. One of GCC’s largest FMCG companies is our newest customer for the use case.
Fintech is one of the biggest beneficiaries of Vision 2030. How do your solutions ensure Fintech organizations meet compliance requirements from authorities like SAMA?
SAMA’s progressive approach to fintech regulation shows a strong commitment to innovation and financial security and supports a secure and dynamic financial sector in Saudi Arabia. Appknox aligns with SAMA and global standards like OWASP to enhance security.
Appknox provides several features including: Appknox’s automated SAST and DAST ensure early issue identification.
API testing and penetration testing ensure com-
prehensive security coverage.
Real-time drift detection and SBOM analysis enable continuous security.
Penetration testing helps with incident response readiness.
In addition to the above, Appknox helps organizations with actionable reports and remediation support.
Appknox also helps fintech organizations in Saudi Arabia adhere to guidelines mandated by SAMA around data hosting an option to deploy on Saudi Arabian cloud infrastructure (eg Oracle’s KSA instance) or host the platform on-premise.
Could you elaborate on Appknox’s most significant milestones and how your solutions have addressed the evolving mobile app security landscape?
We’re incredibly honored to be recognized as a leading appsec platform by Gartner across multiple reports released over the years. It underscores our unwavering commitment to delivering exceptional mobile application security solutions. Appknox’s ability to effectively protect against a wide range of mobile-specific threats has earned the trust of enterprises worldwide. We’re grateful for the positive feedback from our customers, which fuels our passion for innovation and drives us to raise the bar for app security continually.
Always a Step Ahead: Votiro Shapes Data Security with
CDR and DDR Together
Trusted for over a decade to prevent file-borne threats with its advanced Content Disarm and Reconstruction (CDR) technology, Votiro continues to innovate and expand its data security capabilities with Zero Trust Data Detection and Response (DDR), ensuring continuous protection, productivity, and compliance for organizations across the globe.
Addressing the Security Issues of Today
Data flows everywhere. Whether via browser downloads, portal uploads, web apps, email attachments, data lakes, or collaboration tools, the influx of data has made visibility and management an impossible challenge for IT teams, especially those with limited staff or insufficient training. As a result, this allows malware and privacy risks to infiltrate organizations and cause irreparable damage; financially via compliance failure, productivity loss caused by manual processes, recurring ransomware payouts, business loss due to public distrust, and the list goes on.
Today, the ability to prevent file-borne attacks and data compromises in real-time has proven inadequate using traditional security tools like antivirus (AV) and endpoint detection and response (EDR) alone. While other tools such as data security posture management (DSPM) and data loss protection (DLP) can alert organizations to security incidents after the fact, this reactive approach continues to enable zero-day threats.
Votiro’s evolution from advanced CDR to a unified, Zero Trust DDR platform solves these problems in ways that do not add stress or complicated management processes.
Two-fold Data Security
Votiro DDR detects privacy risks in data (PII, PCI, PHI), as well as known and unknown threats in content attempting to enter organizations, then
proactively disarms and/or masks the file before it reaches the endpoint.
Automated Protection
Real-time, in-motion threat mitigation (via sanitization and/or masking) allows IT teams to spend less time quarantining and blocking files, while reducing false positives. This equals less noise in the SOC.
Actionable Analytics
Votiro delivers in-depth, actionable privacy and threat analytics as data flows in. This enables organizations to make the best decisions for their business and prove efficacy.
Process Controls
Organizations remain in control of masking policies. Depending on business or regulatory needs, only authorized parties can see specific data, and teams can even set controls to temporarily unmask data when needed.
At Votiro, the team believes that without a proactive, zero trust solution in place to mitigate fileborne threats and privacy risks in real-time, it’s only a matter of when, not if, an organization will be impacted. This is why Votiro sits between the endpoint and the data, tackling both sides of the data security problem simultaneously, seamlessly, and without impacting the end-user.
Votiro Continues to Expand
In just the first half of 2024, Votiro has announced
significant global growth and advancements with several industry-leading integrations as well as expansion of product functionality. This expansion further evolves its CDR engine with real-time Zero Trust DDR and comes amidst multiple key technology integrations with major industry partners, including Zscaler and their Browser Isolation solution.
To spearhead expansion into the Middle East and Asia-Pacific regions, the company has brought on long-time industry expert, John Ong, as Regional VP of Sales, APAC, Japan, and Middle East. With the addition of Ong and a fast-expanding list of technology partnerships, Votiro is uniquely positioned for major market growth. The company’s ability to prevent file-borne threats enables it to explicitly meet stringent Zero Trust security requirements, while its DDR technology further provides customers and partners with the ability to maintain compliance with data security regulations that continue to define data use within each region, including PDPA, PIPL, and APPI.
“I believe that data security is an utmost priority for today’s organizations, and there is a huge demand for solutions that can help them adhere to growing regional, regulatory frameworks.” — John Ong, Votiro Regional VP of Sales, APAC, Japan, and Middle East
Votiro continues to strengthen its position in multiple regions via its Accelerate Partner Program,
John Ong
Votiro Regional VP of Sales, APAC, Japan, and Middle East
which focuses on expanding its channel partner ecosystem. As a result of this push, Votiro counts a growing number of government agencies as customers, with further market growth expected through the additional capabilities that will support data security. This steady expansion highlights Votiro’s advancement of its global footprint and furthering its foothold within key industries worldwide.
“We’ve spent a lot of time engaging with global customers and regional partners to address the data security gaps in the mid-sized enterprises and support safe and compliant use of Gen AI adoption within large enterprises. We expanded our executive team, business partner network and unique technological capabilities, laying the foundation for continued product innovation and GTM expansion.”
– Ravi Srinivasan, Votiro CEO
Over a Decade of Evolution
Votiro’s growth in data security and partnerships throughout the Asia-Pacific and Middle East regions is further testament to its innovations over the past 10+ years:
2012:
Votiro is founded by Aviv Grafi, former military pen tester that found vulnerabilities in how companies accept incoming files without scrutiny, leaving them prone to zero-day infection by malware, ransomware, rootkits, and other security threats.
2019:
Votiro becomes a pioneer in advanced CDR with its Positive Selection® engine, capable of sanitizing more than 180+ file types and implemented as either an on-prem or SaaS/Cloud. Company leverages AI/ML to train platform on known-good content, including macros.
2022:
Votiro leads the Zero Trust Content Security space to proactively protect data anywhere it’s used. The Layer 7, open-API solution allows organizations to prevent file-borne threats via browser plug-in and third-party portals and offers MSP/MSSP enablement.
2024:
Votiro continues to innovate the data security space with its Zero Trust DDR solution. Built on the foundation set by its level 3 CDR, the company launches a unified, real-time solution for intelligent disarming and masking when it comes to threats and privacy risks whether in unstructured or structured data, in-motion or static.
Today, Votiro serves 250 customers and millions of users across the globe. With over 10-billion files processed and zero breaches to date, the company has no plans of slowing down as it looks to make file-borne threats and privacy risks a thing of the past.
“I believe that data security is an utmost priority for today’s organizations, and there is a huge demand for solutions that can help them adhere to growing regional, regulatory frameworks.”
Enhancing VDI security
Vijender Yadav, Co-founder, MD, and CTO of Accops, discusses how the company secures remote work environments with a focus on data protection and compliance, while working closely with customers to meet their specific needs.
How does Accops help organizations in the ME region with secured VDI deployments for remote working?
We understand that the Middle East has its own unique set of challenges when it comes to data protection and remote work. At Accops, we’ve tailored our VDI solutions to meet those specific needs. We offer a unified solution that brings together VDI, Zero Trust Network Access, Multi-Factor Authentication, and Single Sign-On. This eliminates the headache of juggling multiple vendors and simplifies the entire digital workspace. It’s all about seamless integration, whether you’re on the cloud, on-premise, or somewhere in between. Our flexible licensing and robust security features ensure that no matter where your teams are working from, their access is secure. We’re committed to helping organizations in the region navigate the complexities of remote work with confidence.
Discuss data security challenges in a VDI remote working environment and how your solutions can help address this challenge.
Centralizing data in a VDI environment is a bit like putting all your eggs in one basket. It reduces endpoint vulnerabilities, but it also makes the server a prime target. That’s why Accops takes a multi-layered approach to security. Our ZTNA-based solutions restrict access to trusted devices and locations, while innovative Data Loss Prevention (DLP) features prevent unauthorized data exfiltration.
We further enhance security with advanced authentication options, including biometric and passwordless methods, supported by OTPs and hardware tokens. We also believe in adapting to the situation at hand. Our contextual access control adjusts to user behaviour, geolocations and risk factors, reducing the likelihood of breaches. Plus, real-time monitoring and detailed logging give us a clear picture of what’s happening, so we can detect and respond to threats quickly. We’re not just protecting data; we’re safeguarding our clients’ reputations and their customers’ trust.
How does Accops help the remote working environment in meeting compliance
requirements of standards like GDPR, HIPAA, etc.?
Compliance is a top priority for us at Accops. We know that international standards like GDPR and HIPAA can be complex, but we’ve designed our solutions to make it easier for our clients. We build features like data encryption, secure access controls, and detailed logging right from the start. This helps organizations meet those stringent compliance requirements without any extra hassle. Plus, our comprehensive audit trails make it simple to demonstrate compliance during regulatory audits. We want our clients to focus on their core business, knowing that their operations are secure and compliant.
Do your security tools integrate easily with other security tools like IAM, PAM, etc., in use by the customer? How are challenges on this front addressed?
We understand that our clients may already have tools in place that are serving them well, and we don’t want to force any unnecessary changes or disrupt their existing workflows if things are working fine. Accops’ ZTNA solution, HySecure, integrates seamlessly with existing security infrastructures, including IAM and PAM systems. We believe in enhancing security, not complicating it. So we work closely with them to provide custom integrations and support. This ensures that our solutions meet specific compliance and security needs while maintaining compatibility with the customer’s existing tools. This flexibility allows us to deliver a high level of security without disrupting established workflows.
Does Accops help monitor the performance of VDI sessions/environments?
Yes, monitoring is essential to maintaining a secure and efficient VDI environment. Accops VDI solution, HyWorks, uses DVM and Session Host Server agents to log detailed user activities, such as logon events and application access during remote sessions. This data is analyzed by the Accops Reporting Server, generating insightful reports that help administrators audit user activity and monitor session performance. This proactive monitoring ensures that potential issues are
identified and addressed swiftly, maintaining the overall health and security of the VDI environment.
Do you leverage emerging technologies, like AI and automation, in your VDI / remote work security solutions?
Accops VDI prioritizes automation in desktop operations, making it a core feature of our solutions. We are currently developing an intelligent user behaviour monitoring system designed to ease the administrative load of configuring complex security policies. This system will adapt to user behaviour during the monitoring phase and automatically generate policies during enforcement. Presently, our solutions are primarily deployed within customer environments. However, we are planning to expand into SaaS-based offerings in the future. These upcoming services will incorporate AI on a larger scale, providing enhanced capabilities and benefits for our customers.
Discuss any product enhancements related to securing remote work environments on the roadmap.
We’re constantly looking for ways to stay ahead of the curve and address the evolving security challenges our clients face. We have some exciting projects in the pipeline, including a quantum-based secured VPN solution, an Enterprise Secure Browser, and a Secure File Transfer solution for air-gapped networks. These enhancements are all about tackling the most critical security concerns head-on, so our clients can operate with confidence in an increasingly complex digital world.
A journey of partnerships and resilience
Jessy
Jose, Director of operations at Bulwark Technologies, discusses how the distributor works closely with partners
Bulwark is celebrating 25 eventful years as the leading cybersecurity-focused distributor in the region. For the past several years, we have expanded the range of cybersecurity products and solutions based on the emerging technologies to address various customer needs. This positions us quite comfortably as an end-to-end provider of cybersecurity solutions for enterprises.
While we have nurtured long-term partnerships with major global technology vendors, we have formed long-standing partnerships with our channel who have been key to taking our solutions to market. Channel partners have been integral to Bulwark’s continued success as an IT distributor in the Middle East. Their contributions enhance market reach, provide local expertise, and foster relationships with end-users, ultimately driving sales and customer satisfaction. With a channel-first strategy, we enable our partners in several ways including training, support, and Finance.
At every stage of our engagement with partners, from pre-sales consulting to partner training and implementation support, we support them. Our team is always committed to supporting partners with customer engagements at all times including PoC, Pre sales, post-sales support etc.
We have also focused on ensuring the delivery of value-added services such as training, technical support, and logistics that enhance customer experience and satisfaction. We focus on empowering our partners to be effective cybersecurity advocates, ensuring they are well-equipped to meet the evolving needs of their customers in a complex threat landscape.
We host regular training sessions on the latest cybersecurity trends, threats, and technologies and encourage partners to pursue industry-recognized certifications, providing support and resources for training. We collaborate with cybersecurity vendors to provide specialized training sessions that align with their products and
solutions. Bulwark also engages in joint marketing initiatives and events that highlight partner capabilities in cybersecurity.
Apart from our robust partner strategies, Bulwark continues to invest in state-of-the-art digital capabilities that are helping us drive further efficiencies in our operations. These include digital platforms and e-commerce capabilities to streamline operations and enhance customer engagement, especially during times of change.
Sustainability is a key focus in our operational strategies. Implementing environmentally friendly
“We focus on empowering our partners to be effective cybersecurity advocates, ensuring they are well-equipped to meet the evolving needs of their customers in a complex threat landscape”
practices and, promoting sustainable technology solutions that help align with global sustainability goals is something we pursue with serious intent. We are committed to supporting several initiatives such as educational programs, training interns, or participation in industry events and forums.
We have always invested in workforce development by fostering a culture of continuous learning and professional development, resulting in a skilled workforce that drives the company’s success. We are committed to supporting employee growth through training and encouraging a culture of team collaboration and innovation.
Over the years, Bulwark has received numerous industry accolades for excellence in distribution, customer service, innovation etc from trade media and technology vendors. These recognitions motivate us to step on the pedal and excel further.
Like most companies, we have also been challenged at times by economic downturns or global disruptions but thankfully, we have been able to successfully demonstrate our resilience and successfully navigate these challenges while maintaining stability and growth.
JS Wong CEO, SendQuick
Traditional password-based authentication methods are increasingly vulnerable to sophisticated cyberattacks, leading to a pressing need for more advanced security measures. Passwords can be weak, reused, or stolen, leading to significant security breaches. To address these challenges, organizations are turning to Multi-Factor Authentication (MFA) and password-less authentication.
The Limitations of Passwords
Passwords have long been a fundamental component of authentication systems, but they come with inherent weaknesses. From easily guessable passwords to successful phishing attempts, the reliance on passwords alone leaves systems vulnerable to exploitation. Moreover, the burden of creating and remembering complex passwords falls on users, often resulting in poor password
Enhancing Network and Data Security with FIDO2 Passwordless Authentication
There is an urgent need to adopt passwordless Multi-Factor Authentication across the industry to enhance cybersecurity
hygiene and increased susceptibility to breaches.
Enter Multi-Factor Authentication (MFA)
MFA addresses the shortcomings of password-based authentication by adding additional layers of security beyond just something you know (password). It typically involves combining two or more authentication factors from the following categories:
Something You Know:
This could be a password, PIN, or security question.
Something You Have:
This includes a physical token, smart card, or mobile device.
Something You Are:
Biometric factors such as fingerprint, facial recognition, or iris scan.
By requiring users to provide multiple forms of verification, MFA significantly enhances security by making it more difficult for unauthorized individuals to gain access, even if they manage to compromise one factor.
Introducing FIDO2 Passwordless Authentication
While MFA significantly improves security, it still relies on traditional authentication factors, including passwords or physical tokens. FIDO2 revolutionizes authentication by eliminating passwords altogether, offering a more secure and user-friendly alternative. FIDO2 relies on public-key cryptography to
authenticate users, leveraging a combination of hardware-based authenticators (such as USB security keys or biometric sensors on devices) and cryptographic protocols. Instead of entering passwords, users simply need to authenticate themselves through biometric verification or by plugging in a hardware token. This not only eliminates the risk of phishing attacks but also simplifies the authentication process for users, enhancing convenience without compromising security.
SendQuick’s CEO Mr JS Wong says, “By combining the requirement of multiple factors and FIDO2 passwordless authentication such as Yubikey, organizations can further strengthen their cyber defense capabilities. Our SendQuick Conexa solution provides multiple layers of security to significantly reduces the risk of unauthorized access even if one factor is compromised.”
Industry-Wide Adoption of Passwordless MFA: A Critical Step Toward Enhanced Cybersecurity
As the digital landscape evolves, the adoption of MFA, particularly through passwordless authentication, will be crucial in fortifying the security of businesses. From financial institutions safeguarding sensitive transactions to healthcare providers protecting patient confidentiality, robust cybersecurity is no longer optional—it’s a necessity. Organizations that embrace these advanced measures will not only be better prepared to combat cyber threats but will also lead the way in shaping a safer digital future.
Championstrides
Making significant strides, the distributor has proven its resilience over a quarter century of operations, emerging as a distributor powerhouse in the cybersecurity domain across the region.
Over a quarter of a century ago, in 1999, Bulwark Technologies started as a modest venture in providing cybersecurity solutions. Fast forward 25 years into the present, the company stands out as one of the foremost leaders in its domain of focus across the region.
The past two decades have seen near seismic level disruptions in technology and Businesses have faced challenges from economic downturns as well at times. Through all those challenging upheavals, companies have been tested for their resilience. Bulwark has demonstrated its endurance in the tough industry of cybersecurity which demands you to evolve your levels of expertise to stay ahead of the swiftly transforming cyber threat landscape.
Bulwark has been steadfast in its commitment to deliver world-class cy-
bersecurity solutions through its partners to customers. Back in 1999 and even for the next few years thereafter, cybersecurity was an afterthought as far as IT strategies were concerned. A lot has changed in the past few years with cybersecurity concerns now pushed to the center stage. Today cybersecurity is a broader domain with a lot of specialized solutions that help manage different kinds of threats across a vast expanding attack surface. From an industry dominated by the latest antiviruses to firewalls, today the solutions cover a vast spectrum including areas such as data loss prevention, endpoint security, advanced threat intelligence, and AI-enhanced cybersecurity tools. By staying ahead of trends such as ransomware, phishing, and zero-day attacks, Bulwark evolved its solution portfolio to address the changing requirements of its customers. With its proactive approach to new and emerging threats, Bulwark has covered all bases in terms of solutions
available in its portfolio for the typical vulnerabilities organizations face. The distributor has ensured that it is ready to take on the next-generation threats in a threat landscape that is more potent with AI-led threats.
Bulwark prides itself on great associations with leading technology vendors and these have withstood the test of time. These relationships are based on mutual trust, collaboration, and a shared commitment to innovation and have helped the company to bring to market state-of-the-art cybersecurity solutions. With its ability to work closely with vendors to adapt their solutions to local market conditions, Bulwark stands apart as a key strategic partner.
Bulwark has expanded into strategic markets and, with offices in the UAE, Saudi Arabia, and India and partners all over the region, the distributor has created a strong presence that enables it to better serve its customers through a vast network of committed partners. This geographic reach along with superior technical expertise allows the VAD to offer unparalleled support and solutions to businesses throughout the region.
Jose Menacherry, Co-Founder and MD at Bulwark Technologies says, “We will further deepen our relationships with vendors and channel partners, fostering innovation and collaboration. By growing our network and offering enhanced support, we aim to create a more resilient and secure digital environment across the region.”
He adds, “Our focus will always remain on our customers, ensuring we provide tailored, niche solutions that meet their specific needs. Whether it’s advanced cloud security, endpoint protection, data loss prevention, encryption, or zero trust, we will deliver cutting-edge, customized solutions that empower businesses to operate securely and efficiently.”
Bulwark is focused on making continuous investments in its teams, training, R&D, and partnerships to ensure that they will continue adapting to the fast-changing cybersecurity landscape setting new standards for excellence in the industry. In today’s digital-first world, the importance of cybersecurity awareness cannot be overstated, and Bulwark has been at the forefront of educating organizations on how to secure their digital infrastructure.
Jose says, “As we step into the next phase of our journey, our mission remains clear: to protect the digital assets of our customers, innovate with our partners, and pave the way for a safer, more secure future for businesses across the Middle East and beyond.”
As the distributor celebrates its silver jubilee year in operations, it remains committed to embracing the future and continuing to shape the cybersecurity distribution business in the region. The VAD’s focus continues to be to stay ahead of the curve by adopting the latest technologies including AI-ML in its portfolio and ensuring it offers unmatched expertise to address the changing cybersecurity needs.
“We will further deepen our relationships with vendors and channel partners, fostering innovation and collaboration. By growing our network and offering enhanced support, we aim to create a more resilient and secure digital environment across the region.”
Feature by:
Zero Trust Strategy is a pivotal shift in cybersecurity
Varkeychan Davis, Technical Manager, Bulwark Technologies
discusses what makes Zero Trust an essential approach today for organizations
Zero Trust as a cybersecurity strategy has created a pivotal shift from earlier approaches. To understand why, it is best to start with what Zero Trust is all about.
Zero Trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. Zero Trust Network Access (ZTNA) solutions do not give users access to the entire network. Instead, they provide access only to those apps or resources to which they are authorized.
Zero Trust allows for dynamic security policies that can change based on context (user behavior, location, device state), whereas traditional policies are often more rigid and based on fixed rules. Unlike traditional models that assume everything inside the perimeter is trustworthy, Zero Trust continuously verifies every user and device.
Zero Trust is a necessary strategy for today’s threat landscape. With a hybrid work culture, organizations are providing access to their employees so that they can continue to work seamlessly. The biggest concern of hybrid work is to ensure secure ways for employees to access internal network resources such as applications, databases, or servers that carry enormous data. ZTNA’s applica-
tion-based access model solves the problem of users getting access to resources they should not have access to. The “never trust, always verify” approach ensures all requests, local or remote, are authorized.
With zero trust, organizations ensure that only authorized users access their network by continuously verifying the digital identities of all human and non-human users. This also ensures that users have access only to the resources they need, instead of the entire network. Zero trust helps organizations have full visibility into who is connecting to their network, from where and what they are accessing.
Zero Trust is built around core elements including Identity verification, Least Privilege Access, Micro-Segmentation, Access policies, Device Security, Monitoring, Auditing etc. Solutions such as IAM, PAM, SSO, MFA, NAC, DLP and CSPM help the customer to achieve Zero trust. However, this may vary according to the user environment.
There are challenges when it comes to deploying Zero Trust at an organizational level. Moving from traditional security to Zero Trust requires changes in organizational culture and there may be resistance from employees who are adapted to existing processes. The best way to tackle this
through driving awareness on the benefits that Zero Trust delivers. Another significant challenge is the financial investment required for purchasing such tools and providing training to the employees on new processes, especially for organizations with limited budgets. However, while implementing Zero Trust model seems expensive, it is worth noting that there is nothing more costly than a system breach.
Zero Trust Networks (ZTN) operate on the principle of continuous verification, where no user or device is trusted by default, regardless of whether they are inside or outside the network. This approach is particularly beneficial for remote work scenarios, where the risk of unauthorized access and data breaches is heightened due to the varied environments from which employees connect. This provides Scalability, Cost efficiency, and Improved performance.
Bulwark as a leading value-added IT security distributor provides solutions such as ZTA, NAC, MFA, SSO, and PAM/IAM solutions that help companies obtain Zero Trust Access for their employees efficiently. These solutions like MFA and SSO ensure users are authenticated and authorized before granting access to resources, while PAM manages and monitors access to critical systems and sensitive data, ensuring that privileged accounts are secured, and access is controlled.
63% of Organizations Worldwide Have Implemented a Zero-Trust Strategy
Sixty-three percent of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner, Inc. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget.
A fourth quarter 2023 Gartner survey of 303 security leaders whose organizations had already implemented (fully or partially) or are planning to implement a zero-trust strategy found that 56% of organizations are primarily pursuing a zero-trust strategy because it’s cited as an industry best practice.
Gartner has outlined three primary top-practice recommendations for security leaders implementing a zero-trust strategy.
Practice 1: Establish Scope for a Zero-Trust Strategy Early
To successfully implement zero-trust, organizations need to understand how much of the environment they cover, which domains are in scope and how much risk they can mitigate.
The scope of a zero-trust strategy does not typically include all of an organization’s environment. However, 16% of survey respondents said it will cover 75% or more while only 11% believe it will cover less than 10% of the organization’s environment
Practice 2: Communicate Success Through Zero-Trust Strategic and Operational Metrics
Seventy-nine percent of organizations that have fully or partially implemented zero-trust, have strategic metrics to measure progress, and of that 79%, 89% have metrics to measure risk.
Security leaders must also keep their audience in mind when communicating these metrics. Fifty-nine percent of zero-trust initiatives are sponsored by either the CIO or CEO/president/board of directors.
Practice 3: Anticipate Increases in Staffing and Costs but Not Delays
Sixty-two percent of organizations anticipate their cost will increase and 41% of organizations expect their staffing requirements will also increase as a result of a zero-trust implementation.
While only 35% of organizations said they encountered a failure that disrupted their zero-trust strategy implementation, organizations should have a zero-trust strategic plan outlining operational metrics and measure the effectiveness of zero-trust policies in order to minimize delays.
Resecurity, a leading global cybersecurity company, has announced its strategic partnership with Bulwark Distribution FZCO, an associate company of Bulwark Technologies LLC, a leading cybersecurity specialized VAD in the region. This collaboration underscores a shared commitment to delivering superior cybersecurity solutions and bolstering digital protections for customers across various sectors in the Middle East region.
Bulwark, recognized as the leading Cybersecurity VAD in the Middle East with offices in Dubai (UAE) and Riyadh (Saudi Arabia) currently celebrating 25 years of Cybersecurity Excellence in the region, is proud to join forces with Resecurity. This strategic collaboration amalgamates Resecurity innovative digital protection solutions with Bulwark’s extensive expertise in delivering advanced security offerings amidst their wide partner network to the dynamic Middle East market.
“We are excited & thrilled to join forces with Resecurity. This partnership strengthens our commitment to providing enhanced cybersecurity solutions and providing superior digital risk protection solution portfolio to our customers in the region,” said Jose Menacherry, Managing Director at Bulwark. “Together, we are set to embark in the journey together & set new milestones in the cybersecurity landscape, ensuring our valued customers are well-protected against the ever-evolving cyber threats.”
Resecurity brings a wealth of expertise and cutting-edge technology to the partnership, offering solutions that address the growing complexities
Resecurity Partners with Bulwark Technologies
The companies will collaborate to deliver comprehensive security services in ME Region
of cybersecurity. The collaboration will focus on delivering comprehensive security services, including Cyber Threat Intelligence & Digital Risk Monitoring solutions, to empower organizations to defend against sophisticated cyber-attacks.
The strategic partnership between Resecurity and Bulwark represents a significant leap forward in the realm of cybersecurity for the Middle East
region. Together, these industry-leading organizations are equipping businesses with the necessary tools and expertise to combat the evolving threats in today’s digital landscape.
Bulwark Technologies, the award-winning leading Value-Added Distributor is currently celebrating 25 Jubilee Years of Cybersecurity Excellence in the region!
BULWARK AWARDS in 2024
CyberSec Global Awards 2024 (UAE) : CyberSecurity Distributor of the Year – Bulwark Technologies
CXO DX Future Workspace Summit & Awards 2024 (KSA) : Cybersecurity Security Distributor of the Year – Bulwark Technologies
CyberX Global Summit & Awards 2024 (Oman): Cybersecurity Distributor of the Year – Bulwark Technologies
Cybersecurity Outlook
Bulwark Technologies is at the forefront of delivering world class cybersecurity solutions from leading vendors. It also boasts of a team of cybersecurity experts who are integral to the company’s success. Read on for views of the cybersecurity landscape as shared by some of these experts
Varkeychan Davis Technical
Murali Vellat Division Manager, Corporate Security Division,Bulwark Technologies
Cybersecurity continues to evolve rapidly, with new threats and countermeasures emerging constantly. These trends highlight the evolving landscape of cybersecurity and the need for organizations to stay agile and proactive in their security strategies.
Generative AI (GenAI): AI is playing a significant role in cybersecurity, both as a tool for defense and a potential threat. Organizations are leveraging AI for automated responses and predictive analytics, but they also need to manage the risks associated with AI-driven attacks.
Zero Trust Security: The Zero Trust model, which assumes that threats could be both external and internal, continues to gain traction. This approach assumes that all network traffic is untrusted, requiring strict verification and authorization for access to resources.
IoT Security: As the number of connected devices grows, so does the risk of cyberattacks targeting IoT networks.
Cloud Security: As cloud adoption grows, securing cloud environments remains a top priority. This includes managing third-party risks and ensuring compliance with regulatory requirements.
Regulatory Compliance: Increasing regulatory obligations and government oversight are driving organizations to enhance their cybersecurity measures to comply with new laws and standards.
Mobile Security: As mobile devices become more integral to daily operations, protecting them from threats is increasingly important.
Manager, Bulwark Technologies
1. AI and Machine Learning
AI and machine learning (ML) have become crucial technologies in information security. They can rapidly analyze millions of events and detect various threats, ranging from zero-day malware exploits to identifying risky behavior that could result in any attack.
Machine learning algorithms can be trained to detect unusual behavior or known attack signatures, improving the ability to recognize potential threats in real time. AI can use historical data and trend analysis to predict potential future threats and vulnerabilities. This proactive approach allows organizations to strengthen their defenses in anticipation of emerging threats.
2. ZTA
Zero Trust Architecture (ZTA) is a security model based on the principle of “never trust, always verify.” Unlike traditional security models that rely heavily on perimeter defenses, Zero Trust assumes that threats could be both external and internal, and therefore, no user or system should be trusted by default.
Zero Trust Architecture offers a robust approach to modern cybersecurity challenges by emphasizing continuous verification, least privilege access, and micro-segmentation. Its advantages include improved security posture, better compliance, greater flexibility, and enhanced incident response.
3. Cloud Security
Nowadays organizations rely more on cloud services, so ensuring robust security measures becomes very important for data storage and operations. Implementing strong security measures like Single Sign-on, WAF, Configuration Baselines, Encryption, etc. are important measures that help to ensure the security of cloud environments, protect sensitive data, and maintain compliance with regulatory requirements. Organizations will be focusing more on cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services as part of their infrastructure.
Don Joy
Group Product Manager, Bulwark Technologies
“In 2024, cybersecurity is evolving rapidly. Generative AI (GenAI) is a double-edged sword, improving security operations but also giving cybercriminals new tools. Protecting personal identities is now a top priority, with identity-centric security gaining traction. Social engineering attacks remain a constant threat, while nation-states increasingly weaponize cyber tools, raising the stakes for everyone. Add to that the challenges of third-party risks and continuous threat exposure, and it’s clear that businesses need flexible, comprehensive security strategies to stay ahead.”
Sam Johny
Business Channel Head, Bulwark Technologies
“In an era of sophisticated cyber threats, the future of cybersecurity depends on leveraging AI for smarter defenses, adopting a zero-trust approach for hybrid environments, and adhering to privacy regulations. The human element remains crucial—continuous training is key to mitigating risks. As Bulwark, a channel-focused organization, we are committed to partner enablement, which not only strengthens their capabilities but also enhances our collective resilience against evolving cyber challenges”
Ibrahim Shaban
Country Head-KSA, Bulwark Saudi for Information Technology
“As a leader in cybersecurity, Bulwark highlights the top trends shaping the future of digital security. The shift towards Zero Trust architecture emphasizes stringent access controls, reducing reliance on perimeter defenses. AI and machine learning are revolutionizing threat detection, enabling faster, more accurate responses to sophisticated attacks. With the rise of remote work, endpoint security and secure access solutions are more critical than ever. Additionally, the increasing prevalence of ransomware attacks underscores the need for robust, multi-layered defenses. As organizations continue their digital transformation, securing cloud environments remains a priority. Bulwark is at the forefront, guiding businesses through these evolving challenges.”
CIO
