Published by
Adding Value to Technology
Issue 03 | October 2015
Streamlining your IT Robust storage and security for today’s businesses
contents from the MANAGEMENT We are happy to reach out to our partner community, especially during GITEX 2015. This incredibly intense week gives us the opportunity to meet again and push forward our collaboration on all fronts of today’s dynamic ICT scene. We believe Arrow ECS brings great value to its vendors and partners in the Middle East and North Africa, where we have been present for many years. First of all, Arrow, a Fortune 200 company, brings experience and scale to its partners. Arrow ECS is present all across Europe and enjoys excellent vendor support which contributes to our success in MENA. In this region, our expertise is centered around storage and security, the two fastest growing segments in the industry. There’s a lot we can do together. Yet, our model is to offer a broad portfolio, which helps partners respond to increasingly integrated solutions and helps vendors expand their partner community. In terms of geographical coverage, Arrow is present from Pakistan to the Gulf, the Kingdom of Saudi Arabia, Levant, Egypt, Morocco and the Maghreb. We have lead generation and qualification, demo facilities, proof of concept technical teams and extensive training capabilities. We bring to bear Arrow’s global expertise, and Arrow globally benefits from skills we have in the MENA region. This year, we are vastly expanding our training services, in response to the region’s crying need for hands on skills and employability of its youth. We are also launching Arrow’s after-sale Support Services, which give end-users the assistance they need to operate and optimize the solutions they invest in. Next on our list is ArrowSphere, our proprietary cloud services platform, designed to help resellers quote, meter and invoice cloud services from a vast array of vendors. All these initiatives illustrate our pragmatic approach and our long-standing commitment to the MENA region. We are proud to share our stand with prestigious vendors such as EMC, VCE, RSA, IBM Security Solutions, F5 Networks, Trend Micro and Intel Security (McAfee). Every one of them has a wide range of solutions for today’s customer needs, namely software-defined, mobility, virtualization and the Internet of Things. Come check them out. Visit us and our sponsor vendors at Hall 1 – Stand A-12, and ask all the questions on your mind and reinforce the human connection between our teams. Welcome!
07
09
12
17
04 EMC: Future scope 07 RSA: Armed to protect 09 Infoblox: Why securing DNS is vital 12 SAS: Driving analytics 14 F5: Hi-tech defense 17 Intel Security: Strategizing your security 20 VCE: Leveraging convergence 22 Raytheon Websense: Eliminating risks 24 IBM: Embracing the new security era 26 Trend Micro: Defense dynamics
www.arrowecs.ae
October 2015 | Channel Advisor
3
Interview | EMC
Future scope
Ashraf Hamid, Channel Sales Manager, Gulf & Pakistan, EMC, aims to accelerate the path to enterprise cloud computing by enabling its partners.
Could you briefly give an overview of your company? EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service, to which cloud computing is central. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and
4
Channel Advisor | October 2015
analyze information in a more agile, trusted and cost-efficient way. Many of these products and services are provided by the EMC Federation of companies comprising EMC II, Pivotal, RSA, VCE, Virtustream and VMware. What have been some highlights within your Middle East operations? This year, one of the biggest highlights was undoubtedly the
www.arrowecs.ae
introduction of the Federation Business Data Lake (FBDL), powered by the EMC Federation. The FBDL is a new solution from EMC Information Infrastructure, Pivotal and VMWare and facilitates the rapid deployment of data lakes, thereby enabling organizations to leverage data in order to build new products and applications, and redefine their industries. The EMC Federation Business Data Lake solution helps
customers embrace the Third Platform in a way that also leverages their legacy first and second-platform estates and data. It helps customers accelerate the move from a data warehouse environment to a data lake and together with EMC Global Services assists enterprises with the transition regardless of where they may stand in their journey. How do you differentiate yourself in this highly competitive market? One of the key aspects that defines us and sets us apart from other entities is our partner programme. In a market that isn’t short of competition, it is essential that we differentiate ourselves. Channel partners continue to be central to our success in the region,
VIST US AT GITEX 2015 - HALL 1 STAND A1-12
Interview | EMC
they don’t just drive our business but ensure that the right set of solutions and services are offered to customers. This is why we continue to introduce initiatives that provide them with the technologies, tools, resources and support to ensure they are prepared to leverage new business opportunities that lie before them with the transformation to the third platform of IT. EMC is focused on ensuring that our reseller partners deliver best-inclass EMC products and solutions to meet the breadth and depth of customer IT challenges across the Middle East region. What are the factors contributing to the IT opportunities in the Middle East region? According to a recent IDC report, spending on ICT products and services in the Middle East and Africa will cross the $ 270 billion mark in 2015. This naturally means a huge margin of growth for EMC and the entire Federation. This is a very exciting time in the region right now, with trends such as the Internet of Things and the Third Platform of computing making themselves more and more evident and set to drive further IT growth. The concept of smart e-services and Smart Cities, a national initiative of various countries in the Gulf, is heavily dependent on these new trends, which will define IT opportunities in the Middle East for years to come. We are already
Ashraf Hamid, Channel Sales Manager, Gulf & Pakistan, EMC
seeing that organizations today want IT to assume the role of a strategic driver of business and are more aligned to business goals in order to identify the means of revenue while cutting down costs and enabling excellent service delivery in order to achieve competitive advantage and sustain business growth. This has largely impacted their approach to investing in storage solutions and we are already seeing such demand for the virtualization, cloud, flash, converged infrastructure and softwaredefined solutions as enterprises work towards sustaining their competitive differentiation, driving down operational costs and maximizing efficiency. How do you plan to continue your support for partner enablement? With the speedy pace of the
This is a very exciting time in the region right now, with trends such as the Internet of Things and the Third Platform of computing making themselves more and more evident and set to drive further IT growth.
6
Channel Advisor | October 2015
www.arrowecs.ae
transformation to the Third Platform of IT powered by cloud, mobile, social and Big Data, we plan to continue to enable and help our partners, through the EMC Business Partner Program that we introduced last year, to design solutions that solve customers’ challenges and help them embrace the opportunities presented by evolving technologies. With flexibility and choice from across the EMC federation – the broadest portfolio in the industry – our partners will be able to deliver the solutions that best meet their clients’ needs. How is the regional channel landscape evolving and how can partners better prepare to meet these changes? Change in the IT landscape in the region will be accompanied by a change in the channel landscape as well – and as it changes, channel partners must evolve as well to meet new challenges. Partners can be better prepared for this by continuing to work with us to highlight the value proposition that brings enterprises the unmatched performance and application agility through intelligent always-on, inline data services to deliver an unparalleled and economical user experience. Customers will be looking to further reduce complexity and accelerate their growth in the market. They would want to spend more time on innovation and coming up with efficient solutions rather than spending days integrating and maintaining various infrastructure components. Partners play a vital role in addressing these issues. What is your business objective for 2016? Our focus for the coming
year will be showcasing the power of the Federation, with an emphasis on Big Data, converged infrastructure and Flash solutions like XtremIO, as well as solutions like the Federation Enterprise Hybrid Cloud and the Federation Business Data Lake. We will lay special emphasis on the power of Flash technology that is transforming the storage industry and we believe is a huge potential market. EMC is prepared to work with partners to leverage this great opportunity through an extensive portfolio to take advantage of the transformative capabilities of Flash, led by the industry’s number one all-flash array, XtremIO. What are your GITEX 2015 plans? In line with the theme of GITEX 2015 – ‘The Internet Future of Everything’ – EMC will also outline its Smart City platform built upon technologies from the EMC Federation of companies. With the concept of Smart Cities rapidly gaining traction in the region, this could not be more important for us. We are gradually moving towards an era in which every person and object could potentially be connected to each other. Smart Cities are the way of the future, driven greatly by the Internet of Things. Dubai in particular has taken the lead, with Smart Cities being a professed vision of His Highness Sheikh Mohammed bin Rashid Al Maktoum. The theme of GITEX 2015 is proof of that, and gives us the chance to showcase our unique portfolio of solutions to government and private organizations alike.
RSA | Opinion
Armed to protect As fraudsters become more sophisticated, prevention requires complete visibility, says Rashmi Knowles, Chief Security Architect, Europe, Middle East and Africa, RSA, the security division of EMC.
Cyber criminals are more organised than ever. Using online services to commit fraud, known as fraud-as-aservice, opens up the most advanced threat technologies to a wider base of fraudsters. Because of this your fraud strategy must continuously adapt to protect your customers and digital assets, but that is only half the battle. Consumers demand fast, easy access to accounts, products and services, and do not want their experience interrupted. Any successful strategy must balance an organisation’s security requirements with the need for convenient user access. Organisations must aggressively rethink traditional notions about what constitutes a threat and how to defend against it intelligently. Gil Shapira, worldwide general manager, RSA Fraud and Risk Intelligence, says, “Fraudsters are constantly changing their techniques, and customers
change their online behaviour, which limits the ability of traditional fraud strategies to detect evolving threats and their impact.” PROTECTING CUSTOMERS Gaining broader visibility into your entire online user life cycle as well as shared intelligence around the latest threats is essential, allowing extended analysis of the behaviour of humans and devices so that fraud patterns are quickly detected. As a result, only high-risk activities are interrupted and the normal user’s security experience remains transparent. An intelligence-driven fraud prevention strategy is multifaceted, spanning user behaviour, device fingerprints, known fraudulent entities and threats from the underground. To differentiate a genuine customer from a criminal requires an overview across the entire online consumer life cycle from pre-login through transactions to post-login.
Your solution must work seamlessly across all channels. It must provide expanded choices for integration with new and existing services and technologies, especially when it comes to step-up authentication. You not only need to understand your risk tolerance, but the appropriate security for the digital channel used by your customer. You must also be able to correlate cross-channel activity for login and transactions. For example, if a customer makes a transaction on their laptop followed shortly afterwards by another from a mobile device in another country, this should be flagged. There are three things organisations should do now to adopt an intelligencedriven fraud prevention strategy. First, gain broader internal and external visibility to evaluate risk and cyber-crime threats across all online digital channels. Second, extrapolate insight from the data to understand normal-state
www.arrowecs.ae
behavior to spot, investigate and root out anomalies that indicate threats based on your unique risk profile, and immediately see which threats are most damaging. Third, responding to malicious anomalies designates the right corrective action to mitigate the specific threat and enforce controls to initiate a remediation process and operationalise the response. We’re finding organisations that use our fraud and risk intelligence solutions gain visibility into shared intelligence on emerging attacks and threats. They can analyse interactions and transactions to detect anomalies that indicate threats quickly, and take corrective action based on custom-defined threat levels to reduce losses from fraud and undetected breaches. This approach is well positioned to address the ever-changing threats of today and anticipated threats of the future with minimal interruptions to your consumers digital channel experience.
October 2015 | Channel Advisor
7
Visit us at GITEX 2015 - Hall 1 Stand A1-12
Infoblox | Insight
Why securing DNS is vital Protecting data and infrastructure from DNS-based threats
The Domain Name System, or DNS, is critical networking infrastructure, connecting all users, applications, and devices on the Internet. However, it wasn’t designed with security in mind. Evolving DNS attacks are targeting networks and being launched against critical systems to bring them down. In fact, DNS is the number one protocol used for reflection/ amplification attacks and tied as the top targeted service for application-layer attacks. Malware
can use DNS as a way to communicate with malicious domains on the Internet. According to recent research on malware, most enterprise networks are already infected with malware, every six minutes known malware is being downloaded, and 47 percent of bots are active for more than four weeks. This indicates that modern threats penetrate and then persist in the network—they aren’t immediately discovered. Furthermore, data exfiltration via DNS is on the rise,
Just like routers, switches, email, web gateways, DNS is critical networking infrastructure. If DNS is left unprotected, attackers may use this to their advantage, to disrupt business operations and exfiltrate data.
with 46 percent of large businesses having experienced data exfiltration. Such targeted attacks pose a major risk to infrastructure and data and can incur a huge cost to the business. DDoS attacks could cause losses of $100K revenue per hour. It is estimated that the average cost of a data breach in 2020 will exceed $150 million, and that prominent threats will be malware and use of botnets.
advantage, to disrupt business operations and exfiltrate data.
Security challenges DNS is critical networking infrastructure Just like routers, switches, email, web gateways, and other devices, DNS is critical networking infrastructure. All businesses need DNS to function for having their websites online, for email communication, for VoIP, and so forth. If DNS is left unprotected, attackers may use this to their
Traditional security is ineffective against evolving threats Traditional network security methods are ineffective against DNS attacks (volumetric and exploits), and evolving DNS threats such as advanced persistent threats (APTs) and zero-day malware that use DNS to communicate with commandand-control servers. Products such as generic DDoS, deep
www.arrowecs.ae
DNS is easy to exploit Because the DNS protocol wasn’t designed with security in mind, it is easy to exploit. When this protocol was introduced nearly thirty years ago, nobody thought it would be used as a way to attack a network. Today, DNS attacks are common, and there are more of them every day.
October 2015 | Channel Advisor
9
insight | infoblox
Infoblox Secure DNS Approach
hand, you can quickly take action to protect your network.
VISIBILITY
SECURE DNS
PROTECTION
Protection Once you are aware of the DNS threats, you need to be able to take action. For maximum effectiveness, DNS protection should be comprehensive, highly available, collaborative, and up to date.
Comprehensive Threats can come from outside or inside the network. Secure DNS helps protect against RESPONSE both external and internal threats by blocking attacks on DNS infrastructure, disrupting malware/APT communications, Figure 1: Secure DNS provides visibility, protection and response for effectively addressing DNS threats. packet inspection, and load and stopping data exfiltration endpoint software or network balancers don’t have a complete via DNS. You can set and architecture changes, easing understanding of DNS and hence enforce network connectivity deployment efforts. As the market leader in enterprise-grade DNS technology, Infoblox understands may bolt on DNS security or lack it and security policies based on DNS and its strengths and vulnerabilities, and we believe that DNS protection should Visibility altogether. This type of protection be built into DNS itself, rather than bolted on to other security technologies. With the device type (e.g. employee/ Before can evenand begin to the isInfoblox not effective against corporate owned, OS type, etc.). Secure enough DNS approach, DNS protects itselfyou from attacks enables protect your network, you must be DNS-based attack vectors. In light Both hardware and software DNS server to become a valuable asset in your security arsenal. Secure DNS aware of security problems related pose an attack surface that has ofallows suchyou challenges, is imperative to see anditprotect against attacks, malware/APTs, and data exfiltration and enterprises to respond quickly. of all, Secureto DNS doesn’t require endpoint software or to be protected from hacking. DNS. Secure DNS provides that take aBest proactive networkwhen architecture changes, easing deployment visibilityefforts. into your network, devices Infoblox’s restrictive application stance it comes to securing (managed and unmanaged), and DNS. Ideally, they would benefit and hardened appliances for DNS Visibility threats. In particular, it detects from a dedicated DNS-centric have minimum attack surfaces DNS volumetric attacks, exploits, security approach that combines and adhere to stringent Common Before you can even begin to protect your network, you must be aware of security APT/malware communications visibility, protection, and response Criteria standards to reduce risk of problems related to DNS. Secure DNS provides visibility into your network, devices through DNS, and data-exfiltration to(managed mitigateand attacks. platform vulnerabilities. unmanaged), and threats. In particular, it detects DNS volumetric attempts. In addition, As theexploits, marketAPT/malware leader in communications attacks, through DNS, andInfoblox data-exfiltration Highly available enables network and device enterprise-grade DNS technology, attempts. In addition, Infoblox enables network and device visibility through integration of its DNS security solutions our market-leading IP address You need to keep your services visibility through integration of Infoblox understands DNS and its with management IT teams and can use the to proactively its information DNS security solutionscontrol with and and applications running, even strengths andsolution. vulnerabilities, mitigate riskthat to their networks from a myriad devices, includingIPBYOD types, when the network is under attack. ourofmarket-leading address we believe DNS protection without requiring endpoint software (agents). Secure DNS offers contextual reporting Infoblox’s deep inspection of management solution. IT teams should be built into DNS itself, and DHCP fingerprinting capabilities, providing a detailed view of attacks and DNS traffic drops various types of can use the information to rather than bolted on to other attempted malicious communications, with drill-down analytics. With this information DNS attacks inside the network proactively control and mitigate security technologies. With the in hand, you can quickly take action to protect your network. and responds to legitimate traffic, risk to their networks from a Infoblox Secure DNS approach, myriad of devices, including BYOD to ensure reliable and resilient DNS protects itself from attacks Protection internal DNS services and types, without requiring endpoint and enables the DNS server maximize application availability. software DNSFor toOnce become a valuable asset inthreats, you you are aware of the DNS need to(agents). be able toSecure take action. maximum effectiveness, DNS protection should comprehensive, highlyand available, Infoblox Secure DNS also detects offersbe contextual reporting your security arsenal. Secure collaborative, andto upsee to date. and blocks data exfiltration DHCP fingerprinting capabilities, DNS allows you and attempts providing a detailed view of protect against attacks, malware/ 2 via DNS, helping companies to prevent data loss attacks and attempted malicious APTs, and data exfiltration and that can lead to negative financial, communications, with drill-down to respond quickly. Best of all, legal, and brand impact. analytics. With this information in Secure DNS doesn’t require
10
Channel Advisor | October 2015
www.arrowecs.ae
Collaborative It is common for enterprises to use various network security solutions to handle different types of threats. Secure DNS integrates with other security solutions and industrystandard ecosystems for improved protection, information sharing, and centralized threat mitigation. Up to date Keeping up with the evolving threat landscape is crucial. Secure DNS keeps protection up to date via an automated threat intelligence feed, which delivers intelligent, continuous protection against new and evolving DNS attacks, APTs, malware, and data exfiltration without intervention, downtime, or patching. It also allows customizable protection for different deployment scenarios. Response Whether an attack is in progress or devices are already infected, you need to take action as soon as possible. Secure DNS helps by effectively stopping DNS attacks in their tracks, disrupting malware/ APT communications to malicious destinations, and reporting on infected devices. Through the collaboration of DNS with DHCP fingerprinting, it provides you context on infected devices and potential infections, giving the IT team actionable information that can help minimize the time to repair. DNS is too valuable to be vulnerable. You need to be proactive, not reactive, when it comes to protecting DNS. By integrating visibility, protection, and response into the DNS server itself, Infoblox’s Secure DNS helps make DNS a powerful network security asset. Secure DNS effectively safeguards your data and network infrastructure from attack, so that you can spend time on other aspects of the business.
Visit us at GITEX 2015 Hall 1 Stand A1-12
Interview | SAS
Driving analytics Shukri Dabaghi, Regional Director Middle East & Francophone Africa, SAS, elaborates on the business analytics software and services company’s channel initiatives and objective for 2016. Could you briefly give an overview of your company? SAS is the leader in business analytics software and services, and the largest independent vendor in the business intelligence market. Founded in 1976, SAS was one of the first companies to offer analytics software for businesses. Through its innovative solutions, SAS has customers in 139 countries and helping 75,000 sites improve performance and deliver value by making better decisions faster. In 2014, SAS achieved record revenue of $3.09 billion, up by 2.3% from 2013. SAS has also devoted 23% of its revenue on research and development (R&D) to enhance its core Statistical Analysis System (SAS) platform last year. What have been some highlights within your Middle East operations? SAS Middle East is sitting at the forefront of working with data needs of organisations from different industries such as telecommunications, banking, retail, healthcare and government. We are bringing ‘The Next Best Offer’ products and solutions in the region including
12
Channel Advisor | October 2015
compliance solutions such as Anti-Money Laundering (AML), Foreign Account Tax Compliance Act (FATCA) and Fraud. SAS is helping governments calculate their demographic growth for the next 30 years by providing answers to questions like ‘where should I build the next power plant?’ Currently, we have over 300 clients across the Middle East and we are getting new customers every week. SAS has also provided countless solutions to government organisations particularly in healthcare. How do you differentiate yourself in this highly competitive market? What really differentiate SAS from its competitors, is how the company helps businesses, governments and academic institutions transform big data into value through critical technologies that include advanced analytics, data visualisation and exploration, customer intelligence, security intelligence/fraud detection, risk management and data management. These technologies are key components
www.arrowecs.ae
of SAS industry solutions, which help our customers make better, faster decisions from their data, wherever and whenever they want to. What are the factors contributing to the IT opportunities in the Middle East region? The IT industry grew tremendously over the years. Focusing on achieving sustainable economic growth and competitiveness, enterprises in the Middle East are prioritising investments in various ICT domains. Most of the governments across the region are also gearing towards e-government initiatives, which brought in foreign direct investments (FDI) in various ICT investment programmes. In addition, factors such as creation of new job opportunities, and technology transfer and stimulation of competition and innovation are contributing to growth in the region’s IT industry. Which are your focus markets within the region and which are the verticals driving your business? Our focus markets are
countries across the Middle East and Francophone Africa or French-speaking countries in Africa. Among the verticals that drive SAS business in the region include banking, telecommunications, government, education and retail. Can you elaborate on your channel plans for the next six months? Aiming to support the growing demand of analytics solutions in the region, SAS’s has been focused in its channel expansion drive. In 2013, SAS had put together a streamlined and simplified analytical solution to enable regional channel partners to get a foothold into medium sized organisations by targeting the department rather than enterprise. Currently, we are revamping the legacy Channel Model turning it into a more vibrant and modern model by introducing tiers associated with benefits, hence growing the current partner numbers from 800 to more than 1000 by July 2016. This activity received a resounding support from all stakeholders within SAS and from our partner network.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. Ž indicates USA registration. Other brand and product names are trademarks of their respective companies. Š 2014 SAS Institute Inc. All rights reserved. S1224020US.0314
insight | F5
Hi-tech defense Discover F5’s cost-effective and advanced security for interactive Web 2.0 applications – BIG-IP ASM
Ensure Comprehensive Threat Protection The volume and sophistication of attacks makes keeping up-todate on security threat types and protection measures a challenge for application administrators and security teams. With industryleading capabilities, predefined signatures, and superior flexibility, BIG-IP ASM delivers advanced, cost-effective security for the latest interactive Web 2.0 applications. BIG-IP ASM secures any parameter from client-side manipulation and validates login parameters and application flow to prevent forceful browsing and logical flaws. It also allows organizations to effectively guard against existing and emerging
14
Channel Advisor | October 2015
Layer 7 application attacks— preventing costly data breaches, thwarting DDoS attacks, and maintaining compliance with Payment Card Industry Data Security Standard (PCI-DSS) requirements. Users benefit from an extensive database of signatures, dynamic signature updates, DAST integration, and the flexibility of F5 IRules scripting for customization and extensibility. Organizations rely on BIGIP ASM to protect the world’s most visited web applications wherever they reside, with the highest level of security and without compromising performance. BIG-IP ASM enables organizations to detect and mitigate Layer 7 threats including web scraping, web
www.arrowecs.ae
injection, brute force, CSRF, JSON web threats, DoS-heavy URLs, and zero-day attacks— providing early warnings, while mitigating threats per policy. It automatically defends against multiple, simultaneous, volumetric application-layer threats including stealthy, low-bandwidth DDoS attacks. BIG-IP ASM also prevents execution of fraudulent transactions, stops in-browser session hijacking, and reports regular and repeated attacks from IPs. Using automatic learning capabilities, dynamic profiling, unique anomaly detection methods, and risk-based policies, BIG-IP ASM can impose needed protections to prevent even the most sophisticated attacks from ever reaching servers. When combined with BIG-IP Application
Acceleration Manager (AAM) and BIG-IP Local Traffic Manager (LTM), BIG-IP ASM filters attacks and accelerates applications for improved user experience. Continuous expert security research F5’s security research team helps ensure continuous development of BIG-ASM signatures, policies, and capabilities. Researchers explore forums and third-party resources, investigate attacks, reverse engineer malware, and analyze vulnerabilities to determine effective detection and mitigation methods that guard against zero-day threats, DDoS attacks, and other evasive or evolving threats. BIG-IP ASM offers enhanced protection from advancements in technology,
Because some headlines are not worth making.
Rebuilding trust is expensive. Protect your network with F5. Your business-critical applications represent your company and your strategic advantage. A cyber attack can knock out those applications—while taking down your reputation and your revenue. Deployed across a range of organizations, from enterprises to mobile network operators, F5® security solutions block a wide range of attacks while ensuring valid customers and employees have access to the applications that matter most. Secure your brand from today’s sophisticated attacks. With F5, it’s possible.
Learn how. f5.com/security
insight | F5
regular signature updates, threat intelligence, and tightening of existing capabilities. Defend with proactive bot protections An always-on defense is required to successfully identify and protect against automated layer DDoS attacks, web scraping, and brute force attacks before they occur. F5 delivers proactive bot defense capabilities that effectively provide controls to help prevent these attacks from ever taking place. Using advanced defense methods to identify non-human users (such as CAPTCHA challenges and geolocation enforcement), BIG-IP ASM slows requests to distinguish bots and then drops those requests before they reach a server. BIG-IP ASM thoroughly inspects user interaction to help detect bots that may bypass client/ application challenges, established rate limits, and other standard detection methods. It also mitigates layer 7 attacks that show an unusual change in request patterns. The BIG-IP ASM bot defense capabilities provide the most effective prevention methods, allowing you to identify suspicious automated activity, categorize bots detected, and mitigate attacks with greater precision. Track malicious user attempts Distinguishing permitted users from bad actors whenever a website is visited helps minimize security risk and prevent malicious activity. With BIG-ASM, application security teams can employ device identification tracking techniques to identify specific end-users and attackers. This unique capability allows IT to easily distinguish human traffic from bot traffic, spot repeat visitors, prevent malicious
16
Channel Advisor | October 2015
attempts, and help WAFs more accurately mitigate DDoS attacks. Device identification tracking enables BIG-IP ASM to identify the same browser, even when users switch sessions or source IPs. When activated, BIG-IP ASM captures and saves unique device characteristics and attributes, determines which clients are suspicious, and mitigates threats based on predefined settings. Whether an automated threat, denialof- service attack, headless browser, or human user, BIG-IP ASM can distinguish between repeat attackers and customer visitors for every WAF use case. Streamline learning, deployment and management Organizations want to turn on protections immediately without extensive security expertise. BIG-IP ASM simplifies and automates configuration and policy deployment with pre-built security policies that provide out-of-the-box protection for common applications such as Microsoft Outlook Web Access, Lotus Domino Mail Server, Oracle E-Business Financials, and Microsoft SharePoint. The validated policies also serve as a starting point for more advanced policy creation. This allows even novice users to rapidly deploy policies and immediately secure applications with little-to-zero configuration time needed. Unified learning and dynamic policy building At the heart of BIG-IP ASM is the unified learning and dynamic policy builder engine, which automates policy creation and tuning for increased operational efficiency and scalability. The policy builder engine automatically builds security policies around security
www.arrowecs.ae
violations, advanced statistics, and heuristics over time. It also understands expected behavior to affect more accurate traffic filtering. By examining hundreds or thousands of requests and responses, the policy builder engine populates the security policy with legitimate elements more precisely than most WAFs. Dynamically generated policies are initially put into staging and then automatically moved from staging and enforced as they meet the rule thresholds for stabilization. The policy builder engine supports automatic policy adaptation and learning following
visibility into attacks and changes in the threat landscape. The BIG-IP ASM overview screen displays active security policies, security events and attacks, anomaly statistics, and networking and traffic statistics. You can save the information or send it as an email attachment. Monitoring capabilities show how the application is being accessed and how it is behaving. The unique REST API supports easy integrations with higher-level SIEM or management services. BIG-IP ASM also offers predefined and customizable dashboards, charts, reports, and stats—highlighting
The BIG-IP ASM overview screen displays active security policies, security events and attacks, anomaly statistics, and networking and traffic statistics. the occurrence of violations or as new parameters are observed. Policy maintenance is simplified by a GUI with a single-page view of all learning suggestions. Oneclick actions allow you to browse, search, accept, and ignore potential suggestions for policy adjustments, hardening policies with ease. Leverage rich, actionable reporting BIG-IP ASM provides powerful reporting capabilities that allow you to easily analyze incoming requests, track trends in violations, generate security reports, evaluate possible attacks, and make informed security decisions. Whether you’re a security expert or a generalist, BIG-IP ASM provides clear, discernable information with comprehensive
DDoS and brute force attacks, web scraping and IP enforcement, session tracking status, and more. In-depth forensic analysis and database security For deeper threat analysis, BIG-IP ASM integrates with high-speed indexing and search solutions like SPLUNK. These solutions offer deeper visibility into attack and traffic trends, long-term data aggregation, and identification of unanticipated threats before exposure occurs. BIG-IP ASM also supports database reporting for a real-time view into database activity and SQL statements generated by front-end users. Indexing and search solutions combine with BIG-IP ASM to provide richer forensic information for increased security effectiveness when mitigating threats.
Intel Security | In-depth
Strategizing your security Discover how a security connected approach from McAfee can optimize your business As organizations evolve, there’s been a shift from process improvement designed to reduce costs to enterprise growth, improving operations, and attracting and retaining new customers. Supporting and enabling both business and security is now an integral component of a CIO’s overall IT strategy. But with the threat landscape quickly changing, the delicate balance of enabling the business and keeping it secure requires that executives make informed decisions. Reactive and costly
firefighting just won’t cut it. You need a proactive and optimized security posture. The Security Connected approach from McAfee is a framework for integrating multiple products, services, and partnerships to provide centralized, efficient, and effective risk mitigation. With more than two decades of experience, we continue to help organizations of all sizes, all segments, and across all geographies improve their security postures, optimize security for greater cost effectiveness, and align security strategically with business initiatives.
Opportunistic attacks Today’s cybercriminals have more than a decade of experience, longterm criminal relationships, and an extensive trust network. They develop more profitable and sophisticated attacks more rapidly and take advantage of advancements in cloud computing, mobility, and social media for nefarious purposes. They’re operationalizing, becoming more scalable among their criminal networks. They’ve become specialists in various complementary criminal activities— carders, malware developers,
www.arrowecs.ae
botnet herders, spammers, money launderers, and document forgers. Targeted attacks Perpetrators of targeted attacks are on a mission. Their tactics are highly automated, low, and slow. They leverage everything from application-centric attacks such as SQL Injection and XSS to zero day operating system, browser exploits, and social engineering. These targeted attacks encompass everything from sabotage to surveillance, but they are often associated with espionage and intelligence gathering.
October 2015 | Channel Advisor
17
in-depth | intel security
Virtualization and the cloud Virtualization and virtualized machines (VMs) are commonplace. Many companies are even looking at virtualization services delivered via the cloud. The benefits are clear—lower hardware costs, better system administration, reduced power consumption, and greater adherence to green standards. These benefits often overshadow the concerns of security professionals. Fact is, the same considerations that are applied to physical systems need to be applied to virtualized ones while taking into account the operating environment adjustments. The same can be said of the cloud. While enterprises of all sizes look to cloud computing as a way to increase business agility and drive cost efficiencies, high-profile security vulnerabilities and service failures do occur. BYOD, workplace mobility, and the consumerization of IT As technology continues to advance and becomes more affordable, employees are finding that their personal technology solutions are powerful enough and versatile enough for business use. In many cases, these devices are actually more powerful and less expensive. As a result, the division between IT and consumer electronics devices that employees feel they need to conduct business has become blurred. This has resulted in explosive growth in the use of personal technology—laptops, tablets, and smartphones—for business. But how do you protect assets and intellectual property when employees are connecting personal devices? Protecting data and your data center Data is everywhere and takes multiple forms. It’s at rest in your backup. It’s in motion as it travels
18
Channel Advisor | October 2015
around your network. And it’s in process in the form of information collected in online purchases or transactions. Regardless of where it is, or what it’s called, data needs to be protected via the following disciplines: discovery, preventative controls, incident detection, incident response, audit, and reporting. The Internet of Things – when technology proliferates The term the ‘Internet of Things’ refers to the interconnected quality of everyday devices that include a technology component. While the collection and sharing of data is clearly valuable, it’s something that nonetheless needs to be secured. You don’t necessarily think of a heart rate monitor as something that requires security against a cyberattack, but the reality is that these interconnected devices are potential threat vectors that need to be secured. Advanced Endpoint Protection – hardware assisted security and embedded security There are more than 3,500 new stealthy rootkits detected every day. This stealthy malware bypasses traditional application level security tools and requires technology that goes beyond the operating system to detect, block, and remediate advanced attacks at the silicon level, before the OS loads. That technology exists today and is already protecting computers from malware and other threats by taking advantage of features built into the processor. It’s called hardware-assisted security and it lives between the memory and the OS to perform real-time memory and CPU monitoring. By operating beyond the operating system, hardware-assisted security offers real time, kernel-level behavioral monitoring. As a result, you expose and remove unknown threats—everything from kernel-
www.arrowecs.ae
mode rootkits to preempt zeroday malware—sooner rather than later. Well before low-level stealth attacks have a chance to cause any damage or steal data.
out through careless or malicious acts. Understanding business priorities and aligning security as an integral component is critical to enabling the business.
Big security data Big Data is not only a challenge for customer-facing organizations— but for security teams as well. Over the past decade, the demand for stronger security has driven the collection and analysis of increasingly larger amounts of event and security contextual data. Security Information and Event Management (SIEM) has long been the core tool that security teams have depended on to manage and process this information. However, as security data volume has grown, relational and time-indexed databases that support SIEM are struggling under the event and analytics load. As a result, organizations are limiting data collection, disabling analytic functions and subsequently drastically reducing the value of their SIEM and the strength of their attack detection capabilities. Due to these data management limitations, expensive SIEM deployments have been relegated to basic compliance reporting tool at many organizations.
Reduce complexity and chaos while achieving connectedness It used to be that you only had to protect stationary computing systems in designated physical locations. Today, you need security that protects a virtual network of people, data, applications, networks, and services. Since these can be anywhere at any given moment, your security needs to equally be ubiquitous. To reach ubiquity, perhaps the greatest enemy is complexity. Bolton point solutions might address a particular risk, but they also introduce complexity—and that can make the cure worse than the condition. A more thoughtful approach is required, one that optimizes the security investment resulting in improved risk profile and improved security at a reduced cost. With security experts pushing organizations to address network security, system security, data security, and compliance as part of a unified strategy, what can organizations do to reduce complexity to the point where this is operationally feasible and not just an academic argument? The answer is what McAfee calls the Security Connected framework. By centralizing traditionally disparate sources across multiple vendors, leveraging each source to enhance the other, and having commonality across all security countermeasures, complexity is minimized, operational efficiencies are maximized, and risk is reduced. To put it another way, consider an air traffic control system where extremely complicated and disparate information is aggregated and made actionable through a single pane of glass.
Security alignment as a business enabler Security positively impacts business operations—you can take your business online without sacrificing data integrity or confidentiality. It acts as a competitive differentiator—both employees and customers can use mobile applications and Web 2.0 to interact with your business. It opens you up to new business initiatives—you keep all your sensitive data, such as customer information, new product releases, merger and acquisition activity, and marketing campaigns from leaking
The future of technology is more secure than ever.
McAfee is now part of Intel Security. 2015 Š McAfee Inc. McAfee and the M-shield are trademarks or registered trademarks of McAfee, Inc. The Intel logo is the trademark of Intel Corporation in the U.S. and/or other countries.
In-depth | VCE
Leveraging convergence How to leverage convergence to drive business agility through VCE’s Vblock Systems The world of IT is undergoing a massive shift from the PC-based client/ server-centric computing model of the 2nd Platform to a model dominated by cloud, mobile, Big Data and analytics, and social technologies. IDC refers to this as the 3rd Platform of computing. The shift to the 3rd Platform is enabling thousands of high-value, industrytransforming solutions and services. 3rd Platform technologies are also driving the development of entirely new business models. In 3rd Platform–based business, speed and agility are key. Therefore, it should come as no surprise that converged infrastructure deployments are rapidly gaining traction in enterprise datacenters around the world. Many enterprises are investing heavily on converged infrastructure as their primary method of implementing new capacity moving forward. IDC estimates that in 2015, $10.2 billion will be spent on converged systems, representing 11.4% of total IT infrastructure spending, and that this number will grow to $14.3 billion by 2018, representing 14.9% of total IT infrastructure spending. This will represent over 12.3% of the total spending on networking, 11.5% of the spending on servers, and 22% of the spending on storage by 2018.
20
Channel Advisor | October 2015
VCE Vblock Systems In less than five years of being on the market, VCE Vblock Systems has now exceeded a $2 billion annual bookings run rate. VCE engineers and factory integrates compute and networking from Cisco, storage from EMC, and virtualization from VMware and its own system software and sells and supports these infrastructure systems for its customers. VCE is an EMC Federation business. VCE announced its new VxBlock System (VxBlock) offering in March 2015. VxBlock brings greater levels of flexibility and supports software-defined networking (SDN) technologies to provide customers with greater choice when it comes to their datacenter infrastructure. Driving IT innovation with Vblock By enabling cost and time efficiencies, Vblock Systems help customers better allocate budget and staff resources. VCE customers are better able to focus IT on business enablement and innovation. They dedicate less staff time to keeping the lights on even as they improve their service levels. IDC found that companies that used to spend 78% of time and budget keeping the lights on now spend only 46%. Looked at in another way, IT staff spend on business
www.arrowecs.ae
enablement increased by more than 300% from 8% to 35% These organizations increased the percentage of their IT budget spent on new initiatives by 97%. This type of increase aligns very well with 3rd Platform priorities. Vblock enables agile and elastic IT environments Every VCE customer interviewed reported that its Vblock environment is contributing to better business outcomes by making the IT environment more agile and elastic, driving more innovation, and enabling the company to better serve users and customers. With Vblock Systems in place, IT teams can move faster and more flexibly. For example, organizations interviewed deployed a server in 84% less time. IT infrastructure that used to require days or even weeks to deploy can now be deployed in hours. Just as important as the ability to develop and provision services rapidly is the ability to quickly scale those services up (or down) to meet changing needs. VCE customers told us their application development teams have access to capacity when they need it, and they leverage this infrastructure to reduce application development cycles. This speed directly drives innovation, new services, and, in
many cases, new revenue streams and higher customer satisfaction. Providing better business outcomes with Vblock With freed-up resources and improved IT agility, VCE customers reported that they are better able to serve users and customers. More time for innovation can help organizations develop new types of applications and services, including mobile and self-service options, increasing the value of these applications. And the reliability of Vblock helps ensure that customers experience minimal interruptions to applications and services. Ad-Partner-8.5x11-Proof.pdf
1
Vblock as a cost-effective, reliable, and efficient IT infrastructure VCE customers say Vblock is a cost-effective, reliable, and efficient infrastructure for running critical business applications. Most customers interviewed need fewer physical servers to support growing workloads and are taking advantage of converged infrastructure to cut costs for hardware, power and facilities, and software licenses. Vblock can be quickly deployed with sufficient compute and storage capacity to handle service and business application growth, leading to significant reductions in datacenter infrastructure costs.
9/18/13
9:23 AM
Report | raytheon Websense
Eliminating risks Raytheon Websense’s 2015 Industry drill-down report states that cyber security is one of the top most security risks for the financial services sector. Increasingly, cyber security is a primary focus for businesses of all sizes in every industry, but no more so than for the financial services sector. Today, financial leaders and authorities are acutely aware of the financial sector’s status and vulnerability as a major target of cyber attacks. No less than 80 percent of leaders in the banking and financial services sector cite cyber risks as a top concern, according to ‘The 2015 Travelers Business Risk Index’. Furthermore, the Identity Theft Resource Center has already tallied 30 known breaches in the Banking/Credit/ Financial sector in the first half of 2015 alone. Significantly, the Financial Stability Oversight Council, which is charged with identifying risks to U.S. financial stability, highlighted cyber attacks as “a growing operational risk to the financial sector” in its 2015 Annual Report. And, according to the 2015 Makovsky Wall Street Reputation Study, 83 percent of financial services firms cite defending against cyber threats and protecting personal data as one of their biggest challenges in building or maintaining their reputation over the next year. Clearly, defending the financial sector against cyber attacks is a top-tier priority.
22
Channel Advisor | October 2015
This report identifies the cyber threats and tactics targeting the financial sector, their effectiveness and the respective volumes of those attack techniques from January through May 2015. By comparing cyber attack data across the industry, Raytheon Websense Labs has gained several unique and specific insights into the attack patterns directed toward the financial services sector. The top six findings include: Financial services encounters security incidents 300 percent more frequently than other industries Under constant barrage by cybercriminals, the number of attacks against the finance sector dwarfs the average volume of attacks against other industries by a 3:1 ratio. Further, the sophistication and persistent nature of the attacks continues to challenge security professionals. Thirty-three percent of all lure stage attacks target financial services This means that hackers are spending a huge amount of energy targeting the finance sector with a disproportionate amount of reconnaissance and lures being devised in search of the big payload.
www.arrowecs.ae
Credential stealing attacks set sights on finance As one would expect with financial services, data theft and credential stealing attacks are paramount to the attackers. When analyzing the top threats facing this industry, researchers noted that most had some data and credential-stealing elements. By volume, the top threats seen in the finance sector include: Rerdom - 30% Vawtrack - 13% SearchProtect - 13% BrowseFox - 4% Fraudsters switch-up campaigns frequently to outfox banking security measures Obfuscation and black search engine optimization continue to be more prevalent in attacks against financial services than other industries as a whole. Patterns in attack campaigns shift on a month-to-month basis, including huge spikes in malicious redirection and obfuscation detected in a wave of attacks in March 2015. Financial services rank third for targeted typosquatting While it may seem an antiquated methodology, the application of typosquatting has evolved into
successful fraudulent incidents generating millions of dollars in financial losses and operational overhead. Raytheon Websense researchers have seen an increase in the use of typosquatted domains in targeted attacks against financial services, usually combined with strong social engineering tactics. When comparing more than 20 industries, financial services ranked as one of the highest for this highly successful type of attack. Evidence increasingly suggests the need for global economy continuity and cyber insurance may be hindering real security adoption in financial services The requirement for businesses in financial services to maintain their real-time connection to the global economy has impaired certain logical security precautions. In addition, the emergence of cyber security insurance may only be providing a meager sense of false security. Banks with cyber insurance policies aren’t necessarily fixing their security problems. Rather, they’re relying upon their policies as financial liability risk management. But even that assumption is flawed. Cyber security insurance is limited in its coverage, and only partially limits the financial impact of a worst-case cyber attack scenario.
Insight | IBM
Embracing the new security era
IBM helps clients optimize their security programs, stop advanced threats, protect critical assets, and safeguard cloud and mobile computing
As per a recent study, the average cost of a breach in the US during 2014 was more than $ 5.8 million. Organizations, therefore, cannot afford to ignore this changing and aggressive security climate. Beyond saving the organization from potentially devastating costs, effective security can be a tool for actually enabling business. A holistic approach that combines the shared capabilities of IBM systems, services and research can empower organizations to move in new strategic directions. With comprehensive, integrated solutions from IBM, organizations can: • Optimize the security program • Stop advanced threats • Protect critical assets • Safeguard cloud and mobile environments Optimize the security program Organizations can take several key steps to an integrated security approach—one that eliminates siloed security information, improves security insight and enhances protection in the security context—including: Develop a risk-aware security strategy: Grade your security maturity as compared to your peers and relentlessly test for compliance with industry standards. Analyze the effectiveness of your controls and develop a roadmap to help improve your security posture and reduce risk.
24
Channel Advisor | October 2015
Deploy a systematic approach: Define the integrated system of capabilities designed to keep you secure. Realize the full value of your existing security investments by fusing them into this system. Apply intelligence and automation to minimize surprises and ease routine tasks. Harness the knowledge of professionals: To help shore up skills gaps and understand complex threats, engage consulting and managed services professionals who have advanced expertise and access to worldwide threat information and advanced research capabilities. Stop advanced threats Without dynamic protection, an organization may spend more time recovering from attacks than it does preventing them. And those who do not prepare for change are leaving their organizations dangerously exposed. To prepare for change and lay the groundwork for better protection, organizations can: • Analyze behaviors instead of signatures • Turn big data into actionable security intelligence • Prepare your response for the inevitable Protect critical assets For smarter defenses, organizations can use analytics and insights to: • Imbue intelligence and anomaly detection across every domain
www.arrowecs.ae
• Build an intelligence vault around your crown jewels • Optimize security for users, data and applications to shield sensitive assets Safeguard cloud and mobile Organizations are adopting mobile platforms, social media, big data and cloud computing to analyze and share information at unprecedented rates. Security executives express concern about the security of new initiatives, such as the danger of theft or loss of mobile devices, privacy concerns associated with cloud computing, and accidental sharing of sensitive data. At the same time, fewer than half of security leaders feel that they have an effective mobile device management approach, indicating a gap between business demands and security realities. To avoid leaving themselves dangerously exposed, organizations should implement measures such as: Own the security agenda for innovation: Understand the strategic imperatives and work with the business to develop riskbased alternatives. Embed security on day one: Engage early and mandate security in cloud, mobile, social and big data initiatives. Use cloud, mobile, social and Big Data to improve security: Use security as a service for easy deployment and improved intelligence. Crowd source threat
intelligence for tips needed on staying ahead of cyber-attacks. The IBM Security difference IBM is a proven leader in enterprise security that helps organizations and defends against new and unknown threats. IBM continues to invest substantially in research and development to build a comprehensive, integrated portfolio to help organizations innovate while reducing risk with: Intelligence: Security intelligence is at the core of the IBM Security portfolio. With its expert field professionals, IBM Security can provide the deep analytics and visibility that organizations need to help ward off the wide range of threats. Integration: IBM Security solutions and services systematically integrate both new and existing security capabilities across security domains, giving critical visibility, providing comprehensive controls and helping reduce complexity. Expertise: IBM expertise stems from more than 6,000 hands- on professionals and researchers supporting customers in more than 130 countries. Their knowledge, along with the deep insights gathered from monitoring more than 270 million endpoints and managing 15 billion events per day, are built into IBM products and services, provided via realtime client feeds, and embedded in professional engagements.
Visit us at GITEX 2015 Hall 1 Stand A1-12
Focus | trend micro
If you’re interested in taking advantage of the benefits of virtualization and cloud computing, you need to ensure you have security built to protect all of your servers, whether physical, virtual, or cloud. In addition, your security should not hinder host performance and virtual machine (VM) density or the return on investment (ROI) of virtualization and cloud computing. Trend Micro Deep Security provides comprehensive security in one solution that is purpose-built for virtualized and cloud environments so there are no security gaps or performance impacts.
Defense dynamics Check out Trend Micro stand at GITEX 2015 to learn more about the company’s Smart Protection Strategy At GITEX 2015, visitors to the Trend Micro stand located at Hall 2 (B2-2) can learn how Complete User Protection, cloud and datacentre security, custom defense solutions support Trend Micro’s Smart Protection Strategy and how that strategy identifies and responds to the next-generation web threats that exist today. During the five day at GITEX Technology week, Trend Micro experts will be on hand to answer any queries, not to mention live demos and interactive sessions.
26
Channel Advisor | October 2015
Complete user protection Trend Micro Complete User Protection is an interconnected suite of security that protects users no matter where they are going or what they are doing. This modern security delivers the best protection at multiple layers: endpoint, application, and network using the broadest range of antimalware techniques available. Plus, it allows corporation to evolve their protection along with business growth using flexible on-premise, cloud and
www.arrowecs.ae
hybrid deployment models that fit any IT environment today and tomorrow. And most importantly, Trend Micro can help businesses manage users across multiple threat vectors from a single management, giving complete visibility of security across the environment. Cloud and datacenter security Virtualization has already transformed the datacenter and now, organizations are moving some or all of their workloads to private and public clouds.
Custom defense The targeted attacks and advanced threats that are increasingly used to breach enterprise networks are purpose-built to evade traditional defenses. Enterprises require an advanced approach to protection that identifies these attacks and enables organizations to prevent breaches and their costly consequences. Trend Micro Deep Discovery is an advanced threat protection platform that enables you to detect, analyze, and respond to today’s stealthy, targeted attacks. Using specialized detection engines, custom sandboxing, and global threat intelligence from the Trend Micro Smart Protection Network, deep discovery defends against attacks that are invisible to standard security products. Deployed individually or as an integrated solution, deep discovery solutions for network, email, endpoint, and integrated protection provide advanced threat protection where it matters most to your organization.
Visit us at GITEX 2015 Hall 1 Stand A1-12