The latest trends in IT security
Defence in-depth
GBM
Vision for IT security Hani Nofal, Director of Intelligent Network Solutions (INS), Gulf Business Machines, shares insights from the company’s annual research carried out in IT security.
Hani Nofal, Director of Intelligent Network Solutions (INS), GBM
How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? IT security has changed dramatically in the last few years. There are several factors contributing to that evolution, but two stand out as the key drivers of change: the increased use of connected devices in personal and work environments, and the increasing aggressiveness of cyber-criminals to exploit unknown weaknesses. GBM conducts annual research in IT security, and this year’s results found that 61 percent of respondents believe the Middle East specifically is a prime target for cyber-crime. IT security is becoming an increasingly important challenge for IT professionals because there is an incredible race between IT security teams and hackers. Hackers have been largely successful in their attempts to get
around existing security methods and disrupt systems. Today, attacks are far more complex, coordinated and targeted when compared to previous attacks, which were mostly unstructured and simple. Organisations realise the changing dynamics of the threat landscape and are looking at identifying all vulnerabilities across their firms to protect systems on an end-to-end basis. Additionally, the IT security industry is facing new risks due to the widespread adoption of Bring Your Own Device (BYOD) programmes, both globally and in the Middle East. According to GBM’s 2014 Cyber Security Survey, 50 percent of companies are allowing employees to connect their personal devices to the company’s network, a number that has increased since 2012, whereby increasing the risks of cyber-threat. The security controls and technology to mitigate those associated risks are still maturing. Hence, many enterprises are still trying to understand the complete threats and risk levels related to mobile malwares before they can take the appropriate actions. Organisations need a security strategy to combat these challenges, including a focused approach and dedicated teams. The first step to implementing a security strategy is identifying and defining the risk in the organisation, and then putting controls to mitigate the risk. What do you believe are the elements that differentiate your
offerings from those of your competitors? All solutions offered in the GBM Security Framework are recognised leaders in their space by internationally renowned organisations such as Forrester or Gartner. GBM’s team of experts understand each client’s requirements well, with many employees born in the region with an innate ability to guide deployments of the uniquely crafted security solutions. Having the proper intelligence in place helps give IT teams an accurate snapshot of what’s happening on their network, which helps to identify internal and external threats and protect against zero day malware. Are there any other trends security partners should look out for in the next few years? Because IT security changes so rapidly, it is crucial to find the right skills and experience. There is already a shortage of skilled resources to support and deliver technology solutions. GBM provides skilled resources on a short and long-term basis. GBM also provides a full/ partially managed operations solution, whereby GBM takes the responsibility of the operation and commits to service level metrics. This frees up the customers’ own resources for other critical activities. In addition to talent investment, in the next few years it will be important for companies to ensure ease of security operations, and look at measures to reduce complexity. Investment into security intelligence, analytics and the right skills should be a top priority. With the growth of the security market, some of the key issues we will face are continued hacktivism, DDOS attacks, DNS attacks and increasing threats on mobile.
3
case study
Tech it up How Dubai Smart Government achieved a seamless integration of IT systems within the organisation through the GBM implementation. A company’s growth in the evolving IT ecosystem will depend heavily on a robust infrastructure and how seamlessly the users can navigate within it. Organisations need to also regularly keep pace with the evolving demands of the dynamic ecosystem. This requires a secure and scalable IT infrastructure that is more customer-focused and provides a foundation for corporate productivity and success. A case in point is Dubai Smart Government (DSG). Known for providing innovative online services to other government entities and employees as well as citizens, residents, and visitors in Dubai, DSG leads the modernisation of the city’s ICT infrastructure by adopting a shared services approach with a new single environment. The company has built a unified and highly reliable information network, including the use of cloud computing, to underpin Dubai’s electronic infrastructure.
Matar AlHumairi, Director, Infrastructure Management Dept, Dubai Smart Government Department, said, “To contribute to the sustainable development of Dubai under the direction of the shift to Smart Government and strive to make the city smarter globally, DSG has partnership with IBM/GBM in this project to provide a resilient SSO & IDM infrastructure and to ease the user access to Dubai Smart Services.” Through multiple channels, DSG provides government services to citizens, residents and visitors (G2C), to businesses (G2B), to other government entities (G2G) and to government employees (G2E). In order to provide a resilient infrastructure, ensuring seamless user access to these services, the company wanted to implement an Enterprise Single Sign-On (ESSO) integrated with Identity and Access Management (IAM) Solution. “Known for its proven track record, we chose GBM for the integration of the IBM IAM and SSO suite,” added AlHumairi. The problem Prior to the GBM implementation, the company faced the following challenges: • Users were required to securely access applications spread across multiple government entities, and these applications had multiple login IDs and passwords. Managing multiple
"We also provided all of the hardware for the IAM infrastructure, utilising the benefits of a virtualised environment to maintain scalability and flexibility." Ashok Bhola, GM, United Computer & Management Consultancy Company
4
user names and passwords was creating user frustration, affecting user productivity and leading to an increasing number of password-reset calls to the help desk. • As more web-based applications are developed, issues of integration and scalability become critical due to the limitation of having security built into each web application independently and in isolation. • Credible and consistent audit data is not easily available due to the audit files being distributed on each application, often using different formats and logging different types of data. DSG was looking for a reliable, secure access solution for its critical applications that have a direct revenue impact. It also wanted a partner that was able to provide a complete end-toend solution, including hardware, software, implementation and support, while ensuring seamless integration with the existing environment. AlHumairi said, “We found that the solution proposed by the GBM team, leveraging IBM software, was the best approach to address and solve our challenges through various implementations.” The implemented solution GBM provided a solution designed specifically for the needs of the client by leveraging the capabilities of its IBM product suite, particularly the application security portfolio. The following IBM Security products have been successfully deployed in DSG: • IBM Security Identity Manager (ISIM) • IBM Security Access Manager for Web (SAM for Web) • IBM Security Federated Identity Manager (SFIM)
"Our end-users are now having consolidated user identities across services and seamless Single Sign-On experience accessing DSG hosted applications."
Matar AlHumairi, Director, Infrastructure Management Dept, Dubai Smart Government Department • IBM Security Access Manager for Enterprise Single Sign-On (SAM ESSO) ISIM was used to provide end-to-end user lifecycle management, self-service for password management, enhanced reporting and auditability. SAM for Web was used to enhance the security of exiting websites and web-based portals, as well as provide Single Sign-On. Features of SFIM were leveraged to enable federation, along with secure and seamless access to applications and sites spread across different government entities. Ashok Bhola, General Manager, United Computer & Management Consultancy Company, GBM’s branch in Dubai, said, “We also provided all of the hardware for the IAM infrastructure, utilising the benefits of a virtualised environment to maintain scalability and flexibility. The project delivery was managed by GBM in association with partners like IBM for effective deployment, implementation and integration.” DSG found that all challenges faced prior to the deployment were addressed and successfully solved through the GBM implementation. “Our objective in this project was to ease the access and provide our services in connected, and customer centric personalised manner. Our end-users are
now having consolidated user identities across services and seamless Single Sign-On experience accessing DSG hosted applications,” said AlHumairi. The benefits To recap, the successful completion of this project has the following benefits for the customer: • Single Identity and a seamless Single Sign-On experience for Dubai Smart Government employees and employees of other departments accessing DSG hosted applications. • Enhanced security that meets the highest industry standards for all the government departments by providing a secure access layer (WebSEAL) on top of existing applications. • Consolidation of user identities across departments of Dubai Government accessing DSG hosted applications. • Self-Service features to users for password reset etc. that result in reduced helpdesk calls and enhanced user experience. • Scalability – the use of a virtualised environment allows the environment to be very scalable. • Better Auditability and Security through the consolidation of identities, a single point of control for managing user identities and enhanced reporting capabilities.
at a glance The implementations included: • Single Sign-On (SSO) for web applications, enabling authorised users to login once and be given transparent access for all their e-business requirements. Through SSO, users are more productive and the help desk receives dramatically fewer password-reset calls • A central access layer as a strategic platform for all web applications to leverage, allowing for easier integration as well scalability from hundreds of users to those with tens of millions • Central audit as one repository for audit of all specified activity across all web applications. This enables ‘big picture’ and detailed analysis to be carried out in one place The solution implemented by GBM also supports both webbased and desktop applications running under different operating systems and provides: • A Single Sign-On system that forms the gateway for DSG’s secured Identity & Access Management • An increase in end-user productivity and enhanced experience as a result of the SSO • Hassle-free User administration • Context and role-based Corporate Security policy enforcement • Flexible authentication framework • Self-service user password reset • In-depth system activity and audit reports
5
Palo Alto
One-step ahead
and is often used in the early stages of a persistent attack.
Saeed Agha, General Manager, Middle East, Palo Alto Networks, paints a picture of the current security threats in the market and how partners can stay ahead of the curve through differentiation.
How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? A modern organisation is facing a rapidly evolving threat landscape full of modern applications, exploits, malware, and attack strategies that can avoid traditional methods of detection. Threats are delivered via wider range of applications. Additionally, your enterprise is exposed to targeted and customised malware, which can easily pass undetected through traditional antivirus solutions. Another emerging challenge is to manage end user expectations of an extremely mobile and fast-paced workforce who wants and demands flexible working environment and use personal and mobile devices on a regular basis. BYOD is a huge task ahead for all IT professionals who are struggling to manage flexibility versus security for the workforce. These challenges have led to demands of security solutions that are superior in technology, offer protection and at the same time remain easy to use and manage at all levels of the organisation including end users. In the current technology and business landscape, what do you believe poses the largest threat to an IT network/infrastructure? How can organisations effectively tackle these challenges? Enterprises are struggling with major
Saeed Agha, General Manager, Middle East, Palo Alto Networks
changes in the infrastructures they must secure, and what they must protect those infrastructures from. The IT managers have to be a step ahead of these threats and choose their partners carefully. Also they need to choose products and solutions that work to prevent, manage and minimise the risks known and that has the capabilities to prepare for the unknown. Data protection and endpoint security is a critical priority for any organisation as cyber-attacks grow, therefore the need for a security policy is critical. Once a framework is in place, the next challenge is successful enforcement which includes analysis of all network traffic flows, and aim to preserve the confidentiality, availability and integrity of all systems and information and regular auditing i.e. the network security auditing process requires checking back on enforcement measures that determine the alignment with the security policy. The modern malware landscape is very challenging for legacy threat prevention solutions. Data collected by our WildFire, cloud-based modern malware prevention service, shows that new malware spreads fast, uses evasive techniques to hide from traditional security solutions
With so much competition on the horizon how do you differentiate your products and services from your competitors? How do you help your resellers differentiate their offerings? Palo Alto Network solutions provide industry-leading response times. Combined with our control over applications, users, and content, we have an innovative approach that gives our customers a much more comprehensive level of protection from targeted attacks. We leverage multiple threat prevention disciplines, including IPS, anti-malware, URL filtering, DNS monitoring and sinkholing, and file and content blocking, to control known threats. Security teams can also use our Behavioral Botnet Report to identify the unique patterns of botnet infections in your network. Our WildFire solution identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) in a cloud-based virtual malware analysis environment. This scalable service automatically develops and shares protections worldwide in as little as 30 minutes. We are building our network of trusted partners and offer the most comprehensive range of solutions via cutting edge capabilities. We have expanded beyond the firewall market which is starting to produce results. Management’s acquisitions have created a more complete security portfolio. The larger security portfolio will help drive revenue through cross-selling to their 17,000 plus customer base. The recent acquisition of Cyvera has increased our total addressable market by an estimated $4 billion. Management has spent significant resources on sales and marketing. This has drastically increased both brand awareness and revenue.
7
helpag
Carving niches Nicolai Solling, Director of Technology Services, Help AG, elucidates that security has now evolved to be all about applications rather than just firewall throughput. How has the security landscape changed over the last few years? How have these changes impacted your revenues from this line of business? Since its establishment in the Middle East in 2004, Help AG has always focused on advanced IT security services and solutions, laying specific importance to three pillars – application security, understanding of the security impact of the application, and the governance and standards around protecting information. For the same reason Help AG has also changed its motto from ‘protecting networks’ to ‘protecting information’. This evolution of the Middle East security market has in turn resulted in materialising the three different business units within the company. These are security analysis, where we focus on analysing the security of applications and the network; strategic information consulting, which focuses on the different standards and governing frameworks for protecting information; and finally security consulting, which focuses on delivering the most innovative security solutions in the market. Today application is king, whereas earlier it was about firewall throughput. Today the only relevant criteria for a firewall is whether or not it includes full applications visibility and security features. This is definitely an area that customers need to look at
8
Nicolai Solling, Director of Technology Services, Help AG
very closely. For customers who publish applications, our focus lies in validating the security posture of the application. Specifically from a technology perspective, the challenge of dealing efficiently with malware is one of the areas that customers are very concerned about and we see a lot of focus on that. What is very interesting in the security solutions field is that our technology area is constantly challenged as security needs to both adapt and enable other solutions. Because of this, we are always busy identifying new solid solutions. Personally, I believe that the enablement of visibility of what is happening is one of the key aspects of security in the coming years. Specifically Big Data analysis solutions look promising given their ability to correlate multiple events and provide some level of automated response on an event. This way we no longer need to look for bad stuff, but can look at what is not normal as the baseline of our security environment. How do you go about selecting the vendor portfolio?
Help AG goes to great lengths in order to identifying new solutions. The first step is to constantly evaluate our product portfolio and see if it meets the requirements of our customers and the security needs we see coming up. Our security analysis team is a great source of knowledge and insight for this task. The next step is to identify the major areas where we need technology and then vendors are evaluated from both a technical and commercial perspective, however all aspects of a solution need to be correct. In all of our core technology and solutions areas we simply perform group tests, where we evaluate how well the products work. This exercise allows us to build competence in both the technology domain as well as in the specific products. Right now we are spending some time in the lab identifying network access control solutions. How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change? Earlier we needed security to integrate with virtualisation and today it has become an enabler of security. Specifically in respect to computing virtualisation and other aspects such as VDI which is helping organisations support BYOD. I am not just referring to a mobile phone, but also computers, laptops and any other computing device an employee might use. Cloud is a little more difficult, as there continue to be many big unresolved issues relating to data ownership, legal frameworks and availability. That being said, cloud is here to stay and it will be a topic that is interesting to follow in the future. Many of the venture investments in IT security in the US are happening exactly in the domain of cloud security.
nanjgel
Going all out Jude Pereira, Managing Director, Nanjgel Solutions says comprehensive offering of a security solution can pave the way ahead for growth in the space. How do you go about selecting the vendor portfolio? Mainly there are three factors that we consider when we select our vendor portfolio. First is the tremendous value or ROI the solution can bring to the customer within the first couple of weeks or months as security is extremely critical. Next is the cost of the offering and finally the immediate support the vendor can provide for the region in terms of being able to get to them directly for help rather than a call centre or help desk. What do you believe are the elements that differentiate your offerings from those of your competitors? The main value we bring to the customer is our level of experience and expertise with the solutions we offer. Whenever we implement a solution, we offer all the services related to it – we deploy the solution and then we customise it to have complete visibility, define the policies and rules so that we can gain control and finally build all the dash reports and alerting as per the business requirements so we can gain manageability. Unlike most
Jude Pereira, Managing Director, Nanjgel Solutions
of our competition that only deploy the solution what is available outof-box and leave the rest for the customer to do. We currently have more than 20 security technologies we offer from over 10 vendors which we bundle in our different framework offerings which address different technologies requirements for a client, like say he would use our ‘GANAS’ offering if they need to build a cyber-security centre or ‘FALCONEYE’ if they need a Data Loss Prevention solution and they will use our ‘CONDORWATCH’ offering if they need to build a security operations centre or more focused bundles like Oryx which takes care of only database security. How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change?
"It is crucial to understand the main purpose of the solution and best practice methodology to be followed for its implementation."
There is not going to be much impact from a security perspective, as there are solutions that will have to sit inline and this will not change. Then there are solutions that need high resources for analytics but not necessarily inline but they still have to be as an appliance. Finally you have solutions like the different threat intelligence feeds, global risk feeds that will always be there as a SAS offering. Security is not like any other application or service where you can just decide to virtualise the solution to save cost or because you do not have any space at the core. It is very crucial to understand the main purpose of the solution and best practice methodology to be followed for the implementation of the same. Are there any other trends security partners should look out for in the next few years? The six trends that partners should look out for are Hypersegregation, operationalisation of security, incident response, software defined security, active defense and disruptive reinforcement.
9
AcCessdata
Securing your premises Lucas Zaichkowsky, Enterprise Defense Architect, AccessData, details the emerging trends in the evolving regional threat landscape and the way forward. How has the cyber-security landscape evolved in the last few years? The Middle East is historically a critical area for international relations, however it also has a perilous area around its cyber security profile. The public and private sector in the region are ‘targets of choice’ and ‘targets of opportunity’ for numerous individuals and groups who abuse IT systems. Many recent incidents have compelled the region to rapidly identify where it is vulnerable and exposed to cyber-attacks. Industry security standards still place most of the focus on preventative measures. However, practitioners seem to have realised that prevention is not always possible, and they are looking to optimise their detection and response capabilities. Vendors are beginning to realise that juggling disparate tools and manually correlating data from each is inefficient and can cause dangerous response delays. Therefore, we are seeing several large and small vendors developing their solutions to integrate with complementary solutions from other vendors. AccessData has been in the fortunate position of leading the charge when it comes to integration both in the realms of cyber-security and electronic discovery and this has had a positive effect on our business and revenues. How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change? The adoption of cloud can throw up some security concerns such as: Data breaches: Clouds
10
Lucas Zaichkowsky, Enterprise Defense Architect, AccessData
represent concentrations of corporate applications and data, and if an intruder penetrated far enough, sensitive pieces of information can be exposed Account or service traffic hijacking: Phishing, exploitation of software vulnerabilities such as buffer overflow attacks, and loss of passwords and credentials can all lead to the loss of control over a user account. Insecure APIs: Security experts warn that there is no perfectly secure public API Denial of Service: When a denial of service attacks a customer’s service in the cloud, it may impair service without shutting it down, in which case the customer will be billed by his cloud service for all the resources consumed during the attack. Malicious insiders: Malicious insiders might seem to be a common threat. If one exists inside a large cloud organisation, the hazards are magnified. Abuse of cloud services: Hackers might use cloud servers to serve malware, launch DDoS attacks, or
distribute pirated software. Shared technology: In a multi-tenant environment, the compromise of a single component, such as the hypervisor can expose not only the customer but also the entire environment to a potential of breach. Besides the above security threats, the cloud also allows collaboration. Our Cyber Intelligence & Response Technology (CIRT) product creates a collaborative environment – a ‘virtual war room’ – in which an organisation’s information security teams, such as network security and computer forensics, can perform tasks, conduct analysis and report status and findings in real time. Analysts, attorneys, chief executives, and others can access CIRT via a Web interface to view the data they are permitted to. It enables all information security stakeholders to collaborate in real time and greatly increases efficiency during a security breach. What are the other trends security partners should look out for in the next few years? Mobile malware is becoming a huge concern, not only because of the sheer volume increase but also because of how sophisticated and hard to detect these threats are becoming. Because of the platform’s popularity and open nature, Android is the victim of most mobile malware. Today, information-stealing malware, one of the most prevalent Android malware types can log, steal, and publish almost everything an employee does on their mobile. Such malware can pave the way to a potential data breach. Advanced Persistent Threats (APT) now form an integral part of their armoury of hacking tools and is part of organisations' threat model and businesses need to be wary of this in the future. APTs are complex threats that differ from traditional ones as they are targeted, persistent, evasive and very advanced.
Ingram Micro
At the helm Ali Baghdadi, President Technology Solutions, Ingram Micro, META region, says that IoT and machine-to-machine are technologies that security partners should watch out for.
How has the evolving security landscape affected the demand for security solutions? Currently, Middle East nations are witnessing significant economic and technological transformation due to growing business opportunities in large industries such as banking, financial services, insurance (BFSI) in the region. Moreover, the Middle East region is dominating in the oil and gas industries. These industries due to their remote and geographically vast operations are highly dependent on Internet networks, which in turn magnify their vulnerability to cyber-attacks. The increased use of hybrid cloud, the fast growing use of mobile devices by clients and the rise of e-commerce in the region are introducing vulnerabilities to organisations of all sizes. A recent Middle East ICT Security Study by Cisco says that businesses across the Middle East are at high risk, with 65 per cent of employees not understanding the security risks of using personal devices in the workplace. Companies are finding it increasingly difficult to manage BYOD environments. Some endpoint protection companies that provide employee-owned mobile security tools are Symantec, Kaspersky, Bitdefender, McAfee and Microsoft. Most at least provide tools to protect iOS and Android mobile devices, including mobile phones and tablets, some also protect Blackberry and Windows devices.
Ali Baghdadi, President Technology Solutions, Ingram Micro
What do you believe are the elements that differentiate your offerings from those of your competitors? We offer a wide selection of security products from many vendors. We have certified consultants who can provide pre-sales support, design and POC demonstrations. In addition, we have a professional services organisation that works with our reseller partners to provide reliable and secure environments for the end customers. We also operate across the entire Middle East and Africa where we have over 15 locations.
Endpoint mobile security features vary among providers, but possible abilities include being able to implement DLP restrictions such as locking down which files can be loaded to the device, encryption technologies; and containerisation tools. Some technologies can locate and wipe the memory of lost or stolen devices. Some can even wipe the drives after someone attempts to change the SIM card. Last but not the least, the rising deployment of private, public and hybrid clouds are driving organisations and data centres to deploy new security strategies. IT security plans become a key element in the overall cloud strategy. It is important to align with cloud ecosystems based on open technologies in order to maintain choice and vendor interoperability.
How is the adoption of cloud and virtualisation set to affect the security landscape? SMBs are the fastest in adopting virtualisation and private/public cloud as targeted attacks on small businesses are increasing rapidly. Companies need the best endpoint security that provides multiple barriers against malware, network intrusions, data loss and theft. Now many vendors provide technologies for managing employee-owned devices that often have access to corporate resources. When considering a new endpoint solution for a customer, we consider the type and number of endpoints, how it can be hosted (cloud-based endpoint protection, hosted on-site or in a virtualised environment), what management tools are required (on-site, remote, mobile), performance expectations and professional support options.
How have these changes impacted your revenues from this line of business? We have seen a significant growth in security revenues. Our partners have also seen many opportunities as businesses demand more security. Our professional services organisation has been working with partners on a variety of solutions for prevention and protection. Services include vulnerability assessments and deployment services.
Are there any other trends security partners should look out for in the next few years? We should watch out for the rapid rise of IoT and machine-tomachine technologies. These are cloud hosted solutions that collect sensitive and live data from devices and sensors in remote geographies. Security concerns will produce new types of security technologies in order to protect these live and at times critical applications.
11
HP ComGuard
Defence strategies Ajay Chauhan, CEO, ComGuard, explains the changing role of a security distributor and challenges that need to be addressed in the industry.
Ajay Chauhan, CEO, ComGuard
Could you explain your role as a security distributor in the evolving threat landscape? As a security solutions distributor, our role is to help customers to develop a unified IT security solution which will fulfil the compliance needs of the respective industry and help in optimising and managing an efficient networking system. We also enable customers through our resellers on a regular basis to meet the demands of a growing security market and that is what we are a pioneer at. How do you go about selecting the vendor portfolio? Please list out your line up of security products and solutions? We have a standalone team within the Group, called the Strategic Alliance and Quality Assurance (SAQA), inducted to identify the gaps in our technology portfolio.
12
With the help of our keen technical analysts, we shortlist a list of vendors from each of the areas we aren’t currently addressing and initiate dialogues to onboard the best fits. Currently, we have a lineup of security solutions and products spanning areas including cyber-security, data protection and DLP, end point security, UTMs, single sign on, multi factor authentication, email and application security, web filtering and threat management, identity and access management, SIEM, network optimisation / Tap, IPS and Firewalls, among others. What do you believe are the elements that differentiate your offerings from those of your competitors? ComGuard has restructured its strategy and product offering to enable higher levels of localised support and service. The product training sessions for partners is a step towards better product awareness. Backed by a strong vision and sustained growth rate, the company’s distribution reach has spread to 14 countries across Middle East and APAC with above 1000 partners. As new challenges unfold, ComGuard remains at the forefront in deploying and distributing security technology and the endeavour is to empower enterprises with knowledge and innovative ways to make most out of technology. How is the adoption of cloud and virtualisation set to affect the security landscape and how are you
preparing to leverage this change? As cloud computing technology reaches a saturation point in North America many in the space are beginning to look at other markets to supplement growth prospects. According to IDC, the Middle East could be the next major market to adopt cloud computing. Companies are increasingly aware of the business value that cloud computing brings and are taking steps towards transition to the cloud. A smooth transition entails a thorough understanding of the benefits as well as challenges involved. Like any new technology, the adoption of cloud computing is not free from issues. ComGuard is equipping to address issues such as third party trust, multi-tenancy, encryption and compliance. Also few challenges the security industry is trying to address in the cloud space include trusting vendor’s security model, customer inability to respond to audit findings, obtaining support for investigations, indirect administrator accountability, proprietary implementations can’t be examined and loss of physical control. Of course, any reputable cloud provider is going to have security measures but enterprises do not abdicate responsibility for what in effect is just an extension of the corporate network. For instance, if someone within the enterprise has left default passwords unchanged, or installed software with vulnerabilities, or does not keep up with patch levels, then the organisation is responsible. Organisations need to think in terms of protecting data, not just physical machines. Responsibility for those assets travels, regardless of the environment. Wherever a company’s IP goes, it needs to be protected, whether that is in the cloud, on premise, printed-out, on a mobile device or any number of storage types.
dell
Profiting from security Shahnawaz Sheikh, Regional Director - MENA & Turkey, Dell-Sonicwall, outlines the trends in the dynamic security environment and how partners can optimise the opportunities present. How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? The security landscape in the Middle East has continually evolved as we have seen an increase in attack verticals targeting customers of all sizes. As the Gulf countries business growth among the small to enterprise sized organisations attracts the global attention, the same popularity also attracts the cyber-criminals to choose their targets. We have witnessed in the recent past how large organisations have been victims of cyber-attacks and the loss the businesses have incurred in rectifying it. Therefore, in light of such threats prevailing in the region, many customers understand the importance and urgency of securing their networks at multiple layers and hence the demand for security solutions such as perimeter security, remote access security, email, web, content and end-point, have been given importance. Please list out your line up of security solutions? Have you added any new products in the last 12-18 months? We specialise in diverse areas of security that comprises solutions to protect our customers gateway security, email security, mobile device security, wireless security, in addition to WAN optimisation and end-point security. The new products that we have added in the last couple of months are hosted email security service, mid-market WAN optimisation appliance,
additionally we also continued to enhance the OS features of all our products including next generation firewalls, wireless security and secure mobile access devices. How are you helping your channel partners leverage the demand for the latest security products and solutions? It is our top most business priority and ongoing responsibility to enable and update our channel partners to support the demand and equip themselves with required product and solutions knowledge. This is done with the help of a series of sales and technical trainings that we deliver. These trainings are primarily tailored to cement the knowledge gaps and bring all partners in that specific tier to the same knowledge level so that our customers get equivalent support irrespective of the partner they choose to work with from a specific tier. Additionally the needed channel communication on products, solutions, lead gen tools and case studies, is consistently communicated, outlining the product and services demand to our partners. With so much competition on the horizon how do you differentiate your products and services from your competitors? How do you help your resellers differentiate their offerings? Our approach may not necessarily be unique but most importantly we listen to our customers and offer what they expect from us. There
Shahnawaz Sheikh, Regional Director - MENA & Turkey, Dell-Sonicwall
can always be product feature differentiation but when coupled well with the right and the required services, skill sets and a sound knowledge to implement the product to meet the customers’ expectation so that the solution makes a difference to his business, I believe such differentiation is the key to be ahead in the market. How is the security landscape set to change in the next 12-18 months? How much ever we wish, there is no cruise control mode in managing network security, due to the dynamic nature and sophistication of threats, the IT teams or the IT security stakeholders need to be continually vigilant and tactical in managing security risks and assumptions. The next few months are going to be no different from the necessity to be 100 percent protected as of today, however due to the dynamic nature of threats and its penetration, more effective solutions could be needed. There could be a demand to have layered security with the intelligence of connected security as a standard requirement.
13
HP Cyberoam
Safeguarding interests Ravinder Janotra, Regional Manager, Middle East, Cyberoam, advocates the need to educate customers to adopt security best practices.
Ravinder Janotra, Regional Manager, Middle East, Cyberoam
How has the evolving security landscape affected the demand for security solutions? Over the years, there has been a noticeable growth in ICT, financial services and education verticals in the Middle East. With ICT growing stronger as a socioeconomic intervention, reaching more organisations and users, there’s certainly greater need for enterprise security. ICT priorities in the Middle East are evolving with the growing impact of cloud, virtualisation, BYOD and other trends on business models. The collective outcome of these forces and growing complexity and frequency of cyber-threats and network attacks have forced businesses to revisit their enterprise security posture, forcing them to shun traditional defenses that can’t keep up for changing times. As
14
a result, a growing number of IT managers look at proactive and integrated approach on enterprise security and risk management. Key security priorities include security for virtual and cloud environments, application-aware security, identity-based access, protection and reporting, support for compliance needs, BYOD awareness and more. In addition, several mid-market and large scale organisations that preferred clinging onto in-house security expertise now also see the need for managed security services. In the current technology and business landscape, what do you believe poses the largest threat to an IT network or infrastructure? Today’s connected global economy thrives with the impetus of Internet. While transacting and using the online medium for business has immense potential to shape new economic opportunities and bridge the digital divide, the process requires to be protected from Internet risks and evolved threats. Apart from the influences of global financial volatility, rising cyberthreats also have massive potential to derail this development process in Middle East. There’s a need to promote and impart education among users of technology to use security best practices. Government and industry also need to drive enhanced awareness by adopting adequate security measures. How are you helping your channel partners leverage the
demand for the latest security products and solutions? Our partners pay a pivotal role in enhancing network security and management capabilities for our customers. To help our partners arrest emerging growth opportunities, we have introduced products tested against toughest security benchmarks and forged ties with technology leaders that provide our partners with a competitive leverage to take more offerings to customers across a wide range of verticals while also enjoying recurring revenue opportunities. To this end, we are empowering partners with enhanced products, cloud-based capabilities, comprehensive training and certification to enrich industry know-how and also sales acumen to emerge more competitive and relevant for the changing times. Channel partner initiatives play an important role. With partners that are best placed to aid promoting security technology adoption for different customer groups, and possess better grasp into what they need, there lies greater potential to create better in-roads. We are committed to enable this empowerment and shall be taking it to the next level in times to come. How do you help your resellers differentiate their offerings? Our partners who are the extension of our business and directly correspond with the end customers, have also adopted our innovation strategies. Moreover, constant engagement with partners has allowed us to gather crucial customer insights while extending our resources to them. We have ensured that our partners become end-to-end solution providers. They have the expertise to diagnose issues in customers’ network infrastructure, gather specific network requirements, provide best suited solution and offer support.
eset
New game, new rules Pradeesh VS, General Manager, ESET Middle East, says partners should gear up to face the evolving IT security landscape as the rules of the game are changing.
Pradeesh VS, General Manager, ESET Middle East
How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? The threat landscape has changed incredibly in the last few years. We all remember the days when worms and viruses were the pinnacle of security threats, mainly designed for fame, service interruption and destruction. Now the game has changed. Hackers have become more advanced, with better intelligent techniques and different goals. The main purpose now is financial gain, and few hackers hack for fame nowadays. Attacks such as ransomware, zero-day attacks and Advanced Persistent Threats (APTs) are
widely being used to penetrate digital defenses. Sophisticated attacks call for sophisticated defense mechanisms. Hence the demand for these solutions has increased. We also see that threats targeting mobile devices are on the rise but unfortunately users are still not aware of the damage such attacks can cause. Please list out your line up of security solutions? Have you added any new products in the last 12-18 months? We are releasing the latest version (version 6) of our endpoint security and remote administrator, and it will include a whole set of new features and a more user-friendly interface. Also, at GITEX 2014, we will unveil Version 8 of our flagship
ESET Smart Security and ESET Nod32 Antivirus solutions. To protect Mac users against phishing attacks and social media based exploits, we have released our new and improved ESET Cyber Security Pro and ESET Cyber Security solutions. Both products come with added layers of protection to Apple’s built-in Internet security features. In the current technology and business landscape, what do you believe poses the largest threat to an IT network/ infrastructure? How can organisations effectively tackle these challenges? We classify threats into two categories, internal threats and external threats. Internal threats are caused by employees who are malicious or simply not aware of security measures. They can cause a lot of damage to the organisation’s IT network and infrastructure. The second part, is the external threat. This will include, hackers, hacktivists, cyber-espionage and criminal groups. These groups or individuals will use the latest techniques and methods to cause maximum damage to your business. How are you helping your channel partners leverage the demand for the latest security products and solutions? We organise weekly training for both sales and technical enablement. We also make sure that our partners have our support through every stage of the business cycle, starting from presales, going to sales and ending up with support and after sales. We support them with MDF as well. We offer our full support when they conduct marketing activities such as awareness campaign, events and seminars.
15
HP Fortinet
Lead with partners Alain Penel, Regional Vice President, Middle East, Fortinet, discusses how partners can successfully sell IT security solutions against a fast-evolving threat environment.
Alain Penel, Regional Vice President, Middle East, Fortinet
Please list out your line up of security solutions? Have you added any new products in the last 12-18 months? Fortinet has introduced a number of new products in the last 18 months, including the disruptive FortiGate 1500D, our highperformance next-generation firewall. In addition to this, we have also launched the upgraded FortiOS 5.2 operating system that works in collaboration with the FortiGate -1500D to fight advanced persistent threats. We also expanded our DDoS product family to cater to mid-to-large size enterprises as well as MSPs. With our latest launch of the FortiGate-5144C, we have redefined the standard for firewall performance by being the first network security vendor to deliver a firewall that exceeds 1 terabit per second throughput
16
performance and offers 10GbE, 40GbE and 100GbE connectivity options. This firmly positions the FortiGate-5144C as the world’s fastest firewall, making it the ideal security solution for carriers, service providers and largescale enterprises who have the most demanding performance and scalability requirements for network security, and who want unparalleled versatility and flexibility in delivering high performance data, application and network protection to their customers and users How are you helping your channel partners leverage the demand for the latest security products and solutions? Our partner programme provides our partners with a variety of benefits from sales to marketing, education and support to make sure we are helping our channel partners leverage the demand for our products and the latest security solutions. Hence our partners can enjoy free online sales and technical trainings and the eligibility to attain a specialisation (Fortimail, Fortiweb, Fortiwireless specialist). We believe that helping our resellers to be confident and knowledgeable of our products will help us gain more success and hence we made sure our training is available online and for free. We have also empowered our partners with lots of marketing benefits that start from lead generation programmes to the eligibility of partners funding of
joint marketing activities to make sure we can support our partners and align on our go-to-market strategy. Today we can attribute our immense success to the hard work and bullish sales of our channel partners, who continue to bring our solutions to an ever expanding market. With so much competition on the horizon how do you differentiate your products and services from your competitors? How do you help your resellers differentiate their offerings? As the third largest network security company in the world, Fortinet provides a broad and diverse portfolio of network security products and subscription services to customers around the globe, offering integrated and high-performance protection against advanced threats, while simplifying and streamlining IT security infrastructure. Besides the new FortiGate5144C, we have deepened our presence in the mid-market by unveiling two new next-generation firewall platforms – the FortiGate300D and FortiGate-500D – that provide mid-enterprises with five times next-generation performance for defence against advanced threats. We also expanded our cloud services play by enhancing the existing FortiWeb-VM Web Application Firewalls (WAFs) for Amazon Web Services (AWS) to include ondemand, pay-as-you-go offerings. Aligning with a robust product offering we worked on a strong channel partner programme that we are using extensively today with our partners to make sure they can differentiate their offerings when it comes to our products. Fortinet is committed to its resellers and it will continue to innovate in partner education, enablement and profitability.
Nirsun Technology
Combating cyber-attacks Shailendra Rughwani, MD, Nirsun Technology, explains the potential threats from cyber-security breaches and what is in store How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? Our day-to-day lives, economic existence, businesses and national security depend on a stable, safe, and resilient cyberspace. We rely on the vast array of networks to communicate and travel, power our homes, run our economy, and provide different government services. Cyber-intrusions and attacks have increased dramatically over the last decade, exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy. In the last 15 years, there has been an evolution of cyber-threats. Earlier, there used to be viruses designed for various purposes, from those written to annoy people to those that allowed attackers to control PCs and victims’ networks. Today, we are dealing with viruses that act as cyber-weapons and extortion tools. While the old threats still exist, an average PC user now has much more to worry about such as secure online banking and shopping, online extortion, social
media privacy and unsolicited third party surveillance. The changing scenario has driven the requirement for more investments and efforts for cyber-security. With the number of Internet users expected to surpass 25 billion by 2015, the issue of cyber-security and attacks from cyber-criminals are increasing. This is why it is critical for companies to remain vigilant about the threat of cyber-attacks and to ensure their defenses are keeping pace with the changing face of the threat. How have these changes impacted your revenues from this line of business? As an organisation which does business online, be it banking to regular business transaction, we have invested in equipment and software like firewalls and security software which we update on a regular basis as the cyber-attackers are always one step ahead. What are your market differentiators? One of our specialisation is surveillance security and offer complete solution including hardware and software.
"With most of the services now using cloud technology, cyber-threat has become more of an issue. Keeping the data safe on cloud is of utmost importance for businesses."
Shailendra Rughwani, MD, Nirsun Technology
How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change? With most of the services now using cloud technology, cyberthreat has become more of an issue. Keeping the data safe on cloud is of utmost importance for businesses. Are there any other trends security partners should look out for in the next few years? Cyber-security threats designed to steal information, disrupt infrastructure, create public panic and interfere with companies’ day-to-day operations will continue to become more sophisticated and frequent as we go into 2015. They will also increasingly target mobile devices. The issues encompassing cyber-security are vast, complex and constantly evolving. To meet this threat head on, companies must evaluate the vulnerability of their systems, invest in cyber-security defenses and constantly be looking to identify the next threat.
17
HP Middle East SNB
Optimising security Sanjay Raina, Director, Networking and IT Security, SNB Middle East, discusses the trends in infrastructure and information security in the region.
Sanjay Raina, Director, Networking and IT Security, SNB Middle East
What do you believe are the elements that differentiate your offerings from those of your competitors? By providing ample thrust to innovation, we have been able to associate technology’s potential to transform business and growth objectives, paving way for simplicity, cost reduction, evident growth in efficiency and desired control. In the context of infrastructure and information security, the very idea of protecting and safeguarding has evolved to a great extent. Moving from being a business driver to becoming a business enabler, our solution offering to channel partners do a lot more than just secure. It ties strongly with key business and technology decisions. As CXOs struggle to cope with the impact of evolving market forces and disruptive trends, we have enabled
18
innovation that helps our partners turn disruptive into productive, helping them embrace the change with confidence and control. To this end, our portfolio of products and solutions fulfils all strategic needs for our customers. Our partners and resellers are the extension of our business and directly correspond with the end customers, have also adopted our innovation strategies. Also regular engagements with partners have allowed us to gain crucial customer insights while simultaneously providing our resources. How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change? There is growing sophistication and maturity in the kinds of attacks these days, most of which are now routed via cloud. Threat actors have evolved advanced methods for embedding their malware in networks and staying undetected for longer periods. Our solutions are designed to take these challenges head on. To make sure these solutions reach the market, we are working with our partners and have increased awareness for our next generation firewalls and centralised security management solutions. In addition to cloud and virtualisation, increased usage of BYOD, and outsourcing of business processes have further led to adoption of information and infrastructure security.
Are there any other trends security partners should look out for in the next few years? The security landscape is changing at a rapid pace with higher number of attacks on public clouds, which is a big concern as the transition to cloud is picking pace. Existing IT infrastructure in many organisations is either over-burdened or incapable to meet increasing demand for ICT innovations and consumerisation of IT. Businesses want to make their networks more open and collaborative but struggle in unifying security, productivity and connectivity needs. To this end, we have successes in driving desired awareness for our next generation firewalls and centralised security management solutions. CXOs are choosing solutions that are equipped with next generation security features, actionable intelligence or reporting and enable scalability, flexibility while aiding high-performance needs for enterprise security. IT spending in the Middle East is likely to top $32 billion in 2014 alone. Consumers, communications, financial services and the public sector are forecasted to be the biggest contributors. Also, the ability to use software, computing power and storage online ‘as a service’, paying only for what you need and only when you need it, may put the cost of information technology within the reach of a large number of emerging small businesses in the Middle East. Needless to say, as IT reaches more people in these segments and verticals, cyber-criminals will see new opportunities for malicious campaigns and hacking attacks. Certainly this will lead to increased demand in reliable next-generation infrastructure and information security.
A White Paper Enhance Your Network from AccessData Threat Detection Group Capabilities
Tackling the Challenges of a Mobile, Digitally-Driven World with Advanced A Core Capability of the ResolutionOne Platform Mobile Device Forensics ™
Learn more at www.accessdata.com/resolutionone-platform
This is NextGen IDS!
Perfect Pairs
ThreatTap is an all-in-one virtual solution for enterprise network threat detection. Setup is easy with network segment configurations. ThreatTap immediately begins network data analysis. Each ThreatTap virtual appliance can monitor ingress/egress points for HTTP or SMTP protocols and is scalable across multiple segments for holistic network coverage. Now is the time for a new approach to network threat detection. Experience this core capability of the ResolutionOne™ Platform today. The ResolutionOne™ Platform serves as a single conduit for multiple threat intel formats from various sources, storing virtually any threat intel. Meanwhile, other tools are only able to monitor against a single—often proprietary— source of threat intelligence.
How Does It Work? 1.
ThreatTap analyzes network session and metadata against our ThreatBridge threat intelligence correlation engine with: • Feeds from Norse© Darklist™ and ThreatTrack® ThreatIQ™ • Support for STIX, OpenIOC, and custom feeds
2. Verified threats are then analyzed against ThreatBridge to provide context and additional intelligence through Automated Threat Context Delivery. • Correlate findings with VirusTotal ® and Alexa© • Perform reverse DNS resolution to provide suspect domain info
ThreatTap + ResolutionOne
• Real-time network and endpoint threat correlation • Central analysis and monitoring of all ingress/egress points • Verification of delivered payloads at endpoints • Comprehensive, automated remediation and recovery operations • Threat hunting against historical network communications as well as artifacts on the operating system including memory • Signature-less malware triage and analysis
ThreatTap + AD Locksmith
• Gain visibility into encrypted network communications, such as SSL and SSH, to detect threats that elude most threat detection technologies.
3. Monitors content in web and email traffic for potential malicious artifacts to include URLs, email addresses and binaries. 4. Detected threats with context intelligence are presented in a dashboard in prioritized order for rapid and efficient security decisions. The ThreatBridge™ intelligence engine is included in the ResolutionOne Platform and provides the most comprehensive real-time detection available, while simultaneously optimizing your ROI in threat intelligence!
AccessData Tel: +971 44221791 imea@accessdata.com www.accessdata.com
...AccessData’s ResolutionOne Platform has reduced our response times from 12 hours to 2.5 hours. That’s an 80% reduction in response time. Golan Ben-Oni, CSO and SVP of Network Architecture, IDT Corporation
ARM Tel: +971 44221 260 info@arm.ae www.arm.ae
AccessData is a registered trademark of AccessData Group. ResolutionOne is a trademark of AccessData Group. © 2014 AccessData Group. All Rights Reserved.
START LOADING THE FUTURE WITH THE LEADING PROVIDER OF IT BUSINESS SOLUTIONS IN THE GCC
Looking for an IT partner that offers a winning combination of world-class technology, customized solutions and personalized expert support? Look no further. As the sole distributor for IBM in the Gulf*, with over 20 years of regional experience and an expansive network of best-in-class partners, particularly Cisco, Gulf Business Machines (GBM) understands how to leverage the potential and power of IT better than anyone. Fast, future-proof and easy. Visit www.gbm4ibm.com to get started.
ABU DHABI DUBAI BAHRAIN KUWAIT OMAN PAKISTAN QATAR
*IBM Sole Distributor in the GCC excluding selected products and services, excluding Saudi Arabia. Š2014 Gulf Business Machines. All rights reserved. GBM, the GBM logo, START LOADING THE FUTURE are trademarks of Gulf Business Machines. IBM and the IBM logo are registered trademarks of International Business Machines Corporation (IBM) in the United States and other countries and used under license. IBM responsibility is limited to IBM products and services and is governed solely by the agreements under which such products and services are provided.