The latest trends in IT security
Safe and secure
26 - 28 April 2015 DUBAI WORLD TRADE CENTRE
JOIN US @ GISEC 2015
We are at SR-D10
TWEET & WIN #CGisec15
TECHNOLOGY PARTNERS
CONTENTS
editor's note Each technological milestone unfortunately also increases the potential of security breaches. The Internet of Things (IoT), social media, virtualisation, cloud computing and mobility are few areas through which the industry has experienced data breaches, cybercrime and other malicious activities. Research firm IDC predicts 25 percent of large enterprises will make security-related spending decisions based on analytical determinations of risk by 2016. And, understanding this, Middle East organisations are paying close attention to their security parameters and are devising strategies to build upon them. Reseller Middle East’s Security Supplement 2015 looks into the evolution of the security landscape within the region and endeavours to understand the current security solutions available for businesses and how partners are enabling themselves in this dynamic ecosystem. With features and interviews from established vendors and partners, the supplement continues to reflect the trends and market developments.
04 06 08
Security Strategies A different approach Making the right choice
09
Align with market trends
09 10
Customised solutions Effective measures
11 12 12 13 14
15 16 16 17 18
14
18
A mobile future Countering attacks Consult and cure Integrate offerings Strengthening perimeters Strategise for secure future
In a different league Stay prepared Adopt the services way Aligning value offerings Building cyber resilience Strengthening defences A Supplement of reseller me
3
GBM
Security Strategies Hani Nofal, Vice President of Intelligent Network Solutions, GBM, shares insights from the company’s 2015 annual security survey.
N
ot so long ago, our online profiles were the least of our concerns. But with the advent of social networking sites and e-commerce, we are becoming more mature as users in the cyber-world and are increasingly worried about online privacy. Identifying this shift, the fourth annual GBM Security Survey sheds lights on privacy-related concerns and reveals key findings linked to enterprise security within the region. Hani Nofal, Vice President, Intelligent Network Solutions, GBM, says, “Privacy is at
Hani Nofal, Vice President of Intelligent Network Solutions, GBM
4
Kaleidoscope
the top of everyone’s mind today. The majority of us are online 24/7, we are interacting and communicating internally and externally using multiple forms of applications. Our status has become very visible. We believe that there is an increased concern related to privacy. Our study gives insights into privacy in the region and how it is dealt with across the GCC.” The study also examines the privacy levels of an enterprise’s C-level executives, who carry with them critical information and sensitive data at all times. Are organisations considering the profiles of its senior management? The survey reveals that 80 per cent of these executives use mobile devices for work. However, surprisingly only 10 per cent have adequate security to protect the data on it. “We wanted to test the intersection between general privacy concerns and how the impact could be on the executives. Our survey covered about 500 individuals and around one fifth were C-level executives,” says Nofal. Adequate security measures should ideally include a combination of fingerprint or pin verification along with certificate and VPN. But according to the study, half of the respondents use a single security method and an alarming 14 per cent use no security at all. Another key finding was that the majority of the users, 70 per cent to be precise, had data and identity theft fears while transacting online. However, interestingly enough, 70 per cent of professionals in the region are unaware or lack the clarity of the cyber laws applicable in their countries. And 60 per cent of the participants do not read T&Cs upon accepting while downloading apps or transacting online. This leads to self-made privacy breaches, where individuals give permission of access to their own information voluntarily. “Although breach in privacy has become a criminal act, the lines around it are murky. We are all guilty of not knowing our basic rights if we become victims of a
privacy breach. IT professionals do not have complete awareness of the cybersecurity laws in their country. There is a long way to go in this area,” Nofal adds. It is no longer just about technology; today cyber-security involves being aware and educated about one’s online rights. Enterprises need to have security policies and procedures in place to build a secure online environment for their workforce. The problems around security are beyond BYOD, according to Nofal. “It is more about the platform, applications, and data you are going to use on your device. Some level of control or monitoring is required by enterprises for BYOD policies. We have inspected several cyber-incidents that came from within organisations. This is either because of lack of knowledge and experience or lack of proper policies in place.” Understanding that the work to secure the infrastructure within the organisation is immense, GBM has also recently launched a consulting services division. Through this, certified and trained personnel audit the security infrastructure of the organisation. Having seen a positive response to this initiative, Nofal says, “Things are changing slowly, largely because authorities are also enforcing these type of services. There are now risk and compliance standards, which an organisation needs to comply with.” While the figures of the study should trigger alarm bells within the region, there are aspects the industry can work on to pave a better path for the future. One of the first things is to invest more to ensure we have the right technology infrastructure. “We are far from having the optimum infrastructure required in many areas. We are still seeing basic aspects missing in the building blocks of secure infrastructure,” Nofal adds. “Also, there is a huge lack of adequate investments in human capital. We as a region have a high demand of professional resources but it is also a major challenge to find the right resources with the right experiences in IT in general and in
Key findings
80%
use the same device for professional and personal purposes.
70%
of professionals in the GCC are unaware or lack clarity of the cyber laws applicable to their organisation.
Qatar
rated highest on awareness, followed by UAE. Less than
13%
of users adopt appropriate security measures to protect mobile usage for corporate use. More than
50%
of all businesses are either building new apps or will be building apps in the next 6 months.
security particularly. Planning the right resources over the next five years to lead and provide the right vision and adopt the right solutions for our region is a big challenge.” There is considerable work required in raising awareness of the community in general about safe behaviour in the cyber-world. This should start from the school level to achieve effective results, says Nofal. Another issue to be tackled heads-on is hacktivism. Today it is no less than an industry in itself. “We have funds coming from entities and other countries. Being cyber-ready is beyond one particular organisation, it is now a national agenda,” he adds. A Supplement of reseller me
5
GBM
A different approach GBM launched a dedicated Security Practice team and introduced the GBM Security Framework to assist organizations in the GCC to reduce their risk exposure.
G
BM understands the various challenges faced by CIO’s and CISO’s and has built a framework of defense, comprised of solutions and services, to help organizations achieve IT Security Industry best practices and enhance their risk mitigation frameworks. The Framework is developed to address the traditional and new challenges faced by organizations in partnership with best-of-breed solutions from partners who have a strong commitment and road map towards security. GBM offers solutions and services in the following areas to mitigate the increasing risk facing all companies today. GBM focuses on people, processes and technology to ensure a holistic approach towards mitigating risk and GBM Security Framework effectively safeguards brand name, reputation and assets. Ranging from end-point security to applications, from database to people & compliance, GBM offers solutions to protect IT environments from external and internal threats. GBM provides security products, software and services to customers across the Gulf region with solutions for all industries. The offerings include People Security, End-Point Security, Risk, Compliance, and Intelligence, to meet the various challenges faced by organizations. People are a major source of leaked information, whether through social networking, inappropriate access to data, or simply losing control of critical information. Customers in the GCC believe a third of major IT-related
6
Kaleidoscope
incidents are from their own staff. GBM helps clients to mitigate risk around provisioning users for application access and network access. Key solutions offered are Identity and Access Management; Identity-based Network Access Control, BYOD, and User Awareness Training. The second area of consideration is data protection. Basic data can be sourced and engineered into information that becomes confidential intellectual property. Because data at all stages of its lifecycle can be exploited, GBM offers comprehensive data security for data in rest, data in motion, data in use to prevent unauthorized access, and data leaks. Key solutions offered are Database Security, Data Masking Solutions, Public Key Infrastructure, Encryptions solutions and Data Leakage solutions. Application security is perhaps one of the newer challenges in the GCC, due to the reliance on external developers. The region has the highest concentration of mobile devices per person in the world, yet there is little consideration for the opportunity to exploit these new applications. It is almost certain that a brand new mobile application has as many vulnerabilities as a traditional browser-based application. The only difference is that active hacker communities are themselves still getting up to speed on new methods and techniques for mobile invasion. GBM offers integrated solutions from its alliances for web application security and vulnerability management for applications, including mobile.
Managing risk and implementing compliance standards are ongoing challenges for organizations. Over the past year, risk has emerged as a primary driver for information security spending in the region, however, compliance continues to play a critical role in sustaining security spending in regulated sectors like finance, telecommunication, and manufacturing. Organizations must evaluate the risks associated with non-compliance, which can have severe legal and fiscal consequences and can create a level of distrust with customers. Noncompliance can even have the effect of tarnishing an organization’s overall reputation, leading to the perception that it doesn’t follow any business best practices in general. GBM offers various services to help achieve a better security program that meets compliance standards or implements a security compliance standard. GBM offers Penetration Testing, Risk Assessments, Security Architecture Reviews, Configuration Reviews, ISO 27001:2013, ISO 22301, ISO 20000, Dubai ISR, Abu Dhabi ADSIC 2, Qatar NIA, PCI- DSS compliance, SOC Consulting, Business Continuity Consulting, and Forensics Analysis as part of our Advanced Services offerings. Finally, the infrastructure of an environment itself should be secured and protected. It is of some concern that 55 percent of customers believe they have had no security incidents in the last year. This is the IT industry equivalent of a burglar living in your home, undetected. Predictive security analytics is an emerging field whereby real time threats can be assessed and acted upon before they happen. Some call this ‘intelligent security’, and it is now recognized as the only way to get ahead of the growing community of smart, active and determined methods of attack. GBM offers various solutions for SIEM, analytics and forensics to enable security intelligence for your organization.
GBM
• Upgrading your network to 10 or 40Gb? • Deploying virtualized servers or networks? • Installing new security devices? • Implementing network monitoring?
Dramatically improve your monitoring and security capabilities. www.gigamon.com/campaign/security
email : marketing-ae@arrowecs.ae phone : +9714 372 4906
Look closer. Go further. A Supplement of reseller me
7
Help AG
Making the right choice Selecting the right vendors and the right solutions are equally important in gaining the trust of customers. Help AG performs group tests in all of its core technology and solutions areas to evaluate how well the products work.
Stephan Berner, Managing Director, Help AG
M
atching one’s security portfolio with the demands and requirements of customers is key to selling security successfully. Stephan Berner, Managing Director, Help AG, says, “The first step is to constantly evaluate our product portfolio and see if it meet the
8
Kaleidoscope
requirements of our customers and the security requirements we see coming up. Our security analysis team is a great source of knowledge and insight for this task.” The next step is to identify the major areas where technology is needed. After which the systems integrator begins evaluating vendors. “Vendors
are evaluated from both a technical and commercial perspective, but all aspects of a solution need to be correct. Generally it is easier to compensate for a poor local presence by a vendor if the technology is phenomenal, than it is to have a large sales organisation present, but with a bad product.” Selecting the right vendors and the right solutions are equally important in gaining the trust of customers. Help AG performs group tests in all of its core technology and solutions areas to evaluate how well the products work. “This exercise allows us to build competence in both the technology domain as well as in specific products. Right now we are spending some time in the lab identifying network access control solutions,” Berner says. He believes that vendors need to create better awareness of their offerings and support partners in delivering solutions effectively. He adds, “Vendors should invest in creating further market awareness, rather helping end customers to understand the benefits and advantages then confusing them with marketing slogans.”
Arrow ECS
Align with market trends V
alue-added distributor Arrow ECS offers solutions that safeguard enterprises’ physical and intellectual properties, all through the lifecycle of an asset. Boasting a portfolio of over 50 vendors across security, networking and mobility, the distributor’s Middle East security vendors include F5, Checkpoint, IBM Security, McAfee, RSA, Infoblox, Gigamon and Skybox. “We continue to look into expanding our offering portfolio to complement our exciting lines and help solution providers better address emerging market and business needs,” says Jesper Trolle, Vice President of Sales, Marketing and Services, EMEA, Arrow’s Enterprise Computing Business. The security landscape is extremely dynamic in nature. And as each emerging technology gains popularity, the risks are only bound to increase further.
“With the emergence of technologies such as cloud, IoT and mobility, companies need to open up their internal networks to the outside world and to all kinds of devices, which creates vulnerabilities. Such security vulnerabilities are to be addressed by identity management to access the corporate network. “As enterprises continue to balance data storage between their data centre and the cloud, our expertise and vendors add up to agility. The same can be said whether it’s for their own cloud infrastructure, their portion of the public cloud or something in between. That’s the only way to secure data within a realm that’s still taking shape, ensuring customers reap all the rewards of cloud while staying compliant,” he explains. A Gartner report indicates that the lack of availability of skills in the market,
Jesper Trolle, VP, Sales, Marketing and Services, EMEA, Arrow ECS
coupled with the prevailing business scenario, reflect that most enterprises rely on value-added resellers and systems integrators for their security requirements, thereby creating huge opportunities for those vendors that can align themselves with emerging buying segments. “We will continue to operate as a trusted advisor to our resellers, supporting and enabling them to grow their business and maximise their investments,” Trolle says.
Bulwark Technologies
Customised solutions C
ustomers are in the process of analysing their current security infrastructure, owing to the increase of cyber-security threats within the Middle East region. “Some customers are planning to replace their existing security solutions or add new ones based on the latest technology, to address the ongoing and new security threats from both external and internal sources,” says Jose Thomas, MD, Bulwark Technologies. “In line with this, the solution providers are also compelled to offer solutions that could address the security concerns of their customers in this evolving security landscape. We have noticed an increase in enquiry and demand for the security solutions that we have in our portfolio.” For a distributor, choosing the right security vendors from the many that exist in the market can be challenging
Jose Thomas, MD, Bulwark Technologies
but is an important task. Thomas adds, “We believe that the criteria to picking the right vendor are: strong industry knowledge, sound technical understanding of the fast-changing security landscape and ability to quickly
address the threats combined with balanced sense of customer support.” The rapid adoption of cloud, virtualisation and IoT technologies by enterprises is affecting the security landscape. In such a scenario, how can distributors leverage these trends? “Most of our solutions are available in cloud, on-premise and hybrid models suitable to the customers’ requirement. By the same token, the solutions dealt by us are suitable for virtualised environments as well as giving the customers many flexible options when it comes to implementation and managing.” Vendors should play a crucial role to enable channel partners and distributors to optimise opportunities present in the market. “They should maintain regular interactions with customer,s channel partners, distributors and understand the customer needs. They need to identify the new security threats coming up and address them quickly. This should be done by working closely with the channels, providing support, taking timely decisions and extending some flexibility in the dealings to create a win-win situation for all.” A Supplement of reseller me
9
ComGuard
Effective measures Ajay Chauhan, CEO, ComGuard, discusses market differentiators and security selling strategies.
W
security practices. With that, obviously, revenues are set to climb in the information security expanse. What are the important factors to consider while selecting the vendor portfolio? A few of the most important factors we consider while selecting our vendor portfolio includes their technical competencies, robustness of their solutions, how their solutions and products address technology gaps within ComGuard’s portfolio and the end user topography in the region.
Having launched our business with a backdrop of training and professional services, we identify with the true essence of being a value-added distributor. 10
Kaleidoscope
What are your market differentiators? Having launched our business with a backdrop of training and professional services, we identify with the true essence of being a value-added distributor. This, coupled with strong presales and post sales teams, proficient in each of the 30 plus technology partners that we represent, definitely sets us apart from our competitors. How is the adoption of cloud, virtualisation and IoT set to affect the security landscape even further and how are you preparing to leverage this change? The security landscape is now becoming additionally competitive due to the adoption of cloud and IoT, and owing to this, the number of assets which could be compromised is expected to grow exponentially. In today’s android world, with concepts like the Internet of Things capturing realms that we thought impossible until recent times, take the entire ecosphere to a whole new level of transformation.
Ajay Chauhan, CEO, ComGuard
hat have been the changes and trends in the security landscape over the last few months? How have these changes impacted your revenues from this line of business? As the technology landscape matures, customers in the region are now embracing cloud slowly but surely, with the on-premise models making way for virtualisation over time. And while this definitely gives organisations a chance to improve in many ways, it also does create new risks and demands new
Do you make sure you enhance your portfolio depending on market trends? Yes, we do. In fact, we have a dedicated team catering to just this. It is imperative that we are up to speed in this dynamic turf.
Currently, what are some of the challenges you face while selling security? IT security is a growing threat for businesses of every type and no organisation is really safe. It is never a question of if but when. And when 'it' happens, most times companies are not ready. One of the main challenges met while selling security is the fact that businesses do not normally invest in critical solutions until an actual breach is encountered. What should vendors do to enable you to optimise the opportunities present in this area? Vendors need to document breaches, educate, and help partners educate the market on how their products and solutions can effectively prevent security threats. Also, more and more case studies and POCs need to be made available in the relevant domains to substantiate their claims.
HID Global
A mobile future Siva Shankar Maheswaran, End User and Consultant Business Manager, HID Global, believes that student IDs may not even be card-based by 2020. At the very least, plastic cards won’t be the only way to carry student, faculty or staff credentials.
Siva Shankar Maheswaran, End User and Consultant Business Manager, HID Global
N
ow that IDs are going digital and are extending to smartphones and other mobile devices, users will have more options than ever for opening doors and parking gates, paying for products and services, accessing campus VPNs, wireless networks, cloud and Web-based applications. Plus, because underlying access control systems are now based on interoperable platforms and open standards, we are poised for unprecedented innovation in how campus IDs are created, used and managed. Many universities are already deploying campus IDs on smartphones. With a simple tap of the phone to a
mobile-enabled reader, users can open doors, buy meals, check out books and equipment, and pay for parking, transportation and other services. A recent Vanderbilt University pilot of HID Mobile Access included another 'twist' as well – using the smartphone’s Bluetooth connection and gesture technology to open a door or parking gate from a distance by simply rotating the device. Pilot participants particularly appreciated the convenience of not having to roll down their window as they approached a parking gate. Consider students in wheelchairs, for example, for whom it was previously
difficult to tap a card to a reader and then navigate the doorway before the door closed again. This will no longer be a problem with mobile IDs that open doors from a distance using gesture technology. But mobile convenience doesn’t end with smartphones. For instance, those who are willing to relinquish their phone for a hands-free morning workout will soon be able to head out the door with nothing but a digital wristband carrying their campus ID, enabling them to access the campus fitness centre, buy a latte at the coffee shop, or pick up a few necessities from the university convenience store before returning to their dorm room. As we move forward, campuses will also be authenticating identities for more and more activities, extending the value of their access control investments while further enhancing the user experience. Identities are not only being used today to open campus doors and purchase items, but are also being used for time and attendance, secure print management and other daily tasks. Future IDs – whether on plastic cards or mobile devices – will do even more, with increasingly important benefits. Despite the growth of mobile identity solutions, don’t expect plastic ID cards to go away anytime soon. Some campuses will still want a visible ID badge, which will continue to transition from mag-stripe cards with little or no fraud protection to high-frequency contactless smart card technology. To optimise badging, universities will select printers, card materials and software that enable them to incorporate both visual and logical anti-tamper elements into their cards for more trustworthy, multi-layered authentication. Inline personalisation will grow in popularity as well, enabling card offices to combine multiple processes into one automated step. It is difficult to predict all the possible innovations and use cases that will emerge as campus IDs move toward the next decade and beyond. But today’s technology is enabling universities to offer functions that were not possible, or perhaps not even conceivable, with yesterday’s mag-stripe or prox cards. All of the pieces are moving into place in 2015 for unprecedented innovation around the campus credential. A Supplement of reseller me
11
Cisco
Countering attacks Meghan McCarthy, Regional Sales Manager, Partner Organisation and Commercial Segment, Cisco UAE
C
yber-criminals have understood that harnessing the power of the Internet infrastructure can cause more far-reaching damage than simply gaining access to a single device. The 2014 Cisco Annual Security Report revealed that total global threat alerts increased 14 percent year-on-year from 2012-2013.
“By targeting the Internet infrastructure, attackers undermine trust in everything connected to or enabled by it,” says Meghan McCarthy, Regional Sales Manager, Partner Organisation and Commercial Segment, Cisco UAE. She adds that today the top three security concerns for Middle East organisations include shortage of skills, BYOD and outdated security measures. According to Cisco’s report, there will be a shortage of more than a million security professionals across the globe. “The sophistication of the technology and tactics used by online criminals have outpaced the ability of IT and security professionals to address these threats and most organisations do not have the people or the systems to continuously monitor extended networks and detect
infiltrations, and then apply protections, in a timely and effective manner.” The connected environment demands organisations to prepare for both the opportunities and risks it brings about. “Partners play a key role in getting their customers to make the right investments in security technologies. They need to educate and empower the customers with real-world knowledge about the expanding attack surfaces,” McCarthy says. Organisations should be proactive in their attitude towards resolving security threats and creating awareness. “It is no longer a matter of if these attacks will happen, but when and for how long. Once the big picture is understood, the good news is that channel partners can put measures in place to counter attacks, before, during and after they happen.”
D Software
Consult and cure
Shahnawaz Sheikh, Distribution Channel Director, D Software
T
he top security concerns Middle East organisations have today are data breaches, productivity of employees and protection from advanced threats, BOTs, ransomware and evasion threats, says Shahnawaz Sheikh, Distribution Channel Director, D Software.
12
Kaleidoscope
“With growing application usage and control of the running cost on bandwidth increasing, organisations want to ensure their users spend time and use bandwidth for business purposes, limiting or saving the usage on non-business applications that causes productivity loss and malware threat concerns.” Organisations can gear up to these challenges by adopting a consultative approach and analysing networks at multiple layers. “Each layer must be then protected with the needed security, with good access governance policies, and with good data retention and data protection policies. “This needs to be coupled with strong security products that deliver comprehensive security to detect and protect companies from sophisticated attack techniques and also has the ability to simplify the business processes with application intelligence and control to raise
the productivity of the organisation and at the same time keeping a check on ROI.” So, how can partners make the most of the opportunities present here? To begin with, partners should look at taking an end-to-end consultative approach and listen to customer needs. “They need to work an optimally priced and simplified solution that helps customers manage their infrastructure with minimal management and operational burden. The trust that the partner gains in the eyes of their customer as a trusted advisor helps them to command the needed margins that can support their businesses to retain specialised skills that can be at the customer’s disposal to serve them better,” adds Sheikh. Understanding that partner enablement starts with sales and technical trainings, D Software believes in equipping its partners with needed knowledge transfer and empowering them to be the first line of support to its customers. “Partner training embodies our endless commitment to our partners, at the same time we equip our partners with the required business tools.”
Gigamon
Integrate offerings Trevor Dearings, Marketing Director, EMEA, Gigamon, says integration is key to stay ahead of the evolving regional security trends.
ago the question of building a security infrastructure was low on customers’ list of priorities. When we sold a network infrastructure to support a new data centre, the question of security very rarely occurred, which is different to Europe for instance. This means that the building of a security infrastructure is happening much later and so is happening very quickly as the threat levels out in the world change. What go-to-market strategy should partners adopt to profit from security solutions? The key to being successful in this market is to be able to offer an integrated solution from multiple vendors, this would include traditional devices like firewalls and IDS but now also now SIEM, NAC, forensics, behavioural anomaly detection and a security delivery platform to make them all work in the most efficient way. As a vendor, how are you alowing your channel partners to leverage the demand for the latest security products and solutions? In an environment where a multi-tier security infrastructure needs to be built, we work closely with other vendors in the industry to help our channel partners deliver a solution that is easier to integrate. By building a security delivery platform, it is easier for our partners to be able to deliver the most optimal security solution.
Trevor Dearings Marketing Director, EMEA, Gigamon
W
hat are the top three security concerns Middle East organisations have today? How can organisations effectively tackle these challenges? The concerns globally are reasonably consistent: sabotage, theft and social engineering. The only way to prevent these attacks is to build a multi-layered security infrastructure consisting of protection from the physical up through to the content and behavioural level. There is no one solution to solve all problems but a good integration of leading class solutions will afford the best protection.
Can you elaborate how the current market trends have affected the demand for security solutions in the region? The huge growth in smartphones and tablets in the region has made access to resources even more important for those needing to work on the move. This opens up an organisation to attack at many levels and with the region becoming the centre for business in so many areas; the opportunities for the criminals have grown. What are some characteristics unique to the region when it comes to security trends? The speed of development of the region means that systems had to be implemented quite quickly and 10 years
How is the security landscape set to evolve over the next two years within the region? How can partners better prepare to face it? It is obvious that attacks will become more sophisticated and as such, business needs to improve its’ agility to meet these threats. A single perimeter solution will not be able to provide this level of protection, therefore integrating a number of techniques will be the only option. Keeping in line with the market trends, have you added any new products in the last 12 months? We have added a new platform that allows users to connect a variety of security solutions to the network. We provide a choice between adding devices in-line, out of band or both. This means that simultaneously a user can analyse the same stream of traffic to determine the potential threat posed within that stream. A Supplement of reseller me
13
Dimension Data
Strengthening perimeters
Muhammed Mayet, Practice Manager, End User Computing, Dimension Data
“
Security is seen by most clients as a grudge purchase," says Muhammed Mayet, Practice Manager, End User Computing, Dimension Data. "As with insurance,
most clients see and comprehend the risk, however, they often feel that it is unlikely that they will be targeted. It is only after an incident occurs, which results in a breach of critical systems that organisations take security seriously. At this point, it is often too late as data may have already been lost or compromised.” Emerging technologies such as cloud, Big Data and mobility have increased the threat surface. Only a holistic approach to security, which takes into account the data lifecycle within the company, can help organisations combat the threats lurking at every junction. “By taking a vendor agnostic approach focused on people, process, technology and threat insight, Dimension Data is able to offer our clients an approach to security, which aligns with their business requirements and delivers protection
across all security domains,” Mayet says. The network perimeter remains an important point of control and enforcement for security in all organisations, however, the increasing adoption of cloud and Internet-based services has led to more points of entry and exit being introduced. “Addressing this challenge directly can only be accomplished by addressing end-user requirements for systems and tools, which enable and not hinder productivity,” he adds. “Through our End-User Computing Development Model (EUCDM), Dimension Data provides clients with a strategic toolset, which is both practical and pragmatic. It assesses an organisation’s competence and capability in the area of end-user computing against a set of operational and strategic criteria. We review where you are today across six key areas users, applications, operational, devices, infrastructure and security - to develop a roadmap, which transforms how enduser computing services are delivered and secured.”
Kaspersky Labs
Strategise for secure future
Ovanes Mikhaylov, MD, Kaspersky Lab ME
T
o effectively tackle the security concerns of today, organisations must consider building an early warning system against external attacks
14
Kaleidoscope
through threat intelligence services and ensure using dedicated security solutions for protecting virtualisation environments and mobile applications, says Kaspersky Lab’s Middle East MD, Ovanes Mikhaylov. There are certain aspects that are unique within the region. “The local high context culture is one of them. Recently we saw advanced threat ‘Desert Falcons’, for example, that was created for the first time by Arabic language speakers,” he says. In such a scenario, it is significant for partners to help organisations to secure current trendy platforms such as mobile applications, virtualisation, and report on external threats. “All of those are key requirements for any enterprise.” At Kaspersky Lab, channel partners have access to many resources through the vendor’s partnership programme,
which effectively help them to leverage that demand. “This is including and not limited to, whitepapers, case studies, guides, marketing support and other resources,” says Mikhaylov. “For example we have recently introduced important improvements to the company’s partner programme, aimed at helping local partners protect their current investments and focus more on driving business growth. The company will provide partners with access to new intelligence services to enable them to extend the right combination of expertise, solutions and services to their customers.” Knowledge about APTs, malware analysis, digital forensics and incident response, is a prerequisite for partners, in order to help today’s enterprise customers. “Also partnering with threat intelligence services’ vendors like Kaspersky Lab who can help the partners and end customers to report on external attacks and build an early warning system, will enable partners to leverage the market opportunities successfully.”
Nanjgel
In a different league Jude Perreira, MD of security systems integrator Nanjgel Solutions, give us a lowdown on the latest security threats and what makes his company stand out.
security solutions, the stakes are going to be high. However, we believe there will always be technologies that need expertise on-site and cannot rely only on MSSPS or cloud solutions/services. What are the important factors to consider while selecting the vendor portfolio? Please list your lineup of security products and solutions? We try our best to keep it simple to three key factors: the technology the vendor can deliver, the cost to deploy the solution and the readiness to support after implementing the solution. Some of the technologies we currently deploy and support include cyber security framework, security threat intelligence feeds, GRC, forensics, security incident & event management, vulnerability management and data loss prevention. It is worth mentioning that we have deep expertise in the areas of identity and access management, application risk management and mobile device management. In short, our portfolio encompasses almost all the facets of security today. Do you make sure you enhance your portfolio depending on market trends? One of the differentiators for Nanjgel as a company is that we are always many steps ahead of the market demands and expectations. For example, SIEM solution is only gaining momentum now, but we implemented our first SIEM solution way back in 2009 and we bought Q1 Labs to the region in 2008. Similarly, with most of the technologies and vendors we work with, we take pride in the fact that we always partner with those who have unique offerings and of course, the best in the industry.
Jude Perreira, MD of security systems integrator Nanjgel Solutions
W
hat have been the changes or trends in the security landscape over the last few months? How have these changes impacted your revenues from this line of business? Due to the ever-changing threat landscape and increasing sophistication of attacks, enterprises are turning to managed security service providers to take complete care of all their security requirements. Another trend is the advent of cloud-based security solutions
and services as compared to on-premise solutions and real time security threat intelligence for risk correlations and malware protection. Users are so confused as to what approach to take with security threats looming large on the one hand and budgets being cut on the other; it is all about what is the cheapest option rather what is the best, which comes at a cost. For a system integrator like us that is purely focused on providing on-premise
What are your market differentiators? We are the only SI that can deliver an end-to-end IT security offering comprising more than 20 technologies. We can design and implement these solutions for an NOC or SOC with a short span of time with the highest value and RoI. We have an installed base of 30 plus SIEM deployments in the region and we have helped five customers build, implement and operate their own Security Operation Centres. Please note we are not vendor dependent to create, design, build, implement or support any of our solutions. A Supplement of reseller me
15
Fortinet
Stay prepared T
he market for security is growing by the day, increasing opportunities for channel players. However, this also means it is extremely competitive as well, and partners need to build go-to-market strategies around adding value. “If a partner is able to add real value in terms of properly advising potential customers through highly knowledgeable technical, sales and support staff, they will be able to fully understand a customer’s requirements and advise them on the right course of action,” says Alain Penel, Regional Vice President, Middle East, Fortinet. Realising the importance of the channel community being kept as updated as possible on a product’s new features, Fortinet enables partners through active and regular interaction.
“We frequently conduct partner trainings, roadshows and engage with them to ensure that they are able to leverage market demand, and if they need support, we are very clear on the fact that they can approach us at any time.” What is interesting to note when it comes to the region is that not all breaches occur due to zero-day attacks, says Penel. “Several attacks last year exploited older vulnerabilities that were overlooked and were therefore still exploitable. Today, it is critical to implement an advanced threat prevention (ATP) system but it’s just as critical to ensure you are also protected from the attacks that are already known about but just as dangerous if left unresolved.” With the emergence of SoftwareDefined Data Centres (SDDC) and
Alain Penel, Regional VP, ME, Fortinet
SDN, IoT, cloud and mobility, the region will see increased investments across these technologies. “Partners have to be at the top of their game in terms of understanding current market dynamics but also in being prepared for the future. As always it’s critical that partners work with their vendors as closely as possible,” adds Penel.
Gemalto
Adopt the services way “
Given the frequency and magnitude data breaches have now reached in the MENA region, aligned with a much greater enterprise acceptance of the need to adopt a multi-layered and more data centric approach to security, we see 2015 as a year when the biggest step will be taken so far by the MENA market toward technologies such as encryption and crypto management combined with user access control and strong authentication, which are increasingly becoming the foundation of enterprises security strategies,” says Sebastien Pavie, Regional Sales Director, MEA, Gemalto (formerly SafeNet). To profit from selling security, partners should also look at coupling
16
Kaleidoscope
Sebastien Pavie, Regional Sales Director, MEA, Gemalto (formerly SafeNet)
it with value-added offerings. This will also help partners to differentiate from competition and help in repeat sales.
Gemalto, through its recent acquisition of SafeNet, is committed to provide a value-added distribution model. Pavie says, “Today, our technology distributors are helping to enable, on-board, and create demand for channel partners through valueadded services versus relying on back end sell through. In 2015 we are looking at making more technologies available ‘as a service’.” The security vendor believes that the channel plays an important role and relies extensively on its strategic channel partnerships across the EMEA region. “The company is significantly expanding its global network of channel partners focused on data security solutions for enterprises, financial institutions and other organisations. In order to support our growing customer base and enable them to develop new solutions, Gemalto continues to invest in building a strong channel relationship,” adds Pavie.
Spectrami
Aligning value offerings Anand Choudha, MD, Spectrami, outlines the trends in the threat landscape and discusses market differentiators.
W
hat have been the changes or trends in the security landscape over the last few months? How have these changes impacted your revenues from this line of business? We have seen a heightened awareness in security, owing to large-scale attacks, which, more often than not, prove to be disruptive to businesses, owing to either financial gain by actors, or state sponsored attacks. All this has led to customers and governments to look at security more objectively, which in turn has benefited us for the better. What are the important factors to consider while selecting the vendor portfolio? Please list your lineup of security products and solutions? One of the most important aspects is the relevance of technology to the market. Other than that, we look at vendors’ past track record of promoters, the potential of disruption the technology represents and alignment to invest in the market. Some of the security technologies we represent are: • LogRhythm – SIEM solution • General dynamics Fidelis Cyber Security • Tenable – Network Security • Xceedium – Privilege Identity Management • Digital Guardian – Data loss prevention • Good technology – Enterprise mobility management Do you make sure you enhance your portfolio depending on market trends? Absolutely, this is one of our key considerations. We are on the lookout for technologies, which can help our customers and our business and can align with our strategic thought-process. What are your market differentiators? Several aspects such as our people, our positioning of technology, our channel and customer engagement model and the technologies we represent, all contribute to a unique value proposition, which we feel are key differentiators for us.
Anand Choudha, MD, Spectrami
We look at vendors’ past track record of promoters, the potential of disruption the technology represents and alignment to invest in the market. How is the adoption of cloud, virtualisation and IoT set to affect the security landscape even further and how are you preparing to leverage this change? Cloud, virtualisation and IoT represent a paradigm shift of how IT is consumed and represents a nightmare for security teams to manage, since they require a completely different approach. This in
turn represents an opportunity for us to present solutions, which help customers deliver IT securely. We are aligning with security around these areas, both in terms of products and services, and intend to serve customers to address their pain points of adoption of such disruptive technologies. Currently, what are some of the challenges you face while selling security? The market is getting highly competitive and customers are at times spoilt for choices owing to the numerous options available from many brands. It is difficult at times to demonstrate true value to customers besieged by a marketing blitzkrieg by some competitive technologies. What should vendors further do to enable you to optimise the opportunities present in this area? Persistence and investment are two key aspects, through which vendors can help us optimise the opportunities present in this area. A Supplement of reseller me
17
Intel Security
Building cyber resilience Maya Kreidy, Regional Channel Manager, McAfee, Intel Security
T
he need of the hour is to develop more integrated security architecture, keeping in mind increased security risks and threats. “An all-encompassing solution which provides a comprehensive protection to assets and sensitive data is in demand. Today, companies approach the security solution provider for an overarching
strategy to help them protect their assets, rather than just buying traditional IPS or a firewall,” says Maya Kreidy, Regional Channel Manager, McAfee, Intel Security. According to Kreidy, more Internet vulnerabilities will continue to emerge with cyber-criminals creating more malware, which will try to take advantage of known vulnerabilities. “Cyber-criminals will become more patient deploying targeted attacks, which focus on monitoring systems and gathering high-value intelligence on individuals, intellectual property, and operational intelligence in order to really cash in.” And the growing deployment of IoT services coupled with the lack of robust security will pose serious threats for organisations and individuals. “Point of sale (POS) attacks will remain lucrative, and a significant upturn in
consumer adoption of digital payment systems on mobile devices will provide new attack surfaces, which cyber-criminals will exploit. “We have built a number of training programmes and closely work with our customers and partners in order to make sure that when a product is brought to market the expertise is available as well. We also intend, in the next few years, to provide users with the necessary training on the appropriate security methodologies and strategy on how to stay secure rather than just identifying the right security tools to use when tackling a particular security breach.” Keeping in line with the market trends, Intel Security has announced a new line of security suites, which provide small and medium-sized businesses with a simple, flexible and cost-effective way to safeguard both their data and devices.
Symantec
Strengthening defences
Fady Iskander, Regional Channel Manager, Symantec
“
With cyber-attacks on the rise, businesses in the Middle East lack the security intelligence to protect against cyber threats and are unprepared to manage trends such as BYOD and multi-device access to corporate data,” says Fady Iskander,
18
Kaleidoscope
Regional Channel Manager, Symantec. “Lack of knowledge and user awareness around cyber-defence is the number one concern for Symantec when it comes to information security in the Middle East. Educating channel partners and equipping them with the necessary tools and market analysis to become trusted advisors for its customer base is key to ensuring long-term success against cyber-warfare.” A Symantec and Deloitte research report said that 41 percent of organisations do not see the necessity in having security software, and only a quarter of them see regular training of employees as a necessity. Additionally, the report disclosed that there is still a gap in security intelligence and understanding by IT managers on how to combat malware and cyber-attacks. These indicate the challenges Middle East organisations need to address.
Iskander adds that there are a few significant trends prevalent in the Middle East region. The rise of malware attacks on mobile devices indicates that cybercrime has gone beyond the traditional PC, posing serious concerns to BYODenabled enterprises. There is a growing need for predictive security solutions that can provide 24/7 security intelligence and thereby minimise the impact of an attack by reducing the time from detection to remediation. “In today’s cyber-threat environment, automated incident responses are no longer enough. And there is a need for integration. This requires different security technologies to work cohesively under a common security framework that effectively manages an organisation’s digital security.” Through its Redesigned Partner Programme, the security vendor enables partners to deepen their expertise in a particular solution area. “This allows them to take advantage of new market opportunities and remain competitive while extending their capabilities across multiple solutions for broader market traction,” he adds.
Be Offensively Defensive Visit us at 26-28 April 2015 D U B A I
W O R L D
T R A D E
C E N T R E
@
SR-C35
Strengthen Your IT Security Risk & Compliance - SIEM Identity / Privilege Management - IAM, SSO, People Audit Analytics - Behavioural Analysis, Vulnerability Scans, Forensics Comprehensive Security - Network, Data, Endpoint, Application Complete End to End Security – is our responsibility
Dubai - Tel: +971 4 4330560 / Fax: +971 4 4537281 | Abu Dhabi - Tel: +971 2 6226301 / Fax: +971 2 6226302 Email: sales@nanjgel.com / Visit: www.nanjgel.com
GBM offers an extensive range of IT infrastructure solutions
Founded and operating in the region since 1990, Gulf Business Machines (GBM) is the number one provider of IT solutions, leveraging industry leading technologies to drive real business results for clients. GBM brings the power of the world’s most renowned technology providers, IBM from its outset and the addition of the Cisco portfolio in 1999. GBM today holds both the Master Collaboration and the Master Security Specializations from Cisco, the only partner across Gulf to be awarded these distinctions. GBM lives the ever-evolving culture of the local IT landscapes in which it operates, continually investing in training and development to ensure its experts can fully understand and interpret the growing needs of their clients. As a result, GBM is always well-equipped to address the ever-evolving, industryspecific IT demands in every market. www.gbmme.com ABU DHABI • BAHRAIN • DUBAI • KUWAIT • OMAN • PAKISTAN • QATAR