Kaleidoscope September 2012

Page 1

The latest in IT security for the modern day


The proliferation of botnets, has led to a massive increase of Distributed Denial of Service (DDoS) attacks. At the same time DDoS attacks have evolved to a higher level of sophistication by targeting the web application layer. Fortinet provides enterprises with the protection techniques that are required to stop these attacks by using multiple protection layers incorporating both a negative and security model and leverage sophisticated DDoS protection techniques that help identify real users from malicious botnet activity. To find our more about Fortinet’s DDoS solutions, visit www.fortinet.com today.


INTRODUCTION

Gearing up Researchers at Kaspersky Lab highlight the radical change in security attacks and the simultaneous opportunity this creates for security vendors to create solutions that help enterprises stay ahead of the game.

The transition from cybervandalism to cybercrime has had a significant impact on the current security landscape, according to David Emm, senior security researcher at Kaspersky Lab. “In the ‘good old days’, malware was designed to disrupt a computer. By contrast, the focus of cybercrime is to steal information that can be used to make money. So the last thing a cybercriminal wants to do is to disrupt the victim’s system - their business depends on my computer running normally. At one level, the job of security companies remains the same – i.e. block malicious code. But the focus on maintaining the integrity of someone’s data, and securing their online identity, has

led to the inclusion of technologies that go beyond simply looking for malicious code. So today’s comprehensive Internet security suites include virtual keyboards, application sandboxing, white listing and more,” he says. Emm adds, “It’s not just the shift in motivation that has widened the array of technologies used in anti-malware solutions. We’ve seen an explosion in the number of malicious programs in recent years. Just five years ago, our virus lab received around 200 new samples per day. Today, our analysts receive 125,000 unique malware samples every day! And there are tens of millions of samples in our collection. One of the reasons for this is the decreased ‘shelf-life’ of

malware. In the 1990s viruses were comparatively slow to spread, but once they reached ‘critical mass’ they might circulate for many years. Today, an individual variant might last no more than a week. So many of the samples we see are variants of existing malware families - churned out by cybercriminals to refresh earlier versions.” According to executives at Kaspersky Lab, 2011 was a pivotal year in the development of mobile malware. The company saw the same volume of threats in 2011 alone as it did in the period from 2004 through till 2010. “Currently there are more than 20,000 mobile malware threats - that’s a rate of around five per hour. The fastest

3


INTRODUCTION

growing area of development is malware aimed at Android. That’s because it’s popular, it’s easy to create software for it and there’s a ready-made distribution mechanism in the form of Google Play [formerly the Android Market Place]. Almost 89% of threats target this operating system. The increasing use of smartphones, the mix of personal and business data on mobile devices - and the BYOD trend in business - makes them an increasingly attractive target for cybercriminals. And the more personal data that is stored on mobile devices, and the more we use them to log in to online services, the more they will be targeted,” Emm explains. The sudden surge in the numbers and variety of security threats combined with media publicity surrounding the advent of recent security breaches such as those of the PlayStation Network and Saudi’s Aramco has resulted in enterprises and individuals being a lot more aware of cyber security vulnerabilities. In a kind of snowball effect, investments in IT security have increased, encouraging vendors to pump more R&D resources in order to create ‘smart’ solutions that are capable of proactively blocking the threats of tomorrow. He says that while signatures were never the only mechanism used to detect malware, the upsurge in numbers in the mid2000s gave a massive impetus to the development of proactive detection technologies - including behavioural analysis and real-time use of cloud-based infrastructures. “On top of this, today’s advanced Internet security products employ a wide range of other technologies designed to secure people’s online activities. They can alert you to

4

vulnerabilities that exist in any applications you use. They can secure your online transactions. They can block spam. They can secure children’s online activities – not only blocking undesirable content, but also preventing children from posting sensitive information online]. They can encrypt your data. They can even create complex passwords for each of your online accounts, storing them securely and entering them automatically for you when you login. They can also secure banking transactions from cybercriminal activities like keylogging,” he says. Still as technology proliferates and cyber scammers and criminals continue to put their minds behind the creation of even more intelligent scams and malware, many vendors believe the worst is yet to come. As Emm says, “Over the last year or so, cybercriminals have made use of stone digital certificates to sign their malware, giving it a stamp of authenticity and it’s likely that this will increase in the future as cybercriminals

seek to sneak in ‘under the radar’. It is also clear that the increasing storage of data in the cloud, and the use of other cloud-based services, will add a new dimension to the threat landscape - specifically, attacks on ‘the cloud’. This is, of course, related to the rise in targeted attacks - the difference being that the aggregation of data in a single place offers a ‘one-stop-shop’ for cybercriminals. The use of anti-malware solutions is already considered by most businesses to be an essential tool yet as the Internet becomes more and more central to commerce of all kinds, it will become increasingly important to defend employees – and in particular the data they access – wherever they go and whatever devices they use to conduct business.” The interviews that follow give us some insight into the regional dynamics and how security vendors are leveraging the region’s channel community to effectively help enterprises across the region arm themselves against the dynamic threats of the future.


The Dubai CIRT Briefing on 16 October at The Capital Club, DIFC PLEASE REGISTER NOW

www.eventbrite.com/event/3914789240 AccessData cordially invites you to attend a live briefing to learn how the cyber security paradigm is shifting towards integrated response capabilities... and to see CIRT 2.0 (Cyber Intelligence & Response Technology) in action. The presentation will cover...

À %FUFDUJOH UIF 6OLOPXO 5ISFBU À $POUJOVPVT .POJUPSJOH À .BMXBSF %JTBTTFNCMZ "OBMZTJT OP TBOECPY

À 3FNPWBCMF .FEJB .POJUPSJOH À "EWBODFE 3PPU $BVTF "OBMZTJT À $PNQMJBODF BOE %BUB -FBLBHF "VEJUJOH À -FWFSBHJOH #VJMU JO #BUDI 3FNFEJBUJPO

Why Should You Attend?

%FTQJUF BMM UIF JOWFTUNFOU JO DZCFS TFDVSJUZ PSHBOJ[BUJPOT TUJMM TUSVHHMF UP JNQSPWF UIFJS DZCFS TFDVSJUZ QPTUVSFT 5IJT JT EVF UP UISFF PCTUBDMFT QMBHVJOH PSHBOJ[BUJPOT UPEBZ

Over-reliance on Inherently Handicapped Signaturebased Tools:

5FDIOPMPHJFT TVDI BT BOUJ WJSVT *%4 *14 BOE %-1 EPOĂ&#x;U DBUDI JOUSVTJPOT PS EBUB MFBLBHF VOMFTT ZPV UFMM UIFN TQFDJGJDBMMZ XIBU UP MPPL GPS

Juggling Disparate Products:

0ODF BO JODJEFOU JT EFUFDUFE QFSTPOOFM NVTU KVHHMF TFWFSBM QSPEVDUT UP BOBMZ[F OFUXPSL DPNNVOJDBUJPOT DPNQVUFST BOE TVTQFDUFE NBMXBSF

Lack of Collaboration:

-BSHF PSHBOJ[BUJPOT IBWF NVMUJQMF UFBNT FBDI GPDVTJOH PO POF QJFDF PG UIF DZCFS TFDVSJUZ QV[[MFĂ‹DPNQVUFS GPSFOTJDT OFUXPSL TFDVSJUZ DPNQMJBODF NBMXBSF BOBMZTJT BOE NPSF

Concerns over recent GCC malware attacks? "DDFTT%BUBĂ&#x;T $ZCFS *OUFMMJHFODF 3FTQPOTF 5FDIOPMPHZ $*35 JT UIF GJSTU QSPEVDU UP EFMJWFS BOBMZTJT PG EBUB JO NPUJPO EBUB BU SFTU BOE WPMBUJMF EBUB XJUIJO B TJOHMF JOUFSGBDF *OUFHSBUJOH "DDFTT%BUBĂ&#x;T OFUXPSL GPSFOTJDT DPNQVUFS GPSFOTJDT MBSHF TDBMF EBUB BVEJUJOH BOE NBMXBSF BOBMZTJT UFDIOPMPHJFT $*35 MFUT ZPV TFF BMM DSJUJDBM EBUB UISPVHI B TJOHMF QBOF PG HMBTT "OE VOMJLF PUIFS QSPEVDUT JU BDUVBMMZ QSPWJEFT FOUFSQSJTF DMBTT SFNFEJBUJPO DBQBCJMJUJFT 4P OPU POMZ BSF ZPV BCMF UP GJHVSF PVU XIBUĂ&#x;T IBQQFOJOH PO ZPVS OFUXPSL GBTUFS ZPVĂ&#x;SF BDUVBMMZ BCMF UP EP TPNFUIJOH BCPVU JU GBTUFS

Interested in becoming an AccessData Reseller? Attend our ‘RESELLER BRIEFING DAY’ PO UI 4FQUFNCFS JO %VCBJ BOE UI 4FQUFNCFS JO 2BUBS 'PS BQQPJOUNFOUT QMFBTF FNBJM HCSPPLT!BDDFTTEBUB DPN Location: %VCBJ $BQJUBM $MVC (BUF 7JMMBHF %VCBJ *OUFSOBUJPOBM 'JOBODJBM $FOUSF 6OJUFE "SBC &NJSBUFT


ACCESSDATA

Pioneering defences AccessData is leveraging its flagship computer forensics technology to create intelligent security solutions that help monitor, block and mitigate the challenges posed by the evolving security landscape.

Jason Mical, director of Network Forensics at AccessData

How has the security landscape changed over the last few years? How have these changes affected the demand for security solutions? We only need to consider events in this region in the last month of malware targeting critical national infrastructure. Take Shamoon for example; It has had a massive impact. Exploits have become dramatically more sophisticated, there has been a great increase in nation-sponsored cyber attacks, and the average

6

employee is far more cyber savvy than even just a couple years ago. All of this results in the exponential growth of unknown threats and zero-day attacks. The days of relying solely on signature-based preventative and alerting solutions is over. Anti-virus, firewalls, intrusion detection systems (IDS) and data leakage prevention (DLP) tools are only able to detect what you tell them to look for. Though they will remain a critical piece of the

cyber security infrastructure, they are not able to protect you against unknown threats and savvy malicious insiders. It is imperative for organisations to have visibility into all that is happening across the enterprise and optimise their response capabilities to be able to stop the bleeding much faster. Please list out your line up of security solutions? Have you added any new products in the last 12-18 months? AccessData provides solutions to address digital investigations of any kind, including computer and mobile device forensics, e-discovery and of course incident response and information assurance. Forensic Toolkit (FTK), the flagship computer forensics technology and the foundation for most of AccessData’s solutions, is best known for having an advanced Apple OS analysis as well as the most comprehensive volatile data and memory analysis. It also enables distributed processing providing the fastest forensic-level processing on the market Cyber Intelligence and Response Technology (CIRT) is a new offering, which AccessData claims to be the first and only platform to integrate computer forensics, network forensics, malware analysis, large-scale data auditing, and remediation within a single interface. This solution gives an organisation visibility into everything happening across the enterprise, as well as the laptops of travelling employees, including internet activity and removable device usage. Even if an employee is not logged into the organisation’s network, CIRT is able to monitor all activity, which is a great advantage over relying on other network forensics or enterprise investigations tools.


ACCESSDATA

The greatest benefit of using CIRT is the ability to detect unknown threats. You can easily correlate network and host data to more quickly identify anomalies and use the platform’s “Cerberus” malware analysis technology to automatically identify suspect binaries and determine behavior and intent without a sandbox or signature-based tools. With this capability, organisations can detect malware that has not yet been defined and would therefore be missed by conventional tools. Finally, CIRT is not just another platform that delivers a mound of data you need to sift through. It actually has built in batch remediation capabilities. So once a threat is detected, you can quickly perform root cause analysis – getting critical data in seconds that would normally take hours or days – and then you can remediate all affected nodes immediately. How are you helping your channel partners leverage the demand for the latest security products and solutions? We provide a rigorous sales and technical training programme for our partners, as well as marketing assistance as needed. Our technology is very different to the traditional security solutions on offer in the region so we have to adjust the mind set a little. We are keen to recruit

more partners across the region to extend our reach. We plan to hold a reseller briefing breakfast in Dubai soon. With so much competition on the horizon how do you differentiate your products and services from your competitors? How do you help your resellers differentiate their offerings? We can see with the fall out of Flame, Stuxnet and Shamoon to name a few that customers are not being protected sufficiently. The description of CIRT’s capabilities above details several differentiators for us. In reality, there are no direct competitors for the CIRT platform. Other companies are only able to do one thing, whether that’s network analysis or computer forensics. No other company has developed the breadth of technology AccessData has delivered, and certainly no other company has integrated the functionality as we have in CIRT. How is the security landscape set to change in the next 12-18 months? How will this impact the demand for security solutions? We can expect to see continued exponential growth in the number and sophistication of cyber exploits. Various countries are increasing investment not just in cyber defence, but cyber offence. In addition, we

can expect to see new exploits specifically for mobile devices. Organisations will become increasingly vulnerable to attacks and data loss, because the “Bring Your Own Device” (BYOD) trend is increasing in popularity. Organisations are allowing employees to use their own mobile devices and even laptops, because it saves money. However, there was a recent poll of employees in which over 60% of them felt that their companies should not have access to the personal devices they are using for work, and that employees using their own devices should be responsible for their own data security. The ignorance around the issue is actually quite alarming. Unfortunately companies aren’t able to simply implement a policy that ensures them access to employees’ personal devices. This would be even more difficult in European countries that have much more stringent privacy laws. Organisations are now beginning to see the need for greater visibility into their enterprises, in order to be able to detect unknown threats and take a more proactive approach to defending their assets. For this reason we are seeing a great deal of interest in our CIRT platform. In addition, technology will continue to develop around defending mobile devices from cyber attacks.

7


FORTINET

Pioneering security Fortinet is gearing up for more complex demands for IT security, believing the current scenario to be ‘the tip of the iceberg’

How would you describe your line up of security solutions? Fortinet was created on the vision of integrated security as the way to increase protection and control, while optimising performance, simplifying management and reducing costs. Fortinet’s flagship FortiGate product line (850,000 units shipped to date) was built from the ground up to deliver the highest levels of performance and the broadest security to help protect against application and network threats. Every FortiGate platform integrates multiple layers of threat protection – including Firewall, Anti-virus, Anti-spam, Application Control, Intrusion Prevention, Web Filtering, VPN, Data Leakage Prevention and traffic shaping, etc. The FortiGate product line is powered by Fortinet’s FortiOS, a proprietary security-hardened, purpose-built operating system, which, coupled with FortiASIC processors, is designed to help customers achieve extremely high throughput and exceptionally low latency. Beyond its FortiGate network security product line, Fortinet has a large range of solutions that help enterprises secure their extended network, from endpoints and mobile devices, to their perimeter and their core including databases (FortiDB), messaging (FortiMail), web applications (FortiWeb). In 2011, Fortinet introduced a major release of the FortiWeb Web application firewall (WAF) family for enterprises, application service, software-as-a-service (SaaS) and

8

managed security service providers (MSSPs). The release integrates features such a web vulnerability scanner and advanced application load balancing in a single device to significantly reduce deployment times and resource utilisation while improving application performance. In 2012, Fortinet launched its new FortiDDoS products line to detect and help protect against today’s most sophisticated DDoS attacks. The appliances feature custom ASICs that are capable of mitigating DDoS attacks while maintaining incredibly-low latency (less than 26 microseconds), preventing loss of availability to critical systems, servers and applications. In the current technology and business landscape, what do you believe poses the largest threat to an IT network? How can organisations effectively tackle these challenges? The major issue is related to the evolution in work practices that makes the organisation network boundaries become fuzzy: on the IT side, the adoption of cloudbased applications and services IaaS, SaaS, private or public cloud pose new challenges, while on the user side, the workers’ increasing mobility, practice of BYOD, home office, also make the enterprise more vulnerable. For example, BYOD provides the ability to access enterprise networks from anywhere, anytime. A worldwide survey commissioned by Fortinet and conducted in 15 countries, focused on graduate

employees in their twenties. This group represents the first generation to enter the workplace with an understanding and expectation of own-device use. They also represent tomorrow’s influencers and decision makers. Within this younger employee group, BYOD is predominantly considered a right rather than a privilege, with over half (55%) of people sharing an expectation that they should be allowed to use their own devices in the workplace or for work purposes. With this expectation comes the very real risk that employees feel so strongly they will consider ignoring company policy banning the use of own devices. More than a third (36%) of people polled admitted that they have or would contravene such a policy. In UAE, they were 30%. The survey shows the considerable challenge that organisations face in controlling what is happening on its network and to its data. Global visibility becomes paramount and businesses should thus review their security strategy to take a centralised approach in analysing security threats and risks. The ability for various security capabilities to communicate and synergise intelligently with one another onto an integrated platform becomes key to ensure security and control of the networks, data, users, applications and devices. As IT security is moving into an era, characterised by the


FORTINET

ratio and reliability. With a cumulative R&D investment of $273 million at the end of 2011 and around 600 engineers, Fortinet continues to push the barriers of performance, functionality and innovation. Our technology has been fully developed in-house and the company has total control over the design of its products, making no compromises on quality, performance and reliability.

Bashar Bashaireh, regional director for the Middle East at Fortinet

growing IT consumerisation and the business migration to the web - there is a greater need for IT security to move away from its traditional focus of simply securing IT assets to look at protecting and enhancing business functions, while being able to adapt to a dynamic user environment and sustain manageability. How are you helping your channel partners leverage the demand for the latest security products and solutions? Fortinet’s channel strategy is based on its selective FortiPartner Programme (FPP), based on gold, silver, bronze and MSSP levels. This programme aims at driving value and commitment for Fortinet’s distributors and resellers by focusing on channel profitability, technology leadership and a strong certification programme, through the recruitment of Authorised Training Centres in each country. As part of the FPP, Fortinet offers many tools and services to help its channel partners provide the best security solutions to the market

and keep up with the technology evolution. Some of these initiatives include training and education sessions designed for the club members, which are available via webinar series, access to the Fortinet Authorised Training Centres (ATCs) programme that is designed to provide additional sales benefits to existing ATCs and foster the presence of ATCs at the local level, a Renewal Asset Tracking tool, a Web-based interface, designed to help resellers identify renewal income opportunities and a series of marketing tools among many others. Partners can also leverage our in-house FortiGuard Labs’ global team of threat researchers, who continuously monitor the evolving threat landscape. The team of over 125 FortiGuard Lab researchers provide around the clock coverage to ensure a network stays protected. It delivers original research, rapid product updates and detailed security knowledge, providing protection from new and emerging threats. 100% security focused, Fortinet’s products are regularly setting the norm in terms of cost/performance

How is the security landscape set to change in the next 12-18 months? How will this impact the demand for security solutions? We expect the security landscape to continue to evolve with the adoption of mobility and IT consumerisation (BYOD and BYOA), Cloud-based services and the growth of bandwidth demand driving the increased exposure and risk factor to Internet threats. Furthermore, the current economic downturn and end-user increased attention towards TCO, brings forward many opportunities and security challenges through trends such as the increased outsourcing of applications or infrastructure management and heavy data centre virtualisation. Another trend we see is that the managed security service providers will continue investing in delivering Security as a Service which proved to be a successful model for organisations seeking to reduce cost without compromising their defences. In addition, the demand for Unified Threat Management (UTM) integrated security solutions shall continue to increase as this model proved to have the broadest functionalities offering (Firewall, VPN, intrusion prevention, application control, Web filtering, anti-virus, anti-spam and DLP among others) and the easiest to operate and maintain.

9


SOPHOS

Comprehensive Reinforcements Security vendor Sophos is working with resellers to communicate their message of ‘complete security’ to the customers. How has the security landscape changed over the last few years? IT security has become more and more complex over the past few years, so preventing security capabilities from taking a backward step as organisations adopt new technologies and ways of working has been a challenge. As well as the continuing trend of BYOD, and a growth in remote working (either at home or on the road), IT teams have had to manage an increasing array of security products, monitor new apps and social media, as well as consider implementing new technologies like HTML5 and IPv6. Cloud continues to throw up uncertainty. Consumer cloud storage solutions like Dropbox cause potential issues for IT departments as employees use them as a means of sharing and storing business files, outside of IT’s control, despite multiple security issues over the past year or so. In general cloud services have seen a resurgence, which means more focus on encrypting data wherever it flows, rather than just protecting the device or the network. Lastly, we continue to see sharp growth in the number of threats, with more targeted attacks and hacktivism in recent times. Within the security market, we have seen a great deal of consolidation as vendors acquire other vendors and merge in the quest to broaden their security solutions. The upshot is that businesses need a reliable defence that protects all routes of attack. Many organisations are therefore looking for a company that can provide complete security solutions,

10

André Scheffknecht, VP, NEEMEA, Sophos

identify gaps in their defences, and provide them with flexible solutions to plug those gaps. Sophos’ products and services are well suited to this, providing ‘complete security without complexity’ to customers in the region. While technology is a business enabler, different business environments have different security needs, so Sophos works with customers to ensure they get protection that works for them. Please list out your line up of security solutions? Have you added any new products in the last 12-18 months?

Sophos offers a broad variety of complete security solutions that address all aspects of protecting businesses: solution sets include Endpoint, Encryption, Web Security, Email Security, Mobile Security (including mobile device management), Network Protection and Unified Threat Management (UTM). How can organisations effectively tackle the challenges of the current environment? Organisations need to put in place both policies and technologies that minimise the risk and protect the network at


SOPHOS

all points. Many companies take a very restrictive approach by applying Web filtering to block access to Web storage providers or by applying application controls to prevent cloud storage applications from being installed. The best way to protect against a data breach is to apply data encryption everywhere, encrypting data in a way that it stays encrypted until the business needs it. At Sophos we call this ‘persistent encryption’ or data protection by default. That way, if a user places a company file in a public cloud tool like Dropbox, the data remains encrypted. What every organisation needs to remember is that user education is key to an effective security policy, so clear communication of do’s and don’ts with the employees is a must.  How are you helping your channel partners leverage the demand for the latest security products and solutions? Sophos provides partner enablement by offering free online training as well as classroom training in conjunction with our distributors. In the region we

are running brand awareness initiatives through PR as well as focused advertising, and we help partners with their marketing by not only providing co-funded marketing campaigns but also by helping with bespoke initiatives. We also distribute the leads that are generated by global marketing campaigns to partners for follow up, helping partners engage with more end users.   How do you help your resellers differentiate their offerings? At Sophos, we’ve taken a different approach to IT security. We call it ‘complete security, without complexity’. Resellers who offer Sophos to their customers can provide a complete set of security solutions designed specifically to protect businesses across their entire network. From endpoint, encryption to network protection and unified threat management (UTM), Sophos’ vision is to give customers a single security system for the entire organisation in order to provision a unified view of the security system so they can quickly see when something is wrong and can easily fix it.

Latest launches: É 4PQIPT 4BGF(VBSE XJUI FOUFSQSJTF DMPVE FODSZQUJPO DBQBCJMJUJFT QSPUFDUT DSJUJDBM EBUB JO QVCMJD QSJWBUF BOE IZCSJE DMPVE FOWJSPONFOUT É 4PQIPT &OEQPJOU 1SPUFDUJPO XIJDI PGGFST JOUFHSBUFE QBUDI BTTFTTNFOU DPNQSFIFOTJWF XFC QSPUFDUJPO GJMUFSJOH BOE FODSZQUJPO É 4PQIPT .PCJMF $POUSPM PVS .%. TPMVUJPO XIJDI QSPWJEFT B TJNQMF XBZ UP CSJOH #:0% JOUP UIF FOUFSQSJTF É 4PQIPT 65. UIF GJSTU 65. VOJGJFE UISFBU NBOBHFNFOU TPMVUJPO TQFDJGJDBMMZ EFTJHOFE UP JOUFHSBUF HBUFXBZ TFDVSJUZ BOE FOEQPJOU TFDVSJUZ JO B TJOHMF IBSEXBSF PS WJSUVBM CPY É 4PQIPT .PCJMF 4FDVSJUZ B GSFF MJHIUXFJHIU BOUJ WJSVT BQQ UIBU QSPUFDUT "OESPJE EFWJDFT BHBJOTU NBMXBSF QSJWBDZ JTTVFT BOE IBSEXBSF MPTTÚXJUIPVU SFEVDJOH QFSGPSNBODF PS CBUUFSZ MJGF É 4PQIPT 7JSUVBM 8FC "QQMJBODFT XIJDI QSPWJEF DPNQMFUF XFC QSPUFDUJPO B TUSFBNMJOFE NBOBHFNFOU FYQFSJFODF BOE CSPBE EFQMPZNFOU GMFYJCJMJUZ JO WJSUVBM FOWJSPONFOUT

Mobile security in the enterprise: %FGJOF XIBU EFWJDFT 04 BOE WFSTJPOT JUÂźT PL UP VTF (FU WJTJCJMJUZ PG DPOOFDUFE EFWJDFT BOE EBUB VTBHF 4FDVSF UIF EFWJDF SFRVJSF QBTTDPEFT DPOUSPM BQQT SFNPUF NBOBHFNFOU JODMVEJOH SFNPUF XJQF $SFBUF B NPCJMF TFDVSJUZ QPMJDZ *NQMFNFOU BO FODSZQUJPO TPMVUJPO 'JOBMMZ VTFS FEVDBUJPO SFNBJOT LFZ

It’s a compelling message for resellers to take to customers and allows them to spend less time supporting customers themselves, deriving benefits in terms of both operational costs and happy customers. Sophos operates as a 100% channel business.  How is the security landscape set to change in the next 12-18 months? We can expect to see more of the same as businesses continue to get to grips with issues like mobile, cloud etc. With mobile, we can expect to see an even greater move from the traditional endpoint to mobile devices. Businesses need to prepare for this. And we’ll see businesses finally putting their infrastructure in the cloud – expect to see security becoming a key feature in customers’ demands. We will likely see more consolidation in the market, plus a continued increase in the volume of threats targeting users. Layers of defence will become a bigger deal as more businesses recognise the gaps in their security – with more combined threats, businesses can be attacked through multiple routes into the network (email, web etc.). As such, vendors that can offer a broad range of complete security solutions will be well placed to help customers.

11


HP TREND MICRO

Rooted in security Trend Micro has seen the security business change and grow more complex. Today, the company prides itself on its technical skill and experience with this industry. How has the security landscape changed over the last few years? Threat landscape has evolved over past couple of years to be more sophisticated, targeted and financially motivated. Data breaches are highly visible and put tremendous pressure on IT departments of organisations to ensure they implement the right levels of protection. This also puts a lot of stress on both customers and channel to maintain optimum technical skill sets to support the infrastructure. Organisations are demanding 24/7 local services especially for security solutions by trained personnel. This creates opportunity for channel as well as vendors. Another security challenge is around ‘securing’ virtualised infrastructure whilst protecting the investment made in virtual infrastructure and maintaining the ROI. Trend Micro is best positioned to protect these customers through its latest offering of ‘Deep Security’ In today’s 24x7 business world, mobility is essential. Employees are accessing and sharing data anytime and from any device. It’s becoming a challenge for IT to maintain the visibility and control the data on devices to keep the information safe from theft or losses Please list out your line up of security solutions? Have you added any new products in the last 12-18 months? Trend Micro has a complete range of security solutions right from endpoint, mail server and gateway. Cloud, data centre, threat and vulnerability management, support services

12

Sushma Kajaria, channel sales manager at Trend Micro

(pre and post sales through channel) security. How do partners stand to benefit from signing with Trend Micro? Since 1988, Trend Micro has pioneered innovative technologies and security services that protect users against threats that target new and emerging platforms and devices and we continue that tradition today. We help customers and our channel understand how to balance the risks against the gains of consumerisation so employees can safely use their own devices and share files and data inside and outside of the enterprise. Product lines are easy to understand and sell with or without support services. 24x7 Support services further enhances partners and customers confidence in Trend Micro. Trend Micro runs sales and technical trainings for channel partners through the year which is directly delivered by our employees. There are focussed customer events and workshops along with our Gold partners that are co funded.

Partners can boast of a local l sales and technical team that covers small to very large customers which can be offered by very few security vendors in the region. Most importantly, our distributors do not compete with partners, i.e. they do not sell directly to end users. As an organisation we are fully committed to two tier channel structure so business never bypasses a partner or distributor. How is the security landscape set to change in the next 12-18 months? Virtualisation is becoming more prevalent and customers are making their forays into private cloud computing. Because of them being more comfortable with cloud environment they will also start to become more comfortable with the benefits of cloud security services. And therefore, customers need to rethink securing their virtual network. The security choices will not only affect the operational costs but also the organisation’s reputation. There will be more high profile targeted attacks and APT’s in future and the amount of malwares will continue to grow at an exponential level. Traditional security solutions will increasingly become a burden on organisations networks, PCs and productivity. Malware is being specifically crafted for given and persistent attacks. Mobile security is becoming prevalent. People are doing business wherever, whenever and on any device. This is the mobile age and it’s going to catch many people unaware unless they have the right security solutions and policies to protect themselves. The ME will continue to see increased evidence of targeted cyber attacks but many will go unreported. Looking at the GCC as a whole there are a large number of bot infected systems (2.3 Million). These are systems which have been compromised often by inadequate security solutions. However, there are a very few admitted security breaches.


EMPA

Services for security EMPA, a regional value added distributor chooses its vendor portfolio based on its ability to provide a range of support services to go beyond trading in security.

Nicholas Argyrides, MD at EMPA

How has the security landscape changed over the last few years? Over the past decade, the security landscape has been definitely transformed in terms of both magnitude and nature. With mobility and cloud high on the agenda, the need to deploy solutions that enable personal security while enabling remote access to data has skyrocketed. In chorus, the cyber-threat landscape has also evolved, with refined targeted attacks on a number of devices that entail legitimate access to corporate and personal networks. This increasing complexity of IT products and solutions robotically raises the challenge-level for their supporting security. This scenario has translated into a wave of opportunity for security vendors and

distributors as revenues from security related solutions have simultaneously increased. How do you go about selecting the vendor portfolio? Please list out your line up of security products and solutions? We consider a variety of factors when deciding to partner with a vendor such as the vendor’s reputation and record; pricing strategy and policies for handling various business aspects such as customer service, returns, guarantees and technical support. Last but not least, the

products a vendor carries should complement and improve our existing portfolio with no or minimum cannibalisation on the existing product lines we carry. What do you believe are the elements that differentiate your offerings from those of your competitors? Every security product or solution has both common and unique features as compared to its competition. Fundamentally, such features should be comprehensive, multi-layered and proactive. Some of the elements that our security offerings include our “Host-Based Intrusion Prevention System” to block unauthorised alterations to programs installed on devices and “Cloud Enhanced White listing” to enable faster and precise malware detection. How is the adoption of cloud and virtualisation set to affect the security landscape and how are you preparing to leverage this change? Undoubtedly, the effect on the security landscape has been and will continue to be tremendous. Simply put the significant burden and enormous responsibility of managing the complex IT requirements now moves from the end-user side to the vendor side. While security of the infrastructure remains a top prioroty, the protection of the actual communication channel connecting the end-user and the host-vendor are now also of vital importance. Both distributors and integrators must adapt by at least altering part of their security products and solutions to make their offerings more relevant to this new state of play.

Security vendor portfolio: ESET, Intel, Fujitsu, and Toshiba No. of certified network security specialists/engineers: 5 (based in the UAE and KSA)

13



HP

SOURCEFIRE

Walls on money Maher Jadallah, regional manager, MEA at Sourcefire recommends three security considerations for financials services

Perhaps no industry has a greater need for network and data security than the financial services industry. Widely considered to be ‘critical infrastructure,’ not only are banking and financial market networks handling the life savings of individuals, but the lifeblood of the global economy. According to a statement by the FBI Cyber Division before the House Financial Services Committee, the number and sophistication of malicious incidents against financial institutions has increased dramatically over the past five years and is expected to continue to grow. Account takeovers, third-party payment processor breaches, securities and market trading exploitation and mobile banking schemes are just a few of the recent and damaging cybercriminal exploits the FBI identifies. In less than three months the Middle East has experienced some complex cyber security threats that include Flame and Mahdi. The geographical spread of these attacks centred on a number of regional countries. It is important for the region to focus on increasing cyber security measures to reduce risk and defend against todays emerging threats not only within the financial sector but also in key infrastructural facilities. Security technologies that are agile and can deliver high performance and low latency are a sound investment for any financial services institution. So what should financial services firms look for to ensure a

Maher Jadallah, Regional Manager, MEA for Sourcefire

security technology can address these three areas? Agility: Traditional security tools were designed for stable, slow changing environments. They weren’t built to deal with changing conditions and new attacks. In order to be agile, modern security technologies must be able to do four things: see everything in the environment including assets and users on the network and attacks against them, learn by applying security intelligence to this data, adapt defences automatically and act in real time for the fastest possible protection. Through a continuous process of see, learn, adapt and act, security technologies that are agile can deliver more effective protection for financial services firms because they have the ability to respond to continuous change. High Performance: Performance is critical to financial services networks. Security

appliances that include specialised acceleration technology to speed flow and packet handling as well as multiple processors to expedite acquisition and classification of network traffic and application and control plane processing offer the massively parallel processing power to handle demanding throughput requirements. Low Latency: Real-time financial services applications, such as highfrequency trading and transaction processing, are extremely sensitive to latency. Microseconds can translate into billions of dollars gained, or lost. One way to reduce latency is to consolidate security functionality on a single device. Multiple point solutions each with their own device introduce their own latency that soon compounds. However, simply consolidating security functionality on a single device can still introduce delay and increase latency if each security solution has its own engine. Instead, devices that offer a single-pass engine are designed for minimal latency. By sharing processing across multiple security applications (i.e., monitoring and assembling data packets for security processing and inspection) a single-pass engine affords efficient application of multiple security functions (access control, threat detection and inspection, behavior analysis, host profiling, etc.) while maintaining high throughput performance. The financial services industry embodies the term “time equals money.” In a sector in which many of the products are commodities, customer experience, confidence, trust, productivity and protection are critical to success. Security technologies that leverage the latest advances in design and engineering to deliver agility, high performance and low latency without compromising protection can mean the difference between profits and problems.


Mobile Control

Secure your email with our software solutions, or choose a remotely-monitored appliance.

Email Protection

Keep your network infrastructure safe with complete network security.

Network Protection

Make web access safe and productive with a remotely-monitored appliance.

Web Protection

Secure, monitor and control iPhone, iPad, Android and Windows Mobile devices.

Sophos Middle East | Office 205-EIB 5 | Alpha Building | PO Box 500469 | Dubai Internet City | Dubai | UAE Email: salesmea@sophos.com | Tel: +971 4375 4332 | www.sophos.com

Your confidential data needs protection, and you have to prove it’s protected to the regulators. Our encryption and data loss prevention (DLP) stops data breaches and lets your users securely access, share, store and recover data.

Data Protection

Gives you everything you need to stop malware and protect your data in one console.It’s fast, effective and complete security for your users, wherever they are.

Endpoint Protection

One appliance that eliminates the complexity of multiple point solutions. It gives you complete security to stop the viruses, spam and hackers that threaten to compromise your business.

Unified Protection (UTM)

Complete IT security protecting every part of your business

You’re safer in our world


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.