The Link Issue 03 by Reseller Middle East

Issue 03 | September 2013

Smarter business How next-gen security solutions are helping to make businesses smarter

Published by

THE

LINK

from the MANAGEMENT

Lee Reynolds and Tim Martin (Managing Directors), Gareth Morgan (Director of Sales), and John Andrews (Marketing Director) Computerlinks Middle East, India and APAC

Hello, and welcome to the third edition of The Link. We’d like to welcome you back from the long, hot months of the summer. We hope you’re very rejuvenated and ready for the final quarter – a quarter that, in this part of the world, can likely run for the title as busiest of the year. We’ve got GITEX 2013 around the corner, and everyone is busy cramming in those last bits of work, closing big deals, before the end of the year. With GITEX looming, we’ve been putting in all the hours of the day trying to get things finalised. We have a great line-up planned for the four-day mega

trade show, including live product demos with some of our vendorpartners, a hugely impressive stand, and a stellar team of sales engineers, who’ll be able to assist you with any query you might have. Indeed, at GITEX, the sales engineers are going to be the stars of the show. It might be great to see the next crop of next-generation solutions, but these are the guys who’ll really be able to understand what these new technologies will be able to do for the business. Part of being a great sales engineer is knowing the product well, but a more important part is being able to effectively communicate the business advantages of a product to the end-user. And we believe that our sales engineers are the best in the business when it comes to that. That said, there are plenty of other sales engineers in the region who deserve their due credit. This is why, in this issue of The Link, we’ve dedicated most of our articles to these unsung heroes of the tech industry. Inside, you’ll find insight from the latest research on the threat landscape, and the best solutions to protect against the ever-evolving range of threats that businesses face these days.

And naturally, because we’ve been talking to sales engineers, it’s all explained in an easy-tounderstand and digestible way. We can’t ignore GITEX altogether, of course, so inside you’ll also be able to find information about what our vendor-partners are up to at the trade show. Also bear in mind that a lot of the guys we’ve interviewed will also be present at GITEX, so do pay them a visit if you have any questions about what you’ve read here. We’re sure they’d love to hear from you. The same goes for us, too. If you have any questions about the security landscape, the next generation of security-related technologies, or simply want to reach out to us for your distribution needs, we’d be more than happy to meet you at GITEX. You’ll find us in Hall 1, Stand A1-4. Do come by for a chat, and we’ll make sure you’re looked after properly. There isn’t really much else to say until GITEX is finished. We’re going to continue in our preparations for the show, and we imagine that’s what you’ll be doing, too. So until the next time, we hope you enjoy this issue of The Link, and that you have a very successful quarter. The management.

www.computerlinks.com

September 2013 | The Link

JOHN’s BLOG

contents 06 Infrastructure is a complex thing It doesn’t really matter which context you’re examining the challenges in does it? Take traffic congestion in major cities, something we all deal with on a daily basis, or residential and commercial property landscapes. The major problem when dealing with any kind of infrastructure, especially when we talk about networks and data centres, is the need for advanced thinking and future-proof planning. “Fail to plan, plan to fail,” as the well-known proverb goes. So why is it that we still see short-term thinking in so many cases, and a “rush to build” mentality that eventually leads to complete overhaul rather than plug-and-play expansion ? I think, to answer this, we need to look at the speed of technological change. Forty and 100 GB networks are now readily available, and as I have been reliably informed by so many of my technical colleagues and contacts, they require little or no downtime. Yet despite this, we still see that network and data centres on the whole require much more than plug-and-play enhancements each time technology moves on. Of course, there are always financial and budgetary limitations to consider when building infrastructure, and sometimes the CAPEX outweighs the justified arguments for looking at OPEX and the longerterm total cost of ownership (TCO). It’s incredibly important to engage consultants, even if just to get a couple of different opinions and look at all the costs both now and for the next five years, and with that, to think ahead to what will inevitably be the future. If we know 100Mbs went to 1GB and then on to 10GB, it’s almost logical that something like 20 or more would be the next advance. Okay so it’s 40 and 100, which is great but it was something that could have been predicted no matter the number. I speak to so many excellent engineers in this market who are so ahead of the curve on technology and I love learning from them. They are, I feel, often the unsung heroes—stage hands, people who make it all come together. And for that reason, we’ve dedicated this edition of The Link to them, so we can hear their stories and views of our very bright future. Enjoy! 4

The Link | September 2013

www.computerlinks.com

04 John’s Blog 06 Insight: How data centres are being transformed into much more agile entities 08 Interview: Check Point's Ram Narayanan 12 Insight: The need for a new approach to security 14 Interview: How Sophos is targeting the SMB with its Unified Threat Management (UTM) solution 18 Insight: Why Gigamon's Visibility Fabric Architecture is a hot topic among security pros 20 Interview: McAfee's Regional Director explains why security is the new necessity

ARE YOUR APPS SAFE? Visit interact.f5.com/freescan.html to assess your apps today

Take advantage of F5’s joint solutions with Cenzic and WhiteHat Security to find application vulnerabilities and patch them immediately.

• Improve enterprise security with Dynamic Application Security Testing.

• Reduce your organization’s risk exposure with an easy, and cost‑ effective combined solution.

• Quickly mitigate risks via integration with F5® BIG‑IP® Application Security Manager™ (ASM).

• Protect your apps from the OWASP Top Ten vulnerabilities while achieving compliance.

©2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. CS00-00083 1212

insight | F5

Securing transformation With businesses demanding more and more from their IT departments, data centres around the world are being transformed into much more agile entities.

Data centres across the world are undergoing massive transformations. Line-ofbusiness executives are making more demands of IT than ever before, and they’re asking for real innovation in order to drive the business forward as well as standard network upkeep. Because of this, IT managers have found that their ageing legacy systems are unable to keep up with business—and customer—demands. “Agility” is the buzzword currently surrounding data centre transformation. And according to Sudhir Sanil, SE Manager, Middle

The Link | September 2013

East, F5 Networks, achieving data centre agility is imperative to success. He defines the term as “reducing complexity, consolidating, replacing static connections with dynamic ones, stream-lining processes, and automating tasks.” It sounds simple enough, but Sanil believes that businesses running on ageing legacy systems—as many do—face significant hurdles in their quests to be more agile. “Historically, traditional data centres focused on managing dedicated IT resources—servers, applications, and storage—

www.computerlinks.com

and making these resources appropriately available to various users such as branch offices, mobile users, and external clients,” he explains. “To negate the design constraints of traditional data centers, designers built intelligence into the clients and resources themselves into storage, applications, and servers. This dispersion of intelligence makes it very difficult for the infrastructure to adapt to change, or to re-use services, because modifications in any individual element affect the whole. The infrastructure locks

users, applications, and data into fixed, rigid relationships. “Unfortunately, IT often expends the bulk of its efforts maintaining and operating existing systems. Adding new applications or services in such an environment can take months or even years, pushing IT deliverables further out of alignment with business needs.” Sanil says that, if the IT department’s goal is to increase agility while at the same time reducing costs, reworking a traditional legacy system will often result in the opposite happening.

Doing more with less So what can enterprises do when they’re tasked with using IT to drive business, particularly if their ageing legacy systems will work against them? According to Sanil, F5 recommends what he calls a “transitional approach”— whereby improvements are made to the data centre incrementally. He advises starting small by upgrading singular aspects of the existing infrastructure—ones that won’t cause any disruption. This means that the data centre will eventually become more flexible, and, with F5’s help, it allows for any multi-vendor strategies to stay in tact, he says. “F5’s extensive investments in integration and testing ensure new solutions are compatible with

manage, many in the Middle East have looked to virtualisation as the answer to their problems. Sanil describes virtualisation as the key enabling technology on the path to cloud computing, and he believes that it can promise everything from reduced complexity and unlimited scalability to capacity on demand and CAPEX savings. It might be a big job to migrate a large legacy system to a virtualised one, but it’s certainly worth thinking about, given the benefits. That said, Sanil warns that virtualisation requires a strategic approach. Those exploring it need to address which users, devices and tools are most likely to affect the infrastructure. However, he says, F5 does provide help in

“F5 provides purpose-built solutions that focus on virtualising all aspects of the infrastructure that affect application delivery—providing total control over flexible resource management.” current infrastructure. Further, this model can be designed up-front with a view to the whole, and then rolled out incrementally over time through a series of individual yet interlocking solutions,” he explains. In the Middle East, such upgrades are already happening, according to Sanil. He says that many F5 customers in the region have gone about improving their high availability services, their acceleration services and their security services. The virtual world To make all of this easier to

deciding how to proceed when it comes to virtualisation. “F5 provides purpose-built solutions that focus on virtualising all aspects of the infrastructure that affect application delivery— providing total control over flexible resource management. By designing and deploying the right virtualisation solutions, you can make more efficient use of your entire application delivery network,” he explains. By using such methods in infrastructure design, Sanil believes that the Middle East is starting to move toward a service-centric, or cloud-based,

approach. This is particularly true of small and medium businesses (SMBs), as they do not have the resources—or need—to build up massive physical infrastructures. Unlike larger enterprises, SMBs will accept the issues surrounding security and compliance in return for large cost savings. “Consumers and small business will spend more than medium and large companies. Issues of compliance, governance, security and data protection will act as a break on spending for medium and large companies,” Sanil says. “Managed services companies will be most successful in the SMB area by addressing the issues of compliance, data security, et cetera.” The security problem The final piece to the puzzle is how to secure this newly transformed data centre. In recent years, many businesses have adjusted their infrastructures solely to enable more effective security. This is because the growth of sophisticated and targeted attacks has become exponential, meaning it has become imperative to build highly secure networks. And part of having an “agile” infrastructure is being able to address security concerns without affecting the functionality of the network, according to Sanil. “Every CIO’s top concern is to protect their customer information, infrastructure and applications from the modern complex treats and cyber-attacks and provide secure highly available online and mobile applications services. The increasing sophistication, frequency, and diversity of today’s network attacks are overwhelming conventional stateful security devices at the edge of the data centre,” he says.

Sudhir Sanil, SE Manager, Middle East, F5 Networks

“Agile organisations are converging security services to address the three primary vectors of the modern data centre threat spectrum: Traditional network attacks, complex DDoS attacks on HTTP and DNS, and applicationlevel vulnerabilities.” Indeed, F5 is now focused on providing converged application security solutions in the Middle East, according to Sanil. He says that F5 can secure access to applications and data from anywhere while also protecting the applications wherever they reside. “Delivering an intelligent services platform deployed at strategic points in the network, F5 helps businesses protect critical resources and minimise interruptions. This highly scalable and extensible approach maximises security through simplicity, integrating market-leading application delivery, monitoring, and context-based policy enforcement,” he says.

www.computerlinks.com

F5 AT GITEX Visit F5 Networks in Hall 6, CLD-11 to learn more about its technologies.

September 2013 | The Link

interview | checkpoint

All checked out Ram Narayanan, Security Consultant, explains what threats organisations are faced with in the modern age, and how Check Point can help to defend against them. Targeted zero-day attacks garnered a lot of headlines at the beginning of this year, but have been making less noise in recent months. Is this because hackers are finding less zero-day flaws, or is it because organisations have stepped up their defenses against zero-day attacks? Certainly not - hackers are exploiting zero-day vulnerabilities, unleashing attacks almost daily. Most of the APTs (advanced persistent threats) associated with phishing attacks use zeroday vulnerabilities. Letâ&#x20AC;&#x2122;s take this simple example: Why Java-related

The Link | September 2013

www.computerlinks.com

vulnerabilities are exploited. Almost 3 billion devices run Java and 93 percent are not up to date. So hackers are using zeroday vulnerability as a platform to launch targeted attacks. Even in the past, when targeted attacks happened, it took months before enterprises could understand they were attacked. One study shows that it takes an average 245 days for such attacks to be detected. On the other hand, organisations are also becoming aware and taking note of the fact that they need to build their defence against this aspect of attack vector. Check

Pointâ&#x20AC;&#x2122;s Threat Emulation solution provides immediate protection against zero-day vulnerabilities before they enter the network. What are some of the general threat prevention techniques that organisations are implementing today? Organisations are realising the fact that, due to the dynamic nature of threats and the need for doing business securely, they are making responsible and sustained investments in IT security solutions to add layers of defence to their existing architecture. In this regard, the first step companies took is deep packet inspection, and they invested in solutions like intrusion prevention systems (IPS) and scanning incoming traffic at the network level with the help of network anti-virus. With adoption of Web 2.0, they understand the need for Web security and

EMC2, EMC, RSA, the RSA logo, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. ÂŠ Copyright 2012 EMC Corporation. All rights reserved.

Interview | checkpoint

and allowing access to business data and securing the device itself. I think organisations would benefit from taking an approach of protecting business data on the devices and isolating devices from their business network. When it comes to mobile platform, the security policy should follow the data. So the focus should be to protect the data and securely share it. Secondly, when it comes to protecting endpoints, there should be a holistic approach.

investing in solutions that will allow them to control what applications are allowed in their network. With APTs and targeted attacks, organisations do realise the need to protect themselves from botnets and they are looking for anti-bot and emulation technologies. What kinds of technologies does Check Point offer in this area? As a market leader in IT Security, Check Point has always been at the forefront in providing solutions for organisations’ needs. Check Point Threat Prevention solution includes IPS, network anti-virus, anti-bot and Web security, which includes both application control and URL filtering. Check Point IPS provides 99 percent protection as per the latest NSS lab report. Check Point offers its customers benefits from real-time updates and configuration advisories. Check Point understood that, in today’s Web 2.0 scenario, there is a very thin divide between applications and URL and hence unified them to provide holistic Web security. Check Point provides the largest application library of over 5,000 Internet applications and 250,000 Web2.0 widgets. With 100 million URLs categorised, it allows organisations to easily and effectively control access to sites while enhancing user productivity. Check Point’s unique User Check technology engages employees in the decision-making process, while educating them on risks and usage policies, which our customers are very happy about. With the addition of Threat Emulation, Check Point is able to truly provide a complete threat prevention solution. How does the next-generation firewall tie into this? Companies are looking to consolidate their network

The Link | September 2013

Ram Narayanan, Senior Security Consultant, Check Point

infrastructure to achieve less complexity. This shift towards reduced complexity is echoed when we meet enterprise customers citing simplification as a top IT objective. Integrated intrusion prevention, application identification and granular control based on user identities are functionalities nextgeneration firewall is able to offer on top of stateful packet inspection. There are three primary reasons (application access, mobility and the evolving threat landscape) why nextgeneration firewalls make sense as organisations build and secure their environments for the future and go beyond looking at IP addresses, ports and protocols for classifying and controlling network traffic. Meanwhile, the mobile malware scene has exploded over the past couple of years, with most cybercriminals targeting the Android operating system. What can organisations looking to adopt BYOD do to keep their networks safe from these threats? Yes, this is posing a great risk to organisations. Currently, IT security teams are in a spot to find a balance between security

www.computerlinks.com

Does Check Point foresee strong growth in mobile security solutions because of the adoption of BYOD? Check Point foresees organisations will look for securing data on the mobile devices with the adoption of BYOD. Mobile information protection will be an approach organisations will take and they’ll secure business data on these devices. Check Point Document Security is a solution to secure documents and share them securely. Secure Container will help in isolating business data from personal data on these devices and the organisation will effectively be able to contain business data within this space. In the current marketplace, we have many point solutions towards endpoint security, DLP (data loss prevention), rights management and MDM (mobile device management). Check Point is offering its Mobile Information Protection solution as an integrated solution covering all aspects of mobile security Aside from mobile and general threat prevention, what else should IT teams be worried about at the moment? Organisations are investing a lot of security solutions, but still they are not sure about their security posture – why? It is because of the

lack of visibility. What they should be looking into is how they are going to correlate all the information. Today, just monitoring will not help - instead they should be looking at a comprehensive analysis of logs and understand what is happening on their network. Distributed Denial of Service (DDoS) is something they should protect themselves from. What big security trends are you noticing at the moment? Security in the cloud as it becomes mainstream, zero-day threats being used as an exploit for APTs, securing data on mobile devices, virtualisation of security and DDoS are some of the information security trends and vulnerability warnings noticed. For better security, organisations are consolidating their security architecture. Next-generation firewall and next-generation threat prevention solutions are helping them to take steps in that direction. What advice would you give to someone who has suddenly found the budget for a big security upgrade? When they have a big security upgrade budget, they should invest in solutions that will fill the gaps in their current security architecture. They shouldn’t be doing a like-for-like upgrade, but instead look for consolidation options. If they are looking for a firewall upgrade, look for nextgeneration firewalls. To protect themselves from targeted attacks, they will invest in threat prevention solutions that include anti-bot, threat emulation and comprehensive Web security. If data security is a top concern, they should invest in a DLP solution. In the end, it will be based on risks that exist and an objective decision of which solutions will help.

Insight | RSA

Game changer With preventative security solutions increasingly failing to block threats, RSA believes that a more holistic approach to network security is needed. If any of the recent threat reports—which are peddled by dozens of technology vendors across the globe every year—are anything to go by, cyber-attacks are more sophisticated now than they’ve ever been. What’s more, the number of businesses and people that they’re affecting continues to grow. Couple this with the fact that IT pros are taking longer and longer to discover breaches in their networks, and it’s clear that the traditional approach to network security needs to change. Alaa Abdulnabi, Regional PreSales Manager, RSA, explains the problem, citing numbers from the recent 2013 Verizon Data Breach Investigations Report. “The metrics that are very attractive to look at comprise of two main things. The first one is that a huge percentage of attacks or breaches always leads to data compromise. That means we’re losing the battle almost every single time,” he says. “The other metric is 66 percent of attacks are taking researchers longer to discover and 69 percent

Alaa Abdulnabi, Regional Pre-Sales Manager, RSA

The Link | September 2013

www.computerlinks.com

are discovered by external parties, which means that organisations have little ability or capability to actually detect if they’re breached until it’s too late.” According to Abdulnabi, this issue has come about because businesses have been spending too much on preventative technologies without considering the importance of monitoring, visibility and incident response. He says that RSA has been trying to change this state of affairs so that organisations

breach occurs, instead of simply hoping to protect the network perimeter. “What we need is a balance of budgeting, let’s say, in terms of spending on security solutions that are focused on monitoring and visibility and also incident response. This means something that gives organisations the visibility they need to detect more quickly, and then obviously that will allow them to better leverage their existing preventative technology, which will then block more

"Today we've created a platform that actually aggregates logs as well as network traffic, reconstructed into a human-readable format, which is also fused with threat intelligence, along with other contextual data." can defend themselves against cyber-threats more effectively. “Traditionally organisations have, up until now—and this is what we’re trying to change a little bit—spent most of their money on preventative technologies,” he says. “Yes, preventative technologies are needed, but there needs to be a balance, because the Verizon report and other statistics show that, with all the technologies that we have, we’re still not able to prevent the attacks.” Abdulnabi says that a cybercriminal can always find a way in to an organisation’s network— either by chance or by intent. This means that organisations need to have contingencies in place for when—rather than if—a

effectively. There is also a need for proper incident response—in the case an organisation gets breached, how would they bounce back from it? How would they react? Where should they prioritise their investigation and containment efforts? Of course, RSA has its own solution to answer these questions, and it comes in the form of RSA Security Analytics, which was launched at the beginning of 2013. Abdulnabi says that the solution tackles the idea of network visibility in a comprehensive manner— while also making use of threat intelligence to ensure even the latest threats can be detected quickly. It is also based on Big Data architecture; meaning

network traffic and other security information such as security logs—no matter how large— can be viewed in real time. The architecture also makes investigations much easier than before. “Real visibility from a traditional SIEM perspective used to be concentrated on gathering logs. And we found out that logs are useful and interesting from an investigation point of view, but most of the time, they’re not enough because they provide a discontinued visibility,” says Abdulnabi. “Today we’ve created a platform that actually aggregates logs as well as network traffic, reconstructed into a humanreadable format, which is also fused with threat intelligence— external and internal—along with other contextual data such as asset criticality. It all comes in one platform that gives you quick identification or quick context around a certain event, so it allows you to validate what’s really going on in real time.” This sort of solution would balance out the bias in spending that preventative solutions enjoy, Abdulnabi says. He assures that RSA isn’t looking to replace of preventative solutions—it simply wants to close the visibility gap so that organisations better use what they have. “Eyes do not replace arms and legs—they simply allow the whole body to function better. This is what comprehensive visibility achieves for the overall security system,” Abdulnabi says. “I would say that it’s a 70 percent spending on preventative solutions. We are now trying to change the idea

to go with more of a balanced approach, maybe spending a third on preventative, and another third on monitoring and visibility and maybe a third on incident response. That would be the ideal security structure moving forward,” he says. But do Middle Eastern businesses really need to worry about such advanced threats in the same way that, say, a Fortune 500 company might? According to Abdulnabi, cybercriminals will simply go where they can get in, meaning the region could contain plenty of prime targets. What’s more, he says, political “hacktivism” plays a large part on the region’s cyber-security stage. “In the region, we have been targeted by one of the most sophisticated ones over the last—I would say—two or three years. We’ve witnesses Stuxnet, we’ve witnessed Gauss, and we’ve witnessed Shamoon. We’ve seen attacks on the oil and gas industry, and attacks on financial sectors. The Middle East region is no stranger to this—it’s actually one of the most deeply and heavily involved regions in this.” Being what Abdulnabi calls “breach-ready”, then, seems to be just as important—if not more—in the Middle East as it is anywhere else in the world. As Abdulnabi says, the increasing number of cyber-attacks constitutes a problem that is not going away, so organisations need to be prepared for the worst. “The good news is that we can be ready to deal with this,” he says. “You just need to basically turn to a trusted advisor, and RSA is one you can definitely rely on.”

www.computerlinks.com

September 2013 | The Link

Interview | sophos

Unified defence

With its Unified Threat Management (UTM) solution, Sophos is offering the small-to-medium business an easy and effective way to keep cyber-attackers at bay. Lutz Linzenmeier, Technical Director, Network Security Group, Sophos, explains more.

What kinds of threats are businesses faced with these days? Currently, it’s a little bit surprising. It’s still the same things we have been recognising for years, and even older techniques are coming back. So we are still talking about malware, viruses, spam issues, and we’re talking about phishing. The old techniques are coming back and they are used in a more modern environment, using stateof-the-art communication tools like the social stuff and so on. We are still seeing things like spyware tools, software that is trying to take over via command and control mechanisms. You can still download fake anti-virus and such, and ransomware is another topic

The Link | September 2013

www.computerlinks.com

that’s still happening. But how these things are getting deployed are a little bit different to what it was 10 years ago.

targeting people one by one. I think organisations and, even more, governmental areas are very heavily under risk nowadays.

Are cyber-criminals targeting businesses or end-users? Oh they’re targeting both. They trying to get into small and midsized environments especially— production companies, for example, where they try to get knowledge about new materials and new products. They are targeting private people as well, but they are focusing on organisations because they can get more credit card details if they’re hacking an online shop, for example, than if they were

Would you say that unified threat management is the answer, then? Yes it is—especially the Sophos UTM. It’s always taking great care to take a look at the situation— what is happening, where the risks are, how the bad guys are changing their business. And we are adding the security functionalities and protection features that we need to protect our customers. If you think about UTM, everybody normally has in mind that it’s protecting the

VPN VPN

EMAIL EMAIL SCANNING SCANNING NEXT NEXT GENERATION GENERATION FIREWALL FIREWALL

WEB WEB FILTERING FILTERING WIFI WIFI

Sophos SophosUTM UTM When Whenthe theITITdepartment departmentisisjust justyou, you, get getITITSecurity Securitythat thatjust justworks. works.

Secure Secure your your Network Network with with complete complete antivirus, antivirus, next-gen next-gen firewall, firewall, Wi-Fi, Wi-Fi, andand web web server server protection protection with with oneone appliance appliance that’s that’s insanely insanely powerful powerful andand ridiculously ridiculously simple. simple.

www.sophos.com/unifi www.sophos.com/unifi ed ed

Interview | sophos

environment of an organisation in the headquarters, for example, or maybe in a brand if we add a VPN. But we should also be aware that the behaviour of people is changing as well. They are more mobile, they are running around the planet, doing their job wherever they are. What we need—and this also done by the UTM created by Sophos—is to make sure that we are protecting, for example, the laptops that people are using, wherever they are, in the same way as they would be in the head office or somewhere in the organisation. This is also a part that has to be solved by the UTM because the world is changing. How long has Sophos been pushing UTM? Sophos acquired the German company Astaro a couple of years ago. Astaro has been in the market since 2000, so it’s been 13 years. We have had huge customers in the Middle East area for eight or nine years. It’s not a new area for us. It would sound a little bit strange if we said that Sophos has been doing UTM for two years—it makes us sound like a newbie. But the product is accepted, it’s in the Gartner Leaders Quadrant, and it’s been around for 13 years—it’s quite well known to the market.

teams, they have the resources and they have the money. But everything below 5,000 users can work very, very well with UTM.

Lutz Linzenmeier, Technical Director, Network Security Group, Sophos

Do you see UTM becoming a standard for enterprises, kind of like the firewall is now? First of all, it depends on what an enterprise is. I know that the definition of an enterprise organisation is very, very different wherever you are—it’s different from region to region, or country to country. My definition is that an enterprise starts with 4,000 or 5,000 users, or more. If you go to bigger companies, the real enterprises, you normally have teams of security administrators or multiple people who are experts in security. They are normally tending to use point solutions, because they have the

"It's very important for SMBs to have an ease-of-use approach because they sometimes have a single administrator, or maybe even a half-administrator."

The Link | September 2013

www.computerlinks.com

In terms of finding a good UTM, what do you think people should be looking for? They should take a look at their environment and their needs. And then they can decide on what points that want to have solved. They have to talk to people who are experts in security because the standard SMB customer isn’t focused on security. People should ask for some help from a consulting company or from a reseller or vendor. Altogether, they should find a solution that really meets their requirements. Additionally, to the few who are looking feature-wise, it’s important to take care. It’s very important for SMBs to have an ease-of-use approach because they sometimes have a single administrator, or maybe even a half-administrator. Maybe he has one afternoon for security, and that really makes it necessary to have an easy-to-understand and intuitive solution where he feels home even if he’s just taking three hours a week to look at it. That’s very important, otherwise he will get lost. How is the Sophos UTM updated to keep new threats at bay? Behind the security intelligence of the Sophos UTM, we have Sophos Labs, which is a big part of the Sophos organisation. It’s located around the globe to be always, 24-hours-a-day up to date with what is happening in terms of attacks and malware

worldwide. The Sophos UTM itself is getting updated as a default each 15 minutes, so automatically, each single appliance in the organisation is asking four times an hour for an update for the IPS engine and the anti-virus engine and so on. There’s no work that the admin has to schedule or have in mind. What kind of budget will an SMB have to put aside for this protection? It’s very complicated to define because it depends really on a couple of factors. It depends on how big is the small or mid-size business, how many people are working there, how big the Internet connectivity is, and, very importantly, how many of the features offered in the UTM the customer is interested in. We follow the theory that people are only paying for things that they are really using.

SOPHOS AT GITEX "We’ve been doing GITEX very successfully in past years, and we’ve been there with Astaro, the UTM. It’s very well known to visitors and we happy to see all our customers and partners there. We will have our own booth, and we will show the Sophos UTM and other Sophos products with demo points. People can try out what’s happening, we will have technicians on site to talk to the people. I will also be there to meet all the great contacts I have collected in the past years. We spend a lot of effort on Gitex because we really believe that the Middle East is, as it has been in the past, a very important market for us."

Traffic Visibility Fabricâ&#x201E;˘ from Gigamon

See it all, control it all.

visibilityfabric.eu

Insight | Gigamon

All-out visibility As organisations across the region look to overall network visibility to help them secure their networks, Gigamon’s Visibility Fabric Architecture is gaining serious popularity.

As part of its drive to supply partners with the latest new security technologies, Computerlinks has been scouring the globe for what it believes are some of the most interesting vendors for the region. One of these vendors is Gigamon, which provides intelligent traffic visibility networking solutions. Partners have reacted to Gigamon’s solutions with

The Link | September 2013

fanfare—and with good reason. The technology provides unheard-of network visibility without affecting the performance or stability of the environment, meaning they can now offer their customers much more when it comes to network security. “It’s about having a broad, holistic view of your network infrastructure,” says Vijay Babber, Senior Sales Engineer, EMEA,

www.computerlinks.com

Gigamon. “With our solutions, you can view all of your incoming and outgoing network traffic and analyse it without affecting performance. No-one else really does anything like this.” The big selling point about Gigamon’s solutions is that they are scalable to thousands of connections, making them ideal for large enterprises, government organisations and even service

providers. No matter how big the customer goes, he or she still gets superb visibility into network traffic, wherever it’s going on the network. At the heart of the technology is Gigamon’s Visibility Fabric Architecture, which delivers traffic visibility from across the physical and virtual network environments to centralised tools that manage, analyse and secure

the network. But why is network visibility so important? According to Babber, organisations are looking to visibility as an essential tool in securing networks. And they’re turning to companies like Gigamon to help them achieve it. “The traditional approaches offer very limited filtering capabilities, and it’s difficult to get the kind of visibility that organisations want without implementing, at great cost, various amounts of tools. What we do is bring it all together into a single, unified solution that gives you ultimate visibility over your network,” he says. According to Gigamon’s Enterprise Strategy Group Report, there are a number of drivers behind organisations’ desire for simplified yet more powerful network visibility. Thirty-six percent of respondents to the report said they cannot provision mirror/SPAN ports fast enough, while 38 percent have security or monitoring tools that can’t keep up with demand. What’s more, 48 percent said they have tools that need too many connection ports. It all points towards a desire for a simpler way of doing things. But Gigamon’s solutions aren’t just about ease of use—the vendor offers real performance.

Enabling Visibility as a Service Gigamon recently announced an update to the Management Layer that enables network services teams to deliver visibility across departmental silos within the organisation. Organisations will be able to virtualise the Visibility Fabric architecture through an update to Gigamon’s patented Flow Mapping technology, equipping network administrators and services teams to deliver Visibility as a Service to departmental tenants. These tenants, who include various IT operations teams, will have the power to dynamically change monitoring and traffic visibility policies on a per-organisation or per-tenant basis without impacting other departmental monitoring polices and while maintaining compliance and privacy. “The notion of multitenancy has made its way from the public cloud space into

Its Visibility Fabric Architecture, made up of the GigaVUE family of fabric nodes, can aggregate, filter, replicate or modify traffic to

"The traditional approaches offer very limited filtering capabilities, and it's difficult to get the kind of visibility that organisations want without implementing various sets of tools."

enterprise IT infrastructure as well,” said Shehzad Merchant, Chief Strategy Officer at Gigamon. “This solution enables network administrators and services teams to virtualise the Visibility Fabric and offer Visibility as a Service to the different IT departments. Gigamon’s latest release of its GigaVUE H Series software, Version 3.1, contains enhancements to Flow Mapping as well as includes support for role-based access control and advanced workflows for independent and concurrent monitoring policy configurations. The release will enable enterprises to offer Visibility as a Service to internal IT tenants. With these capabilities, IT Operations teams will be empowered to access and control their own configurations in the Visibility Fabric architecture, allowing them to simplify and optimise their

monitoring infrastructure, while increasing efficiency and reducing OPEX. “ESG research indicates that almost half (48 percent) of the enterprises actively consolidating data centres are creating multi-tenant environments to support different business units and another third (32 percent) are planning to create multitenant environments—a sign that enterprises are starting to act like service providers in that they are servicing internal tenants,” said Bob Laliberte, Senior Analyst at the Enterprise Strategy Group. “With enhancements to their Flow Mapping technology, Gigamon is enabling this transition and allowing different IT operations teams to carve out their own slice of the Visibility Fabric and manage it independently to improve business processes.”

centralised management, analysis and security tools. In the Middle East, the technology is catching on fast. Bebber says that the vendor has seen interest from all sorts of organisaions, and there are still plenty of untapped opportunities to take advantage of. “We’ve had strong interest from government entities and the regional carriers,” he says. “Or just about anyone who wants real visibility into their large networks. There are several deployments

across the Middle East, and we foresee strong growth in the coming year. It’s definitely a growth market for us.”

GIGAMON AT GITEX At GITEX 2013, Gigamon will be participating in the Compuerlinks stand, showcasing its GigaVUE portfolio of high availability and high density products. The Computerlinks team will also have live demonstration kits for Gigamon’s soliutions.

www.computerlinks.com

September 2013 | The Link

Interview | McAfee

The new necessity The Link catches up with McAfee’s Regional Director for MENA, who says that the Middle East is now waking up to the fact that security is no longer an optional extra for organisations—it’s a necessity. So what has McAfee been up to over the last 12 to 18 months? In general, McAfee has been growing quite a bit over the past eight quarters in a row. We’ve been doing double-digit growth every quarter, and that’s really a sign of the maturity of the market within the MENA region toward security. McAfee itself has also been very strong in completing the portfolio of the security landscape, which gives it a position to be a leader in that space. We are a unique security vendor that really tackles security from all aspects, whether it’s networking, whether it’s on the cloud, whether it’s on

The Link | September 2013

www.computerlinks.com

endpoints, or even on the mobile applications. It’s a kind of fullconnectivity story that ties up together to give our customers— whether they’re on an enterprise level or SMB or even consumer— to be fully protected. Do you see your strong growth as sustainable going forward? I think security is a must—it’s no longer an option. And that is definitely a trend that people are taking. Businesses cannot afford to be discontinued, major infrastructure cannot be stopped or else services to normal people will be affected. Yes, I do see growth continuing, and I think that

security is really being taken more seriously in this region, therefore it’s inevitable that we can still see this growth path. That sort of growth might not be seen in other regions, so is the Middle East a big growth area? For McAfee particularly, the answer is yes. Obviously, we are part of the emerging market, which is where the typical growth comes in. I think also that we have a very strong team here in MENA, which also puts us in the spot of really growing ahead of other emerging markets. And that explains why we are putting more investment toward the region.

You mentioned before that security is a massive market, but it’s very crowded and lots of vendors are competing for customers, so why should people go with McAfee? Number one is because McAfee really plays on every vector. We’re not really talking about just one solution—you are as weak as your weakest link. Let’s assume that you’re an enterprise corporate, and in your enterprise, you’re not just looking for one area of security— you really need to secure your total infrastructure. With that in mind, you need to have a company that really plays on multiple vectors within your infrastructure. Number two: You need to have a centralised management approach in order to lessen the cost and to benefit from the intelligence that you get with it. McAfee is in the unique position in that it’s the only company that really has the full landscape of security. You can find a lot of competition on a single solution basis, but you’ll never find a company who has really comprehensive solutions that can give you an overall, 360-type of approach to a customer.

there’s enough awareness of the threat landscape and the seriousness of security threats? We have just started to scratch the surface, I think. There is a certain understanding and knowledge at the high end, but it’s not really cohesive—it’s not from top to bottom. You may find variants in understanding and knowledge, so there’s room for improvement to bring this up.

If you were to create a profile of the standard Middle East IT executive, do you think that

We’ve spoken about the region as a whole, but do you see countries within the region

What about the human factor? You can invest in all these security solutions, but all it takes is for someone to open an attachment. Does that come down to user awareness, or do you provide training on these sorts of things? The human factor is very critical— it’s not only the technology that does the work. Yes, we do train our channel partners, and we train our customers as well, on multiple aspects—not just from a product perspective but also on security as a whole. We do more of a comprehensive view—even for the community. In our employee off-time, we try to go to schools and educate students at a young age—things like how you protect your password, et cetera.

"I think security is a must—it's no longer an option. And that is definitely a trend that people are taking. Businesses cannot afford to be discontinued, major infrastructure cannot be stopped."

That’s when people really get alerted sometimes, unfortunately. As I said, you’re as weak as your weakest link. With what we have seen in malware growth and multiple aspects of hacktivism, cyber-crime and cyber-armies, it’s all really contributed to the growth of the market of security. Those are the facts—we are talking about huge areas. On mobile, by itself, we’ve seen about 18,000 new pieces of malware just in Q2 2013, and malware has grown to about 18.5 million just in Q2 as well. This will bring us to about 147 million pieces of malware that we have accumulated in total. Amir Akhtar, Head of Services, MEA ana Hamed Diab, Regional Director, MENA, McAfee omputerlinks

reacting differently to threats? I think we have seen the UAE as being the leader of the pack when it comes to understanding the need for security. But we’ve also seen a lot of other countries within the GCC region following the same path. I think this came either from a necessity—after people have been under attack, they understand how much and how urgently security is needed within their infrastructures, and therefore they expedite the process. You’ll find people who are more proactive in some countries, rather than the reactive ones in other countries. When there are big, highly publicised breaches, such as the Aramco one, it’s obviously not something you want to see. But do events like this help to boost business? When a customer reacts to a problem, it takes media space.

Roughly speaking, how many organisations in the region would you say employ a dedicated CSO? Would you like to see more CSO positions in the Middle East? I think that this is part of the focus of the organisation. If you see a CSO in an organisation, you see that they’re more understanding towards having security as a standalone business unit. But that’s rare. Yes, it is helpful to see the incremental positioning within a large corporate organisation to really have the CSO. Then you understand that these people are very focused and they understand that security is a major part within their business.

McAFEE AT GITEX At GITEX 2013, McAfee will be showcasing its Advanced Threat Defense solution, as well as its Next-Generation Firewall by Stonesoft, a firm McAfee recently acquired. Visit Hall 1, A1-4, to learn more about the vendor's new technologies.

www.computerlinks.com

September 2013 | The Link

NEWS updates

F5 announces Q3 2013 results F5 Networks recently announced revenue of $370.3 million for the third quarter of fiscal 2013, up 6 percent from $350.2 million in the prior quarter and 5 percent from $352.6 million in the third quarter of fiscal 2012. GAAP net income for the third quarter was $68.2 million ($0.86 per diluted share) compared to $63.4 million ($0.80 per diluted share) in the second quarter of 2013 and $72.3 million ($0.91 per diluted share) in the third quarter a year ago. Excluding the impact of stock-based compensation and amortization of purchased intangible assets, non-GAAP net income for the third quarter was $88.4 million ($1.12 per diluted share), compared to $84.7 million ($1.07 per diluted share) in the prior quarter and $90.6 million

($1.14 per diluted share) in the third quarter of fiscal 2012. A reconciliation of GAAP net income to non-GAAP net income is included on the attached Consolidated Statements of Operations. “Results for the third quarter exceeded our expectations,” said John McAdam, F5 president and chief executive officer. “Strong sales in the Americas led to a 6 percent sequential increase in both product and overall revenue. “Product sales during the quarter were driven by growing demand for our BIG-IP 4000 appliances and our new entrylevel BIG-IP 2000 series. In late June, we released our new midrange BIG-IP 5000 and BIG-IP 7000 series appliances, and initial customer response has been very encouraging.

McAfee Labs Q2 Report finds mobile threats rebound

McAfee Labs today released the McAfee Threats Report: Second Quarter 2013, which found that Android-based malware achieved a 35 percent growth rate not seen since early 2012. This rebound was marked by the continued proliferation of SMS-stealing banking

The Link | September 2013

malware, fraudulent dating and entertainment apps, weaponized legitimate apps and malicious apps posing as useful tools. McAfee Labs registered twice as many new ransomware samples in Q2 as in Q1, raising the 2013 ransomware count higher than the total found in all previous

www.computerlinks.com

periods combined. The second quarter also saw a 16 percent increase in suspicious URLs, a 50 percent increase in digitally-signed malware samples, and notable events in the cyberattack and espionage areas, including multiple attacks on the global Bitcoin infrastructure and

revelations around the Operation Troy network targeting U.S. and South Korean military assets. “The mobile cybercrime landscape is becoming more defined as cybergangs determine which tactics are most effective and profitable,” said Vincent Weafer, senior vice president, McAfee Labs. “As in other mature areas of cybercrime, the profit motive of hacking bank accounts has eclipsed the technical challenges of bypassing digital trust. Tactics such as the dating and entertainment app scams benefit from the lack of attention paid to such schemes; while others simply target the mobile paradigm’s most popular currency: personal user information.”

BECAUSE THE BAD GUYS NEVER SLEEP, WE NEVER SLEEP. Ah, the thrill of the hunt. Eradicating the dangers before they get dangerous. Inventing new security measures before they become necessary. At McAfee, we live and breathe digital security. Our job is to stay one step ahead of the bad guys. It’s because we never sleep, that you can sleep better.

www.mcafee.com/smarter

Visit us @ Hall # 1, A1 - 4