Security Advisor Middle East | Issue 15

ISSUE 15 | MARCH 2017 www.securityadvisorme.com

DIRTY TRICKS HOW TO DETER SOCIAL ENGINEERING ATTACKS

Mobile risks

Cloud security Doxware

WE ENSURE YOUR BEST-KEPT CORPORATE SECRETS REMAIN JUST THAT.

Corporate cyber espionage threatens to compromise everything an enterprise stands for. The ability to intercept an attack can make all the difference between success and failure. At DarkMatter, the world’s brightest minds are helping the region’s largest companies stay ahead of evolving cyber threats. Whatever the scope, scale and sensitivity of your work, we offer the full spectrum of solutions to safeguard your crown jewels. Take your first step towards genius: contactus@darkmatter.ae

STRATEGIC INNOVATION PARTNER

STRATEGIC PARTNER

CONTENTS

FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) PUBLISHING DIRECTOR Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119 PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 440 9159 Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh

06

THE GATEWAY FOR MALWARE

Security Advisor ME investigates how comapanies can

identify social engineering attacks and avoid falling prey to them.

12

MITIGATING MOBILE RISKS Industry experts list the key steps to take when developing a corporate mobile security policy.

Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100 Published by

14

Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of

© Copyright 2017 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for

any errors therein.

18

FINE PRINT HP Inc.’s Stephane Rogier on the importance printer security. SECURING DNS INFRASTRUCTURE Infoblox’s Ashraf Sheet speaks about how protecting your DNS infrastructure against malicious domains.

28 32

38

DEALING WITH CYBERCRIME HID Global’s Marc Hanne shares different best practices in fighting back against threat actors. SECURE SPACE Ben Bernstein, CEO, Twistlock, shares six runtime threat detection and response tips for container security. AUTHENTICATION IN CONTEXT Robert Haynes, Marketing Solutions Architect, F5 Networks, sheds light on the benefits of authentication solutions.

NEWS

F5 NETWORKS NAMES NEW DIRECTOR FOR GULF, LEVANT AND NORTH AFRICA F5 Networks has announced the appointment of Taj El Khayat as its new Director for the Gulf, Levant and North Africa region. Tah Elkhayat, Reporting directly F5 Networks to Diego Arrabal, Middle East and Africa VP, F5 Networks, El Khayat will lead a team comprising of salespeople, channel staff, and system engineers focused on consolidating F5’s position as the region’s leading application delivery company. In particular, there will be a strong emphasis on security and multi-cloud projects. He joins F5 from Riverbed, where he was the Regional Vice President for Middle East, Turkey and Africa, helping the company establish their leadership in the region as one of the leading application performance platform technology providers, while driving consistent growth and increasing market footprint. “I am honoured to join F5 Networks, and be part of a successful and striving region at a time where the market is rapidly embracing cloud and implementing their digital transformation strategies,” said El Khayat. “We already have a fantastic team in place, and I look forward to partnering with them to empower businesses and our F5 channel to expand in new and dynamic ways, delivering the applications that matter – anywhere, at any time, on any device.”

$1.8

million

average cost of a successful spearphishing attack 4

03.2017

GEMALTO, MICROSOFT PARTNER TO SECURE WINDOWS 10 DEVICE Gemalto has released its latest On Demand Connectivity and eSIM technology for Windows 10 devices, in partnership with Microsoft. Gemalto’s release is compliant with the latest specifications and guidelines for remote SIM provisioning as laid out by the GSM Association (GSMA). The two companies have teamed up to allow end-users to have a secure and ubiquitous connectivity experience. Gemalto’s On-Demand Connectivity subscription management solution, together with Windows 10 native eSIM support enable consumers to seamlessly manage the connectivity experience of their devices. The eSIM is designed to be remotely provisioned by mobile network operators with subscription information and is globally interoperable across all carriers, device makers and

technology providers implementing the specification. This Rodrigo Serna, technology will serve Gemalto as the framework devices of all shapes and sizes use to connect to operator networks. The first wave of devices with this technology is expected to be available to consumers this holiday 2017. “Gemalto has created a complete range of subscription management software and services to manage the eSIM life cycle in mobile devices,” said Rodrigo Serna, Senior Vice President of Mobile Services and IoT Americas, Gemalto. “We will continue to work closely with Microsoft and the GSMA to further these advancements while protecting the security of end users, who rely on their mobile devices to make everyday life easier.”

CITRIX STUDY: UAE SECURITY TECHNOLOGIES ARE OUTDATED A study by Citrix and the Ponemon Institute on IT security infrastructure found that less than half (40 percent) of UAE based respondents said their organisation has security policies in place to ensure employees and third parties only have the appropriate access to sensitive business information. Adding to their concern is that nearly 79 percent of business respondents said that some of their existing security solutions are outdated and inadequate. There is no one-size-fits-all security solution to address the threat landscape that businesses in the UAE face. Globally, billions of dollars have been invested into IT security solutions and increasing annual security budgets has been an

imperative. In fact, 99 percent of UAE respondents stated Arthur Dell, Citrix they will spend over a million dollars in 2017, however, many of the systems and people in place are still not able to handle today’s threats. Arthur Dell, Director, Technology Services, Middle East and Africa, Citrix, said, “The UAE’s constantly evolving cybersecurity threat landscape requires a new, more flexible IT security framework – one that extends beyond traditional fixed end-point security approaches to deliver threat detection and protection of apps and data at all stages. Citrix is committed to delivering robust solutions that are designed with data security in mind.”

www.securityadvisorme.com

MIMECAST LAUNCHES REPORT ON EMAIL SECURITY EFFECTIVENESS Mimecast has announced the launch of the Mimecast Email Security Risk Assessment (ESRA), an analysis report measuring the effectiveness of email security systems. The Mimecast ESRA testing to date has covered 23,744 email users over a cumulative 153 days of inbound email received into the organisations participating in the testing. This first report compiled the results of all assessments performed, in which more than 26 million emails were inspected by the Mimecast service. To complement this hands-on testing, Mimecast conducted research with Vanson Bourne on the state of organisations’ cybersecurity, their expectations and needs and what attacks they’ve seen increase. Findings were based on responses received from 800 IT decision makers and C-level executives globally. The research revealed that in the Middle East, 57 percent of organisation believe they will suffer a negative business impact from cybercriminal

activity in 2017. Further statistics for the Middle Ed Jennings, East reveal that around Mimecast 45 percent believe that the volume of untargeted phishing with malicious links attacks has increased. The report also revealed that email is the most likely method of ransomware infection in the Middle East and over 33 percent of organisations in the region have admitted to an increase in ransomware attacks. Ed Jennings, Chief Operating Officer, Mimecast, said, “As we’ve shared the findings with CISOs globally, they’ve been taken aback by the volume and type of attacks getting through their current email security solutions. The visibility this assessment offers is actionable, and is being used to reprioritise their current email security strategies. By launching the Mimecast ESRA, we are helping to establish the new standard of transparency for organisations while at the same time helping to raise the bar for the industry.”

‘RIPPER’ SERVICE HELPS CYBERCRIMINALS IDENTIFY SCAMMERS Threat intelligence firm, Digital Shadows, has identified a new service called Ripper, which cybercriminals use to protect themselves from being ‘ripped off’ by their fellow criminal cohort. Ripper has recently identified the 1,000th culprit that has failed to come up with the goods. Ripper. cc was formed in June 2016 and is the only known service to keep a database of known ‘rippers’ – those who rob others on the dark web and other criminal marketplaces. Digital Shadows has been tracking the service since its inception. “Ripper.cc is another example of the industrialisation of hacking and the

www.securityadvisorme.com

growing professionalism of cybercrime. If such a service becomes successful, it enables cyber criminals to significantly reduce the risks associated with rippers and the overall cybercrime economy can become more profitable allowing for further growth,” said Michael Marriott, security researcher at Digital Shadows. According to Digital Shadows, Ripper.cc is another example of the industrialisation of cybercrime. Services like this help negate a problem for cybercriminals – that when using marketplaces profits decrease for ‘legitimate’ buyers and sellers, and slow down transactions making cyberattacks less lucrative.

FORTINET PROMOTES CYBERSECURITY EDUCATION Fortinet has announced that they are providing universal access to their Network Security Expert (NSE) training and certification programme making it broadly available and free of charge. According to the cybersecurity solutions vendor, the public availability of the NSE programme is a massive step to engage a new generation of aspiring cybersecurity professionals by providing a gateway to attain the highly desirable and lucrative skills in the growing field of IT security. Fortinet will offer NSE programme level 1 courses to the public. The company will follow with NSE program levels 2 and 3 in the second quarter of 2017. Ken Xie, founder, Chairman of the Board and CEO, Fortinet, said, “Facing an increasingly hostile threat landscape, businesses are expanding investments in infrastructure security but struggling to source the increasingly rare talent needed to implement and operate their solutions. As an industry-leader, Fortinet believes it is our responsibility to foster the development and continuing education of cybersecurity talent and close the cybersecurity skills gap. Opening Fortinet’s Network Security Expert programme to the public increases access to educational resources and creates new opportunities for current and future IT security professionals whose skills will be critical to ensure the continued growth of the digital economy.”

03.2017

5

THE GATEWAY FOR MALWARE Even the savvy IT professionals are susceptible to social engineering scams. Here is how to recognise these attacks and avoid falling prey to them.

6

03.2017

www.securityadvisorme.com

COVER FEATURE

S

ocial engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Famous hacker Kevin Mitnick helped popularise the term ‘social engineering’ in the ‘90s, although the idea and many of the techniques have been around as long as there have been scam artists of any sort. Cybercriminals have long used phishing and other social engineering methods to trick their victims into providing access to confidential data, such as passwords or account numbers. But those techniques are growing in sophistication. “In addition to the tried-and-true method of sending legitimatelooking emails to unsuspecting victims, cybercriminals are now using social media and other popular platforms to launch their attacks. With many of these phishing schemes targeting employees, business leaders should be aware of

I am not certain how many new scams are around, but we certainly see the same techniques being reused in new forms. For an example, we recently received the usual request to verify account statements - this happens every quarter.” - Nicolai Solling, CTO of Help AG

the risks that social engineering can pose to their operations, reputation and customers,” says Alejandro Milares, Risk Advisory Services Manager in Kaufman Rossin. While your business may invest heavily in its information security infrastructure, such as firewalls and antivirus software, these measures may not be adequate for mitigating the risk of social engineering attacks. If you want to protect your company from cyber threats, do not underestimate the importance of the human factor, he adds. Social engineers were once

“There is no frame or limit to how far a social engineering scams or tricks might reach. It’s basically an attempt to exploit the trusting nature in us as humans. - Tony Zabaneh, Senior Systems Engineer at Fortinet

www.securityadvisorme.com

content to trick people with free offers or funny videos before unleashing their scams. Today, social engineering gangs have taken a darker turn toward strong-arm tactics, threats, emotional cruelty and dire ultimatums. SCAMS EMPLOYEES STILL FALL FOR You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness. According to Verizon’s 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails -- or the bad guys are finding more creative ways to outsmart users. 03.2017

7

COVER FEATURE

“I am not certain how many new scams are around, but we certainly see the same techniques being reused in new forms. For an example, we recently received the usual request to verify account statements - this happens every quarter. I recently also read of a phone scam where the attacker would call you and would trick you with a yes/no question - the call would be recorded and the audio bits edited to use your yes/ no answer to confirm some form of service subscription and subsequent billing,” says Nicolai Solling, CTO of Help AG. Tony Zabaneh, Senior Systems Engineer at Fortinet, says there is no frame or limit to how far a social engineering scams or tricks might reach. It’s basically an attempt to exploit the trusting nature in us as humans. An attacker may use any combination of ideas or tactics to extract whatever is sufficient for him/her to build an attack campaign. “Having said that, it’s becoming no secret that social engineering scams are getting more personalised every day. Attackers are usually able to gather information about victims using all possible publicly available information such as social media

“Establish an organisation wide policy and guidelines on how employees should respond to suspicious activities whether onsite, over the phone, or on the computer or mobiles.” - Marc Kassis, Cyber Security Director EMEA, Ingram Micro Company.

platforms, or even sometimes by carrying out a scam against a colleague that would share an internal information so the attacker would use it again against the primary victim,” he says. The consequences of a security breach caused by human error are bigger than ever. The number one attack vector for social engineering is through phishing attacks. “In most instances, the breach starts with a phishing email or vishing call, before turning in to a technical attack. Typically, there are several ways in which social engineering scams take form;

User awareness is of course helping your employees understand that these types of attacks are out there and to help them be more discerning and not believe everything is what it seems. - Matthew Gardiner, Senior Product Marketing Manager at Mimecast

8

03.2017

phishing where the hacker uses email to trick someone into giving them access to some kind of account or login or financial information; vishing, which is the same but through voice, such as a phone call; impersonation, which is done in person, on site; and smishing, which occurs through text message,” says Alex Hinchliffe, Threat Intelligence Analyst at Unit 42, Palo Alto Networks. How can you mitigate the risks of social engineering attacks? “Establish an organisation wide policy and guidelines on how employees should respond to suspicious activities whether on-site, over the phone, or on the computer or mobiles,” says Marc Kassis, Cyber Security Director EMEA, Ingram Micro Company. “Ensure that such policies and guidelines are clearly communicated to employees on a regular basis, and regularly conduct security awareness and training sessions to employees.” Matthew Gardiner, Senior Product Marketing Manager at Mimecast, says enterprises need a combination of technology, user awareness and compensating controls to make the www.securityadvisorme.com

HOW TO AVOID SOCIAL ENGINEERING SCAMS Social engineering threats are widespread, affecting even the most savvy IT professionals. While there’s no guaranteed way to defend against them, half the battle is recognising the methods they use. Paul Mah, a tech blogger, lists out some common ways social engineers may pilfer your money and data, plus tips to protect yourself against them.

THE MISPLACED FLASH DRIVE One tried-and-true trick is “accidentally” dropping a flash drive in a company’s parking lot and hoping that a curious employee picks it up and plugs it into a company computer — thus launching the malware payload. While hardly new, this tactic is known to have a high rate of success. Though Microsoft has long disabled automatic app launches from portable storage drives, an enticing file name is usually enough to coerce employees to open the malware. Companies could, of course, disable USB ports altogether, though a more reasonable approach would be mandatory computer security training.

PHISHING EMAILS THAT LOOK LEGITIMATE While the majority of phishing email messages are poorly formatted and written in broken English, there is no shortage of believable schemes that purportedly come from credit card companies, insurance companies or even the human resources departments. Just one mistake from a distracted employee could place the local network or company in jeopardy. To defend against phishing emails, you need to understand that they are typically designed to persuade you to click on a link or submit personal information. As such, be wary of divulging any information based on an email, and never click on a URL. Always type out the URL in the browser bar instead.

BEWARE OF PHONE CALLS It’s surprising what a hacker with the gift of gab can get away with: Hackers may use phone calls to either collect more personal information about you or validate what they already know as part of a larger, more elaborate attack. One of the best ways to defend against such phone calls is to take down the phone number and offer to call them right back. Alternatively, test the caller by asking them information that they should already know about you. Finally, never divulge information such as passwords over the phone.

PHYSICAL OFFICE SECURITY White hat security researchers have been known to gain almost unfettered access to large organisations by wearing a shirt emblazoned with the company’s logo or by tailgating employees who return from the smoking area. The risks of physical access cannot be overstated and include hackers circumventing the corporate firewall to plant malicious software on workstations from the inside. Unless you operate a small business in which everyone knows everyone, it makes sense for employees to wear a security tag with photo identification. Of course, employees should also be trained to look out for fake badges and be aware of the dangers of tailgating.

www.securityadvisorme.com

delivery and success of these types of much less likely. “User awareness is of course helping your employees understand that these types of attacks are out there and to help them be more discerning and not believe everything is what it seems. And finally compensating controls – which is just a fancy phrase for having a process that can’t be hit with just a single failed step. Like verify an invoice is real and represents real work done before paying it. Or communicate out of band (not via email) with the purported sender before moving forward,” he adds. But, is user awareness training the number 1 defense against social engineering scams? The answer is yes and no, says Solling from Help AG. “I think we in the technology field should do our very best to ensure that our users are not impacted by social engineering scams. This means good mail security solutions, URL filtering and ensuring that the most common threats do not come through. To me, it is a puzzle why organisations still allow unsolicited emails with office attachments to get to the end user until we have removed harmful elements such as macros and scripts.” Gardiner from Mimecast echoes a similar opinion: “It most organisations today it probably is, but it shouldn’t be. Because of the history of lack of technical security controls in this space organisations have fallen back to making their users be their first and last line of defense. The pendulum has swung too far. Your users should be the last line of defense not the first line of defense.” 03.2017

9

Mobile work access continues to grow IDC predicts that by 2020. 72 percent of the US workforce will use mobile devices for work

MOBILE THREATS New mobile malware reaches record levels in Q2 2016 Q2 saw almost 2 million new mobile malware samples reaching the highest recorded growth rate of

120

151% IN A YEAR

100 80

96.2 MILLION

105.4 MILLION

2015

2020

60 40 20

2015

0

2016

4.9 BILLION

IoT THREATS Iot threats and security costs increase dramatically Gartner predicts IoT devices to triple by 2020

6.4 BILLION

2020

Mobile workers in millions

What you don’t see can hurt you. Each new mobile and Internet of Things (IoT) device that connects to your network increases your attack surface. Do you know who is on your network?

SEE THE END(POINT) FOR SECURITY

GLOBALISATION/ VIRTUALISATION

20.8 BILLION 0

5

10

15

20

Number of IoT devices

The cost of securing networks from IoT devices is expected to rise from

>1% OF IT BUDGETS IN 2015

20% IN 2020

By 2020

25% OF CYBER-

WILL INVOLVE IoT ATTACKS DEVICES

25

ORGANISATIONS STRUGGLE TO SECURE ENDPOINTS

71%

ONLY

37% USE ENDPOINT MONITORING, INCLUDING USER ACTIVITY AND PHYSICAL MEDIA

68%

REPORT THAT ENDPOINT SECURITY POLICIES ARE DIFFICULT TO ENFORCE

REPORT THEY HAVE INSUFFICIENT INTERNAL STAFF TO ADDRESS THE NEED FOR GREATER SUPPORT AND INCREASED MOBILE CONNECTIVITY

ZERO DAY

VULNERABILITIES

AUTOMATING THREAT RESPONSE IS CRITICAL Zero day vulnerabilities more than doubled between 2014 - 2016

2014 23

2015

2016 54

24

80 70

ENDPOINT SECURITY: KNOW THE UNKNOWNS Malware targets mobile endpoints Eighty percent of global companies believe their mobile endpoints have been the target of malware over the past 12 months

60 50 40

68%

80%

30 20 10 0 2015

2020

Source: Bradford Networks

FEATURE

MITIGATING MOBILE RISKS

Mobile is the new endpoint in IT. But organisations are still struggling with mobile security. Industry experts share key steps to take when developing a corporate mobile security policy.

A

s mobile devices continue to penetrate our society, mobile security is becoming increasingly difficult to manage. Every mobile device, whether it is a phone or a tablet, provides hackers with a new avenue to seize private information. We have seen many banks, hospitals, and other large enterprises have enormous data breaches that caused a lot of damage and recovery time, and they don’t appear to be slowing down anytime soon. BYOD is no longer a buzzword – it’s a reality within IT operations. However, as the network expands outward from the office walls into hotels, conferences, and even the home, the IT departments gains additional workloads as they are charged with protecting new assets and lines of information. It is estimated that more than 35 percent of the global workforce are information workers, who use two

12

03.2017

or more devices, work from multiple locations, and use several apps in order to get the job done. A recent study by tyntec reveals that a vast majority of organisations still have inadequate bring-your-own-

device (BYOD) policies. That’s not very encouraging, considering that 49 percent of workers now use a personal mobile device for work-related tasks and spend a great deal of time on personal devices for their job.

“Mobile security negligence is another factor that threatens mobile devices; so many of the apps users install on their devices – often without adequate knowledge or consent – can expose vital data due to operating system vulnerabilities, buggy app security, and unwanted permissions.” - Harish Chib, VP- MEA, Sophos

www.securityadvisorme.com

FEATURE

“Over the past two years, there has been a rapid growth in smart phone usage and this has led to the rise in targeting these devices by cybercriminals. Mobile devices have thus come to face various threats. A hacker may send an SMS containing malicious URL or malware-laden attachment to hack or compromise a mobile device. Mobile security negligence is another factor that threatens mobile devices; so many of the apps users install on their devices – often without adequate knowledge or consent – can expose vital data due to operating system vulnerabilities, buggy app security, and unwanted permissions,” says Harish Chib, VPMEA, Sophos. Marwan Elnakat, Digital Banking Solutions Director for MEA at Gemalto, says other threats include Operating System emulation replacing a genuine OS/phone memory cloning in order to fraudulently access online resources from banks, enterprises, or governments. “The OS of the device can also be corrupted with lower access rights. This can happen when users change the security settings of their mobile devices without realising the potential risks. If they download malware, it can potentially control all the apps operating on their devices, as it will have “super user” rights that override those of the owner,” he adds. The proliferation of mobile devices has created more endpoints to protect and many enterprises have developed security policies that focus on or include mobile. “Initially as mobile device usage grew, most businesses were concerned with basic device deployment, device loss and theft. Later on, Mobile Device Management solutions came to the market to help IT staff manage these two issues. However, employee access to corporate data through mobile devices and the number of apps that www.securityadvisorme.com

“The OS of the device can also be corrupted with lower access rights. This can happen when users change the security settings of their mobile devices without realising the potential risks.” - Marwan Elnakat, Digital Banking Solutions Director, Gemalto, MEA

employees can download has increased the number of risks and hence mobile security is now a top priority for a company’s IT department. Mobiles have been creating significant security challenges for organizations especially when it comes to the potential loss of sensitive company data. Now organisations have understood the need to control data accessed through a mobile device, defend against mobile threats and enforce security policies,” says Chib. What are the essential things to consider for a mobile security policy? Industry pundits say enterprises should start mobile initiatives with a fully fleshed-out plan; your strategy should take a holistic view of mobile security with an overarching security framework. “The process of creating a safe and productive BYOD environment begins with understanding the goals of the organisation with respect to mobile devices. Some businesses in the Middle East have minor security concerns and actively encourage the use of any type of mobile device, while in some other businesses, the vast majority of data must be protected with the highest levels of security,” says Scott Manson, Cyber Security Leader for Middle East and Turkey, Cisco. Elnakat from Gemalto says to protect their consumers and combat

increasing innovation from hackers, organisations which offer mobile apps such as financial institutions, government bodies, and service providers must adopt a layered approach to security based on the fact that various items are at risk: from the app itself all the way through to data access points. “This means that one cannot rely on a single method of protection for their entire app ecosystem; different layers of security need to be put in place in order to form a robust and secure platform to protect sensitive mobile data such as that in banking or government services apps.” For years, organisations have turned to Mobile Device Management solutions with the hope of wrapping their arms around BYOD. MDM is a technology that enables organisations to control every aspect of a mobile device, from permitted apps to outbound communications. But that may not be enough. “MDM has come a long way in helping facilitate the use of mobile devices in the enterprise. However, the device-level insights that MDM provides produce only a small subset of the information necessary to make strategic security decisions. Enterprises need comprehensive visibility over their entire mobile data ecosystem – the device, the app, the network, etc. – and not just a device-level solution,” sums up Manson. 03.2017

13

INTERVIEW

FINE PRINT Stephane Rogier, Head of the Print Business Unit, HP Inc., sheds light on the importance printer security and discusses the company’s latest campaign – ‘The Wolf.’

H

ow important is printer security for today’s digital businesses? A lot of organisations are knowledgeable about how they can secure their networks, data centre and PCs but printer security is something that’s often overlooked by IT leaders. A study we have conducted recently showed that 91 percent of IT leaders are focused on securing their PCs and 77 percent are concerned about securing their mobile devices. Meanwhile, only 18 percent of IT leaders are putting focus on securing their printers. A printer contains components that are basically similar to that of a computing device – it has a CPU, operating system, hard disk and a network connection. This is why printer security is important, hackers today have taken advantage of the device and used them as an entry point to an organisation’s network. Once they gain access, the damage they can do is limitless – they can sniff traffic on the networks, launch active directory 14

03.2017

attacks and so on. In fact, a number of prominent breaches in sectors like banking, healthcare and government across the globe occurred using printers as the entry point. What’s HP’s approach to printer security? We have a framework that focuses on three key areas – device, data and document. Firstly, we secure the device. Securing the device goes beyond physical security such as access control and identity authentication. So, we have introduced a feature called ‘whitelisting,’ an integrity checking mechanism for firmware. What it does is ensure that the firmware code has not been tampered with and is digitally signed by HP before loading it into memory. We also have a number of software that could run and detect attacks in real-time. Once the software detects a breach it will prompt the device to reboot and will restart from a clean slate. This is ideal because it will prevent a hacker from modifying your printer’s OS. Next is data, this is focused on ensuring that customers have endto-end encryption on the device and the data that are on the networks and on their hard drives. Ensure scans are protected with document encryption features or encrypted email. Organisations should also remember to control where users are able to www.securityadvisorme.com

INTERVIEW

‘The Wolf’ from HP Studios

route scans and monitor content for information governance. Lastly, it is imperative to secure the document itself. IT leaders should equip their printers and MFPs with input trays that can be secured to prevent theft of special paper used for printing checks, prescriptions, or other sensitive documents. It would also be ideal if they use anti-counterfeiting solutions that could prevent tampering like adding variable data watermarks to printed

and more relatable way of raising awareness about the implications of unsecured printers and how organisations can address the issues in this space. The campaign is aimed at organisations and dayto-day employees to make them aware of security vulnerabilities that can be compromised with the use of an ordinary printer.

pages, and incorporating machinereadable codes that track and audit individual documents. Do you think IT leaders should invest in educating their employees about the importance of printer security? I think to a certain extent IT decisionmakers here in the region are doing that. But, of course, there’s still a lot that needs to be done in that space and there are many opportunities surrounding that. However, more than educating employees, I think this is also about increasing awareness in the boardroom. The Board should be www.securityadvisorme.com

What’s next for the campaign? We can expect more episodes of ‘The Wolf’ over the coming months. From a marketing and industry perspective, that’ll be one of the key focus of HP this year. informed that security investments should not only go to data centres, networks and PCs. They have to be aware that print security is something that they need to prioritise. How did the idea behind ‘The Wolf’ came about? As a leader in secure printing wanted to reinvent how we talk to IT leaders about security. We believe that ‘The Wolf’ series is an informative

What can we expect from HP Inc over the course of the year? HP Inc will continue to invest in R&D to bring unique solutions and the most secure printers in the world to our customers. We will launch 16 security-enabled printers in A3 formats over the course of the year. We are also expecting the acquisition of the Samsung Printing Business to be finalised this year, which is progressing as planned. 03.2017

15

INSIGHT

HOW TO PREVENT CYBER SABOTAGE Mirza Asrar Baig, CEO of CTM 360, dissects the disk-wiping malware Shamoon, which recently hit Saudi Arabia’s government agencies

S

hamoon, also called W32.Disttrack, is an aggressive selfreplicating malware initially detected in 2012, which targeted thousands of computers in Saudi Arabia particularly in the oil and energy sector; a group called ‘’Cutting Sword of Justice’’ claimed responsibility for the initial attack. In 2016, a new variant dubbed Shamoon 2 targeted numerous public and private sector organisations, causing widespread disruptions in operations. Investigations have suggested a high level of similarities between the two Shamoon and Flame malwares as they both had destructive properties of wiping the machines and 16

03.2017

specifically targeting organisations in the middle east. Phases of Shamoon There are two phases of operations in the Shamoon 2 attack. The first phase of operation is the deployment of the dropper (this is currently a Word file), followed by the second phase, which involves the actual Shamoon 2 attack. There is currently not much focus in the security community on first phase of operation, which has been identified as the highly critical step in the attack campaign. The virus has been noted to behave differently from other malware attacks, intended for cyber espionage. Shamoon exhibits a worm like behaviour in which it can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally, the virus overwrites the master boot record of the infected computer, making it unbootable. Initial reports regarding the latest waves of attacks seen from November 2016 to January 2017, suggest a link between the original creators of Shamoon and the cyber espionage group named Greenbug. Preliminary analysis of Shamoon 2 has revealed www.securityadvisorme.com

that the motive of the new Disttrack samples was focused on destruction of data; the code for the new revision was ‘almost’ identical to the original version, the changes included the addition of a victim’s credentials to be able to spread and execute the wiper in a large part of the environment. The samples were configured to a nonoperational C&C reporting server. In the 2012 attacks, infected computers had their master boot records wiped and replaced with an image of a burning flag. The latest attacks instead used a photo of a prominent personality as a political statement. This latest attack potentially materially impacts one of the primary countermeasures employed against wiper attacks: Virtual Desktop Interface snapshots. The most notable thing about these latest samples is that the dropper contains several usernames and passwords from official documentation for a virtual desktop infrastructure (VDI) solution from a renowned vendor . VDI solutions can provide some protection against a destructive malware like Disttrack through the ability to load snapshots of infected systems. The fact that the Shamoon 2 attackers hardcoded these usernames and passwords may suggest that they intended to gain access to these technologies at the targeted organisation to increase the impact of their destructive attack. If true, this is a major development and organisations should consider adding additional safeguards in protecting the credentials related to their VDI deployment. As per our analysis, there is a high probability that if the phase 1 dropper has been detected in the system/network, the target may already have been breached in an earlier attack. The attackers are likely to have already gained sufficient knowledge of victim’s network and credentials before attempting to dispatch the dropper with hardcoded information. Organisations that have dealt with or even thwarted Shamoon 2 infection attempts should take this into consideration and take proactive measures against potential past credential leaks. www.securityadvisorme.com

Operation process Shamoon 2 has three main functional components - dropper, wiper and reporter. An attacker through various means introduces the initial executable in a network, which then starts replicating itself to other computers on the same network by means of a function called ‘dropper’. This main component of the Shamoon 2 malware is the source of the original infection that is responsible for the installation of other modules as well. The dropper comes in 32-bit and 64-bit versions. If the 32-bit dropper detects a 64-bit architecture, it will drop the 64-bit version. Once a system on a network gets infected with malware, it then proceeds to wipe the data files of that system through the function called ‘Wiper’. This module is responsible for executing the destructive functionality of the Shamoon 2 malware. As all the data on the system gets wiped out, the last functionality of this malware comes into effect which is the reporting phase carried out by the function called ‘reporter’. This module is responsible to report the results of previous infection information back up to the attacker by communicating through a C&C Server. Recommendations An organisation infected with the Shamoon malware could experience operational impacts including damage to intellectual property (IP) and disruption of critical systems because of the highly destructive functionality of the Shamoon “wiper” module. However, the actual impact to any organisation may vary depending on the type and number of systems impacted. Below are some tactical and strategic guidelines on how organisations can protect themselves: Tactical • Disable Autorun and Auto-play feature for any removable media device on all systems. • Execute periodic backup of all critical data/systems and an ‘offline’ backup of critical files to a removable media. • Ensure to update the Antivirus programme and to review its logs on regular basis.

• Ensure systems administrators are not accessing their mails and client machines using administrative accounts. • Change the credentials of all privileged accounts periodically and ensure all local Administrator passwords are unique/inimitable per system. • Maintain and actively monitor the centralised logging solution that keeps track of all anomalous and potentially malicious activities. • Ensure that all network operating systems, web browsers, and other related network hardware and software remain updated with all current patches and fixes. • Consider the use of two-factor authentication methods for accessing privileged root level accounts or systems. Strategic • Implementation of best practice guidance and policy to restrict the use of non-corporate owned devices and channels for accessing data or systems as it is difficult to enforce corporate policies, detect intrusions, and conduct forensic analysis or remediate compromises on non-corporate owned devices and channels. • Always ensure to keep your systems up to date with newer security solutions, especially on systems that host public services accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Build host infrastructure, especially critical systems such as servers, with only essential applications and components required to perform the intended function. Any unused applications or functions should be removed or disabled. Deployment of Software Restriction Policy set to only allow the execution of applications that are whitelisted. • Enterprise servers and workstations should be accessed through proxies with no direct internet access and perform regular content filtering at the proxies or external firewall points of presence. 03.2017

17

OPINION

SECURING DNS INFRASTRUCTURE By Ashraf Sheet, Regional Director MEA, Infoblox

T

he constant creation of malicious domains has proved a cat and mouse game for threat researchers and cybercriminals. Across the world, new malicious domains are constantly being created from which cybercriminals can launch attacks against businesses’ Domain Name System (DNS) infrastructure. During what is known as the ‘planting’ phase, the Infoblox DNS Threat Index, which monitors the creation of such domains, shows a significant increase in the number of

malicious domains associated with malware and exploit kits. In the second ‘harvesting’ phase, the attackers begin to reap the bounty from these newly created malicious domains, launching attacks on organisations’ DNS to exfiltrate data or just to wreak havoc on t heir victims. Exploit kit popularity persists A gr eat amount of this malicious infrastructure is being used in the creation of exploit kits. This particularly disturbing category of malware is part of a growing trend of off-the-shelf, userfriendly cybercrime tools. These tool-kits-for-hire deliver malware via drive-by download, ultimately providing cybercriminals with

Like all command and control malware, phishing and many other threats, exploit kits use DNS to achieve their ultimate aim, whether that is data exfiltration or mass malware infection.

18

03.2017

www.securityadvisorme.com

an opportunity to wreak great havoc on an organisation with little or no technical knowledge. Indeed, attackers using exploit kits don’t need to understand how they create or deliver the exploit needed to infect a server, and the attack itself is often facilitated by a user-friendly interface featured in the kits itself to help hackers manage and monitor their malware campaign. All of this ultimately serves to lower the technical bar for sowing malware. It is therefore unsurprising that exploit kits have cemented their place as a popular motive for malicious domain creation. Angler continues to reign as the most popular exploit kit. Indeed, just recently Perez Hilton, the celebrity gossip website, was hacked, redirecting its visitors to the Angler landing page which in turn exposed users to CryptXXX ransomware. Achieving its malicious goals These tool kits generally exploit vulnerabilities or security flaws in operating systems, browsers, and popular software such as Adobe Flash and Java. Then, just as in the Perez Hilton case, users are exposed to the kits (and their payloads) via malvertising and spam on the compromised websites. When an exploit is successful in www.securityadvisorme.com

delivering its payload onto a victim’s device, it is then able to operate behind the service provider’s or company’s firewall. This malware can then spread across the internal network to other devices, as well as communicating back to its command-and-control (C&C) server, which enables it to download more malicious software or exfiltrate data. Often the organisation’s own DNS is used to facilitate communication between the infected device and its C&C server. Like all command and control malware, phishing and many other threats, exploit kits use DNS to achieve their ultimate aim, whether that is data exfiltration or mass malware infection. For that reason, it has never been more important for organisations to protect their DNS infrastructure. Securing DNS infrastructure While DNS infrastructure is inherently a vulnerable component for organisations, effective internal DNS security solutions can turn it into a great asset for securing an organisation’s networks and data. And this is possible without having to change the existing network architecture. Using DNS response policy zones (RPZs) on internal DNS, combined with an up-to-date threat intelligence feed of malicious destinations, enables DNS appliance to intercept those DNS

queries which are associated with known malware. This effectively prevents the threat from communicating with its external C&C servers to wreak further havoc: preventing both data exfiltration using standard network protocols and malware from breeding in the network. Furthermore, internal DNS security can identify and prevent data exfiltration using DNS tunnelling techniques by establishing query thresholds. This benchmark then enables the DNS to detect and flag any unusually large queries or responses which may contain packets of data. With the wealth of intelligence that can be garnered both on the types of threats facing DNS infrastructure and on the malicious domains being created to exploit it, organisations can take effective steps to prevent attack vectors from exploiting this infrastructure. And as the technical bar is lowered for attacks, as with exploit kits, whose popularity will only rise, DNS security will only become ever-more crucial. Inherently vulnerable, yet with great potential: no organisation should overlook this vital component of network architecture and leave it unprotected. DNS is capable of being an important defence against exploit kits and other attack vectors which rely on it to achieve their criminal aims. 03.2017

19

OPINION

THE CHALLENGE OF SECURING IOT By John Madisson, Sr. Vice President, Products and Solutions at Fortinet

B

y now, everyone has heard the numbers. IoT is part of a networking revolution that is transforming the world. Experts predict that by 2020 there will be over 33 billion IoT devices deployed, or 4.3 Internetconnected devices for every man, woman, and child on the planet. Of course, IoT is more than just one thing. There are a variety of IoT devices and categories, each with their own implications. Consumer IoT includes the connected devices we are most familiar with, such as smart cars, phones, watches, laptops, connected appliances, and entertainment systems. Commercial IoT includes things like inventory controls, device trackers, and connected medical devices. Industrial IoT covers such things as connected electric meters, waste water systems, flow gauges, pipeline monitors, manufacturing robots, and other types of connected industrial devices and systems. The implications for networks, and especially security, are huge. Increasingly, IoT devices are being woven into local, national, and global networks, including 20

03.2017

critical infrastructures, creating hyperconnected environments of transportation, water, energy, communications, and emergency systems. Healthcare agencies, refineries, agriculture, manufacturing, government agencies, and even smart buildings and cities all use IoT devices to automatically track, monitor, coordinate, and respond to events. While automating decisions and processes at machine speeds can generate revenue, improve our quality of life, make us more productive, and even save lives, it also introduces new risks and widens the threat landscape. 1. Some of the data passing from, to, or between connected devices contains personal information that can be exploited, including locations, names and addresses, ordering and billing information, credit card and bank information, medical records, government-issued ID numbers, etc. 2. When compromised IoT devices are connected to IT networks, they can become a conduit for breaches or the injection of malware. 3. Compromised industrial and commercial IoT devices can be used to make changes on the manufacturing floor. Operations

technology, SCADA, and industrial control systems actually control physical systems, not just the bits and bytes of traditional IT networks, and even the slightest tampering can sometimes have far-reaching - and potentially devastating - effects. 4. Increasingly, IoT is also being integrated into our critical infrastructure. Transportation systems, chemical refineries, wastewater systems, energy grids, culinary water, and communications systems all use IoT devices. The cascading effect of a serious compromise can be potentially catastrophic. The challenge is that many IoT devices were never designed with security in mind. IoT security challenges include weak authentication and authorisation protocols, insecure software, firmware with hard-coded back doors, poorly designed connectivity and communications, and little to no configurability. And most IoT devices are “headless,” with limited power and processing capabilities. This not only means they can’t have security clients installed on them, but most can’t even be patched or updated. www.securityadvisorme.com

The risk is real. Just recently, compromised IoT devices were gathered into a massive botnet, causing the largest denial of service outage in history. Unfortunately, the general response by the security industry has been woefully inadequate. Sure, the expo floor at this year’s RSA conference was filled with vendors promoting devices and tools to sooth the IoT worries of organisations. The problem is that the network teams that need to test, deploy, manage, and monitor these devices are already overwhelmed. Dozens of isolated devices with separate management interfaces have placed a strain on limited IT resources. Large enterprises already need to manage an average of 30 security consoles, connected to hundreds of security devices that usually operate in isolation. This makes gathering threat intelligence a cumbersome and time-consuming task, often requiring the hand correlation of telemetry data in order to identify malware or compromised systems. And now, specialised security tools being created and promoted for IoT are going to expand the number of deployed hardware-based and virtual security devices even further. www.securityadvisorme.com

IoT security challenges include weak authentication and authorisation protocols, insecure software, firmware with hard-coded back doors, poorly designed connectivity and communications, and little to no configurability.

The reality is, IoT cannot be treated and secured as an isolated, independent network. It interacts across your existing extended network, including endpoint devices, cloud, traditional and virtual IT, and OT. Isolated IoT security strategies simply increase overhead and reduce broad visibility. Instead, security teams need to be able to tie together and cross-correlate what is happening across their IT, OT, IoT, and cloud networks. Such an approach enables visibility across this entire ecosystem of networks, allowing the network to automatically collect and correlate

threat intelligence and orchestrate realtime responses to detected threats. This requires a rethinking your security strategy. A distributed and integrated security architecture needs to cover your entire networked ecosystem, expand and ensure resilience, secure compute resources and workloads, and provide routing and WAN optimisation. Fortinet is actively driving the development of IoT-specific security solutions. We already hold dozens of issued and pending IoT security patents that complement our patent portfolio and have been woven seamlessly into our Security Fabric framework. 03.2017

21

OPINION

A LOOK AHEAD FOR THE SECURITY INDUSTRY By Pierre Racz, President, Genetec

W

hen we started in 1997, organisations were using analogue technology. The extent to which digital was used was still only for point to point transmission systems, and video quality was limited by the resolution of NTSC or PAL formats. Internet Protocol (IP) technology was still in its early days, yet we had the intuition and vision to recognise the potential. One of the key insights of Genetec engineers was that we saw packet switch networks would change the network architectures from point-topoint to point-to-multi-point, using multi-cast. This architectural change made redundant network operations centers affordable to a larger segment of the security industry. Analog tape

22

03.2017

retention periods were measured in hours. Even by stretching the video tape retention period from two hours to eight hours resulted in improved storage needs, the converse effect was greatly reduced video quality. Soon, the oxide on video tape wore away and rendered all recordings unusable. So, the idea of having 30 days’ video retention without complex (overengineered) mechanical Rube Goldberg tape exchange mechanisms for analog video was very expensive. IP STORAGE, TRANSPORT AND THE CLOUD Over the past 20 years, we have been able to realise greater retention periods for captured video data as compression standards evolved from H.261 to today’s H.265 formats. Storage has gone from a handful of days to 30

days, with a new trend emerging of storing data for up to 730 days. This is made easier and more affordable as organisations can now host their data on-premises and are increasingly appreciating the benefits from Cloud and hybrid (on-premises and cloud) storage solutions. Genetec will work with both its integrators and customers to raise the awareness of cybersecurity. Ensuring cybersecurity is not simply a camera or sensor device problem; it’s a lot more involved than simply telling the IT department to make sure that devices are properly secured. The responsibility has to be taken by the companies who sell, install and operate the technology. 2017 will be a year of awareness about cyber security and accountability. The www.securityadvisorme.com

burden of responsibility needs to rest with the people who make us think we are secure when in fact we are not. Cyber hacking has evolved from relatively harmless pranks in the late 90’s and at the turn of the century, to full on cyber-criminality and for-profit hostage schemes, along with state sanctioned spying and cyber espionage. While spying is a recognised practice for most governments, cyberespionage is being increasingly used to steal economic data and other companies’ intellectual properties (IP), bypassing the requirement of hard work, innovation and research and development. Cyber threats to security have grown over the years, and the increased inter-connectivity made greatly possible by the internet-of-things (IoT), brought many new sensor hardware devices into the market, often with little or no network protection. Our major concern across the board is cybersecurity and the growing need for cyber insurance protection. INCREASING CYBERSECURITY IN 2017 Recent Botnet takeovers and distributed denial-of-service (DDOS) attacks in North America are an indication of just how far cyberattacks can go. The 2014 cyber-attack on Target, an American retail giant, revealed just how important it is for organisations to pay close attention to the security of their security systems. In the attack on Target, between 70 to 110 million customers had their payment information exposed through a data breach. During the investigation afterward, it was determined that the hackers first gained entry to the corporation’s system by compromising the access from a 3rd party vendor— the heating and air conditioning (HVAC) contractor. This highlights the fact that, for many systems, one of the biggest vulnerabilities comes from edge www.securityadvisorme.com

Of course, increasing the security of edge devices is just part of the solution, and 2017 will see an even greater focus on maintaining the security of physical security systems. - Pierre Racz, President, Genetec

devices. As an open-architecture company, we are fully aware of this vulnerability and work to mitigate and eliminate risk. Our design philosophy is to ‘Fail secure’. For our part, we continue to make it as difficult as possible for our end-users to misconfigure their systems or leave keys or doors open to cyber-threats. And we believe that it is important to work with technology partners to help point out potential hardware vulnerabilities and to assure that their devices do not become weaponised for botnet takeovers or DDOS. SECURITY OF YOUR SECURITY SYSTEM Of course, increasing the security of edge devices is just part of the solution, and 2017 will see an even greater focus on maintaining the security of physical security systems. The industry must continue to support organisations in their efforts to stay safe from cyber-threats and attacks by helping them ‘harden’ their systems against unwanted and unauthorised access. To protect data and privacy, we apply many different layers of defense and protection, including encryption, authentication and authorisation. By focusing on hardening the physical security systems we have to be

sure that we have three elements: people, processes and systems. We have to make it ‘hard’ for people working within a security network to make mistakes and accidentally or purposefully open a ‘door’ that could be exploited for hacking. Encryptions is only one of the arrows in our tool box to keep the security system safe. Many times, a hacker does not have to break access encryption, they can mimic the process we follow for authorisation and once they have the access credentials, they are in. Naturally, organisations will continue to use encryption to protect private information and sensitive data as well as enhance the security of communication between client apps and servers. Encrypting data helps ensure that, even if an unauthorised person or entity gains access to a system, the information itself will remain unreadable without the appropriate key. To keep unauthorised entities from gaining access to a network in the first place, organisations will also continue to employ different forms of authentication, the process of determining if an entity—user, server or client app—is who it claims to be, including username/password combinations, tokens, and certificates that identify trusted 3rd parties. 03.2017

23

OPINION

BUILDING TRUST IN A CLOUDY SKY Intel Security survey reveals the state of cloud adoption and security

C

loud services are now a regular component of IT operations, and are utilised by more than 90% of organisations around the world. Many are working under a Cloud First philosophy, only choosing to deploy an internal service if there is no suitable cloud variant available. As a result, IT architectures are rapidly shifting to a hybrid private/public cloud model, with those surveyed expecting 80% of their IT budget to be cloud-based within an average of 15 months. Intel Security surveyed over 2,000 IT professionals in September 2016 to produce this annual review of the state of cloud adoption, representing a broad set of industries, countries, and organisation sizes. In the face of a continuing shortage of skilled security personnel, the impact of this scarcity on cloud adoption was a priority for this year’s report. Other objectives included understanding the adoption of different cloud usage models, identifying the primary concerns with private and public cloud services, and investigating the evolving impact of Shadow IT. Research participants were senior technical decision makers from small (500-1,000 employees), medium (1,0005,000 employees), and large (more than 5,000 employees) organisations, located in Australia, Brazil, Canada, France, Gulf Coast (Saudi Arabia & United Arab 24

03.2017

Emirates), Germany, Japan, Mexico, Singapore, the United Kingdom, and the United States. KEY FINDINGs • Cloud services are widely used in some form, with 93% of organisations utilising Software-, Infrastructure-, or Platform-as-a-Service offerings. • The average number of cloud services in use in an organisation dropped from 43 in 2015 to 29 in 2016, indicating potential consolidation of cloud providers or solutions. Cloud architectures also changed significantly, from predominantly private-only in 2015 to increased adoption of public cloud resulting in a predominantly hybrid private/public infrastructure in 2016. • Almost half (49%) of the professionals surveyed stated that they had slowed their cloud adoption due to a lack of cybersecurity skills, with the worst shortages in Japan, Mexico, and the Gulf Coast countries. • The trust and perception of public cloud services continues to improve year-over-year. Most organisations view cloud services as or more secure than private clouds, and much more likely to deliver lower costs of ownership and overall data visibility. Those who trust public clouds now outnumber those who distrust public clouds by more than 2:1. • Improved trust and perception, as

well as increased understanding of the risks by senior management, is encouraging more organisations to store sensitive data in the public cloud. Personal customer information is the most likely type of data to be stored in public clouds, kept there by 62% of those surveyed. • Cloud applications continue to be a vector for cyberattacks, and over half (52%) of the respondents indicate that they have de nitively tracked a malware infection to a SaaS application. • Shadow IT is a growing concern for the IT department. Driven by the slower adoption of IT or the mainstream acceptance of clouds, almost 40% of cloud services are commissioned without the involvement of IT. As a result, 65% of IT professionals think that this phenomenon is interfering with their ability to keep the cloud safe and secure. • Virtualisation of private data centre architectures is progressing. On average, 52% of an organisation’s data centre servers are virtualised, and most expect to have the conversion to a fully software-defined data centre completed within 2 years. CONCLUSIONS AND RECOMMENDATIONS Businesses are trusting cloud services with a wide range of applications and www.securityadvisorme.com

data, much of it sensitive or business critical. Data goes to where it is needed, most effective, and most efficient, and security needs to be there in advance to quickly detect threats, protect the organisation, and correct attempts to compromise the data. Cost and resource savings of cloud services are real, and the wide variety of offerings makes it possible to choose the best t for the organisation. Security vendors are delivering tools to address fundamental security concerns, such as protecting data in transit, managing user access, and setting consistent policies across multiple services. The movement of sensitive data to the public cloud may attract cybercriminals. Attackers will look for the easiest targets, regardless of where they are located. Integrated or unified security solutions are a strong defense against these threats, giving security operations visibility across all of the services the organisation is using and what data sets are permitted to traverse them. User credentials, especially for administrators, will be the most likely form of attack. Organisations should ensure that they are using authentication best practices, such as distinct passwords, multi- factor authentication, and even biometrics where available. Despite the majority belief that Shadow IT is putting the organisation at risk, security technologies such as data loss prevention (DLP), encryption, and cloud access security brokers (CASBs) remain underutilised. Integrating these tools with an existing security system www.securityadvisorme.com

increases visibility, enables discovery of shadow services, and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment. While it is possible to outsource work to various third-parties, it is not possible to outsource risk. Organisations need to evolve towards a risk management and mitigation approach to information security. Consider adopting a Cloud First strategy to encourage adoption of cloud services to reduce costs and increase flexibility, and put security operations in a proactive position instead of a reactive one.

03.2017

25

HOW TO

PREPARING AND RESPONDING TO A CYBER-ATTACK Ed McAndrew, Partner, Ballard Spahr and Patrick Dennis, President and CEO, Guidance Software, share best practices for preparing and responding to a cyber-attack and working with law enforcement.

26

03.2017

www.securityadvisorme.com

C

ybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014, according to a June 2016 report by the Ponemon Institute. Following a breach, organisations should focus on mitigating damage and data loss and providing information to law enforcement. Here are key steps to follow in responding to a cyber-attack:

law enforcement’s ability to locate and apprehend the perpetrators.

IDENTIFY KEY ASSETS Depending on an organisation’s needs, it may be cost prohibitive to protect their entire enterprise. Before creating a cyber incident plan, an organisation should determine which of their data, assets, and services warrant the most protection.

STAY INFORMED ABOUT THREATS An organisation’s awareness of new or commonly exploited vulnerabilities can help it prioritise its security measures. There are organisations that share realtime intelligence on threats. For example, Information Sharing and Analysis Centers, which analyse cyber threat information, have been created in each sector of the critical infrastructure. Some centres also provide cybersecurity services.

HAVE A PLAN OF ACTION Creating established plans and procedures to address what steps need to be taken after an attack can help any organisation limit the amount of damage to their networks. This includes identifying who has lead responsibility for different elements of an organisation’s cyber incident response, the ability to contact critical personnel at all times, knowing what mission critical data, networks or services should be prioritised for the greatest protection and how to preserve data related to the incident in a forensically sound manner. It also helps

ENGAGE WITH LAW ENFORCEMENT BEFORE AN ATTACK Having a pre-existing relationship with law federal enforcement officials, can help facilitate any interactions relating to a breach. It will also help establish a trusted relationship that cultivates bi-directional information sharing that is beneficial to both the organisation and law enforcement.

MAKE AN INITIAL ASSESSMENT OF THE THREAT Once an attack or breach is identified, it’s critical to assess the nature and scope of the incident. It is also important to determine whether the incident was a malicious act or a technological glitch. The nature of the incident will determine what kind of assistance the organisation will need and what type of damage and remedial efforts may be required.

Creating established plans and procedures to address what steps need to be taken after an attack can help any organisation limit the amount of damage to their networks.

www.securityadvisorme.com

CAPTURE THE EXTENT OF THE DAMAGE Ideally, the victim of a cyber-attack will make a forensic image of the affected computers as soon as the incident is detected. Doing so preserves a record of the system for analysis and potentially for use as evidence at a trial. Organisations should restrict access to these materials to maintain the integrity of the copy’s authenticity, safeguard it from unidentified malicious insiders and establish a chain of custody. TAKE STEPS TO MINIMISE ADDITIONAL DAMAGE To prevent an attack from spreading or the loss of more valuable data, companies must take steps to stop ongoing traffic caused by the perpetrator. Preventative measures include rerouting network traffic, filtering or blocking a Distributed Denial of Service attack or isolating all or parts of the compromised network. Also, keep detailed records of what steps were taken to mitigate the damage as well as any costs incurred as a result of the attack. NOTIFY LAW ENFORCEMENT In the past, some companies have been reluctant to contact law enforcement following a cyber incident due to concerns that a criminal investigation might disrupt their business. However, law enforcement agencies are committed to causing as little disruption to an organisation’s normal operations as possible. These agencies will also attempt to coordinate statements to the news media concerning the incident, ensuring that information harmful to a company’s interests are not needlessly disclosed. WORK WITH LAW ENFORCEMENT TO CONTACT OTHER POTENTIAL VICTIMS Contacting other potential victims through enforcement is preferable. Doing so protects the initial victim from potentially unnecessary exposure and allows law enforcement to conduct further investigations, which may uncover additional victims. 03.2017

27

OPINION

BEST PRACTICES TO DEAL WITH CYBERCRIME By Marc Hanne, Director of Sales DACH, CEE, and ME, Identity Assurance at HID Global odern businesses are quickly wising up to the dangers presented by an always-on business model. Customers are increasingly using online tools to access accounts, services, or expertise, and employees are looking to connect to their organisation’s networks remotely at any time. This has driven the desire for daily access to be easier and more convenient. However, with this agility comes a measure of concern. Hackers are also taking notice and creating viruses and malware for malicious purposes, which makes it is crucial for organisations to protect staff and customers data from cybercrime activities. So, what are the top cybercrime activities businesses need to watch out for, and what can be done to combat them?

M

describes the attempts by fraudsters to acquire sensitive data from customers or employees, including usernames, passwords and payment by masquerading as a known or trusted person over email or another form of digital communication. If successful, phishing allows cybercriminals free access to either customer data (damaging companies’ relationships and reputation) or a business’ internal infrastructure and sensitive documents. Vishing and smishing are the telephone and SMS messaging variations of phishing. Either option can provide a fraudster access to your customers’ or your business’ sensitive information. The use of social engineering by cybercriminals can have devastating effects on modern businesses, and are certainly activities that business owners, and IT leaders, need to watch out for.

MALICIOUS SOCIAL ENGINEERING In the digital age, the use of social engineering has become a pressing issue. With the Internet providing a shroud of anonymity for fraudsters, it is important that companies holding sensitive customer data are aware of the most common practices performed by social engineering hackers. Phishing is perhaps the most well known form of false trust hacking. It

INSIDER THREATS Just as social engineering can negatively impact businesses from the outside, there is reason to be wary of internal threats as well. Your personnel can have heightened privileges for accessing sensitive information, and can use such privileges to negatively impact your organisation. Alienated employees, visiting contractors or on-site maintenance staff could also pose such a

28

03.2017

danger to your business. The problems caused by malicious insiders might not be immediately obvious, but they should not to be ignored. For instance, consider an employee who has just been made redundant or otherwise removed from their role in a business. They may feel angry at this decision and wish to vent their feelings towards their departing company. If they still have access rights to the shared storage or documents, they have the ability to change, delete or otherwise tamper with highly sensitive information. Similarly, an on-site contractor who has been given a temporary password without restrictions for a short period may be equally dangerous. Whether corrupting or sharing financial records, client information or perhaps authentication rights, the actions from such rogue individuals can wreak havoc on businesses of all sizes. However, just as with social engineering dangers, knowing and understanding the threat from illtempered insiders can be half the battle in preventing businesses falling prey to cybercrime activities. IT leaders and business owners need to remain vigilant that users only have the access rights they need and be wary of new developments in fraudulent techniques www.securityadvisorme.com

to make sure their businesses stay ahead of cybercriminals malicious intentions. HOW TO FIGHT BACK The fight against cybercrime is set to dominate business leaders’ conversations and strategic plans in the coming years. In order to stand the best possible chance of coming out on top, there are several steps that organisations can take. 1. Move past simple passwords to strong authentication in the enterprise: When hackers steal an employee’s user name and password, they can then often move through the network undetected and upload malware programmes or steal or capture data. Organisations should protect systems and data through strong authentication that relies on more than just something the user knows (passwords.) There should be at least one other authentication factor, such as something the user has (i.e. a computer logon token) and/or is (i.e., a biometric or behaviour-metric solution.) Or consider moving past passwords altogether by combining cards, tokens, or biometrics. 2. Take advantage of the improved convenience of a mobile strong authentication model: Users increasingly want a faster, more seamless and convenient authentication solution than possible with dedicated hardware onetime passwords (OTPs,) display cards and other physical devices. Now, mobile tokens can be carried on the same card used for other applications, or combined on a phone with cloud application single-sign-on capabilities. Users simply tap their card or phone to a personal tablet, laptop or other endpoint device to authenticate to a network, after which the OTP is unusable. There are no additional tokens to deploy and manage, and the end-user only has one device to carry and no longer must remember or type a complex password. www.securityadvisorme.com

3. Employ a layered IT security strategy that ensures appropriate risk mitigation levels: For optimum effectiveness, organisations should take a layered approach to security starting with authenticating the user (employee, partner, customer), then authenticating the device, protecting the browser, protecting the application, and finally authenticating the transaction with pattern-based intelligence if necessary. Implementing these layers requires an integrated, versatile authentication platform with real-time threat detection capabilities. This platform, combined with an anti-virus solution, provides the highest possible security against today’s threats.

03.2017

29

OPINION

TAKING A LEAP Nirav Modi, Vice President and General Manager, Blue Planet, discusses key questions to address before making the leap to Software-Defined WAN.

C

ost reduction and enhanced network performance are just two of the many benefits promised by SD-WAN technology. IDC believes the SD-WAN market will be a $6 billion industry by 2020, so it’s no surprise that solutions are popping up everywhere you turn. At a high level, SD-WANs promise a more cost-effective and simpler way to operate secure, virtualised WAN connections between enterprise branches, data centres and the internet. Traditional MPLS links from the branch to the data centre 30

03.2017

are reliable and secure, but typically offer lower performance for users accessing cloud-based services, and are considerably more expensive than widely available broadband access links. The Internet provides global access to cloud applications, but is limited by poor reliability, unpredictable performance and weak security. The benefit of SD-WAN is that it provides a software controlled and programmable environment that allows you to augment or replace your existing WAN, lower costs by leveraging cheaper broadband

access links and dynamically scale bandwidth capacity to the cloud when needed. But how do you know if SD-WAN is right for your business? Consider the following questions before you make the leap: • Do you need an SD-WAN? This is the rather obvious question, but with most new technologies, the hype can distract from the actual need. SDWAN is no different. To get started, ask yourself these questions – Am I reliant on MPLS or Carrier Ethernet services? Am I seeing more internet www.securityadvisorme.com

connectivity requests? For example, are my sales guys using salesforce. com or social media for sales and enhanced customer support? Or, do customers in my retail outlet want to browse the internet while they wait for service? Am I migrating in-house IT systems to the cloud? Enterprise network traffic has exploded with organisations incrementally adding bandwidth to reduce service latency and avoid network failures. And, because many of today’s applications are moving out of the enterprise and into thirdparty cloud and SaaS environments, traffic flows within the network have drastically changed and become inefficient. Adding direct internet connections and broadband circuits can provide the needed bandwidth, but it also requires purchasing, deploying and managing daisy-chains of on-premises devices for different circuits and network functions, including routing, WAN optimisation and firewalls at multiple locations. If you answered yes to any of the questions above, SD-WAN can provide new choices. With SD-WAN, you can prioritise application and traffic flows, reduce the number of on-premise devices, as well as more dynamically manage the services deployed at a given branch location. • What are the pitfalls? One of the major selling points with SD-WAN is you can avoid service provider lock-in by buying and deploying the components internally or working with multiple service providers. However, whether you buy or lease your WAN, it requires a deep understanding of the network. You need to understand what type of traffic traverses your network; you need to know what applications are preforming well and what needs to be changed or optimised. www.securityadvisorme.com

Enterprise network traffic has exploded with organisations incrementally adding bandwidth to reduce service latency and avoid network failures. - Nirav Modi, Vice President and General Manager, Blue Planet

There are several vendors and offerings on the market so you should consider the time it will take to research and select products, and if you have the engineering expertise required to build and monitor the SDWAN. Also, you’ll need to determine what traffic you want to keep on your existing network and which you want to send over the internet. How should you configure traffic management policies? What security measures need to be implemented? Answering those questions requires a deep understanding of application performance, network security, and network engineering. Another pitfall is to think of SD-WAN as a complete solution, rather than another tool in the toolbox. So, while SD-WAN may enable choice in access, it doesn’t give you full connectivity to the cloud. In other words, to connect from remote sites to cloud services, it is the combination of orchestration of cloud, WAN and SD-WAN access that completes the solution. Orchestration allows you to coordinate and automate across different pieces of the network. • Do I build it or do I buy it? If you decide SD-WAN is the way to

go, you’ll have to decide if you want to build it yourself or consume SDWAN as a managed service. Each option has its pros and cons. The key question is, just how critical the network is to your business? If you’re in financial services, you’ll answer that differently than your IT peers in the retail industry. When the network is absolutely critical to your business you probably want more customisation. If your needs are more flexible, you can work with different “off the shelf” options. When you take the “buy” route and get your SD-WAN as a managed service, someone else is owning and managing the solution, saving your operations staff valuable training and support time. A buy option also may allow you to take advantage of other resources that your service provider offers, such as NFV-based firewalls or cloud connectivity, giving you a more robust catalog of managed services that might be hard to develop internally. Building it out yourself, on the other hand, offers the ultimate in customisation. You can develop the services that work for your business and can be infinitely flexible. 03.2017

31

OPINION

SECURE SPACE Ben Bernstein, CEO, Twistlock, shares six runtime threat detection and response tips for container security.

S

ecurity for containers has evolved quite substantially over the past year, but there is still a lot of education that needs to be done. The key point being that the biggest difference in this new paradigm is that everything is based on continuously delivered, micro-service based, applications. The fact that the technology enabler for that paradigm is containers is less of an issue. When it comes to containerised applications, everyone needs to be in agreement – statically analysing what an application can do inside a container and rejecting non-security compliant images and/or vulnerable images is a must. However, no matter how good a job you do with vulnerability scanning and container hardening, there are unknown bugs and vulnerabilities that may manifest in the runtime and cause intrusions or compromises. That is why it’s so important to outfit your system with real-time threat detection and incident response capabilities. One might point out rightfully that there are good tools for limiting what an application can do in the form of SELinux and AppArmor. While these are good 32

03.2017

tools for some tasks, and limit several aspects of what an application does at runtime, expecting your development team to create deep and thoughtful security manifests for all micro-services they create is not realistic and does not scale. I’ve yet to see a large development team adopt this type of security solution for containers at scale. Here we find ourselves back at the core of the problem – as more and more critical applications move to the container environment, organisations need a scalable and proactive defense layer that allows them to get ahead of the threat curve. At the same time, this defense layer should enable innovation and the adoption of container technologies. The following six tips outline how runtime threat detection and response should be designed to detect real-time threats, anomalies, and active compromises, with a lower false-positive rate than what is seen with traditional anomaly detection: * Use the declarative nature of the new stack. While developers don’t have the bandwidth to care much about security, they are now required to provide more information as part of the development

process. They know which processes are going to run, they know which binaries are going to be used, and they implicitly tell the system about the interactions between containers. That information might exist in the Dockerfile, or it might be in the one of the YAML files that describes how the system is to be orchestrated. One should take that information and automatically translate that into a security profile of what the endpoint should and shouldn’t do. * Identify the Lego pieces. Developing containers is fun and easy. While you do have more responsibilities, you can easily reuse layers of operating systems and services that are ready made for you, which require you to only tweak some of their configuration. For security baselining, this makes life much easier. If you recognise that 90 percent of the container is actually a known backend application, doing a relatively simple scan of the changes in the 10 percent that is left, you can easily see what these lego pieces are up to. * Establish baseline behaviour. You’ve likely heard about machine learning a lot recently, but the truth is, it’s a www.securityadvisorme.com

complicated business and hard to get right. Luckily, containers can actually help. With machine learning, you typically need to have a baseline from which you learn from, and containers are the perfect candidate. They are minimalistic in nature and involve a more limited set of actions then a virtual machine. Security solutions should baseline the application and make use of that. * Immutability. Immutability means killing an unpatched container, and then pushing a new patched container into production instead of updating it ‘in the field’. While this might sound like a minor detail, this actually allows the endpoint security, for the first time, to treat any polymorphic change in the behavior of the containers as an indication of threat or an indication of a configuration drift. * Automate runtime threat detection. Doing each of the preceding steps is no trivial matter, and one can not expect to do each one manually, so you must make sure that any process that qualifies to make it into production gets automatically secured. To emphasise www.securityadvisorme.com

Unlike traditional endpoint detection, you can’t just install an endpoint detection mechanism on each container. Best practice is to have your solution look into running containers from the “outside”. - Ben Bernstein, CEO, Twistlock

the point, it is virtually impossible to ask an IT person to work with each owner of a micro-service and make sure the container is secure. You must adopt a system to automatically “wrap” the container at runtime with security. * Don’t interfere with application logic. Unlike traditional endpoint detection, you can’t just install an endpoint detection mechanism on each container. Best practice is to have your solution look into running containers from the “outside”. The reason for that is, in order to play by the rules, you are not

allowed to modify the containers that developers handed to production. If you change an image, you’re breaking the ability of developers to directly analyse problems with it and must quickly provide resolutions to any issues. Organisations who implement container-based workflows or run containers in production must consider security from the very beginning or risk suffering security vulnerabilities. Luckily, better security tools exist today, and by leveraging the tips listed above, any business can make their container stacks secure. 03.2017

33

OPINION

LET’S TALK ABOUT DOXWARE Rishi Bhargava, Co-founder and VP Marketing, Demisto, gives us a lowdown on the latest threat looming in the cyberspace.

A

s if ransomware wasn’t bad enough, there is a new threat in town called doxware. The term “doxware” is a combination of doxing — posting hacked personal information online — and ransomware. Through doxcare, attackers notify victims that their sensitive, confidential or personal files will be released online. If contact lists are also stolen, the perpetrators may threaten to release information to the lists or send them links to the online content. Doxware and ransomware share some similarities. They both encrypt the victim’s files, both include a demand for payment, and both attacks are highly automated. However, in a ransomware attack, files do not have to be removed from the target; encrypting the files is sufficient. A doxware attack is meaningless unless the files are uploaded to the attacker’s system. Uploading all of the victim’s files is unwieldy, so doxware attacks tend to be more focused, prioritising files that include trigger words such as confidential, privileged communication, sensitive or private. 34

03.2017

Although doxware attacks are likely to increase, this type of extortionware has its shortcomings: 1. Doxware attacks tend to involve relatively small amounts of data. Most attackers do not have the resources to store millions of files, and the act of uploading a massive volume of files increases the risk of detection. 2. Criminals want to maximise their return on investment, and doxware attacks are more costly to implement. For a doxware attack to be financially rewarding, attackers must research potential victims to determine whether the stolen data will have sufficient value. They must also have a plan for publishing the data if the victim chooses not to pay. 3. Criminals potentially face increased risks for doxware attacks. Attackers need the infrastructure to host the stolen files and to release them online. This infrastructure could make tracing them easier. Shortcomings aside, security analysts agree that doxware attacks are likely to increase over the next two years. So far the attacks have targeted businesses

and high-profile individuals rather than the general public. However, that could change if attackers find ways to target smartphones or IoT devices. One of the earliest doxware attacks, Ransoc, informed victims that files violating intellectual property rights or files containing child pornography were present on their computers; unless the victim remitted a payment, the authorities would be notified and the victim would be incarcerated. With access to more devices, attackers could refine doxware attacks that make it cost-effective to target individuals on a massive scale. Protecting against doxware attacks Businesses that suffer a doxware attack often feel there is no alternative but to pay the ransom. However, even making the payment does not always end the attack. If the attackers find information that is particularly valuable or embarrassing, additional demands may be made. Furthermore, there is no guarantee the criminals will not publish the files even after a company meets all of the payment demands. The purloined data remains an www.securityadvisorme.com

ongoing threat; victims cannot confirm that stolen files have been erased. Therefore, the best method of dealing with an attack is to prevent it. The following tips can help protect against doxware attacks: • Most doxware attacks begin with a phishing attack. Educate users on how to deal with phishing attempts, such as not opening email attachments from unknown sources and not clicking on links contained in emails.

• Do not store sensitive data on a hard drive; if that is impossible, try to spread the data over multiple servers. • Encrypt files while they are at rest, and make sure that sensitive files are always encrypted. • Keep anti-malware software updated; new threats are constantly emerging. • Educate users on malvertising and the types of sites that are common sources of malware-infected ads.

Businesses that suffer a doxware attack often feel there is no alternative but to pay the ransom. However, even making the payment does not always end the attack.

www.securityadvisorme.com

These include adult websites, Facebook, Skype and “pirate” sites hosting illegal copies of movies and television shows. Although an offsite backup will not prevent a doxware attack, it is still important to have. Should the attacker provide the decryption key after the ransom has been paid; there is no guarantee that the decrypted files will not be irretrievably corrupted. Doxware attacks are far less common than traditional ransomware attacks, but as any security professional knows, when criminals have the opportunity to make an easy profit, they will take advantage of the opportunity. As Mr. Robot once said, “We’re at war.” Doxware is simply another insidious weapon in a cybercriminal’s arsenal. If you are concerned about advanced malware attacks, consider building an incident response plan and automating security operations. Automation and collaboration can help reduce adhoc activities and streamline operations during crisis. In addition, using automation can help reduce the MTTR and reduce exposure time. 03.2017

35

PRODUCTS

Brand: A10 Networks Product: A10 Thunder CFW

Brand: Synology Product: DSM 6.1 Synology has announced the official release of DiskStation Manager (DSM) 6.1. According to the vendor, the DSM 6.1 is constantly being enhanced to help businesses tackle new challenges. The latest update of the platform enabled it to deliver better IT efficiency with Active Directory Server. DSM 6.1 features an extended coverage of the Btrfs file system, which enables advanced data protection technologies on more Synology NAS models, including file self-healing and instant SMB server-side copy. What you should know: The DSM 6.1 also allows users to encrypt pre-existing shared folders, including home folders, whenever needed. For higher security and convenience, users can also mount encrypted folders automatically using a physical USB flash drive without having to memorise encryption keys. The new platform, according to Synology, has a powerful search tool that helps users find everything including multimedia/ applications on their Synology NAS and offers quick preview into file contents and metadata with just one click.

36

03.2017

A10 Networks has announced the expansion of its A10 Thunder CFW (convergent firewall) family with a new Gi/SGi firewall solution and a softwareonly Thunder CFW for NFV deployments. It is equipped with Gi/SGi interface, which helps protect subscribers and shields mobile core infrastructure – including enterprise services and NAT IP pools – from cyberattacks to ensure uninterrupted operations. What you should know: The enhanced A10 Thunder CFW, service providers

can achieve exceptionally high firewall connection rates – 220 Gbps of throughput, all in a one rack-unit appliance, which includes enough capacity to support up to 256 million concurrent sessions. It also has a fully integrated Carrier-grade NAT (CGNAT) functionality, which according to the vendor, addresses the shortage of IPv4 addresses and extend a provider’s current IPv4 investment. Thunder CFW also provides IPv6 transition options.

Brand: Lenovo Product: ThinkPad X1 Carbon According to Lenovo, the ThinkPad X1 Carbon is the lightest notebook in its class at under 2.5 pounds (1.14kg), it is also the smallest, fitting a high quality 14-inch IPS display into a typical 13-inch form factor. The device is equipped with a six-row ThinkPad keyboard features an improved Microsoft Precision Touchpad (with physical buttons) and iconic TrackPoint. The device comes in classic ThinkPad black and a new silver colour. Under the hood, it is equipped with a battery that can last up to 15.5 hours per MobileMark 2014 and is powered by Qualcomm Snapdragon X7. It has Thunderbolt 3 ports, type-A USB 3.0 ports and HDMI ports.

more secure than ever with multifactor authentication improvements such as: an enhanced biometric authentication with the addition of an IR camera with face recognition support for Windows Hello logon; and the Match-on-Chip touch fingerprint sensor for added security layer. According to Lenovo, the ThinkPad X1 Carbon is also the first businessclass notebook to support FIDOenabled biometric authentication for PayPal.

What you should know: Lenovo highlighted that ThinkPad X1 Carbon is www.securityadvisorme.com

Officially Supported by

21 - 23 May, 2017

Dubai World Trade Centre

Connecting and Securing Smart Government and Enterprises With 34 billion devices connected to the internet by 2020*, how will your business stay digitally agile with enhanced customer experience while ensuring maximum security?

DEMOS & WORKSHOPS

TECH SHOWCASE

DEDICATED CONFERENCES

BUYERS’ LOUNGE

Attend CPE accredited training sessions & demos by industry experts

500+ cutting-edge solutions from regional & global market leaders

75+ speakers including INTERPOL, GCHQ, Wells Fargo, AXA, HSBC & more

Discuss your RFPs and gain invaluable insights & advice from our key partners

REGISTER ONLINE FOR FAST-TRACK ENTRY! gisec | iotx

www.gisec.ae | www.iotx.ae

gisec@dwtc.ae | iotx@dwtc.ae

*source: businessinsider.com PLATINUM SPONSOR

EDUCATION PARTNER

SMART MANUFACTURING PARTNER

POWERED BY

SUPPORTED BY

PART OF

future technology week

OFFICIAL TRAVEL PARTNER

MEDIA PARTNERS

OFFICIAL AIRLINE

OFFICIAL COURIER HANDLER

ORGANISED BY

BLOG

AUTHENTICATION IN CONTEXT By Robert Haynes, Marketing Solutions Architect, F5 Networks

A

pplications have escaped from the data centre. Your business may have applications running in many different environments serving users who switch between locations and devices rapidly. As your infrastructure evolves to meet the challenges of this dispersed, interconnected world, you need to re-evaluate your authentication and access management solutions. Are usernames and passwords sufficient for a world where hackers are constantly trying to steal passwords through software or social engineering? Should you treat a user on a corporatemanaged machine on a company site the same as you would a user coming in using their personal device from a café on the other side of the world? While the easy answer to these questions is “no,” the idea of actually doing anything about the situation might seem overwhelming. The good news: finding solutions to 38

03.2017

difficult problems is what IT is all about. For critical systems, simple usernames and passwords might be too weak to be the only authentication method. For the new world of the dissolved perimeter, you need context. Where is the connection coming from; is the source IP address suspicious? Is it a corporate-managed device? What time of day is it? Once you have a solution that can capture and use that contextual intelligence, you can decide which controls to apply to any given situation. Do you need two-factor authentication? One-time passwords or a flat denial? With a flexible authentication solution, you can apply different controls to the same user depending on where they are, what device they are using, and when they are attempting access. This gives you the control to impose the correct level of authentication while minimising the friction for valid users as they log into systems. A key factor here

is single sign-on; once your users have authenticated once, they can be seamlessly signed into other applications for a set period of time. The technology to implement this kind of solution is essentially an intelligent authentication proxy. This kind of service provides a centralised user login facility, which establishes a user’s identity in one or more ways, then proceeds to authenticate them into different applications, possibly by dissimilar authentication schema. To function efficiently, this service requires several features: compatibility with a number of authentication systems, an easy-to-configure access policy, and the ability to authenticate users into a range of applications. Add in some centralised management and you have a comprehensive access and identity solution that is ready to provide secure and appropriate access control for your applications—no matter where they are. www.securityadvisorme.com

INTERCEPT A completely new approach to endpoint security.

Sophos Intercept X is a next-generation endpoint detection and response

Sophos Intercept X is a next-generation endpoint detectionand platform designed to stop ransomware, zero-day exploits, provide detailed intelligence. response platformand designed to stopthreat ransomware, zero-day exploits,

and provide detailed threat intelligence. • Stop ransomware before it can take hostages • Block zero-day attacks with signatureless anti-exploit technology

• Stop ransomware before it can take hostages • Get easy to understand threat insight and root cause analysis • Block zero-day attacksremediation with signatureless anti-exploit • Automate and malware removal technology • Get easy to understand threat insight and root cause analysis Learn more and try for free at

· Automate remediation and malware removal www.sophos.com/intercept-x

Learn more and try for free at

www.sophos.com/intercept-x