Security Advisor Middle East | Issue 5

Page 1

Issue 5 | May 2016 www.securityadvisorme.com

Tracking data drains Strategies for database security Advanced Persistent Threats

Endpoint security

Security budgets



Strategic Innovation Partner

STRATEGIC PARTNER

CONTENTS

founder, CPI MEDIA GROUP Dominic De Sousa (1959-2015)

Publishing Director Rajashree Rammohan raj.ram@cpimediagroup.com +971 4 375 5685

06

Editorial Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 375 5678

The blind spot

Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 375 5684 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 375 5683

Data at rest is data at risk, as the old saying goes. We take a look at different database strategies that can help organisations fight back against any cyber threats.

ADVERTISING Commercial Director Chris Stevenson chris.stevenson@cpimediagroup.com +971 4 375 5674 Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 375 1647 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 375 5676 Circulation Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 375 5682 Production and Design

10

Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 375 5673

Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 3751644 DIGITAL SERVICES

Photographer Charls Thomas webmaster@cpimediagroup.com +971 4 440 9100 Published by

18

Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Al Ghurair Printing & Publishing Regional partner of

© Copyright 2016 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

26

CISO Council’s Ahmed Qurram Baig explains how a solid endpoint security strategy can protect organisations from sophisticated attacks.

Designers Analou Balbero analou.balbero@cpimediagroup.com +971 4 375 5680

Web Developer Jefferson de Joya Abbas Madh

Rethinking endpoint security

22

Cutting security budget corners Security pros provide advice on where to focus your efforts when money is unexpectedly short on supply.

Risky business

Warding off ransomware The impact of ransomware is difficult to calculate. We bring you 10 steps for protecting yourself from ransomware.

28

30

Sabahat Nasim from Aruba, a HPE company explains how the #GenMobile’s mobile lifestyles can ruin security for your organisation.

getTING a grip on cloud security Cloud use continues to grow rapidly in the enterprise, and many organisations now claim to have a ‘cloudfirst’ strategy.

top tips to fight off apt APTs are increasing in occurrence and severity. Is your organisation prepared for the battle against an APT?


news

QNB affirms hacking incident will not affect customers’ finances

Qatar National Bank (QNB) has confirmed that its systems were hacked but reassures customers that the incident will not have any financial impact on the bank’s customers. According to QNB, the attack only targeted a portion of Qatarbased customers, claiming the hack attempted to target the bank’s reputation rather than its customers. “QNB Group’s Risk Team monitored abnormal activity in our system environment, this was immediately communicated to relevant authorities,” the bank said in a statement. “We also took immediate steps and our systems are fully secure and operational.” The 1.4GB trove of documents leaked online included both financial information such as customer transaction logs, personal identification numbers and credit card data. It was also found that there were folders with detailed profiles of specific individuals, including what appeared to be files on members of the Qatari royal family, employees of media outlet Al Jazeera, and people listed as working for the British MI6 and some other intelligence agencies. A Turkish far-right group, called Bozkurtlar for Grey Wolves, has claimed responsibility for the bank breach, according to security researcher Omar Benbouazza.

4

05.2016

Fortinet unveils ‘Security Fabric’ Fortinet has unveiled its Security Fabric, an integrated, collaborative, and adaptive architecture for distributed security for global enterprises providing protections against threats from IoT and remote devices, through the infrastructure core, and into the cloud. Ken Xie, Fortinet “Pervasive digitisation continues to redefine business, while technology trends like IoT and cloud computing are blurring the edges of the network today. Unfortunately, many enterprises continue to rely on security strategies developed decades ago that can no longer support the everincreasing speed of business,” says Ken Xie, Founder, Chairman of the board and CEO, Fortinet. “Unlike platforms loosely coupled at the management

level, the security fabric weaves together highly sophisticated hardware and software, enabling direct communication between solutions for a unified and rapid response to threats. Fortinet is committed to delivering security without compromise.” Fortinet also launched its latest FortiGate 6000E and 2000E series enterprise firewalls powered by its next generation FortiASIC CP9 content processor. New enhancements to the Fortinet Advanced Threat Protection (ATP) framework were also announced. Moreover, Fortinet announces a new technology alliance with the Carbon Black Security Platform to further bolster for protection against today’s most advanced and persistent threats.

Gartner: IoT security spending to reach $547M in 2018 According to the latest research by Gartner, worldwide spending on Internet of Things (IoT) security will reach $348 million in 2016, a 23.7 percent increase from 2015 spending of $281.5 million. Spending on IoT security is expected to reach $547 million in 2018. Although overall spending will initially be moderate, the analyst firm predicts that IoT security market spending will increase at a faster rate after 2020, as improved skills, organisational change and more scalable service options improve execution. “The market for IoT security products is currently small but it is growing as both consumers and businesses start using connected devices in ever greater numbers,” said Ruggero Contu, Research

Director, Gartner. “Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 11.4 billion by 2018. However, considerable variation exists among different industry sectors as a result of different levels of prioritisation and security awareness.” Gartner predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets. Security vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT and the decentralised approach to early IoT implementations in organisations.

www.securityadvisorme.com


news

Cisco, Rockwell Automation collaborate for industrial IoT security Cisco and Rockwell Automation have announced a strategic collaboration deal to develop a deep-packet-inspection (DPI) technology for use in industrial security appliances. An industrial firewall with DPI technology extends visibility down to the plant floor, enables logging of traffic patterns, and provides the opportunity for informed decision-making following a set of security policies. Users can log a range of data for any network connection or protocol, such as EtherNet/IP, including where the traffic is coming from, where it is going and with which application it is associated. While IT managers previously had this visibility, now both plant and IT managers can use this technology to more securely manage

network traffic from the plant to the enterprise. “With this security addition to our joint portfolio and architectures, we can help eliminate the ‘air gap’ or ‘security by obscurity’ that leads to false confidence of safety and security,” said Doug Bellin, Global Industries Lead, Cisco. “We can track all network connections in real time and react when issues arise. This is another case of the best of IT and the best of operations coming together to solve a real need.” Through the strategic collaboration between Rockwell Automation and Cisco, manufacturers can benefit from the sharing of proven security best practices from the IT space made possible for the plant floor and industrial environment.

ESET Middle East launches branded e-store on Souq.com ESET has partnered with Souq.com, the Middle East’s largest online retail and marketplace platform, to launch an ESET branded e-store in the region. According to ESET’s 2016 IT Security in Europe, Middle East and Africa (EMEA) report, there is a growing need for companies and individuals in the region to mitigate cybersecurity risks by applying various protective systems. By providing a range of ESET products in one place, the branded e-store aims to create awareness on the importance of securing multiple devices amongst individual and corporate users. “As more customers are going online to buy various products and services, it is also necessary for us

www.securityadvisorme.com

at ESET to be where our customers are. Our partnership with Souq. com allows us to not only reach out to a wider audience in the Middle East but also drive more awareness on the importance of securing all devices using our leading products via an online platform,” said Neo Neophytou, Managing Director, ESET Middle East. Among the products currently available on Souq.com’s ESET e-store are the ESET Antivirus and ESET Smart Security.

Intel Security survey reveals consumers are willing to share Smart Home data for money

Raj Samani, Intel Security

According to a recent report by Intel Security, 54 percent of respondents worldwide indicated that they might be willing to share their personal data collected from their Smart home devices with companies in exchange for money. The survey also highlighted that 70 percent agree that companies should give coupons and discounts to customers in return for data about device usage. It found that 77 percent of respondents believe Smart homes will be as common in 2025 as smartphones are today, but 66 percent are also very concerned about Smart home data being hacked by cybercriminals. “Smart homes and their associated data have the potential to improve consumers’ everyday lives,” said Raj Samani, VP and CTO, EMEA, Intel Security. “The survey shows that many individuals would be comfortable sharing that data for a price, but they are still understandably concerned about cyber threats. Security has to be foundational element to the Internet of Things and when done right, it can be an enabler of IoT.”

89%

prefer Smart home security to be controlled through a single integrated security package

05.2016

5


COVER STORY

The blind spot Data at rest is data at risk, as the old saying goes. We take a look at different database strategies that can help organisations fight back against any cyber threats.

6

05.2016

www.securityadvisorme.com


COVER STORY

D

atabase security is starting to show up on the radar of C-level execs, and with good reason. According to various reports, close to 707 million corporate records were compromised in 2015, and in a survey by the Independent Oracle Users Group, 58 percent of respondents noted that databased were the most vulnerable part of their IT environment. The majority invested in securing areas of less risk such as the network, servers, and desktops, and only 18 percent of respondents encrypt data at rest on all their databases. Most companies in the Middle East are still fairly low on the database security maturity curve, and some are just beginning to shift their attention from protecting the corporate borders to guarding the corporate jewels. Businesses are faced with a heightened threat landscape, more sophisticated database attacks and an increased regulatory compliance burden, and Forrester predicts that they will begin to spend more on database security, which now accounts for just 10 percent of their overall information security budgets. Meanwhile, database vendors are working to bolster their security capabilities, while third-party database security tool vendors continue to add to their offerings. “Data security and the challenge of data protection is increasing in scope and difficulty. While organisations have long needed to safeguard their intellectual property and confidential information, changes in IT and business models introduce new actors, threats and regulations,” says Sebastien Pavie, Regional Director MENA, Identity and Data Protection, Gemalto. As a result, he adds, organisations need to think beyond the traditional models of securing the perimeter and locking down specific segments of the IT infrastructure in order to formulate their data protection goals. www.securityadvisorme.com

Gemalto’s recent Data Security Confidence Index found that 87 percent of IT decision-makers feel their organisation’s perimeter security is effective at keeping out security threats, but despite this, 30 percent have fallen victim to a data breach. “In order to prevent such data leaks or unauthorised access to databases, it is imperative for organisations to establish a robust multi-layered data protection strategy, which focuses on more than just breach prevention such as firewalls, antivirus, content filtering, and threat detection,” explains Pavie. Will that be enough to prevent data leakage or unauthorised access to their databases? Most enterprises use the security features that come native with the database management system (DBMS), according to Forrester, but they turn to third parties for advanced requirements, such as real-time protection, granular compliance reporting and support for heterogeneous deployments, the analyst firm says. “Data leakage is somewhat harder to prevent but measures such as encryption and key management can be employed effectively against this. Another measure is the prevention or restriction of large scale, or sensitive data on to removable storage devices such as USB drives,” says Ayman Al Bayaa, CEO, STME.

He adds that unauthorised access can be averted through methods such as password and differing access levels to the same database that would depend on employee designation and work requirements. Organisations should also maintain and review access privileges on a regular basis. They should also monitor the database performance especially when there are unusual spikes in usages and numerous failed log in attempts, these activities should be linked with policies that set out procedures to follow in place of a suspected attack. One of the biggest challenges facing CISO when it comes to database security is preventing database administrators from abusing their privileges. As the databases itself don’t have enough security baked in, it’s becoming increasingly difficult to track and understand everything that privileged users are allowed to do. In fact, security experts point out privilege abuse is one of the most commonly encountered database vulnerabilities. Approximately 80 percent of attacks on company data are executed from within the organisation, and granting too many privileges or not revoking those privileges make it easy for internal attackers. “One way to prevent database administrators from abusing their privileges is to segregate the roles in the organisatio,” explains Pavie. “Part of the

Data security and the challenge of data protection is increasing in scope and difficulty. While organisations have long needed to safeguard their intellectual property and confidential information, changes in IT and business models introduce new actors, threats and regulations. - Sebastien Pavie, Regional Director MENA, Identity and Data Protection, Gemalto

05.2016

7


COVER STORY

multi-layered data protection strategy should be to put mechanisms in place to clearly separate security responsibilities from those of the database – a key step which is often overlooked. For example, the person responsible for backups may not necessarily require access to sysadmin privileges.” Policies can be set to allow ‘readonly’ access for a specific set of users, while completely denying access to others. Businesses should look for encryption solutions that unlock access by seamlessly decrypting the data for the right users, with the relevant builtin access control mechanisms. Next, is to ensure a sound audit trail is part of the encryption solution that is deployed, which includes encrypted data access for users and policy or configuration changes logs for security officers. Such an audit trail enables businesses to see all attempts to acces any restricted activities including the person involved in the type of activity. One of the reasons why many companies are still low on the database security maturity curve is the disconnect between the database and security teams. “Databases are complicated, and database teams are often their own fiefdom, very separate from the security team, “ says Josh Shaul, VP, Product Management, Trustwave. “There are only a few companies that have a database security programme in place and most of them tend to not be making a lot of progress.” For instance, maybe the security team runs vulnerability scans, but database admins don’t act on the results, or the database team may start securing the environment without knowing how to do it well. “Getting the two teams together to accept database security as a shared problem is one of the most important keys to making the programme work, far more than any technology out there,” Shaul says.

8

05.2016

Data leakage is somewhat harder to prevent but measures such as encryption and key management can be employed effectively against this. - Ayman Al Bayaa, CEO, STME

Key database security functions Vulnerability assessment and scanning: Vulnerability scanners—the most mature category of database security tools— report on risks such as stale accounts, default passwords, outdated patches, incorrect configurations, unwarranted user privileges, and so on. Companies are increasingly interested in tracking and managing the activities of privileged users—finding out, for example, what data they can see, manipulate and copy. A common complaint with scanners is that they return an unmanageable number of results. Shaul suggests starting with the easiest parameters to manage, such as blank passwords, and then moving to another issue, such as default passwords. Database auditing and monitoring: Auditing tools—the second-mostcommonly-used tool—detect malicious activity by monitoring database transactions and changes. Many companies use these tools to record and produce audit logs for compliance purposes. Real-time protection and database firewalls: Companies are just beginning to move into real-time database protection. These tools seek out and automatically block or quarantine known

attacks (such as SQL injections) and suspicious behaviour (such as a user accessing a large volume of records during off hours). Encryption: Database encryption has been around for a long time and, as such, is very mature. The database vendors offer encryption within the database itself, while some third-party tools intercept files to encrypt or decrypt them then. “Databases are a treasure trove of sensitive information,” says Pavie. “To protect this information data encryption is a must. Encryption is the translation of data into a secret code and is considered the most effective way to achieve data security. To read an encrypted file, the user must have access to a secret key or password that enables decryption. Businesses should encrypt all data stored on all portable devices – laptops, tablets, smartphones and even UBS flash drives.” While encryption is an effective way to secure data, the encryption keys used must be carefully managed to ensure data remains protected and accessible when needed. Many organisations store the keys where the data resides, which exposes company information to risks or attacks. Businesses should also implement a crypto management platform, which creates, rotates and deletes keys.

www.securityadvisorme.com


Lead with Arrow! The Premier Storage & Security Distributor in the Middle East. More than 10 years’ experience in the Middle East 100+ employees in the region.. KSA-Gulf Pakistan- Levant and North Africa 400 + resellers in the region with more than 20 focus partner Ofces in UAE & Morocco Dedicated teams in KSA-Gulf Pakistan - Levant and North Africa Fully equipped demo center in Arrow ECS ofce in Dubai Advanced technical capabilities for pre-sales proof of concept installation support Arrow ECS Authorized Training Center for the following products

For any inquiry or more information, please contact us on marketing-ae@arrowecs.ae

P: +971 4 5015814

F: +971 4 501 5837

http://www.arrowecs.ae


opinion

Rethinking endpoint security by Ahmed Qurram Baig, Founder, CISO Council

i

n an evolving threat landscape with sophisticated attacks, organisations are struggling to keep up with the pace of adversaries. They are forced to build their capabilities to continuously protect themselves against the unknown and unstoppable attack vectors that are demanding organisations to shift the security response mindset from “incident response’ to “continuous response” mode as recommended in the Gartner adaptive security framework. In the wake of recent attacks, we found that compromised data can cause significant damages not only to the organisations involved but also to its customers or stakeholders, which we have witnessed in incidents like the “Panama paper attacks” and “Ashley Madison”. As seen in Mandiant M-Trends, Verizon and Ponemon reports, what’s surprising is that the median number of days before attack detection is around 229 days and the average time to respond after detection is 32 days. It’s also interesting to see that 100 percent of these entities had firewalls and updated antivirus in place, which makes it even worse 10

05.2016

www.securityadvisorme.com


is that 67 percent of the companies have only found out about the breach through an external entity. Cybercriminals are now more organised and well-funded, working round the clock to find ways to compromise your systems, with highly tailored, customised, targeted and sophisticated methods. They are persistent and will find different ways and multiple vectors to reach their targets until they succeed. The truth is they have to just get lucky once, while you have be right all the time. More recent attacks have shown us that the source of compromise has been a weakness in the endpoint combined with user’s lack of security awareness. Some of the attack vectors are infections or compromises through spear phishing and removable devices. The common factor in both is they’re using endpoints as a channel to initiate the malicious code that could have possibly been stopped with an effective endpoint security solution that includes endpoint protection, prevention, detection and response. The current market trend is where many EPP (endpoint protection platforms) vendors are moving towards adding EDP (endpoint detection and response) and many EDP vendors adding endpoint protection. While EPP focuses on preventing and blocking advanced threats, EDP will focus on detection and response. Endpoint security redefined Monitor endpoint activities and track malicious behaviour or system configuration changes. While, doing so it should be able to reconstruct the whole attack cycle and garner insight into attacker behaviour. The solution is having the capability to collect data locally while also feeding into a central repository that will enable your systems to garner insights through data mining and analytics to generate actionable intelligence through having the following information: • IOC (Indicators of compromise) • Attacks patterns • Behavior analytics • User behaviour www.securityadvisorme.com

Critical capabilities of the solutions should also include a centralised management and reporting dashboard with support for various common endpoint platforms like Linux, Android, Apple OS and others. The need to detect advanced and sophisticated attacks requires data gathered from various sources including endpoint, user behaviour, network, threat intelligence feeds and vulnerability data. While, the detection of known attacks can happen using

Future threat detection systems should either use combination of as many of these detection and techniques and should communicate with other security systems for information exchange and gaining insights.

information of known attack types and methods, the critical capability of endpoint security solutions is to detect the unknown as a differentiator, this is done though machine learning and complex algorithms and definition of acceptable behavior and knowledge of all change on system objects and configuration. The capability to detect various areas of attacks should include OS, hardware components and applications using techniques such as memory injection, rootkits and OS evasion.

Current Threat Detection and IOC are done through various solutions with different methods and techniques. • User behaviour analytics and anomaly • Deception technology • Virtualisation and sandboxing • Network traffic analysis to detect data exfiltration and command and control (C&C) communication. Future threat detection systems should either use combination of as many of these detection and techniques and should communicate with other security systems for information exchange and gaining insights. While, the threat detection is vital, the challenging task is response, containment and threat mitigation, that would be very important for the security analyst to gain insights on the complete attack lifecycle through reconstruction events as it happened throughout the kill chain. This information along with information of assets affected and business impact is invaluable. Also, as response and mitigation of attacked endpoints, the security tools should be capable of isolating the infected endpoints or limiting the network communications while controlling internal applications / services activity. The endpoints security tools providing information on remediation of infected endpoints with detailed instructions with capability to interact and integrate with operational systems for task assignment and tracking completion will be a key differentiator. The endpoint security market seems to be crowded with many new players using different methods and techniques to address the growing need of endpoints protection, detection, and response requirements. The game changer or differentiation will be strongly depend the required capabilities discussed along with breadth and depth of visibility and context. 05.2016

11


blog

Network security – It’s everybody’s business Maan Al-Shakarchi, Networking Lead, Europe and AMEA, Avaya

L

ast month, we were greeted with yet another network security breach making headline news. The story comes from Bangladesh’s Central Bank, where hackers failed in their “e-heist” to transfer $951 million worth of funds, yet still managed to make off with a cool $81 million, which they moved to the Philippines and then funneled towards Casinos there. A security investigation blamed the breach on lack of basic security infrastructure – no firewalls, and outdated second hand switches. That problem there seems pretty obvious, but is there more than meets the eye? Security is always a combination of three pillars; technology, people, and process. In this case, technology was blamed as the primary culprit, and rightfully so. Large organisations have IT security teams responsible for “reinforcing” the overall infrastructure. They build high walls (firewalls) and set traps (intrusion detection) around the city to protect the perimeter. The problem is that more and more frequently, attacks are coming from the inside. The SWIFT room in Bangladesh Bank is located on the eighth floor of their building in Dhaka. It is 12 x 8 feet large, containing four servers, 12

05.2016

four monitors, and a printer. It has no windows, and would appear quite physically secure. However, the rules of traditional IP networking meant that the room is exposed to the wider network, spanning across to other remote locations. The culprit in this case was not the second-hand $10 switch which an engineer decided to deploy to connect the stations and the printer. The real culprit was relying on legacy network technology which does not offer genuine segmentation. To draw an analogy, think of traffic on a traditional computer network like sending a letter through the standard post office system. Your envelope stops at each location, mixing with other envelopes as it is routed across the system. Now think of a courier model, where your envelope is put into a special package, hidden from the outside world, and flies directly to the destination without being exposed to any stops. Modern network technologies, called Fabrics, allow you to encapsulate traffic streams from different systems. This segregates you network into secure isolated zones, each completely separate and hidden from the rest. Fabrics also have the additional benefit of automating the response to possible breaches, dynamically moving attackers to quarantine

zones, and immediately alerting network administrators. Some might think this is a third world problem, and more developed countries have moved on. The truth is, this is a global problem. In the US, one of the largest department stores recently faced a similar breach when hackers were able to access its network using an HVAC contractor. To use our analogy, the envelopes that contain the contractor’s traffic were being mixed with the customer payment envelopes on the same postal system (network). Why was the contractor access not cordoned off? Exactly the same answer; we continue to rely on the same insecure legacy network technologies. The vast majority of enterprise networks globally have yet to move on. While some network manufacturers continue to promote complex legacy systems, the impact on their customers is huge. Every time a CIO or network manager decides to invest in traditional network technologies, they are exposing their business and inviting hackers in. The headline news is a constant reminder for us to embrace the next-generation of network technologies, and secure our businesses from both external and internal threats. www.securityadvisorme.com


In Association with:

CISOCouncil

DRA

www.mesecurityawards.com @mesawards, #mesadubai

Headline Sponsor

Digital Risk

A l l i a n c e

Organized By:

Emirsec Investing in digital future

Middle East Security Awards & Conference MESA Conference - The Largest Ever Gathering of CISO’s from the Middle East. CERT Keynotes & Speakers

MESA CISO100 Awards

(ISC)2 Security Awards (Community Choice)

Awards Gala

Eng. Bader Al Salehi, Director General Oman National Cert

10th May, 2016 6:30 PM Onwards

MESA

Distinguished Guest

Conference & Awards

Dr. Amirudin B Abdul Wahab Cybersecurity, Malaysia

May 24 - 25, 2016 The Address Marina Hotel. Dubai Wesley Simpson, COO (ISC)2

International Keynotes:

Gary Hayslip, CISO City of San Diego

Phil Cracknell Advisor Arriva Group

David Fowler Online Trust Alliance

Tas Giakouminakis Co Founder & CTO Rapid7

Silver Sponsrs

Silver Sponsor

Bronze Sponsors

RAS

Gold Sponsors

Official Publisher

INFOTECH LIMITED

Exclusive Information Security Media Partner

Media Partners

Brad Towers EMEA Director HP Enterprise

from Middle East and other continents 30+CISO’s sharing thier experience and best practices.

CISO Speakers & Infosec Leaders

Strategic Keynote Partner

Paul Edon International Services Director - Tripwire

Support Partners:

Exhibitors


2016

Cybersecurity Skills

Too many

Threats

$1 b

97%

personally identifiable information (PII) Records stolen in 2014

believe APTs represent credible threat to national security and economic stability

MORE THAN

1 in 4

organisations have experienced an APT attack

1 in 2

believes that the IT department is unaware of all of the organisation’s Internet of Things (IOT) devices

$150 m average cost of a data breach by 2020

74%

believes the likelihood of organisation being hacked through IOT devices is high or medium

Cyberattacks are growing, but the talent pool of defenders is not keeping pace. 14

05.2016

www.securityadvisorme.com


Too few

professionals

3x

2m global shortage of cybersecurity professionals by 2019

rate of cybersecurity job growth vs. IT jobs overall, 2010-14

53%

84% organisations believe that only half (or fewer) of applicants for open security jobs are qualified

of organisations experience delays for as long as six months to find qualified security candidates

77%

89%

of women

said that no high school teacher or guidance counselor mentioned cybersecurity as career. For men, it is 67%

number of consumers who believe it is important for organisations to have cybersecurity- certified employees

Although attacks are growing in frequency and sophistication, the availability of sufficiently skilled cybersecurity proffesionals is falling behind. Cybersecurity Nexus(CSX) is addressing this gap by creating a skilled global cybersecurity workforce.

Source: ISACA www.securityadvisorme.com

05.2016

15


opinion

Building a secure DNS architecture for NFV Dilip Pillaipakkamnatt, Vice President, Service Provider Business, Infoblox, discusses the need for an intelligent securIty approach when it comes to virtualised environments.

B

y now it’s been well established that Network Functions Virtualisation (NFV) provides important benefits to service providers. Not only does it provide cost savings by reducing operational costs and truck rolls to deploy new hardware, but it also improves the speed with which new network services can be introduced. Along with that flexibility, however, there are important considerations companies should keep in mind, particularly when moving a Domain Name System (DNS) infrastructure to an NFV implementation. Security is one area in which moving DNS architecture to NFV raises unique security considerations. With software managing more of the networking functionality than ever before, a rethink of traditional protection should accompany the change. Many operators are still running open source or commodity software to protect the virtualised environment, but that entails risks they may be unaware of. Here are a few concerns that highlight the need for an intelligent approach to security in NFV: - Traditional firewalls and intrusion detection systems aren’t designed for securing DNS , especially in the NFV environment. The same flexibility that allows software to provide a higher degree of flexibility and configuration 16

05.2016

than a traditional architecture also means that there are more ways to potentially misconfigure network functions. This opens new avenues for attack, even as other aspects of NFV improve protection, such as centralisation visibility and VMlevel security. Even where security isn’t compromised, configuration issues can cause a cascading effect that impairs the network’s overall functionality, giving the appearance of a security issue where in fact none exists. - Attacks such as DNS-based distributed denial of service (DDoS) can quickly overwhelm network resources by generating too many resolution requests for the DNS system to handle, effectively shutting down the network by preventing legitimate requests from being resolved. Other attacks replace valid IP addresses with those directing the requestor to malicious websites or use tunneling to attack individual virtual machines, encrypting and stealing information through channels not normally analysed by traditional security software. - Virtual machines provide network operations with centralised control over resources and enable the rapid deployment of on-demand resources. But just as with physical hardware, VMs are susceptible to malware infection. Once a machine is infected and isn’t rapidly quarantined, the infection can spread to other machines throughout the network

and disrupt functionality from within. Monitoring the virtualised environment requires a different set of tools from traditional network security. With DNS-related security issues requiring additional attention as carriers adopt NFV, they should ensure that their security environment meets these requirements. Security for NFV should be built into the DNS architecture instead of bolted on. A higher degree of integration through the use of a DNS-specific protection helps minimise gaps in coverage that may be left by add-on solutions and can easily be exploited by attackers. To minimise the impact of an attack as it happens and address it as quickly as possible, the virtualised network needs to be able to rapidly scale resources by spinning up new machines without the need for operator involvement. Automatically adding capacity while the attack is managed prevents service interruption. In return, this reduces lost revenue and productivity. With dangers such as zero day vulnerabilities, NFV-based security should have the capacity to detect previously unknown threats by continuously analysing network behaviour, while also defending against established threats such as off-the-shelf attack toolkits designed for a specific kind of attack. www.securityadvisorme.com


Grow your Sales 49%

82%

of senior executives came to GITEX with open RFPs

were closed at the show

“GITEX brought together some of the best technology minds in the world and it was a pleasure to discuss new advances and best practice with worldwide industry leaders” CELIA WADE-BROWN, MAYOR OF WELLINGTON “Gitex is extremely important for us. We generate leads for incremental business and it gives us an opportunity to interact and demonstrate.” RABIH DABBOUSSI FORMER MD & GM, UAE, CISCO

MAKE GITEX PART OF YOUR GROWTH STRATEGY TO GENERATE LEADS AND WIN BUSINESS NETWORK WITH THE C-SUITE

TARGET NEW INDUSTRIES

3,000 C-Suite executives and senior government officials from over 15 countries came to Gitex in 2015 to network with technology companies

Target your customer verticals in banking, healthcare, education, public sector, retail and energy

MEET NEW PROSPECTS

BE SEEN AS A THOUGHT LEADER

Identify and meet new senior level contacts pre event 24,000 meetings were arranged through our Connexions meeting program

Hear from industry speakers, your peers and competitors on how the industry landscape is evolving

EXHIBITION | CONFERENCES | STARTUP | NETWORKING Get in touch today at gitexsales@dwtc.com or call +971 4308 6037/6901/6566 to discuss your involvement in GITEX 2016 Organised by

Exclusive Digital Transformation Partner

Startup Incubation Partner

Supporting Partners

Official Publisher

Official Airline Partner

Official Travel Partner


feature

Cutting security budget corners Security pros provide advice on where to focus your efforts when money is unexpectedly short on supply

18

05.2016

www.securityadvisorme.com


feature

W

henever creating a budget, there is always the rainy day fund or the contingency account in case of unexpected circumstances. But what if those circumstances are a data breach that is bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up the proverbial creek without a paddle but fear not as some security pros are willing to throw out a lifeline to help you at least get your head above the water with some sage advice. The common theme when asked about where to cut corners was to make sure your policies and procedures are sewn up tight. There are really no corners to cut but more about having solid policies in place. Rick Howard, CSO, Palo Alto Networks, says that the best thing CISOs can do to bolster their Information Security Programme in times of budget shortages is make

A great truism to our industry is that many of us, Network Defenders, like to spend money on all kinds of shiny new playthings to defend our networks but fail to make time to get them fully deployed.

www.securityadvisorme.com

sure the prevention controls they already have in place are working the way they thought they were going to work when they originally bought and installed them. “A great truism to our industry is that many of us, Network Defenders, like to spend money on all kinds of shiny new playthings to defend our networks but fail to make time to get them fully deployed,” he says. “These prevention controls are complicated systems. You can’t simply hook them to your network, turn them on and walk away. Somebody has to maintain them. Somebody has to analyse the data coming out of them. Somebody has to ensure that all the features that the CISOs thought they were buying are actually turned on and working correctly.” When you are strapped for cash but still want to improve your Information Security Programme, spend some time getting to know the already deployed prevention systems. Stan Black, CSO, Citrix, says, organisations that are short on budget can perform simple but effective security checks like making sure admin logins and passwords aren’t in use, network and access policies are up-to-date and compliance regulations are being met. Performing employee trainings on how to uphold security best practices for their own safety, as well as the company’s, can enormously help reduce risk and only costs time. In other words Black is saying that keeping things secure inside the network, can help in prevent any matters that are worse from getting in. “Any recipe for reducing security spend starts with three common areas to reduce operational expense and frankly slow your business down to reduce overall risk,” says Black. “The first area is application security testing, a decade or so ago we used to build our own capabilities with huge OPEX and CAPEX requirements. Third party application testing provided 05.2016

19


feature

the cumulative knowledge of many customers in a single pane of glass. If you want to reduce remediation cost, tie testing tools to CBTs and a comprehensive knowledge base to teach developers to develop secure code.” Black further explains that another area to drastically lower OPEX is threat management. The number of threat actors grows every day, there are several firms that have tuned their offerings to enumerate threat actor activity relevant to your company. On the other hand, there are many providers that offer threat information regarding the universe of risk; that’s nice but we focus on our company and our customers. Careful assessment of customisation to your supply chain will reduce the noise and enable your team to focus on remediation, not identification. Effective threat intelligence also enables remediation and fortification of real threats, not the millions of unauthorised “pings” enterprises are subject to every minute of every day. “A third topic that can be lost in the new product security market is traffic enumeration. If you don’t create, trust, or can’t validate network traffic, you are at risk. Quantification of the known good, untrusted, and unknown traffic costs nothing except time, but for some reason industries want to buy more tech to tell them they have another network threat, “ explains Black. “It is like building a beautiful dam but not putting it in the right place in the river to build the lake you need. I think most organisations struggle with a secure architecture and cyber terrain that can be defended,” says Jeff Schilling, CSO, Armor Gareth O’Sullivan, Director, Solutions Architect, WhiteHat Security, EMEA, explains that maintaining a secure environment is not simply about adding more security products. It can be argued that no single solution can be a silver bullet to achieving security, 20

05.2016

The best way to reduce unnecessary spend is to ensure all security relevant data – generated by network systems, applications, and endpoints – are being captured in one centralised system that can automatically prioritise alerts based on risk.

certainly not in isolation. If a company, security executive or manager finds themselves in a position where they are questioning their existing security posture or policy, this should be cause for concern or taken as an opportunity to reappraise existing policies or programs. Expenditure on security products needs to be conducted in the context of an overall risk management policy which in turn needs to support an organisation’s core business activities. Reduce duplication Ravi Devireddy, Co-founder and CTO, E8 Security, underlines that regardless if budget constraints are a factor, a good practice for all organisations is to eliminate operational redundancies in their security practice. Most organisations spend too much time, and money, investigating low-level alerts that are scattered across multiple management systems, which increases their investigative costs per incident. The best way to reduce unnecessary spend is to ensure all security relevant data – generated by network systems, applications, and endpoints – are being captured in one centralised system that can

automatically prioritise alerts based on risk. Also, by providing security analysts the ability to visualise the relationships between targets will allow for a more streamlined security practice, eliminating redundant investigative tasks and making sure security teams capture the right information in one location. “Evaluate all existing programmes and policies. Prioritise those strategies that focus on identifying an attackers’ presence based on behaviours and movements that are not considered normal for your organisation, and containing that activity as quickly as possible,” says Devireddy. There is a proliferation of enterprise cybersecurity products in the market that often have overlapping and confusing value. It is possible that even if organizations add and deploy additional products, they still may not be more secure today than they were yesterday — or may in fact be less secure and reliable given the additional complexity. Organisations should develop and very critically maintain an enterprise security architecture that is intended to meet corporate requirements, and can be used to understand risks and position potential solutions. If this architecture isn’t in place or isn’t current, now www.securityadvisorme.com


feature

is the time to start, says Andrew Wertkin, CTO, BlueCat Networks. Organisations may find that they have deployed duplicative capabilities across multiple product sets, and they almost certainly will find that they aren’t leveraging their existing investments. This has led to new product capabilities to leverage the power of DNS, a mission critical service for the enterprise, to create immediate visibility to compute, and add to the security posture of the organisation without introducing new infrastructure or change the physical architecture. O’Sullivan from WhiteHat adds that while acquiring new software or solutions requires budget due to a defined cost, reviewing and updating policy will have also have an implicit cost. Efficiencies can be made by regularly updating policy and ensuring it is inline with company goals. For example in the context of building secure software, adopting a security framework which enables ‘building security in, rather than bolting it on’ can help drive costs down and improve efficiencies by enabling the organisation to learn how to build secure software or find and fix vulnerabilities early. Look to open source Security doesn’t really have to cost a ton of money. “There are a variety of tools and technologies that are open source that can be modified to be really secure and benefit an organisation,” explains Chase Cunningham, Director, Cyber Threat Research, Armor. Anything from an open source IDS to using free and accessible threat intelligence feeds are all possibilities. The requirement of course is to use those tools and technologies safely and effectively. “I don’t ever see a reason to pay for something first no matter how attractive a UI may be. Organisations www.securityadvisorme.com

can and should try free tools and open source assets when they can and modify them to their needs; that’s the whole purpose of those initiatives. Once that’s been tested out, then they can make the choice of using that technology safely and securely or paying a vendor to fix their problem,” adds Cunnigham. Contrary to the notion of finding products for next to no cost, Schilling from Armor highlights that there is no magic bullet that allows a security team to have great security without investment. “However, what I have observed is that most security teams have purchased technologies and don’t have the architecture to support the full use of that security technology. It is like building a beautiful dam but not putting it in the right place in the river to build the lake you need. I think most organisations struggle with a secure architecture and cyber terrain that can be defended. A lot of that work is not expensive, in fact, it might allow you to save money, e.g. reducing the number of data centres you use for you environment,” he says. Ryan O’Leary, Vice President, Threat Research Centre, WhiteHat Security, underlines that one of the best ways to improve security without having to pay a single cent is to implement a security centric development programme. “Often times, development and security are siloed groups that send tickets over the fence to each other,” he says. “The developers often don’t understand what the threats are and therefore don’t understand that their code is causing issues. Bringing down the barrier between the two groups and educating the developers on the common threats leads to code that has drastically reduced issues since they will never have been coded in the first place. This training can often be done by the in-house security folks, or if outside training is needed this could come at the expense of the development team.” 05.2016

21


opinion

Risky business Why #GenMobile’s Mobile Lifestyles can Ruin Security for Your Organisation Sabahat Nasim, Channel Sales Manager – Gulf at Aruba, a Hewlett Packard Enterprise company

A

s if IT departments and business heads don’t already have enough headaches, Aruba Networks’ study, titled “Securing #GenMobile: Is Your Business Running the Risk?” revealed that your next batch of employees could increase your exposure to digital threats and corporate data loss on mobile devices. #GenMobile is the term that’s used to describe a generation of people who have shaped their personal and working lives around mobile devices. Today’s younger employees, the mobile-natives, are changing the way companies operate by behaving in ways that have far-reaching implications for corporate network security. But this shift is much more than just a case of ‘we’re always connected’. It’s about the availability of new (and often free) web-based tools and apps that rival the functionality and power of anything your company can provide. It’s 22

05.2016

a complete behavioural and attitudinal change of direction. You might be a #GenMobile’r yourself — you might have adapted, consciously or not, to dipping in and out of work comms at pretty much any time of the day and paying less and less attention to the old 9-to-5 edict. But to younger generations, this isn’t something new — it’s business as usual. They’ve never known any other way. And crucially, that means they won’t change (hint: you might have to). This is where Aruba Network’s report helps paint a picture of #GenMobile — who they are, how they behave and how their three most striking working habits could affect your business. 1. Super-productive, super-effective Let’s start with the positives: the survey found that #GenMobile are productive. Seriously productive. They get stuff done and they do it well, using all the tools they can get their hands on. Their innate familiarity with tech means they are

self-empowered to power through their to-do lists. Consumer tech is driving this change: 51 percent say that mobile technologies enable them to be more productive and engaged at work. 2. Collaboration, collaboration, collaboration A huge part of this uptick in productivity is a new culture of sharing and collaboration. Members of the #GenMobile are really good at this. There’s a chance your company already has some kind of collaboration tool in place or in development, so you don’t need to be reminded how useful sharing and working together can be. 3. Passwords? Don’t even… Yet this is where the story takes a darker turn. This self-empowered, ‘get things done’ attitude means security concerns take a backseat. A fact illustrated by rising levels of security agnosticism: security ranked a lowly fifth in workplace tech priorities for the #GenMobile workforce. www.securityadvisorme.com


opinion

Furthermore, more than half (56 percent) of employees will disobey their boss to get something done, and over three-quarters are happy to perform self-service IT. #GenMobile thinks nothing of going rogue when it comes to tech. Risky business Creativity, collaboration and sharing all bring valuable advantages, but there’s clear evidence it breeds risk. Six out of ten of those asked are happy to let others regularly (at least once a month) use their work smartphones, while a fifth don’t have passwords on their mobile devices at all. Despite all of this, there’s no question firms need to nurture creativity and be sure not to stifle #GenMobile’s openness, innovation and collaboration, while at the same time minimise the risk of data and information loss. Managing #GenMobile Given #GenMobile’s benefits, accepting some small degree of risk

Organisations should embrace #GenMobile’s penchant for openness, innovation and collaboration; but only when they can understand and plan for the security risks these behaviours bring along.

www.securityadvisorme.com

is good – but only if you and your organisation can understand and plan for the security risks these behaviours bring with them. A good place to start is to put in place a secure, yet adaptable, wireless network within the workplace. Here are a few things to consider: Deploy flexible security policies that are capable of analysing – and acting on - the context of how the employee is using the mobile device. For instance, does the person have the authority to access the information? Where is he or she accessing it from, and from what device? Depending on the context, different policies can be applied to make sure that the right balance between flexibility and security can be applied on an individual-by-individual basis. Regulate Wi-Fi traffic with intelligent policy firewalls that can keep track of app usage. This ensures that different apps are classified according to its security rating based on the role of the employee within the organisation. These apps would be allowed to be used on select mobile devices by select users, only if they satisfy live security monitoring by the policy firewall and cloud-powered content filtering. Make sure that all communications over the air are encrypted and sent over secure channels. This requires a smart combination of encryption and VPNon-demand technologies that prevent information from being snooped on, and – even in the event that the information falls into the wrong hands – is rendered gibberish. So, there are ways for employers to keep their #GenMobile employees happy and productive, without sacrificing mobile security. By all means, organisations should embrace #GenMobile’s penchant for openness, innovation and collaboration; but only when they can understand and plan for the security risks these behaviours bring along. 05.2016

23


opinion

Cyber vigilant Luke Brown, GM and VP EMEA, India and LATAM, Digital Guardian, shares expert insights on protecting your business from cybercrimes.

O

btaining sensitive data is the primary objective for cybercriminals when targeting businesses. Sensitive data can vary depending on the organisation but examples include intellectual property, source code, trade secrets, customer and employee personal identifiable information, account numbers, financial credentials, pending M&A contracts, access tokens and passwords. Cybercriminals will quickly turn the stolen data into a profit by reselling it to interested third parties, whether that be in the underground market or to competing organisations. Sending spear-phishing emails to target employees remains the most common attack method used by criminals to compromise organisations. Typically, the spear-phishing emails have malicious attachments, such as a PDF or word document, that exploit common vulnerabilities found in popular programs such as Adobe, Oracle and Microsoft Office. The attackers rely on social engineering and human error to trick users into opening the malicious attachment, which triggers the exploit and infects the machine. Once infected, attackers can install additional malware that focuses on locating and stealing businesses’ sensitive data. 24

05.2016

Organisations need to understand where their sensitive data is at all times while having complete visibility and control over who’s accessing it and where it’s travelling. This will enable organisations to perform risk assessments across their IT infrastructure, including their physical, virtual and mobile environments. Risk assessments will provide organisations with the insight needed to protect their critical IT assets and sensitive data while hardening any points of weakness. For some businesses this may sound like a daunting task, but they should leverage their current IT team or outsourced IT service provider to do this. In today’s hyper-security sensitive environment, this type of cyber-risk assessment is commonplace with readily available processes and methodologies to ensure success.

type of sensitive data they hold – this will provide the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data. 3. Protect those data assets Once sensitive data is identified, label it. Classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking sensitive information that will be targeted by attackers. In addition, have complete visibility over who is accessing the data and how it’s being used and shared, both internally and externally.

How can you protect your business against these threats? 1. Data protection is the top priority Prioritise data protection first and foremost. Data breaches are inevitable but losing your sensitive data is not.

4. Improve security education for employees Add data protection policies to manuals and employment agreements, and train employees regarding the use of confidential data. Also be sure to perform regular security educational training and invite your contractors, vendors and partners to participate. Include examples of social engineering techniques and common attack methods so your employees will be aware of the threats currently targeting them.

2. Identify your critical IT assets and sensitive data Identify which IT assets within your business are the most valuable and what

5. Know that “compliance” isn’t enough Although many industries have basic compliance requirements, like HIPAA, PCI and Sarbanes-Oxley, these compliance www.securityadvisorme.com


opinion

standards are just the beginning to securely protecting your sensitive data. They’re a good foundation, but more must be done to keep business-critical data, beyond credit card numbers and social security numbers, safe. 6. Be prepared if your data is stolen Even the most security conscious organisations in the world get attacked and lose sensitive data. Accept that it could happen and have an incident response plan at the ready. What are the biggest mistakes businesses typically make in this area, and how can they avoid or rectify them? Often it’s an issue of resources and budget restrictions as opposed to making mistakes. Businesses may not have the money to purchase additional hardware or implement expensive security products across all areas of their IT infrastructure, nor do they have large IT staffs with dedicated security professionals. But having the basic system and endpoint hygiene helps improve an organisation’s security posture dramatically. For example, improving security education among employees is critical, in addition to ensuring all applications, programs, AV software and operating systems have the most recent security updates installed. Lastly, businesses should

www.securityadvisorme.com

consider SaaS- (Software-as-a-Service) or MSSP- (Managed-Security-ServiceProvider) based security solutions. This model of delivery will provide a much higher level of security at a lower, monthly subscription cost with no additional strain on existing IT resources. A key point to remember is that businesses are not immune to cyberattacks. The list of compromised companies is already long and growing. While budget and resource pressures are intense, system security and data protection can no longer be ignored. At minimum, businesses must do basic network and endpoint hygiene, like patch management, so they don’t become the “easy targets” that both sophisticated and novice hackers are searching for every day.

05.2016

25


Insight

10 Steps for Protecting Yourself From Ransomware Alain Penel, Regional Vice President – Middle East, Fortinet

I

f you’ve been listening to the news at all the past couple of weeks, you have undoubtedly heard of a number of companies being affected by ransomware. The recent surge in this form of cyber-attack has many organisations and users understandably concerned. And you should be. Ransomware is nasty stuff. But with some careful preparation, you can significantly lower your risk of being infected, and reduce the impact on you or your organisation should you get hit. What is Ransomware? Ransomware is a form of malware that infects devices, networks, and data centers and prevents them from being used until the user or organisation pays a ransom to have the system unlocked. Ransomware has been around since at least 1989, when the “PC Cyborg” trojan encrypted file names on a hard drive and insisted users pay $189 to have them unlocked. In the 26

05.2016

interim, ransomware attacks have become increasingly sophisticated, targeted, and lucrative. The impact of ransomware is difficult to calculate, since many organisations opt to simply pay to have their files unlocked – an approach that doesn’t always work. But a report on the Cryptowall v3 ransomware campaign, issued in October of 2015 by the Cyber Threat Alliance, estimated that the cost of that single attack was $325 million. Ransomware generally works in one of several ways. Crypto ransomware can infect an operating system so that a device is unable to boot up. Other ransomware will encrypt a drive or a set of files or file names. Some malicious versions have a timer and begin deleting files until a ransom has been paid. All demand that a ransom be paid in order to unlock or release the blocked or encrypted system, files, or data. On 31st March 2016, the US Cyber Emergency Response Team and the Canadian Cyber Incident Response Centre

issued a joint warning about Ransomware following several high-profile infections at hospitals. According to this alert, infected users often get a message displayed to their device’s screen saying something like: • “Your computer has been infected with a virus. Click here to resolve the issue.” • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.” • “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.” In some circumstances, this warning is displayed with embarrassing images in order to motivate the user to get it off their system as fast as possible. But in every situation, systems are taken off line, critical data becomes unavailable, productivity is halted, and business operations are harmed. www.securityadvisorme.com


Insight

How do I get infected? Ransomware can be delivered in a number of ways, but the most common is as an infected file attached to an email. For example, today I received an email claiming to be from my bank. It had the right logo, links to real bank URLs, and my name. The body of the message explained that they have detected suspicious activity on my account, and that I needed to install an attached file in order to verify my credentials. This seemed like a legitimate issue. But it wasn’t. It was a phishing attack. The giveaway to me, of course, was that no bank should ever send a file and ask you to install it - certainly not to validate your credentials. Instead, the attached file was infected with Ransomware, which would have loaded onto my system if I had clicked on it. But email attachments aren’t the only mechanism for infection. Drive-by downloading is another, where a user visits an infected website and malware is downloaded and installed without the user’s knowledge. Ransomware has also been spread through social media, such as Web-based instant messaging applications. And recently, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network. What Do I Do to Stop It? Here are 10 things you need to do to protect yourself and your organisation from the effects of ransomware: • Develop a backup and recovery plan. Back up your systems regularly, and store that backup offline on a separate device. • Use professional email and web security tools that analyse email attachments, websites, and files for malware, and can block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality, so that new or unrecognised files can be executed and analysed in a safe environment. www.securityadvisorme.com

• Keep your operating systems, devices, and software patched and updated. • Make sure that your device and network antivirus, IPS, and antimalware tools are running the latest updates. • Where possible, use application whitelisting, which prevents unauthorised applications to be downloaded or run. • Segment your network into security zones, so that an infection in one area cannot easily spread to another. • Establish and enforce permission and privilege, so that the fewest number of users have the potential to infect business-critical applications, data, or services. • Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or antimalware installed, antivirus files are out of date, operating systems need critical patches, etc.) • Deploy forensic analysis tools so that after an attack you can identify a) where the infection came from; b) how long it has been in your environment; c) that you have removed all of it from every device; and d) that you can ensure it doesn’t come back. • THIS IS CRITICAL - do NOT count on your employees to keep you safe. While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain, and you need to plan around them. Here’s why: For many of your employees, clicking on attachments and searching the Internet is part of their job. It is difficult to maintain the appropriate level of skepticism. Second, phishing attacks have become very convincing. A targeted phishing attack uses things like online data and social media profiles to customise an approach. Third, it is

simply human nature to click on an unexpected invoice or critical message from your bank. And finally, in survey after survey, users feel that security is someone else’s job, not theirs. What If I Get Infected? Hopefully, you have a recent backup and you can wipe your device and reload it with an uninfected version. Here are some other things you need to do: 1. Report the crime • A quick online search will guide you to the site to report cybercrime in your country or region. • Report instances of fraud to the police or the local Internet Crime Complaint Centre. 2. Paying the ransom is no guarantee According to the US/Canadian alert, “Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.” 3. Contact experts Many operating system, software, and security vendors have security experts on staff that can provide you with advice on how to respond should your system become infected with ransomware. There are also third-party forensics experts who can help you get back up and running. 4. Have a Plan B What do you do if your computer systems or network become unavailable? Do you have a failover plan? Is there a way to keep things running, even in a limited fashion, while your systems are being repaired? Do you know how much it will cost your organisation per hour if your systems are unavailable? Is this cost reflected in your IT security budget? This information needs to be included in your security policy. 05.2016

27


Insight

Time to get a grip on cloud security by Rolf Haas, Enterprise Technology Specialist, Intel Security

C

loud use continues to grow rapidly in the enterprise and has unquestionably become a part of mainstream IT – so much so that many organisations now claim to have a “cloud-first” strategy. That’s backed up by a recent Intel Security survey of 1200 respondents which showed that 80 percent of respondents’ IT spend will go to cloud services within just 16 months. Even if that outlook overestimates cloud spend, it still shows a dramatic shift in mindset, and it’s often the business, rather than the IT department, that is driving the shift. In today’s digital world, the pull of the cloud and its benefits of flexibility, speed, innovation, cost, and scalability are now too great to be dismissed by the usual fears. To compete today, businesses need to rapidly adopt and deploy new services, to both scale up or down in response to demand and meet the ever-evolving needs and expectations of employees and customers.

and sensitive data is put into cloud services. And that means security is going to become a massive issue. Unfortunately, the same survey revealed that the picture isn’t great when it comes to how well organizations are ensuring cloud security today. Some 40 percent are failing to protect files located on Software-as-a-Service (SaaS) with encryption or data loss prevention tools, 43 percent do not use encryption or anti-malware in their private cloud servers, and 38 percent use Infrastructureas-a-Service (IaaS) without encryption or antimalware.

Cloud concerns This newfound optimism for the cloud inevitably means more critical 28

05.2016

www.securityadvisorme.com


Insight

Many organisations have already been at the sharp end of cloud security incidents. Nearly a quarter of respondents (23 percent) report cloud provider data losses or breaches, and one in five reports unauthorised access to their organisations’ data or services in the cloud. The reality check here is that the most commonly cited cloud security incidents were actually around migrating services or data, high costs, and lack of visibility into the provider’s operations. Trust in cloud providers and services is growing, but 72 percent of decision makers in the survey still point to cloud compliance as their greatest concern. That’s not surprising given the current lack of visibility around cloud usage and where cloud data is being stored. The wider trend to move away from the traditional PC-centric environment to unmanaged mobile devices is another factor here. Take a common example: an employee wants to copy data to their smartphone from a CRM tool via the Salesforce app. The problem is that they have the credentials to go to that cloud service and access that data, but in this case, they are using an untrusted and unmanaged device. Now multiply that situation across all of an organisation’s cloud services and user devices. There is clearly a need for better cloud-control tools across the stack. Large organisations may have hundreds or even thousands of cloud services being used by employees – some of which they probably don’t even know about. It is impossible to implement separate controls and polices for each of them.

www.securityadvisorme.com

Businesses need to rapidly adopt and deploy new services, to both scale up or down in response to demand and meet the ever-evolving needs and expectations of employees and customers.

Hybrid cloud security To securely reap the benefits of cloud while meeting compliance and governance requirements, enterprises will need to take advantage of technologies and tools such as twofactor authentication, data leakage prevention, and encryption, on top of their cloud services and applications. Increasingly, organisations are also investing in security-as-a-service (SECaaS) and other tools that can help orchestrate security across multiple providers and environments. These help tackle the visibility issue and

ensure compliance needs are met. That’s why I believe we are starting to see the rise of so-called “broker” security services. These cloud access security brokers (CASBs) will enable consolidated enterprise security policy enforcement between the cloud service user and the cloud service provider. In fact, Gartner predicts that by 2020, 85 percent of large enterprises will use a CASB for their cloud services, up from fewer than five percent today. The key to this is for companies to be able to seamlessly push and enforce their own security policies from an onpremise proxy infrastructure to a public infrastructure. For the enterprise, this provides the ability, if required, to encrypt corporate data that sits in a public cloud service and offer complete protection for every endpoint. It means the same security policy is applied to the end users regardless of how or where they have connected, whether that’s through a public or private cloud, from a smartphone in a coffee shop or a Wi-Fi hotspot at the airport. Another example of hybrid security in action is where a company is using the infrastructure of a public cloud provider, such as Amazon, but retains control and ownership of the server in that infrastructure. It can be managed by themselves and, using an Amazon API, enables encryption of the whole server within that public cloud environment. Cloud adoption in the enterprise is rapidly approaching a tipping point and now more than ever, there is need for a new model of ‘cloud-first’ integrated security that enables the centralised control or orchestration of the myriad of cloud services and apps employees use across the enterprise. Cloud security is now a critical element of any business, and it needs to be taken seriously from the boardroom right down to the end users. 05.2016

29


s HOW TO

5

tips for defending against advanced persistent threats

APTs are increasing in occurrence and severity, as are the costs associated with protecting businesses adequately from. Is your organisation prepared for the battle against an APT? You better be.

T

he aptly named advanced persistent threat (APT) is a type of network attack in which an attacker selects a specific target, uses social engineering and advanced technologies to break into a network and then focuses on that target for weeks, months or years until the attack has successfully played out (or been thwarted). Once inside a network, the attacker’s goal is to remain undetected while using some type of malware to capture confidential information, which is ultimately sent to a different location for analysis and then sold on the black market. APTs are highly organised, sometimes with a complete staff, and have plenty of monetary and technological resources. Although APTs may use common hacker tools, they more often employ sophisticated, customised software that’s less likely to be picked up by a security 30

05.2016

protection system. Types of APTs or delivery mechanisms include zero-day attacks, phishing, advanced malware and a variety of Web compromises. This article looks at five ways to protect an organisation’s assets from APTs. All are important.

1

Implement defence in depth Security experts emphasise the need for layered security (aka, defense in depth) as part of a regular network security strategy, and defence in depth is also one of the best approaches to stopping an APT before it infiltrates a network. This means controlling network entry and exit points, using next-generation firewalls, deploying intrusion detection/prevention systems and security information and event management (SIEM) systems, implementing a vulnerability management system, using strong authentication and identity management,

keeping security patches up to date and implementing endpoint protection. Because malware is often the source of APTs, you also need highly reliable solutions that address the risk of malware. Because APTs may rely on cutting-edge technologies, your security equipment needs to step up, too, which means selecting advanced behaviorbased detection solutions whenever possible. Your goal is to make initial penetration of the network difficult, but should that layer be compromised, each additional layer of security must then pose a significant further hurdle, either stopping the attack from spreading or slowing it down long enough to be detected and handled. Because attackers continually update their tools and look for new vulnerabilities – chinks in the armor – your tools must be current as well. Note: Over $1.9 billion was spent on APT prevention solutions in 2015, and www.securityadvisorme.com


HOW TO

such outlays are expected to surpass $6.7 billion by 2019 (The Radicati Group, 2015). Not every security solution has to be a budget buster, either. For example, Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a free Windows-based security tool that supplements existing security defenses to help detect and block vulnerability exploit techniques. InfoSec Institute’s SecurityIQ is a service that lets you send mock phishing emails to staff to test their security awareness. And strong internal security policies and regular security and risk assessments are also vital to ensure that security controls are focused where they matter most.

2

Employ detection and monitoring techniques Close monitoring of security controls helps you identify early warning signs of an APT, which often appear as log file and data traffic anomalies, and other out-of-profile activities. It’s critically important to monitor all inbound and outbound network traffic, internal traffic, and all devices that access your network. Continuous monitoring not only helps you detect suspicious activity as early as possible, it also reduces the potential for privilege escalation or longterm intrusions. And the output from monitoring may serve as forensic evidence if an attack gets to that point.

3

Use a threat intelligence service Several security vendors offer threat intelligence services in which raw data about emerging threats is gathered from several sources, and then analysed and filtered to create useable, actionable information. That information is often in the form of data feeds for security control systems, as well as management reports aimed at IT managers and C-level executives to help them understand the threat landscape for their industry. The key to threat intelligence is the correlation of global intelligence with threats to an organization’s own network, giving security www.securityadvisorme.com

Once inside a network, the attacker’s goal is to remain undetected while using some type of malware to capture confidential information.

personnel the ability to quickly identify and address high-risk threats in real time. APTs may spread using different methods, and may focus on vulnerabilities not yet known to security companies, so it’s essential to recognize indications of an APT as early as possible. Threat intelligence often provides the missing link that ties anomalies in network log data with a zero-day vulnerability, for example. Connecting the dots is what counts, however it plays out.

4

Perform security awareness training Nearly every discussion of IT security mentions the necessity of security awareness training, for good reason. Getting employees to truly understand the dangers in clicking iffy links in emails and recognising social engineering techniques – and gaining the employees as partners in the fight against security threats – helps protect networks and the data they hold. Training of this sort needs to include a quick review of the organisation’s security policy, as well as the consequences to each employee should a security incident occur as a result of their actions. This may mean additional training, an HR writeup or immediate dismissal, depending on the circumstances. But keep in mind that a typical employee wants to do well in his or her job and does not want to be the reason for company losses stemming from an attack. Accentuating the positive during awareness training – and offering incentives for being security-minded – is the best approach.

5

Plan for incident response Even with the best of efforts and high-dollar technologies in place, an organisation’s security will be breached at some point: most experts agree that it’s not a matter of “if” but “when.” Implementing a solid incident response plan can shut down an attack, minimise damage and stop further data leakage, all of which minimise the reputation or brand damage that can follow. In addition to spelling out which job role is responsible for which actions, from identification through resolution, your incident response plan should include steps for preserving forensic evidence of the breach. Your organisation may need that evidence to prosecute an attacker, if apprehended (which, unfortunately, is not likely). Forensics also serve to help your security team identify security gaps to strengthen controls and prevent recurrences. It’s also a good idea to review the Lockheed Martin Cyber Kill Chain, which is an attack model that addresses each sequence of a security event. Knowing how an attacker identifies a target and moves through the stages of an attack may help security personnel recognise an attack early in the process. Every organisation, regardless of size, is susceptible to APTs. Understanding how an APT operates, building the best defense within your reach and educating your staff to recognise something fishy can limit damage and, in some cases, prevent an attack from occurring in the first place. 05.2016

31


Insight

Security tips for ‘fringe’ devices Some of the most hackable devices in your network are also probably the most-overlooked.

W

hat is a ‘fringe’ device in IT? For some, it’s a gadget everyone has forgotten about — a printer in a corner office, an Android tablet in a public area used to schedule conference rooms. A fringe device can also be one that’s common enough to be used in the office yet not so common that everyone is carrying one around or has one hooked up to the Wi-Fi every day. As with any security concern, many of these devices are overlooked. There might be security policies and software used to track and monitor iPads and Dell laptops, but what about the old HP printer used at the receptionist’s desk? In a hospital, it might be a patient monitoring device. In a more technical shop, it could be a new smartphone running an alternate operating system. While fringe devices are often overlooked and therefore may be 32

05.2016

vulnerable to attacks, they’re not extraordinarily difficult to lock down. The standard security practices still apply. Security experts say the fringe devices themselves aren’t the problem. It’s the fact that they’re allowed to exist without any protection. Here are some tips for making sure your fringe devices are safe. Ask tough questions when speaking to vendors One of the best tips when dealing with fringe devices is to ask some hard questions when dealing with the companies that make and sell them. You may already know about best practices for securing laptops and mobile devices, but there are too many open variables with unusual gadgets, says Sinan Eren, a vice president at security vendor Avast Software, and you have to get tough with vendors to make sure all the bases are covered.

1

For example, the devices that monitor vital signs in hospitals aren’t normally considered attack vectors, but if a hacker did tamper with such a device remotely, the consequences could be dire, particularly for the patient. Nonetheless, many of these kinds of devices aren’t included in system vulnerability checks and aren’t updated properly or in a timely manner. Yet vendors should be able to answer basic questions about them — like whether the firmware is signed and updated regularly, and if the vendor does its own security reviews. Make sure policies cover every possible gadget What happens when someone walks into the office with a personal media player — one that’s brand new on the market. Maybe there’s no possible threat, but what if there is? Michael Kemp, co-founder of security

2

www.securityadvisorme.com


Insight

firm Xiphos Research, says the only answer is to make sure you have strict policies for every device, including any personal gadgets used at work. “Specific policies — such as disabling the USB port activity — can provide an excellent mechanism for combating some of the threats that the use of personal devices pose,” he says. “If individuals are using personal devices to interact with enterprise networks, such interaction should be limited. If such interaction is a regular occurrence, the devices should be managed, maintained, and bought within the auspices of the wider enterprise.” Know what you’re dealing with Identification is key when it comes to best security practices. And that can be difficult when you’re dealing with, say, an outdated gadget that was discontinued by its maker (which could be a company that doesn’t even exist anymore) or a less-common brand of network-attached storage device. Security software should be able to search for and identify even the most unusual devices connected to a network. “The best strategy for dealing with unusual devices starts with identification,” says Morey Haber, vice president of technology at security vendor BeyondTrust. “Whether this is a form of automated discovery or informal personnel survey, the only way to manage the problem first starts with quantifying the risk.” Part of the identification process involves determining how the devices connect and what access privileges they have. That job is harder if you’re dealing with, say, a printer that doesn’t even connect to Wi-Fi and has firmware that’s hard-coded and can’t be updated. That type of device is a target. Too often, hackers look for fringe devices like printers that use the default firmware, passwords

3

www.securityadvisorme.com

Security experts say the fringe devices themselves aren’t the problem. It’s the fact that they’re allowed to exist without any protection.

and admin functions, so Haber says you may want to block the use of any outdated devices you find as part of the identification process. The integrity of your network and IT systems takes priority over any usefulness that an unusual fringe device might have. Perform regular security audits It’s common for larger companies to perform regular security audits. Unfortunately, it can also be common for audits to overlook fringe devices like printers, network drives and cameras. Leon Glover, senior director of product management and project management at security vendor ThreatSTOP, says failure to do a thorough audit is one of the most common causes of breaches. He says every audit should involve an assessment of the risk of even allowing fringe devices to exist on the network. As part of that exercise, you should weigh the amount of damage an attack could cause against the benefit of using that device. If the device is extremely unusual — say, a new Ubuntu-powered smartphone — it may not have enough usefulness to merit approval. “If a fringe network device only provides limited value while increasing security risk, then it should not be allowed on the network,” Glover says.

4

“It’s very difficult to provide solid network protection, so why complicate that effort with a small number of odd devices?” Put fringe devices on their own network Another approach to preventing a catastrophic breach that starts with an attack on a one-of-akind device is to allow fringe devices to be used, but only on an isolated network that’s reliably secured. Tony Anscombe, a senior security evangelist at security vendor AVG Technologies, says that might be difficult — IT would have to create a completely new network for devices that may have limited utility — but it would be worth the effort because fringe devices represent an everincreasing security risk. To illustrate the risk created by the use of fringe devices, Anscombe points to LIFX’s line of smart LED light bulbs, which share Wi-Fi credentials from one model to the next. The “host” light bulb might connect through a main network gateway and expose a weakness that hackers could easily exploit. “Devices that we least expect to be connected have shown to create vulnerabilities,” he says, adding that those vulnerabilities “can be exploited to gain access to networks and data that would have otherwise remained safe.

5

05.2016

33


INSIGHT

Bracing your browser Gad Elkin, EMEA Security Director, F5

W

hether through loss of financial assets or damage to an organisation’s brand, online fraud is becoming more of a problem and has the capacity to significantly and negatively impact a business. According to figures from the ONS, an estimated 3.8 million adults in England and Wales were victims of online fraud in the year to August 2015. This included 2.5 million incidents where the victim’s internetenabled device was infected by a virus or where a social media account had been hacked. Malware, phishing and other forms of credential grabbing all have the potential to disrupt businesses, particularly as specific organisations are aggressively targeted. In order to prevent online fraud, it is important for businesses to recognise where their infrastructure is most vulnerable, educate employees effectively and work with the right partners to keep up with an evolving cyber security landscape. Securing data in the age of IoT Despite high profile security incidents regularly hitting the headlines in 2015, the modern data centre is actually quite secure compared with other 34

05.2016

potential access points to soughtafter data. Consequently, hackers are drawn towards the weakest element, which today is the often neglected browser. Gartner predicts that 6.4 billion connected devices will be in use this year, perpetuated by the growth of BYOD. As the number of active browsers rises, so does the number of access points to the browser, making it an ever-more viable gateway to sensitive customer data. Given the volume of transactions and financial data at stake, the financial services are likely to remain the primary target for these attacks. Unfortunately, it is also one of the hardest to protect, largely due to automated transactions becoming the norm. Preventing infected platforms from conducting automatic transactions into bank accounts will always be a primary concern for financial organisations in particular. Beyond the financial industry, a scenario we are beginning to see more of is the targeting of online applications with large customer databases (such as Ashley Madison), which may contain either financial information or other sensitive data that could be used for future extortion. Whilst traditional online fraud is still on the up, 2015 saw a significant increase in attacks on mobile

devices. Essentially the same threat, fraud in this form is becoming more relevant despite not being front of mind for consumers, as we rely on our mobile devices for more areas of our lives such as mobile banking. In just the same way as traditional fraud, customer browsers on mobile devices are vulnerable to malware, phishing and other forms of credential grabbing. The range of devices through which browsers can be accessed, combined with the variety of attack types, contributes to a very complex picture that requires equally advanced security. Helping businesses to help themselves An all too common facilitator of fraud is the lack of appropriate means to deal with today’s threats. In the current context, anti-virus programmes just aren’t enough to protect your browser; businesses need a range of tools and expertise at their disposal in order to keep up with the methods used by fraudsters. Beyond access to appropriate technical solutions, an alarming lack of user education is another area contributing to rising fraud levels, which can have serious consequences in a corporate environment. Credential grabbing www.securityadvisorme.com


INSIGHT

Malware, phishing and other forms of credential grabbing all have the potential to disrupt businesses, particularly as specific organisations are aggressively targeted.

and phishing incidents are often associated with a lack of employee awareness, having the potential to cause significant reputational and monetary damage to organisations and their customers. Therefore, it is vital that employees are educated on the dangers awaiting them on their own corporate networks. Fraud security shouldn’t have to be your problem There are particular solutions that can be implemented by businesses in order to alleviate the risk of fraud, such as detection of malware and phishing threats. Whilst there are also more advanced solutions that can encrypt credentials to defend against credential grabbing, the rapidly developing arsenal of the fraudster is such that these methods are becoming less effective. Unfortunately, threat protection is not a one-size-fits-all approach; defending against malware, phishing and other dangers requires a combination of solutions. So, how can businesses hope to stay on top in the battle to keep sensitive information and customer data safe? The answer is, they shouldn’t have to. The combination of the high level of expertise required to counteract fraud and the increasing demand for seamless solutions has heralded a rising dependence on external vendors and consultants. Access to 24/7 expertise, threat reporting and www.securityadvisorme.com

analysis is now a requirement to keep businesses and end-consumers safe and satisfied. Above all, what businesses really want is the capability to translate the deluge of data into real business insights and solutions that can be easily implemented. When we examine the organisations that have been targeted by these attacks, most have fallen victim to very basic threats. This demonstrates that application security, as well as fraud detection, is nowhere near where it should be. Businesses often develop security solutions based on the latest threat or strain of malware on the scene. By focusing on reinforcing the security of your architecture instead, rather

than catering to a specific threat, organisations can best prepare themselves for increasingly varied online dangers. Therefore, applying security that is specific to your applications, rather than the premise where they reside, is the way to mitigate attacks. Working alongside a team of experts can also assist businesses in dealing with new updates and threats and ultimately provide real business solutions in a time when the threat is constantly evolving.

05.2016

35


products

Brand: A10 Networks Product: Thunder 7440(S)

Brand: Fortinet Product: FortiGate 6040E

What it does: The FortiGate 6040E is first in Fortinet’s new 6000 series of ultra-high throughput enterprise firewalls. It is an enterprise next-generation firewall designed to secure a large scale of mobile and cloud traffic in enterprises. It is built on a new processing architecture, utilising FortiASIC content and network processors to offload and allow security performance of its dual CPUs. The device is also integrated with security processing, intelligent controls, and high speed networking to deliver security and network performance in a compact form-factor. What you should know: It is equipped with the new FortiASIC CP9 next-generation Content Processors. CP9 enables the inspection of computationally intensive intrusion prevention (IPS) and secure socket layer (SSL) VPN traffic to deliver the level of performance required to deploy security wherever it is needed within the infrastructure.

36

05.2016

What it does: According to A10 Networks, the Thunder 7440(S) appliance provides performance and scalability of 220 Gbps of traffic per second, 10.5 million connections per second. It can also provide defences for over 300 million DDoS attacks per second and can secure even the most demanding data centre applications and networks. What you should know: Thunder 7440(S) is based on A10’s innovative ACOS Harmony platform. A10 Networks highlighted that the fourth generation Thunder appliance leverages a data centre efficient design, consuming less power, cooling, and rack space, which are critically important metrics for organisations. It offers 220 Gbps in 1 RU, 48x10GbE, 4x40GbE, 36 cores, 3x FTA-4.

Brand: Axis Product: P1244

What it does: The Axis P1244 is an HD 720p modular network which features a thumb-sized sensor unit ideal for use in stores and banks, and for integration in tight places such as in ATMs and ticket/vending machines. According to Axis, compared with its predecessors, the size of the P1244 is ideal for discreet surveillance purposes; and it offers better image quality in low and varying lighting conditions, and provides improved video compression and analytics capabilities. What you should know: The device comprises a sensor unit with a 102° horizontal field of view. It can be mounted in tight places, or in walls or ceilings with the included flush mount kit. Optional accessories enable the sensor unit to be tilted in a surface

or recessed mount. The sensor unit comes with an 8-m (26 feet) cable for connection to the main unit. The main unit of P1244 is three times smaller than previous P12 main units. The P1244 supports full frame rate HDTV 720p videos and is equipped with Zipstream technology for lower bandwidth and storage use, Power over Ethernet (PoE) for easy installation, and a microSD card slot for local storage. www.securityadvisorme.com


Show Facts 31,261 visitors 128 countries 50% international visitors 1,280 exhibitors 50,000 sqm

The world’s leading trade fair for Security, Safety & Fire Protection

22 – 24 January, 2017 Dubai International Convention & Exhibition Centre, UAE

Information Security Participate now to engage with 31,000+ Security and IT-Security Professionals from the following industries • Consulting • Engineering • Banking • Construction

• Logistics • Hotel • Health

BOOK YOUR STAND

www.intersecexpo.com

• Oil & Gas • Education • Telecommunications


blog

Why is security intelligence important by Firosh Ummer, Managing Director, Paladion EMEA

T

he cybersecurity industry has come a long way from the time when anti-virus and firewall systems used to be the main tools for preventing and resolving data threats. However, as information technology has evolved over time and the risks of using advanced data-driven platforms, such as IoT and SaaS, looms over the corporate sector, advanced data defense mechanism are the need of the hour. Security intelligence systems use an evolved mix of advanced technologies to provide a robust and comprehensive means of countering data security risks and breaches. It combines methods from log management, network visibility, SIEM analysis capabilities, data collection tools, and advanced threat detection capabilities. However, Security Intelligence should not be taken as a suite of advanced application programmes like Microsoft Office. Instead, it is a fully integrated data security solution that provides a single interface and data management structure. The following are a few of the elements within a security intelligence solution. Security intelligence systems collect data from multiple sources and across many platforms and devices for thorough investigation. 38

05.2016

The amount of data it collects goes a long way in averting a significant amount of data security risks. The problem of slow threat detection means that any chance of malicious software in your system will have ample time to grow and infect your sensitive corporate data like a virus. In many organisations, the time taken to detect threats can exceed 200 days, which is sufficient enough for a hacker to compromise critical intellectual property rights and other information. However, with a securityintelligence tool, threat detection occurs in near real-time, giving your organisation a significant leverage in resolving security threats. Fortunately, a security intelligence tool does not collect data to provoke you with numerous alerts. Instead, context plays an important role in correlating different events and incidents so that particular threats can be identified and resolved more efficiently and thoroughly. So, why exactly is security intelligence important? The main reason is fairly obvious – the rising sophistication of security threats. Hackers are employing nextgeneration hacking techniques and malicious software programs to gain access to a corporation’s data centre. Therefore, this only warrants the use of next-generation data threat detection technologies, so that firms

can benefit from better data risk management and minimise chances of major financial problems. Attackers, for example, are using malware, spear-phishing messages, as well as exploiting the security pitfalls in the mobile platform. Secondly, first-generation threat intelligence systems, such as SIEM, are becoming incapable of addressing many of the threats faced by organisations. SIEM has become a favoured technology by firms to handle complex data security risks, which traditional measures cannot manage. However, the first-generation SIEM methods often lack the visibility and scalability needed to provide a comprehensive threat detection evaluation, particularly with threats related to AKA and other persistent threats. This makes such SIEM systems slow to conduct companywide network scans and to monitor a substantial array of incoming threats. In conclusion, security intelligence solutions are highly relevant for addressing many of the complex data security threats that firms face these days. It is imperative for organisations to ensure that their network data security systems are in tune with their macro environment. With this approach, they are assured of attaining a considerable edge over their network security efforts and keep incoming threats at bay. www.securityadvisorme.com


Cybercriminals Now there’s nowhere to hide Conventional security strategies just aren’t working against today’s cybercriminals. But what happens when you bring the power of network visibility to the security fight? With the world’s first Security Delivery Platform, your existing security tools can see what kinds of data are flowing inside the most complex network. As a result, the threats are identified, isolated and eliminated before they do their damage - giving you far more value from your security investment.

It’s time to turn the tables on the attackers. Join us, at wefightsmart.ae



Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.