ISSUE 9 | SEPTEMBER 2016 www.securityadvisorme.com
CHARTING CHANGE r ME Awards honour achievement and leadership in s o s i v d A ecuri rity ty Secu
Securing Smart Cities
Evolving CSO role
Big Data for security
STRATEGIC INNOVATION PARTNER
STRATEGIC PARTNER
CONTENTS
FOUNDER, CPIMEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Rajashree Rammohan raj.ram@cpimediagroup.com +971 4 440 9100
12
EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129 Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153
SETTING THE COURSE
Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 913
The inaugural Security Advisor Middle East Awards honoured excellence in enterprise IT security.
Deputy Editor Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 375 5680 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9159 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9138 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119 PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 375 5673 Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh
06
DANGEROUS CONNECTIONS Smart Cities might be the future of global urban life but they are more vulnerable to threats than computer networks.
10
ALLIED FORCES
Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100 Published by
Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of
© Copyright 2016 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
26
Security Advisor Middle East, in partnership with BAE Systems hosted a roundtable discussion on how CISOs can work together to mitigate the effects of data breaches. BIG DATA FOR PROACTIVE CYBER THREAT PREVENTION Paladion’s Vinod Vasudaven shares insights on how Big Data and security analytics can help organisations fend off cyber threats.
28 32
34
HUMAN AND AI SECURITY Human and artificial intelligence both play key roles in the implementation of a progressive and adaptive security posture. GUIDE TO A SUCCESSFUL INCIDENT RESPONSE PLAN Cybereason gives us a lowdown of nine of the often forgotten but vital steps security teams should incorporate in their IR plan. DOES DEVOPS HURT OR HELP SECURITY? Naysayers contend that the automation associated with DevOps make IT systems more vulnerable while others say it improves security.
NEWS
FIREEYE LAUNCHES MANDIANT M&A ASSESSMENT SERVICES FireEye has launched Mandiant Mergers and Acquisitions (M&A) Risk Assessment, a service designed to help organisations in an M&A process to understand the acquisition target’s cybersecurity posture and risk profile, and address the cybersecurity risks. M&A Risk Assessment is a weeklong service, evaluating key security components to identify cybersecurity risks earlier in the M&A process. As part of the service, Mandiant consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other M&A advisors can use for decision-making. “M&A activities are serving as a critical loophole for advanced cyberattacks. The inadequacy of cybersecurity and response technology has made M&A processes increasingly vulnerable to persistent cyber intrusions. It is imperative for companies to introduce an intelligence-led security approach to identify and assess risks harboured by target organisations. Our law firm partners support and recognise the need for cybersecurity due diligence, which is predominantly embedded in their legal process. Evaluation of companies for cyber risk during acquisitions and mergers cannot be deemed optional anymore.,” said Stuart Davis, Director, Mandiant Services.
82%
of global IT enterprises confirm shortfalls in their cybersecurity workforce Source: Intel Security
4
09.2016
INFORMATION SECURITY SPENDING TO REACH $81.6 BILLION According to the latest forecast from Gartner, worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 percent over 2015. Consulting and IT outsourcing are currently the largest categories of spending on information security. Until the end of 2020, the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP). Preventive security will continue to show strong growth, as many security practitioners continue to have a buying preference for preventive measures. However, solutions such as security information and event management (SIEM) and secure web gateways (SWGs) are evolving to support detection-andresponse approaches. Gartner expects the SWG market will maintain its growth
of 5 to 10 percent through 2020 as organisations focus on detection and response. “Organisations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks,” said Elizabeth Kim, senior research analyst, Gartner. “We strongly advise businesses to balance their spending to include both.”
Kaspersky Lab, VMware collaborate to enhance data centre security Kaspersky Lab has extended the company’s collaboration with VMware to help enhance security capabilities of today’s software-defined data centres. According to both companies, the expanded relationship will give mutual customers the ability to deploy virtualised platforms for business critical workloads, empowered by a security solution which easily follows all infrastructure and network topology changes to defend the entire organisation and its infrastructure from external and internal threats as well as from known or unknown vulnerabilities. “We have worked with VMware for many years. Kaspersky Lab is able to bring advanced security capabilities into corporate virtualised environments. Interoperability with VMware NSX will allow our customers to bring security of their software-defined data centres
to a new level, protecting their virtual servers, workstations and data centres from malware, network attack and zero-day threats with no impact on platform performance,” said Vitaly Mzokov, Solution Business Lead Data Centre and Virtualisation Security, Kaspersky Lab. Kaspersky Security for Virtualisation aims to add enhanced protection levels for the softwaredefined data centre through interoperability with the VMware NSX platform, implementing anti-malware and network protection capabilities to virtualised environments with minimal impact on valuable common resources. The cybersecurity company highlighted that this will help businesses maintain superior performance for the entire virtualised infrastructure − crucial for business reliability and efficiency.
www.securityadvisorme.com
NEWS
MICROSOFT PATCHES FLAWS IN WINDOWS, OFFICE, IE AND EDGE Microsoft has released a batch of security patches, fixing 27 vulnerabilities in Windows, Microsoft Office, Internet Explorer, and its new Edge browser. The patches are organised in nine security bulletins, five of which are rated critical and the rest important, making this Microsoft patch bundle one of the lightest this year. All of the issues resolved last month are in desktop deployments, but Windows servers might also be affected depending on their configuration. On the desktop side, administrators should prioritise the Microsoft Office and browser patches: MS16-099 (Office), MS16-095 (IE) and MS16096 (Edge). These vulnerabilities are critical and could be exploited remotely through web pages or Office documents to execute malicious code.
Another critical security bulletin that applies to Windows, Microsoft Office, Skype and Lync is MS16-097. It covers patches for three vulnerabilities in the Windows Graphics Component that allow for remote code execution through malicious web pages and documents. On Windows 10 with Edge, attackers could exploit the vulnerability by hosting a malicious PDF document on a website and then tricking users into loading that file in their browser. On other systems, attackers would have to trick users to download the document locally and then open it, for example through an email attachment. The MS16-100 and MS16-098 bulletins, both rated as important, could also get some attention from hackers because they cover flaws that could be used to further their attacks.
RSA appoints new VP for EMEA business RSA, the Security Division of EMC, has announced the appointment of Jonathan Gill as Vice President covering Europe, Middle East and Jonathan Gill, RSA Africa. According to the company, the appointment is part of its transformation to become an organisation well-positioned to lead in the unfolding new world order of business-driven security. With more than 25 years of experience in global enterprise security leadership, Gill has a track record of creating and executing sales strategies that drive incremental business growth and customer value.
www.securityadvisorme.com
In his new role, Gill emphasised that he will leverage his experience to drive sales growth and customer satisfaction in the EMEA region. Most recently, Gill served as Executive Vice President for Global Sales at Veracode following leadership and sales roles at CA, Arcot and IBM. “This is an exciting time to join RSA as it focuses to deliver businessdriven security to organisations looking to more directly align their security strategy with a broader business impact,” said Gill. “The company obviously has a long and successful track record in delivering customer value and I am truly excited by the opportunity to further align our business to the requirements of our EMEA customers and partners.”
200 MILLION YAHOO ACCOUNTS SOLD ON BLACK MARKET
A hacker claimed to have stolen the login information for 200 million Yahoo accounts and plans to sell them on the black market. The stolen records are up for sale on TheRealDeal, a darknet marketplace that offers illegal goods. For 3 bitcoins, or $1,824, anyone can buy them. The hacker, known as peace_of_mind, has claimed to have previously sold login credentials for LinkedIn and Tumblr users. In a brief message, peace_of_ mind said the Yahoo database came from a Russian group that breached LinkedIn and Tumblr, in addition to MySpace. In the case of the Yahoo accounts, the database “most likely” came from 2012, the hacker said. Copies of the stolen Yahoo database have already been bought, peace_of_ mind added. Yahoo said it was “aware” that the stolen database was on sale but neither confirmed nor denied that the records were real. “Our security team is working to determine the facts,” the company said in an email. Back in 2012, Yahoo reported a breach but of only 450,000 accounts. A hacking group called D33ds Company had claimed responsibility, but Yahoo said that most of the stolen passwords were invalid. It’s unclear if that hack is connected with this sale of 200 million accounts. Other security researchers have also noticed a Russian hacker known as ‘the Collector’ selling tens of millions of email logins from Yahoo, Gmail and Hotmail.
09.2016
5
DANGEROUS CONNECTIONS Smart Cities might be the future of global urban life, but they are more vulnerable to threats than computer networks.
6
09.2016
www.securityadvisorme.com
FEATURE
S
mart cities aren’t a science fiction, far-off-in-thefuture concept. They’re here today, with municipal governments already using technologies that include wireless networks, Big Data/ analytics, mobile applications, Web portals, social media, sensors/ tracking products and other tools. Not only have municipalities around the world have embraced the Smart City concept—using technology to manage a city’s assets, improve the efficiency of services, reduce consumption of resources, reduce costs and improve the quality of life—but many are making it a reality. According to a recent Gartner report, Smart Cities will experience a drastic increase in the number of connected devices in the coming year. In the report, named Forecast: Internet of Things — Endpoints and Associated Services, Worldwide, 2015 , Gartner estimated 1.6 billion connected things will be used by Smart Cities in 2016, an increase of 39 percent from 2015. The report also stated that smart commercial buildings will be the highest user of IoT with 518 billion connected things to be in use in 2016. But creating a Smart City comes with daunting challenges, including the need to provide effective data security and privacy, and to ensure that myriad departments work in harmony. It’s one thing if a security breach results in downtime, or lost data, or the theft of credit card numbers or www.securityadvisorme.com
other personal information. But what happens when security professional are charged with protecting the availability of real-time event driven systems? The doomsday scenarios are endless. Imagine hospital drug delivery systems, urban traffic lights, municipal water systems and the likes being hacked. “Security is one of the main concerns when it comes to data from Smart Cities. It is important to have the right IT security strategy, which is all about managing risks. That means looking at the security posture from an IT and operational perspective. It is about technology, having the right processes in place to prevent, react and remediate threats, and educating your employees to act in a safe manner. As such, it is important to take a holistic approach to your security strategy,” says Scott Mason, Cyber Security Leader, Middle East and Turkey, Cisco. Nader Baghdadi, Regional Enterprise Director, South Gulf and
Pakistan, Fortinet, says Smart Cities are faced with a large and complex attack vector that is constantly evolving in the form of infrastructure and environment. “The new wave of Smart City services and technologies such as car navigation systems that can predict where and when traffic jams might occur by siphoning data from sensors in roads and other vehicles, and cameras that can spot litter in public places and call in the cleaning crew, self adjusting, are just some examples that can create security vulnerabilities,” he adds. As buildings and other systems in the physical world become instrumented with sensors, physical security will be merged with cybersecurity under the purview of the IT department. That puts another level of responsibility onto the shoulders of security professionals. “When we talk about security within the context of Smart City we have to take into consideration both digital and physical security over a vast array of diverse activity. Smart City initiatives can range
“Smart Cities are faced with a large and complex attack vector that is constantly evolving in the form of infrastructure and environment.” -Nader Baghdadi, Regional Enterprise Director, South Gulf and Pakistan, Fortinet
09.2016
7
FEATURE
from mobility to energy to housing and many more. While our primary concern with smart systems is digital security, an important element of Smart City is enhancing the living environment through the physical security of its residents,” says Andrew Rippon, Senior Consultant, NexGen Group. For this purpose, a number of the initiatives being undertaken are using smart technologies to increase physical security, such as the use of Big Data and predictive analytics to send police officers where they may be needed or edge video analytics to detect crime. Industry experts recommend that security pros should start preparing now for the coming world were everything is connected and everything becomes a potential vulnerability. But the bad news is that security frameworks for Smart Cities are still in embryonic stage. “The classical IT security frameworks are still valid. However, when we look at overall Smart City frameworks, ENISA provides a methodology for looking at the major threats. Other work includes the Smart Cities Council report on making a city ready for smartness.” He adds other important frameworks to consider are Smart City platform architectures, such as the City Protocol’s City OS and the
“There are various security standards in the industry. These might be one of the challenges in Smart City deployment that the industry has not converged in one unified standard.” - Dr. Muneer Zuhdi, Director of Solution Line Management, Global Digital Economy Practice, Nokia.
International Telecommunications Union (ITU) architecture for Smart Cities. They all generally divide up a Smart City architecture into four layers, being infrastructure, data orchestration, enablers and applications. Another issue is the lack of security standards when it comes to the adoption of Smart Cities. “There are various security standards in the industry. These might be one of the challenges in Smart City deployment that the industry has not converged in one unified standard. The leading bodies are: ITU-T, ETSI, and 3GPP. There are also variety of guidelines that were established as part of the local regulations in regions, such as US, Europe, and India,” says Dr. Muneer Zuhdi, Director of Solution
“While our primary concern with smart systems is digital security, an important element of Smart City is enhancing the living environment through the physical security of its residents.” - Andrew Rippon, Senior Consultant, NexGen Group
8
09.2016
Line Management, Global Digital Economy Practice, Nokia. As security practitioners look to the future, they need to move beyond just protecting computer systems. “Instead of fighting the losing battle of trying to lock down devices and services, CIOs should look at protecting the data. Look for IoT devices that offer device-to-device encryption. Consider implementing − as well as bolstering − comprehensive encryption schemes to protect data in networks, cloud services and endpoint devices,” says Baghdadi. Now, the key question – who is responsible for securing Smart Cities? Security pundits say cities need to start treating security in the same way the private sector does. “While city and national governments must provide the supporting security environment, there are many roles for private sector security firms within the sphere of Smart Cities. To begin with, we must consider that not all Smart City systems will be implemented by government, many real estate developers, logistics companies and industries in many sectors will implement Smart City systems. Even where governments are the initiators, many are finding that Public-Private Partnerships are the most effective way to deliver, although classic procurement is also going to happen,” sums up Rippon. www.securityadvisorme.com
EVENT
ALLIED FORCES As a prelude to the inaugural Security Advisor Middle East Awards 2016, SAME hosted an in-depth roundtable discussion in partnership with BAE Systems, which centred on the ways CISOs can work together to tailor their security efforts to mitigate the effects of data breaches.
S
imon Goldsmith, Sales Director of Cyber Security and Financial Crime, ME, BAE Systems, set the tone for the discussion by analysing how TalkTalk and its CEO, Dido Harding, dealt with a cyber-attack in 2015. Roughly four percent of the British telecoms firm’s customers suffered a disclosure of their payment details, but did not incur any financial loss. Nonetheless, TalkTalk lost 101,000 customers, and faced costs of around $85 million in the months that followed. The case provided a fascinating springboard for a SAME forum that covered the reputation and reliability of companies following such attacks. Dr. Jassim Haji, director of IT, Gulf Air, said it wasn’t simply a case of being able to recover the lost or stolen information, 10
09.2016
because once a company loses their reputation, the damage has been done. “The market is so harsh nowadays,” he said. “Customers have many options, so why should they even risk one percent when there is a history of breaches?” Representing RAKBANK in the discussion were K.S. Ramakrishnan, Chief Risk Officer, and Tushar Vartak, Head of Information Security. Vartak agreed with Haji, and concluded that “reputation precedes the financial loss of a company.” The discussion then posed the question of discovering the ‘magic number,’ in terms of how many products should be implemented to try and prevent these attacks, and how much money should be spent on achieving this balance. Kamran Ahsan, Senior Director of Security Solutions, Etisalat, stated that it
wasn’t about the number of implemented products, and instead it was more about the people behind the security team. “It’s all about your skill-set,” he said. “The people who are the eyes and ears on the dashboard are the important ones. You can buy as many tools as you want, but it’s the security team that need to understand how to use them.” Goldsmith agreed that getting to this illusive ‘magic number’ should not be the primary aim. “Justifying why you have certain controls or products in place is what should give you assurance that you have spent enough money on security,” he said. In terms of cost, Haji discussed how the line between spending too much and not enough was extremely thin. “You could be making a monster out of nothing if you spend a lot, when you could spend that www.securityadvisorme.com
OPINION
money somewhere else,” he said. “If you haven’t spent a lot on security and haven’t had an attack, you could be seen as lucky. It isn’t necessarily an achievement as it means no one is interested in your product. However, if you are really unlucky, you can spend a lot on security and still get hacked.” When trying to combat the risk of attack, the consensus across participants was that it is of equal importance to look at both internal and external access opportunities. “The first go-to explanation for an attack 95 percent of the time is ‘it was an insider,’ when it is then later discovered that it was an external attack,” said Goldsmith. “Attackers will take the easiest and cheapest route, and this could be by corrupting an employee. Insiders are important, but companies also need to consider external threats.” Balancing the important pillars of people, processes and technology was a common theme throughout the discussion, which raised contradicting views from various speakers. Ahsan maintained that people were the most important factor in a company’s security set-up, but agreed that although they could be a firm’s strongest link, they could also be their weakest if they were intercepted or corrupted. In response www.securityadvisorme.com
to this, Anoop Kumar, Information Security Manager, Gulf News, simply suggested that if this risk of being dependent on people is so prominent, then why not just become more dependent on a service? Representing National Bank of Fujairah was Hariprasad Chede, Senior Manager of Information Security. He discussed how one of the major weak points in this region’s IT security is the supply chain. “Even if you have the right IT team, there is still a heavy dependence on a vendor, which gives them access to the data,” he said. “This data is also passed around various departments within the company, for example the marketing department, who may already be talking to the press. There is also a lack of awareness about the data being relayed to law firms and translators. Anyone who has access to the data within the supply chain is a risk, and that is a particular weakness in this region.” Goldsmith discussed his own experience with attacks in the US and UK, where attackers had targeted various people within the supply chain – particularly law firms - because they were the weakest link. He suggested that a way of combating this was to group people’s behaviours within a department, depending on their job title,
Attackers will take the easiest and cheapest route, and this could be by corrupting an employee. Insiders are important, but companies also need to consider external threats.
by way of unsupervised machine learning. “For example, engineers tend to behave a certain way and marketers tend to behave a certain way. By using this technology, it can be identified if someone who HR defines as an engineer starts behaving like a marketer, and you know then that it is something to be aware of,” he said. All of the discussion members agreed that unity amongst multiple security professionals is key in defeating the ‘bad guys.’ Vartak suggested that a WhatsApp group should be set up in order for members to communicate issues they were facing within their own companies in an informal forum. “The intent is there,” said Chede. “We need to capture it and make it more mature, as it’s better to take feedback from those in the same field. The fairly recent introduction of award ceremonies such as the Security Advisor Middle East Awards also shows that people are recognising the importance of IT security.” 09.2016
11
AWARDS
SETTING THE COURSE S
ecurity Advisor ME Awards honoured individuals, businesses and vendors that have delivered ground-breaking business value through the innovative application of security technologies. As businesses transform themselves in the digital economy, they face countless and evolving security threats. Keeping up to date with information security is a tough ask; it seems there is a new threat being discovered every day and attacks are 12
09.2016
getting sophisticated and targeted. Our winners have helped build a security culture not just in their own organisations but in the broader business community as well. Their strategies vary from anticipating and preparing for risks, to advocating metrics as a common language to bridge the communication gap between business and security leaders. These outstanding organisations and individuals who have demonstrated innovation, creativity and understanding
of business value in security were chosen from a large pool of submissions. Each nominee was reviewed and judged by our judging panel in terms of their leadership achievements as demonstrated by the depth and breadth of initiatives, creativity and specific measurable results. We congratulate this year’s winners and applaud them for setting the bar high for security’s role in providing value and ROI in business. www.securityadvisorme.com
PANEL OF JUDGES
Hariprasad Chede President, ISACA, UAE
www.securityadvisorme.com
Javed Abbasi Founder, GISBA
Mario Foster
CIO, Al Naboodah Group Enterprises
Naimish Shah
VP - Enterprise Architecture, Information Security and Innovation, Emirates NBD
09.2016
13
Top CSO/CISO of the Year
Winner: Adel Alhosani, Dubai Customs
Alhosani is an acclaimed information security expert, investigator, author and researched. He has made it his personal mission to improve information security in the Arab world and make it a global benchmark. He holds a master’s degree in IT with specialisation in cybersecurity, and has some of the world’s most prestigious certifications such as CISSP, CIA, CISM, and COBIT5 Assessor to his credit.
Best IT Project – Public Sector The Ministry stores information related to all the people living in the UAE and handles daily live data transactions in excess of 600,000. The winning project was a data cleansing initiative aimed improving the quality, security and integrity of data. Winner: Ministry of Interior, UAE
14
09.2016
www.securityadvisorme.com
Best IT Project – Private Sector The Bahrain national carrier processes millions of online financial transactions monthly, and has undertaken a project to secure its communication network. The project entailed security enhancement to the network infrastructure coupled with advanced identity and access management. Winner: Gulf Air
Most Outstanding Security Team RAK Bank’s 24/7 security operations centre is managed by the in-house team. This security team has been instrumental in developing meaning metrics that convey technology risks in a manner most business leaders understand.
Winner: RAK Bank
www.securityadvisorme.com
09.2016
15
Personal Contribution to IT Security
Winner: Sheikh Adnan Ahmed, wasl
Ahmed is security professional with over 11 years of experience in the field of information security, IT governance and risk management. He was awarded with ISACA COBIT certified assessor; only 92nd in the world and 8th in UAE. He has used innovative approaches, working practices and technologies to enhance the security posture of his organisation and in the process, has become provided an example to his peers and colleagues.
Editor’s Choice Al Nisr Publishing was picked by the editorial team at Security Advisor Middle East for demonstrating excellence and deploying innovative security systems that improve business operations. Along with best practices, the information security management team has successfully embedded security programme principles into the DNA of this organisation.
16
09.2016
Winner: Al Nisr Publishing
www.securityadvisorme.com
STAY SECURE WITH THE IXTEL SOC Whether we’re supporting fully managed services or individual devices, you can rely on our UAE-based, 24x7x365 Security Operations Centre (SOC) to deliver the right people, process and technologies to ensure outstanding performance and resolve issues before they impact your business.
THE SMARTER SOLUTION TO SECURITY INTELLIGENCE With a proven track record of delivering first-class security services, the wealth of experience inside our SOC is second to none. And, of course, as well as working to ITIL frameworks, we’re IL2, IL3 and ISO 27001 accredited
To learn more about how the ixtel SOC can improve security and performance for your business, contact 04 342 3366 email us at info@ixtel.com
Best AntiSpam Vendor Symantec bagged the trophy for its cloud-based solution, which boasts multiple analysis engines that are continually updated to scan emails and accurately detect and eliminate spam and malicious threats.
Winner: Symantec
Best AntiMalware Vendor Cisco was adjudged the winner for its malware protection solution that goes beyond more point-in-time malware detection; it also provides retrospective security capabilities powered by continuous analysis.
Winner: Cisco
18
09.2016
www.securityadvisorme.com
For more information, please contact ARROW team on + 971 4 501 5814 | marketing.ecs.ae@arrow.com | www.arrowecs.ae
Best Cloud Security Vendor Dell Security was picked as the winner for its cloud access manager solution, which offers secure and unified access to cloud-based web applications with context-aware security, and policy-based access control.
Winner: Dell Security
Best Encryption Vendor Sophos offers an encryption solution that ensures complete data protection on multiple devices and operating systems. The solution is built to match the organisational workflows and processes without slowing down productivity.
Winner: Sophos
20
09.2016
www.securityadvisorme.com
Best Identity and Access Management Vendor Centrify delivers stronger security through single sign-on, multi-factor authentication, mobile and Mac management, privileged access security and session monitoring.
Winner: Centrify
Best Mobile Security Vendor F5 Networks offers protection against advanced threats targeting the mobile device user. The solution leverages common browser-based technologies to provide mobile device security, without impacting the user experience.
Winner: F5 Networks
www.securityadvisorme.com
09.2016
21
Best Public Sector Security Solution Vendor Huawei offers a solution which provides the very foundation of a safe and smart city, by delivering an ICT infrastructure that enables seamless and intelligent collection of information and data from the field and IoT devices.
Winner: Huawei
Best Network Security Vendor Fortinet won this category for offering a broad portfolio of products and subscription services that scale to meet the network security challenges and requirements of every business size, ranging from SMBs to large enterprises.
Winner: Fortinet
22
09.2016
www.securityadvisorme.com
Managed Security Services Provider of the Year
Winner: Paladion
Paladion offers a managed services portfolio, which covers the whole spectrum of cybersecurity; comprising security assurance, compliance, governance, 24/7 monitoring, threat intelligence, security analytics and security management services to large and mediumsized organisations.
Best Security Systems Integrator GBM offers a security framework, which is holistic and integrated approach with end to end security solutions and services. The framework was develop based on the users’ key challenges including security intelligence, monitoring and management, compliance and risk mitigation. Winner: GBM
www.securityadvisorme.com
09.2016
23
Best Wireless Security Vendor NetScout offers wireless intrusion prevent and detection systems and WLAN security monitoring solutions that enable the security, performance and compliance of WLANs.
Winner: NetScout
Best APT Protection Vendor Forcepoint helps enterprises defend against advanced persistent threats by rapidly detecting breached and deciding quickly how to best to defeat attacks.
Winner: Forcepoint
24
09.2016
www.securityadvisorme.com
www.securityadvisorme.com
09.2016
25
OPINION
BIG DATA FOR PROACTIVE CYBER THREAT PREVENTION By Vinod Vasudevan, Co-founder and CTO, Paladion
T
he use of Big Data combined with security analytics has become a key weapon in the fight against cybercrime. Conventional detection mechanisms have failed due to the increase in the number of ‘unknown’ attacks. Let us look at some examples to understand how Big Data combined with analytical models can help solve this challenge.
DETECTING THE UNKNOWN The easy way to understand the need for Big Data and analytics is to look at the evolution of viruses, malware 26
09.2016
and their detection. Until APT related malware became the cornerstone of serious attacks, malware detection was based on signatures. At that time there were more ‘knowns,’ so solutions could detect and identify existing patterns using a signature. Since the advent of APT and the use of sophisticated malware to penetrate large enterprises and government organisations, the ‘unknowns’ have become dominant. Today, malware and other complex attacks are so sophisticated that trying to detect it through known patterns no longer works. The availability of crypters and packers to generate custom code along with more memory
based attacks has made signature based detection obsolete. Alternative approaches emerged when signatures failed and analysts employed heuristic technologies to detect malware using the “sandbox” testing method. This approach was quite successful until malware creators started writing code to stop the execution of malware in a sandbox. The next step is to utilise Big Data. As an example, infected end points could be sending back beaconing data to command and control servers that are not yet in the known blacklist. This data is available in proxies but is difficult to detect using signatures www.securityadvisorme.com
OPINION
since well written malware do not have known beaconing that can be captured with a signature. It can be detected using clustering techniques running on a Big Data platform given the sheer volume of proxy logs. Another example is to detect advanced malware by analysing the effects of data sets on processes and observing events from end points. This kind of data set is voluminous in any enterprise environment. In this approach, the anomalous behaviours of some end points are compared to other end points that are peers to detect anomalies that point to malware. This method calls for quick analysis of huge volumes of data as well as using analytical models to baseline normal patterns in end points against unusual patterns. The use of Big Data technologies combined with end point analytics enables the quick identification of any deviation and therefore identifies affected systems. Lateral movement of attackers or malware is another use case that requires analytics on large volumes of data. Once an organisation is infiltrated using malware, malware moves laterally to other systems till the time they reach the crown jewels. Once they get what they want, data exfiltration
“Today, malware and other complex attacks are so sophisticated that trying to detect it through known patterns no longer works.� - Vinod Vasudevan, Co-founder and CTO, Paladion
www.securityadvisorme.com
starts from inside the organisation to external cybercrime syndicates. This essentially means that in order to detect lateral movement, analysts have to identify hundreds or thousands of lateral movement probes from billions of other events. This is inherently a difficult task and is different from conventional methods of attack detection that rely on identifying higher volume of attacks on lower number of data centre assets. It requires processing large volumes of events and identifying specific behaviour anomalies in the environment, which needs base lining normal user access and machine access and detecting deviations from it. This is an area that not only requires Big Data but also uses machine learning over Big Data. These are but some examples. There are many such use cases that require analytics applied on large datasets for better detection of unknown attacks.
MOVING TO A NEW PARADIGM WITH BIG DATA AND SECURITY ANALYTICS The last two to three years have seen profound changes in the attack methodology of cybercrime syndicates. They have moved from directly targeting high value assets to indirect stealth attacks that are inherently difficult to detect. The information security industry is also evolving to detect and respond to such high impact attacks. Big data combined with security analytical models now play a key role in the detection of such attacks. It is no longer about the prevention of attacks, but more about quick detection and containment of the breach. In this new paradigm, Big Data security analytics leads the way in prediction of attacks, proactive detection of breaches, and quick containment. 09.2016
27
OPINION
INCORPORATING HUMAN AND ARTIFICIAL INTELLIGENCE IN SECURITY By Arthur Dell, Director, Technology and Service, MEA, Citrix
n today’s ‘new normal’ world of Information Security, yesterday’s approaches to keeping the bad guys out have effectively been rendered useless. Put simply, it’s no longer possible to protect your personal data or your organisation’s intellectual property by maintaining a reactive strategy. With cybercrime costing the global economy up to $450 billion annually, it pays for businesses to have a strategy in place that mitigates threats before it’s too late. As the scale of the traditional network multiplies with every new mobile device or IoT connected endpoint, so does the potential for threats.
I
28
09.2016
It’s time to rip up the playbook and rethink how you move to a proactive posture – one that should be viewed as an imperative, not a nice-to-have. At the heart of many of the best examples of modern, effective security postures is the concept of using intelligence to help drive the desired outcomes of each of the key cornerstones of deter, detect, respond and remediate. In the physical world, we look to law enforcement and government entities to use intelligence to protect us from harm. Therefore, we must embrace the same philosophies in the virtual world where we are in a relentless state of cyber-war and prepare ourselves for the ongoing battle by out-thinking and outsmarting the enemy online.
In terms of the role that intelligence plays in the new normal, it is a combination of human and artificial – each with a key role to play and as vital as each other in the successful implementation of a progressive, adaptive security posture.
• Human intelligence – this is an often-neglected, yet critical part of the line of defence. It’s a game of hearts and minds and every organisation has to view their employees, contractors and partners as extensions of their firewall. For the human intelligence element to be effective, organisations must commit to deliberately blurring the lines between personal (at home) and corporate (in-office) security. With more employees working on the go, emphasis must be placed on the www.securityadvisorme.com
Nothing happened today In a perfect world, no one thinks about access control except you. The hundreds of people coming and going don’t think about you, or what a good job you’re doing, or how they always manage to get seamlessly where they need to go. Because you chose Synergis access control, it was another great day.
© 2014 Genetec. All rights reserved. Genetec and Synergis are either registered trademarks or trademarks of Genetec.
genetec.com/synergis
OPINION
The fact that many organisations go months before they realise they have been compromised means there are not enough tools in place to quickly detect “indicators of attack” and “indicators of compromise.” - Arthur Dell, Director, Technology and Service, MEA, Citrix
importance of using company issued devices safely, especially when connecting to public networks that are susceptible to a host of threats. The rapid growth in ransomware, where attackers deliberately look to use social engineering techniques to “lock” files with their own encryption and demand a hefty sum to provide the key to un-encrypt, is mentioned on the front of the world’s newspapers and is a prime example of why it is critical to educate, educate, educate.
• Artificial intelligence – this is an emerging paradigm and perhaps the best weapon any organisation could possess in today’s evolving threat landscape. Collecting, analysing and acting upon system and log information is fundamental to the “hand-to-hand combat” approach that is required to keep the bad actors at bay. Attackers no longer use traditional methods to breach firewalls; they are much more sophisticated and use Advance 30
09.2016
Persistent Threat tactics – which can include leaving Remote Access Trojans dormant for months at a time – so it is critical to add an “East-to-West” view to accompany the existing “North-to-South” view, so that lateral data movement and network activity can also be captured and assessed. The key to utilising an artificial intelligence approach is being able to derive anomalies from the huge amounts of information that are captured in log management solutions and Security Information and Event Management (SIEM) systems. The application of readily available machine learning techniques with anomaly detection algorithms can help give an organisation “x-ray vision” into activity on their corporate networks and provide an advantage over the attacker. CTOS constantly get asked the same question, where clients inquire as to where they should invest their
time, effort and money to prevent and effectively remediate threats. Regardless of the customer or industry sector, the answer is always the same – yes! The fact that many organisations go months before they realise they have been compromised means there are not enough tools in place to quickly detect “indicators of attack” and “indicators of compromise.” IT teams have to act like as if they’ve already been breached – that’s the change of mindset required. Assume that the business is compromised right now, today, and then think about how you would architect segmentation at the access, network, application and data level. More visibility is required to determine a baseline for what activity is valid, ie. bandwidth usage, which users connect from where, which networks typically communicate at what times of day and what’s normal traffic is also necessary. This way anomalous traffic can stand out using “x-ray” vision. For example, one way to gain visibility into attacks against web applications is with NetScaler Security Insight which uses the application firewall function to better identify and prioritise attacks for more effective triage. Security insight also analyses the NetScaler configuration to and highlight inconsistencies that weaken the security posture. At Citrix, we are fanatical about security and are committed to providing a portfolio of solutions across the entire company that help our customers address their security and compliance needs and keep their data safe in transit, in use and at-rest. www.securityadvisorme.com
“It’s not just security. It’s defence.” Cyber threats have changed, and the solutions need to change too. The sophisticated techniques BAE Systems uses to protect government and military assets are now helping to defend businesses around the world. Learn more at BAEsystems.com/cyberdefence Copyright © 2016 BAE Systems plc. All rights reserved.
9
steps for a successful incident response plan
D
etails matter when developing an incident response (IR) plan. But, even the most successful IR plans can lack critical information, impeding how quickly normal business operations are restored. This quick guide from Cybereason takes a closer look at nine of the often forgotten, but important steps that you should incorporate into your IR plan.
1
PREPARATION ACROSS THE ENTIRE COMPANY Good security leaders should be able to get people from across the company to help develop the IR plan. While CISOs will most likely manage the team that handles the threat, dealing with the fallout from a breach requires the efforts of the entire company. For instance, a bank handling the impact of a breach may need help from its public relations staff if the organisation is legally required to publicly 32
09.2016
disclose the incident. The bank’s Web development team may also need to be involved if the adversaries carried out their attack by exploiting a vulnerability in the company’s website, like a WordPress flaw. Additionally, the company’s human resources department may need to be contacted if employees’ personal information was disclosed. The bank’s incident response plan should include input from all of these departments. A thorough incident response plan lays out what key personnel should be notified when a breach is detected and how information on the breach is communicated throughout the organisation and externally. During the preparation phase, a communication timeline and the contact information for key staff should be added to the plan.
2
IDENTIFY MEASUREMENTS AND MATRICES A successful incident response plan defines in advance the key performance
indicators (KPIs) that the security team will measure during the event. Some good time-related measurements to track include time to detection, time to report an incident, time to triage, time to investigate, and time to response. On the qualitative side, some figures to track include the number of false positives, the nature of the attack (malware vs. non-malware based) and the tool that spotted the incident.
3
HOLD TEST RUNS Companies should use the preparation phase to consider the various breach scenarios that could play out. These scenarios should be reviewed in activities like team training, tabletop exercises and blue team-red team exercises. Businesses should even simulate a breach so employees know their roles when a real breach occurs. This is the phase when companies identify their weak points and risk factors, figure out what activities need to be closely monitored and decide how www.securityadvisorme.com
INSIGHT
to spend their security budgets. An IR plan should be revised yearly or more frequently if the company grows rapidly. Additionally, the incident response plan should incorporate any business regulations.
4
CHECK THE ALERTS THAT APPEAR BENIGN Threat detection can come from situations that initially appear benign and not related to security. An IT investigation into a slow computer could reveal that the machine is infected with malware, for example, prompting fears of phishing attacks and an investigation to see if anyone clicked on a suspect link. IT professionals should always check for signs of compromise when looking into a tech issue, even if the incident doesn’t seem to be connected to security. A company’s best defene against adversaries is well-trained users who, for instance, know to contact security after receiving an email with an odd link. Additionally, IT and security teams shouldn’t disregard a user’s suspicions. Always investigate a hunch, since a person’s intuition can provide a lead that results in a breach being detected.
5
CREATE A CONSOLIDATED DATA REPOSITORY Whatever methods companies use to detect threats, an important step is consolidating all incidents into a central repository. Companies typically use SIEMs for this but sometimes these aren’t enough to get a comprehensive view across an IT environment. Incident response teams will often try to build a view of everything that was going on in the environment in hindsight. At this point, it is often too late to construct a comprehensive view and what the incident response team ends up with is too partial to be of any value. Building and maintaining a data repository that has continuous and a broad visibility across the full environment is not just essential for www.securityadvisorme.com
regulatory requirements. It is crucial for accelerating investigation and response.
6
DON’T OVERLOOK INDUSTRIAL CONTROLS Many organisations have facilities that run industrial systems, such as an oil refinery or a factory that manufactures drugs. However, companies may not think attackers will target these locations and not closely monitor them for malicious activity. In other cases, a department other than IT or security manages the industrial control system infrastructure. The personnel in this department may lack the knowledge needed to closely monitor these systems, potentially leading to security being neglected.
7
CONTAINMENT AND REMEDIATION A thorough containment and remediation process that stops an entire campaign instead of only solving a symptom of the attack is essential. However, security teams usually provide a specific solution to a very broad problem, leaving ample opportunity for the same attack to re-occur. The containment and remediation plan must be based on the findings of the security team’s investigation of the incident. Often times, the plan that’s developed relies on information only gathered during the preliminary detection. For example, if a SIEM detected a malicious connection to C2 server, the typical solution would be to kill the process creating the communication and block the IP address in the firewall. But if the malware is persistent, it will reload when the computer reboots, perhaps with a different process name, and communicate with a different server. The security team then enters an endless loop of detection, containment and eradication for the same threat. On the other hand, if the team was investigating the malware’s techniques and infection vector, it would have a better eradication plan and may have developed a prevention plan.
8
PLAN FOR A FOLLOW-UP BUDGET AND RESOURCES Follow-up is critical to preventing a security incident from reoccurring. However, companies often don’t fully follow through with this step. Some recommendations that come out of the follow-up process entail spending money, making such steps unpalatable to organisations with budget constraints. Less costly options include adding new detection rules to a SIEM, while some of the more expensive follow-up steps entail hiring additional security analysts or purchasing technology to detect attacks. The follow-up phase is also when an organisation reviews the performance of its KPIs and determines if they need to be adjusted. A security team, for example, could determine that the detection rules caused excessive false positives, impeding its ability to swiftly respond to the incident. Then, it can go and improve the set of detection rules it has, or upgrade to a different detection systems with better capabilities. The security team could also decide to add a detection rule based on an incident that was reported by a user instead of being detected by the SIEM.
9
FOLLOW-UP ACROSS THE ORGANISATION Organisations should get ready to spend time and money to learn and improve after a breach. It is also crucial that the learning and improvement process not only includes IT and security. Similar to the preparation phase, often times, follow-up only focuses on what the security team handles, which is typically containment and detection. Limiting follow-up to the security team’s duties makes managing the process easier, but fails to take into account how other departments in a company should get involved to improve their ability to can better react to a security incidents in the future. Incident response requires the cooperation of an entire organisation, not just the IT and security departments. 09.2016
33
INSIGHT
Does DevOps hurt or help security? Naysayers contend DevOps weakens security, others say DevOps enhances security.
34
09.2016
www.securityadvisorme.com
INSIGHT
T
here is a firmly held concern in security circles that the automation associated with DevOps moves too swiftly, that security teams and their tests can’t keep up, that too many of the metrics measured focus on production, availability, and compliance checkboxes, and as a result, security falls to the wayside. Early proponents of DevOps always have argued that when done right, DevOps can actually improve security. When it comes to the positive impact of DevOps on security efforts, Justin Arbuckle, vice president, EMEA, and chief enterprise architect at Chef, doesn’t mince words. Arbuckle also was formerly chief architect at GE Capital, where he was a big proponent of Agile and continuous delivery approaches to software development. Arbuckle says that many, if not most, organisations today simply are not developing resilient software or infrastructure or even maintaining regulatory compliance — and that they never will be able to actually automate as much of the software security and regulatory compliance checks as they can without moving toward DevOps. “I think a lot of what we think of as being compliant today is a complete myth,” says Arbuckle, who contends that there are so many security and regulatory compliance checks that large enterprises typically have to check that they just can’t keep up. “They have to trade off between ‘It’s good enough, we’re ready to go’ and ‘We’re not going to go anywhere until we’ve literally crossed every T and dotted every I,’” Arbuckle said in a recent interview. Arbuckle is even more uncertain of current enterprise claims when it comes to managing their security risk posture. “I think the number of organisations that can count fully detailed, fully implementable — and that’s the key word, ‘implementable’ — security policy by their infrastructure people on one hand,” he says. www.securityadvisorme.com
One of the best ways to bring DevOps and security together is to utilise the tools and the processes that DevOps really excels at and apply them to security things like automation, orchestration, and instrumentation.
According to Arbuckle, security teams trying to keep up with security threats have to learn and respond as they go, and the result is that security policy tends to lag the threat. “The only way for the organisation to catch it is through this process of documentation, policy, and checks. And through it all, they know that the standard is nonsense because it’s out of date by definition. So they have to create a point-in-time review, which brings velocity to a halt,” says Arbuckle. DevOps naysayers contend, however, that DevOps also risks automating the wrong processes, or poor metrics move the organisation away from measuring actual security and compliance risks to only measuring those risks and threats that they can easily measure, thereby creating a false sense of security that itself can be dangerous. Andrew Storms, Vice President, Security Services at consultancy firm New Context, says that while some concerns about moving too fast to DevOps are valid, many of them come from a place of fear. “Much of it really is rooted in fear. They see that the organisation has brought together the developer and the operations team and they fear that everything will become the Wild West,” Storms says. “However, we’ve shown over and over through the
years that bringing these teams together actually has huge positive impact.” While security processes tests always should be an integral part of DevOps workflow, that isn’t a reality for many organisations. They’ve always struggled to properly integrate security, and those challenges certainly persist through transitions to DevOps. But Storms says that DevOps provides an opportunity to more tightly couple security into the workflow. “One of the best ways to bring DevOps and security together is to utilise the tools and the processes that DevOps really excels at and apply them to security,” he says — “things like automation, orchestration, and instrumentation. Let’s use those tools to build these closed-loop security systems where everything’s automated and everything’s predictable. That’s a way we actually can fulfill the security requirements in an automated fashion with fewer resources.” One success story that Storms cites is a healthcare company in the Northeast. “It has had serious compliance and security requirements so it performs continuous deployment. The company has extensively automated its security and compliance tests and the auditors are happy,” he says. 09.2016
35
PRODUCTS
Brand: EMC Product: EMC Data Protection Suite for VMware What it does: EMC Corporation has announced new products and support that optimise the protection of VMware workloads across VMware environments to enable protection everywhere. EMC is extending the protection of virtual machines on VxRail Appliance through the EMC Data Protection Suite for VMware. According to EMC, the integration between its data protection portfolio and VMware software empowers vAdmins to provision, monitor and manage the protection of their virtual workloads through the standard VMware interface. This includes enhanced support for VMware Virtual SAN, VMware vSphere and expanded data protection options for VCE VxRail Appliances. What you should know: VCE VxRail Appliance users can now expand on its builtin protection capabilities and leverage a wider range of EMC data protection products to provide application consistency for backups as well as monitoring, reporting and backup file search capabilities. For organisations leveraging VMware Virtual SAN, the Data Protection Suite for VMware also provides disaster recovery support for Virtual SAN through EMC RecoverPoint for VMs.
36
09.2016
Brand: Fortinet Product: FortiASIC SO3
What it does: Fortinet’s FortiASIC SOC3 is a systemon-a-chip architecture which accelerates the new FortiGate 60E series security appliances. According Fortinet the new architecture speeds up 60E’s consolidated security and networking capabilities. The FortiGate 60E is the ideal entry point for distributed enterprises, branch offices and SMBs that require the advanced protection, networking performance, unified visibility and ease of management offered by Fortinet’s Security Fabric. The SOC3 more than doubles the secure networking performance over the enterprise-class CPUs found in competing security solutions, and propels the new 60E series
distributed enterprise firewalls to unprecedented levels of security and performance. What you should know: Fortinet’s SOC3 leverages advances in silicon design to consolidate networking and security- specific processors onto the same die alongside a quad-core CPU. SOC3’s security-optimised architecture delivers deep security analysis and inspection capabilities. This architecture also yields design efficiencies that reduce power consumption to a meager 5 Watts and enable a fan-less design that runs quietly enough to deploy in any environment.
Brand: Sophos Product: Sophos Email What it does: Sophos Email is a cloud-based secure email gateway designed to boost and simplify email security for businesses, according to Sophos. It incorporates the vendor’s threat protection engine and additional advanced email-specific protection technologies, such as aggressive contextspecific heuristics (CXMail) built and maintained by SophosLabs. The CXMail family of detection strategies are purposefully designed to stop threats like ransomware that are predominately distributed using email. The addition of the secure email gateway to Sophos Central integrates technology from Reflexion Networks. What you should know: Sophos Email is managed from Sophos Central where the dashboard allows partners and managed service providers (MSPs) to control and configure settings, distribute licences, add new customers and track real-time view into all customer activity. The single pane of glass dashboard shows all Sophos Central services customers subscribe to, making cross and upsell opportunities more clear to help partners drive recurring revenue. www.securityadvisorme.com
OFFICIAL COUNTRY PARTNER
KINGDOM OF SAUDI ARABIA
Companies globally are reimagining business realities fast. Join Gitex to stay ahead
Dedicated Event Day just for your industry. VERTICAL DAYS AExperience the best in your business MONDAY 17
TUESDAY 18
WEDNESDAY 19
THURSDAY 20
MARKETING & HEALTHCARE
FINANCE & INTELLIGENT CITIES
RETAIL & EDUCATION
ENERGY
Aseem Puri
James Baresse
Paul Clarke
Keith Kaplan
CMO, UNILEVER INTERNATIONAL, Singapore
Former CTO, PAYPAL
Chief Technology Officer, OCADO
CEO, TESLA
Insider on Unilever’s ‘zerobased budgeting’ strategy
One of the leading minds behind the biggest fintech disruptor
Becoming the world’s largest online grocery store using AI & robotics
Industrial revolution 4.0 - how do you integrate cyber autonomy in everyday lives
Rafael Grossman
Jonathan Reichental
Assine George
Pascal Dauboin
Healthcare Futurist, Technology Innovator and Surgeon, US
CIO, CITY OF PALO ALTO
CIO, UNIVERSITY OF WESTERN AUSTRALIA
R&D and Innovation Director, TOTAL
World’s first Google Glass surgeon
How to transform into a number one digital city in the world
Learn how companies apply the
Mapping a path to the most connected campus & pioneering the future of learning
We curate 4,000 of the best tech suppliers from 77 countries
newest and most innovative concepts to clinch global success.
OVER 150 SPEAKERS
Insider on Total’s integration of nanosensors & robotics in digital oilfields
Featuring 150+ high profile practitioner speakers who achieved awe-inspiring breakthroughs
We recognise dare to change companies with enviable achievement awards
Applying groundbreaking technologies to outrun your competitors. HEAR LIVE FROM THESE VISIONARIES WHO DID IT. Troy Carter
Debbie Wosskow
Nicolas Cary
Evan Burfield
Head of Client Liaison, SPOTIFY
Founder, LOVE HOME SWAP
Founder BLOCKCHAIN
Founder 1776
The owner of world’s largest home swap club, biggest competitor to AirBnB.
GITEX
Startup
DUBAI WORLD TRADE CENTRE
Tech investor, startup founder, music mogul defining the careers of numerous recording artists including Lady Gaga
LAUNCHING
MOST GLOBAL the
Founder of world’s leading bitcoin software company, raised over $30million from top tier investors
Named an ‘Emerging Tech Leader’ by Politico as well as a ‘newsmaker to watch’ by Washington Business Journal
Game changing tech Learn how the best companies across every industry including yours integrate these technologies to sharpen their competitiveness
Be part of the
largest indoor VR experience
STARTUP
MOVEMENT MOVEMENT
Powered by
OUTTALK CONFERENCE - PITCH COMPETITION MENTOR CLINICS - CORPORATE ACCELERATOR NETWORKING
Robotics UAVs
Machine Learning
Augmented Reality
3D Printing & 18 more sectors
and
REGIS TER NOW & SAVE!
www.gitex.com/visit | Tel : +971 4 308 6037 / 6901 | Email : gitex@dwtc.com | For conferences : fahad.khalife@dwtc.com Cyber Security Innovation Partner
Strategic Partners
Digital Transformation Partner
Startup Incubation Partner
Robotics Partner
VIP Majlis Partner
Student Lab Headline Sponsor
Green Partner
Digital Data Center Partner
Startup Support Sponsor
Official Publications
Official Airline Partner
Organised by
BLOG
THE EVOLVING ROLE OF CISO By Darren Anstee, Chief Security Technologist, Arbor Networks
A
ccording to a March 2016 PwC report, ‘A False Sense of Security?’, that surveyed 300 Middle Eastern organisations, the region has become one of the prime targets for cyber-attacks. In fact, according to the findings in the report, in 2015, 56 percent of businesses in the region lost more than $500,000 as a result of cyber incidents compared to 33 percent globally. Faced with this reality, organisations across the region have upped their IT security spend. However, one of the biggest challenges when you go shopping for new security tools is answering the inevitable question from finance: “What’s the value?” The role of the CISO (Chief Information Security Officer) continues to evolve as the understanding of cyber-risk continues to increase within the business community. The dependence on IT infrastructure, increased compliance requirements and the proliferation of sensitive data are all areas of risk. And, not a week goes by without there being some new breach, adversary or threat reported in the media. Businesses are increasingly looking to their CISOs to define, implement, measure and communicate the strategies they need to both assess and manage these risks. Over the past few years the role of the CISO, and the skills they require have evolved. Yes, CISOs still need to be subject matter experts, understanding the technical aspects of the threats they face and solutions they deploy – but increasingly they 38
09.2016
also need to be business strategists and communicators. The appreciation of cyber-risk as another type of business risk has become much more common in many organisations and there has been a realisation that it can’t be managed purely from within IT. As a consequence, CISOs in many organisations now regularly report to the board and have a much broader range of influence across a business. In many of the organisations that I deal with, security is being considered within projects and acquisitions from the get-go – rather than as an afterthought. This requires the risk appetites and tolerances of the organisation (around IT and customer data) to be defined, communicated and managed. Further, this requires a reframing of technical concepts into more general business language. INVESTMENT VALUE The importance of the technical side of the CISO role hasn’t diminished though, and as we can all see there is continued change in both the threat landscape and the solutions available to counter our adversaries. When selecting technologies, CISOs are increasingly looking at the value an investment could bring in terms of reducing risk, rather than looking at the number of threats blocked. The model adopted by many organisations in the past has been to deploy the latest technologies to detect and/or disrupt the latest threats, and then engineer process (and people) around these
technologies. In a world with a significant shortage of skilled security people, and where security automation is still in its infancy, this doesn’t necessarily get the best result. CISOs are looking for the ‘right’ technologies that detect and/or disrupt the threats that matter, whilst maximising the effectiveness of their people. Increasingly CISOs are looking to build their processes around their business and their people, and are then looking to investing in technologies that streamline these processes. This requires the CISO to have a more balanced view of internal versus external threats, capabilities and business requirements. MEASURING SUCCESS Many CISOs also now face increased scrutiny. Measuring risk and the effectiveness of their teams and processes, and then communicating the results has become a key part of the CISO’s role. Defining the right metrics to measure the success or failure of a security organisation, and its strengths and weaknesses, is imperative. If we know what we are good at, and what we aren’t, then we know where we need to improve. The CISO is now a key individual within any businesses. In today’s connected world, where our businesses are ever more dependent on the security of our services and data, it is the CISO’s role to create the bridge between technical threat and business risk, and thereby manage the continuous improvement of an organisation’s ability to deal with new and ever more advanced adversaries. www.securityadvisorme.com