Security Advisor Middle East | Issue 8 by Security Advisor Middle East

ISSUE 8 | AUGUST 2016 www.securityadvisorme.com

RANSOMWARE HOW TO prevent your business from being taken hostage Blocking phishers

Spotting insider threats

Building safe cities

eSecurityDen 2017 INTERCONTINENTAL HOTEL DUBAI FESTIVAL CITY

28.2.2017

A UNIQUE DEMO ONLY FORMAT EVENT FOCUSSED 100% ON eSECURITY IN ASSOCIATION WITH

OFFICIAL EVENT ORGANIZER

OFFICIAL PUBLISHER

SHOWCASE YOUR SERVICES AND SOLUTIONS TO C-LEVEL EXECUTIVES FROM ALL INDUSTRIES IN MORE THAN 200 ORGANISATIONS FROM ACROSS THE MIDDLE-EAST, LAUNCH NEW PRODUCTS AND BUILD PARTNERSHIPS TO ATTEND AS A DELEGATE OR ENQUIRE ABOUT SPEAKING OPPORTUNITIES CONTACT US NOW!

+44 (0)330 44 3001

INNOVATE EDUCATE DEMONSTRATE

esd@eSecurityDen.com

www.eSecurityden.com

@eSecurityDen eSecurityDen

STRATEGIC INNOVATION PARTNER

STRATEGIC PARTNER

CONTENTS FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)

Publishing Director Rajashree Rammohan raj.ram@cpimediagroup.com +971 4 440 9139

DIGITAL EXTORTION

EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129

Ransomware attacks could be about to get a lot more serious.

Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9114 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119 PRODUCTION AND DESIGN Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 440 9159 Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9148 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9156 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas webmaster@cpimediagroup.com +971 4 440 9100 Published by

Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press

BUILDING SAFE CITIES Huawei’s Director of Public Safety, Mohammad Allataifeh, analyses the potential risks that come with urbanisation and Smart Cities.

CRITICAL CONTROLS Mehdi Quraishi, CEO of ixtel Technologies, gives us a lowdown on the threat landscape and his take on defence strategies.

18 22

Regional partner of

© Copyright 2016 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

ADVANCED CYBER THREATS, DEMYSTIFIED Simple, unsophisticated but still dangerous targeted attacks are the ones businesses should fear the most. TRUST IN THE NEW WORLD PayPal’s CRO, Tomer Barel, gives four ways to restore trust with customers and key constituents. WHAT’S NEXT FOR RANSOMWARE? David Maciejak, Fortinet,

discusses how the increased number of connected devices means only one thing for attackers - more potential victims. INSIDER THREATS To help companies spot the insider sooner, we collected advice from security experts aimed at helping companies find an insider attack sooner rather than later. SECURING THE CLOUD Jim Reavis, CEO at Cloud Security Alliance, gives us a sense of what enterprises think about cloud deployments and cloud security. BUILDING A BUSINESS CASE FOR SECURITY Determining the ROI of a new security product isn’t an exact science. Jim Jaeger, Fidelis Cybersecurity, discusses how to evaluate a security solution in business terms to a CFO.

NEWS

PALADION APPOINTS NEW PRESIDENT AND COO Paladion has announced the appointment of Sunil Gupta, a former COO from Infosys’ EdgeVerve, as president and chief operating officer. In this new role, Gupta is responsible for the business strategies and outcomes in MEA and India, and will direct all business units and delivery. On his new office, Sunil Gupta, president and COO, Paladion said, “My immediate emphasis will be on operational efficiency and to expand Paladion’s footprint into new markets in the pursuit of growth. We will also create new partnerships and business models to deliver greater value to our clients.” He added, “I look forward to a lasting association with Paladion and a reciprocally progressive impact on both.” Gupta, who has a B-Tech in Computer Science from NIT Trichy, Madras University, has held several leadership roles over the past 30 years. These include VPEngineering in Aricent (erstwhile Hughes Software Systems), CTO in Symphony Teleca, COO in Logica India, and Edgeverve systems (an Infosys company). Rajat Mohanty, CEO and cofounder, Paladion, said, “Sunil brings a wealth of experience in building great organisations that deliver platform based services. He has a deep understanding of the dynamics that are playing out in enterprises as IT is transitioning to be more agile, secure and responsive. Sunil will help position Paladion effectively to solve the next generation challenges of security management.”

08.2016

CISCO REPORT PREDICTS NEXT GENERATION RANSOMWARE and hold entire networks, and Cisco highlighted in its 2016 therefore companies, hostage. Midyear Cybersecurity Report “As organisations (MCR) that organisations are capitalise on new business unprepared for future strains of models presented by digital more sophisticated ransomware. transformation, security is the According to the report’s Mike Weston, critical foundation,” said Mike findings, the struggle to constrain Cisco ME Weston, VP, Cisco Middle East. the operational space of “Attackers are going undetected attackers is the biggest challenge and expanding their time to operate. To facing businesses and threatens the close the attackers’ windows of opportunity, underlying foundation required for digital customers will require more visbility transformation. Other key findings in the into their networks and must improve MCR include adversaries expanding their focus to server-side attacks, evolving attack activities, like patching and retiring aging infrastructure lacking in advanced security methods and increasing use of encryption capabilities. As attackers continue to to mask activity. monetise their strikes and create highly So far in 2016, ransomware has profitable business models, Cisco is become the most profitable malware working with our customers to help them type in history. Cisco expects to see this match and exceed their attackers’ level of trend continue with even more destructive sophistication, visbility and control.” ransomware that can spread by itself

A10 Networks and Cylance join forces A10 Networks and Cylance have announced a technical partnership to “enhance cybersecurity” Gunter Reiss, A10 Networks for individual endpoints and users from the data centre to the cloud, by incorporating advanced threat protection for encrypted traffic. The combined A10 Networks and Cylance solution aims to bring together secure application network technology with proactive prevention and detection of advanced persistent threats and malware. CylancePROTECT is an “ideal complement” for A10 Networks’ Thunder SSLi and CFW solutions, which offer high-speed SSL decryption for end-user traffic, protection against malware even when encrypted, and protection for incoming and outgoing email traffic.

“Cylance’s novel next-gen AV will augment the innovative A10 Thunder SSLi and Thunder CFW solutions to offer increased security for governments, gaming companies, healthcare providers, financial institutions and other markets facing critical security threats,” said Gunter Reiss, Vice President, Strategic Alliances, A10 Networks. “Cylance is pleased to partner with A10 Networks to provide a solution that not only delivers cutting-edge anti-malware capability through predictive artificial intelligence, but also acts to complement and optimise A10 customers’ existing investments in other security tools and processes,” said Joel Bauman, Vice President, Corporate and Business Development, Cylance. Expected to be available in early 2017, the integrated solution will be available as a subscription service to A10 customers.

www.securityadvisorme.com

NEWS

FORTINET SECURES TWO NSS RATING RECOMMENDATIONS results combined Fortinet has earned NSS with additional NSS recommendations for Labs recommended two of their sandboxing components across our solutions; the FortiSandbox security fabric offerings 3000D appliance, and the complete the critical Fo§rtiSandbox Cloud service. steps of converting According to Fortinet, rapid detection into the results in NSS Labs’ automatic mitigation latest Breach Detection John Maddison,Fortinet to protect against Systems (BDS) Group Test the most advanced threats facing “further demonstrate the effectiveness” organisations today.” of the company’s security fabric, Vikram Phatak, CEO, NSS Labs, “combining global and local security said, “This BDS test focused on the to protect enterprises and midlatest, most sophisticated threats sized organisations against the most so earning two recommendations is advanced cyber threats.” quite an accomplishment. As the only John Maddison, SVP, Products vendor with both a recommended and Solutions, Fortinet, said “We’re appliance and cloud service, tied to honoured to receive NSS Labs edge firewall and endpoint protection, recommendations for BDS, which it also demonstrates the capabilities of reinforce the effectiveness of our Fortinet’s security fabric.” sandbox solutions. These new test

Sophos introduces new data encryption solution Sophos has announced the Sophos SafeGuard Encryption 8, a new synchronised encryption solution that protects data against theft from malware, attackers or accidental leaks. A number of organisations are now opting to adopt the best practice of “always-on” file-level encryption to protect data accessed from mobile devices, laptops, desktops, on-prem networks and cloud-based file sharing applications. The latest offering, according to Sophos, provides persistent, transparent and proactive encryption that protects files across Windows, Mac, iOS or Android platforms by default. “Full disk encryption alone only protects data in the event of the theft or loss of a laptop or mobile device.

www.securityadvisorme.com

But data travels everywhere – it’s vulnerable and extremely difficult to protect consistently when shared and opened from multiple devices and cloud-based collaboration applications,” said Dan Schiappa, SVP and GM, Enduser Security Group, Sophos. “We’ve completely re-imagined SafeGuardEncryption 8 to encrypt each individual file by default and continuously validate users, applications and devices for secure collaboration. Sophos SafeGuard Encryption also synchronises keys with Sophos Mobile Control, which seamlessly secures file access rights on smartphones and tablets. Even encrypted documents can be accessed securely within the application’s Secure Work Space feature.

$81.6B

will be spent worldwide on information security products and services in 2016 Source: Gartner

RSA UNVEILS NEW SECURID SUITE RSA, the Security Division of EMC, has recently announced its RSA SecurID Suite, which combines the different disciplines of access, governance, lifecycle and identity assurance together to help address the identity needs of the modern enterprise. The RSA SecurID Suite includes RSA SecurID Access, including the traditional RSA SecurID two-factor authenticators, RSA Identity Governance and RSA Identity Lifecycle. RSA SecurID Access customers can protect any resource on-premise or in the cloud. With context-based identity assurance, business stakeholders and security teams can align access policies with their business agility needs and risk profile. Jim Ducharme, VP, Engineering and Product Management, RSA, said, “Today’s CISOs and CIOs face major challenges balancing the need to protect their attack surfaces against identity-based attacks while at the same time ensuring that the right individuals have access to the tools and information they need. The RSA SecurID Suite helps executives take command of the whole identity lifecycle. It’s one of the only solution on the market that offers truly actionable insights into identity and access issues, helping C-level leaders protect their enterprises, minimise the friction that users face and empower their business to get more done.”

08.2016

COVER FEATURE

DIGITAL EXTORTION Ransomware is going after organisations and individuals alike. These attacks could be about to get a lot more serious.

ansomware is a familiar plague in the online world – it has existed for more than 25 years and become increasingly common during the past decade. But, until recently, it has been aimed more at organisations or individual computers than devices. And that is changing. With the explosive growth of the Internet of Things (IoT) – estimates of how many connected devices will be in use by 2020 range all the way up to 200 billion – experts say it is about to get much more common at the consumer level. An attack surface that broad and that vulnerable is irresistible to cybercriminals. While other types of cyberattacks typically take more work to monetise, the skyrocketing growth is due to the fact that ransomware is getting easier and 6

08.2016

easier to send and that it offers a quick and easy return on investment. Scott Manson, Cyber Security Leader, Cisco Middle East, explains the reason behind the spike in the number of ransomware: “The rise of ransomware over the past year is an ever growing problem. Business often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we’re seeing ransomware evolve at an alarming rate.” Hussam Sidani, Regional Manager for Gulf, Symantec, agrees that ransomware has quickly emerged as one of the most dangerous cyber-threats facing both organisations and consumers,

with global losses now likely running to hundreds of millions of dollars. In the Middle East and Africa, UAE has become a lucrative target for cybercriminals. According to Symantec’s 2016 Internet Security Threat Report (ISTR), the country was the 4th most impacted country in the Middle East and Africa region with ransomware. The report also stated that ransomware attacks grew by 44 percent year-on-year in the UAE. “Ransomware attacks are becoming diverse and sophisticated in nature. Additionally, given the strong uptake of smartphones and tablets, we’re seeing more mobile devices coming under attack, with attackers encrypting files, and anything else an owner will pay to recover,” says Sidani. What are the new variants of ransomware you can expect to surface this year? “It is near impossible to www.securityadvisorme.com

COVER FEATURE

predict the future of ransomware. However, we can be fairly certain that the crooks behind the current strains of ransomware will continue to develop their offerings. This year, for example, we have seen some individualised phishing campaigns, additional layers of code obfuscation, more anti-detection techniques, the use of different programming languages and virus-like behaviour,” says John Shier, Senior Security Advisor, Sophos. Justin Harvey, Chief Security Officer, Fidelis Cybersecurity, says, when talking about new variants of ransomware in 2016, Locky stands far and away the lead in the number of infections and attempts worldwide. When it emerged several other ransomware families just went away. While there are still others like Cerber and few new ones in the underground www.securityadvisorme.com

“This year, we have seen some individualised phishing campaigns, additional layers of code obfuscation, more anti-detection techniques, the use of different programming languages and virus-like behaviour.” - John Shier, Senior Security Advisor, Sophos

market, the people behind Locky are spending real resources to dominate the malware delivery channels available to criminal actors.” According to Chris Carlson, VP Product Management, Qualys, this year we will see more examples of

script-based ransomware as the attack vector makes it difficult for traditional anti-virus vendors to defeat. “There will be more examples of ransomware attacks against Internet-facing servers directly. The changing threat landscape is forcing us to consider the definition 08.2016

COVER FEATURE

of ransomware. Modern attacks are evolving from encrypting users’ workstations that we normally call ransomware, to holding entire systems, networks, websites, and data hostage until access is restored through a payment,” he says. The ransomware threat is very real, but proactive organisations can protect themselves from this growing menace. “There are many steps that enterprises must take to reduce ransomware infection but this is critical – do NOT count on your employees to keep you safe. While it is still important to uplevel your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in email,” says David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet. Raj Samani, VP & CTO, Intel Security EMEA, echoes a similar opinion: “The biggest threat is users who let ransomware on their endpoints. The most proactive method of protecting a network from ransomware attack is to keep ransomware from reaching the endpoint in the first place.” Essam Ahmed, Director of System Engineering, FireEye Middle East and Africa, adds that a strong system of defence should be implemented across the organisation. “It is important that defensive measures are updated with actionable threat intelligence as quickly as possibly. Security systems that allow days or weeks between updates give cyber attackers more time to successfully target multiple systems in an organisation with the same ransomware.”

“The explosion of shared information and the growing number of mobile devices at work has led to an increase in mobile ransomware.” - David Emm, Principal Security Researcher, Kaspersky Lab

According to a recent report from Kaspersky Lab, attackers behind the production of ransomware are focusing more now on mobile devices than before, given that the number of users attacked with mobile ransomware grew almost four times from 35,413 users in 20142015 to 136,532 users in 2015-2016. ‘In this day and time, mobile devices such as smartphones have become an absolute necessity in our lives, some content such as pictures and videos are taken on these devices become irreplaceable. The explosion of shared information and the growing number of mobile devices at work has led to an increase in mobile ransomware. According to a study by Kaspersky Lab, the number of new mobile ransomware has increased 1.4 times, from 1,984 in Q4, 2015 to 2,895 in Q1, 2016. In 2015, 17 per cent of ransomware targeted Android devices,” says David Emm, Principal Security Researcher, Kaspersky Lab. Nicolai Solling, Director of Technology Services at Help AG, agrees and cites a research from Blue Coat, which ranked mobile ransomware as

“Mobile OS developers are taking note of this trend and the newest version of Google’s Android OS makes it harder for attackers.” - Nicolai Solling, Director of Technology Services at Help AG

08.2016

the number one among the attack types on the mobile front. “Today, thanks to processing and storage capabilities that rival traditional computing devices, smartphones can contain a wealth of sensitive information. Mobile OS developers are taking note of this trend and the newest version of Google’s Android OS makes it harder for attackers by placing “SYSTEM_ALERT_WINDOW” (a permission most commonly exploited by Android ransomware) in the “above dangerous” category,” he says. Security experts say the only sure way to protect against ransomware attacks is with fool-proof file backups. Fortunately, it is relatively easy to duplicate corporate files, and regular, systematic backups are an effective strategy to combat ransomware. Of course, backups are only useful if they are created before a malware attack, so it is a good idea to immediately and regularly backup important files. Unfortunately, simple file backups aren’t always enough. Some backup implementations are vulnerable to crypto malware, and backup archives can also be encrypted by cybercriminals. Some cloud-based file synchronisation services replace good files with corrupted versions. So the capability to roll back to specific points in time for data recovery, and the duration of time backups are stored — as well as the amount of time and resources it takes to access stored files — should be crucial considerations for people and organisations that want to prevent ransomware complications. www.securityadvisorme.com

“It’s not just security. It’s defence.” Cyber threats have changed, and the solutions need to change too. The sophisticated techniques BAE Systems uses to protect government and military assets are now helping to defend businesses around the world. Learn more at BAEsystems.com/cyberdefence Copyright © 2016 BAE Systems plc. All rights reserved.

OPINION

BUILDING SAFE CITIES By Mohammad Allataifeh, Director of Public Safety and Safe City, Huawei Enterprise, Middle East.

he world is moving into an era of urbanisation, where for the first time, more people are living in towns and cities than in rural areas. The attraction of urban living is plain to see. Cities offer an excellent standard of living with greater employment prospects, instant access to quality medical care, and a vibrant social life. But as cities and populations grow, added strain is placed on infrastructure, while opportunities for criminals are also more abundant. This is why governments are narrowing their focus on public safety and security, and setting aside more funds to help keep citizens safe. In 2015, more than $5.5 billion was spent on public safety solutions, and this figure is predicted to reach over $8 billion by 2019. At Huawei, we’ve experienced the growth of public safety solutions firsthand, as our safe city services now serve more than 400 million people in 100 cities across 30 countries. All of these figures make something quite clear; governments recognise the need for private sector collaboration when it comes to public safety, for a number of reasons. The first is the extra value that private sector collaboration can extract. Competition is a driving force behind innovation in the private sector as the threat of rival organisations prompt businesses to constantly find ways to 10

08.2016

IoT will have a massive impact on safe cities of the future as almost universal LTE connectivity becomes a reality and inexpensive sensor solutions drive the integration of connected devices across metropolitan areas.

improve their offering. In the public safety space, this means more effective and cost efficient ways of preventing and responding to threats from both criminals (social threats) and natural disasters. It also means a shorter development cycle for these types of services, which speeds up the time it takes for a city to become ‘smarter and safer’. The Internet of Things (IoT) is a perfect example of this quickened innovation cycle. IoT will have a massive impact on safe cities of the future as almost universal LTE connectivity becomes a reality and inexpensive sensor solutions drive the integration of

connected devices across metropolitan areas. Anything from traditional CCTV cameras to devices designed to detect the sound of gunshots can send information to a city’s central control platform for analysis, helping public security agencies be better informed and quicker to respond. Yet steps are already being taken to commercialise IoT in the form of NarrowBand IoT (NB-IoT), which will allow the technology to be accessed via low-power wide area networks (LPWANs), and will provide increased connectivity volume as well as enabling better network coverage. NB-IoT will empower organizations – both public and private – to implement smart services without the need to set up their own Wide Area Network (WAN); services which could be focused on better public safety and security that will result in more automation and much faster transaction which means much faster responses to incidents and quicker crime investigations. Technologies such as IoT are just one piece of a bigger public safety puzzle. As a result, governments and public bodies need to invest in end-to-end solutions that cover all requirements. Integration is therefore a fundamental part of the Safe City concept. The idea is that public security technology such as video surveillance, access control and perimeter protection can be combined with safety elements including weather sensors and even social media analysis on one consolidated Private-Cloud based IT platform. From this centralised place, public security agencies and all other stakeholders are given a complete overview of the city’s safety and security status. With a broad view, intelligence can be gathered from security and safety sources, analysed via a big data solution, and acted upon instantly and even sometimes ahead of incidents that could happen. For example, license plate recognition (LPR) and face recognition www.securityadvisorme.com

OPINION

could be used to identify suspect vehicles and people so police forces can take Rapid Real-Time action. Then, with all this data recorded, authorities can quickly go back and examine the information to speed up the post-event investigation. Not only can integrated ICT such as this save lives, it also helps cities to maximise their existing infrastructure and budget. If a sophisticated, consolidated platform like this is to have the desired impact, public and private organisations must work together to tie a city’s safety needs and challenges to the right ICT options. One of the most valuable outcomes of this process is that threat prevention becomes the focus, rather than cure. While services like our Convergent Command Centre and visualised dispatching can reduce response times significantly, prevention must always be the priority, as this is what ultimately saves more lives and properties. End-to-end solutions support threat prevention by plugging the gaps in a city’s security infrastructure. Gaps like surveillance blind spots, intermittent LTE network connectivity, Big Data Analytics and slow decision making are all hurdles to preventing threats, among others. Overcoming them with innovative technology can reduce incidences of crime and help to minimise the human impact of a natural disaster. These outcomes are especially beneficial to cities in today’s increasingly urbanised world. Everyone wants to live in a safe environment, so when a city excels at threat prevention, it becomes a selling point to flaunt when trying to attract potential citizens. As urbanisation grows, so too will the Safe City and the public-private partnerships that make them a reality. And as society and the threats we face change, technology must keep up. Businesses like Huawei have a responsibility to help new leading ICT emerge for the good of a city’s citizens and infrastructure, ultimately creating a safer and better connected world. www.securityadvisorme.com

08.2016

THE INTERNET OF THINGS AT WORK BIG CHALLENGES

Ownership of tech and/or data outside of IT

Increased security threats

49%

Data privacy

25%

Identity and access management

Compliance requirements

43%

Say organisation already has or expects to create plans for Internet of Things within next 12 months

08.2016

www.securityadvisorme.com

As wearables and other connected devices increasingly make their way into the workplace, IT professionals still see more risk than benefit. Yet with sound preparation, education and governance, enterprises can be well-positioned to embrace the benefits of the Internet of Things (IoT).

WORKPLACE BYOD POLICY ADRESSES WEARABLE TECH 23%

60%

Don’t have a BYOD policy

56%

Very concerned Somewhat concerned

Yes

believe “bring your own wearable” and “bring your own device” are equally risky

69% 25% 4% 2% IS PRIVACY DEAD?

11% 9%

Unsure

INTERNET OF THINGS RISK VS. BENEFIT 35% 31% 30% 46% Risk

Benefit

Risk

Not concerned Don’t believe it’s decreasing

Enterprises

Individuals

Attitude toward decreasing level of personal privacy Source: Isaca www.securityadvisorme.com

08.2016

INTERVIEW

CRITICAL CONTROLS Mehdi Quraishi, CEO of ixtel Technologies, gives us a lowdown on the threat landscape and his take on defence strategies.

HAT ARE THE TOP SECURITY CONCERNS FACING ENTERPRISES IN

OUR REGION? The four biggest threats to cyber security in our region for 2016 and beyond are: Mobile device security: The dependence of people on their smartphones and tablets is huge. These devices contain a lot of personal information due to the huge number of operations that they can perform. People access their bank account, make purchases, and pay bills. There will be increased hacker focus on mobile consumer payment systems and once hackers have infiltrated consumer mobile payment systems they may be able to access customers corporate networks. The emails, contacts, confidential authentication measures and apps that access customer corporate network become susceptible. The vulnerability of a simple mobile application could lead to the compromise of an entire company network. Rise in ransomware and corporate extortion: Ransomware is turning out to be one of the most virulent and potentially heartbreaking malware infections to become a victim of. If customers are unfortunate enough to accidentally download this type of malicious code - whether through phishing attacks or illegitimate downloads and compromised websites - the malware locks your screen, encrypts your files and attempts to exhort a fee before giving you the cryptographic 14

08.2016

key required to get your files back. Cracking the cloud: Following the high rate of adoption of cloud services platforms, cyber criminals will increasingly focus on exploiting their customers and stealing valuable and confidential data. Cloud providers have implemented advanced technologies for data protection, network security, privacy, and authentication/authorisation management. Many of them have infrastructure capabilities that better block attacks and have better contingency plans and accelerated incident response. Most users trust in the security of the big cloud platforms, and providers will be pressured to maintain high levels of security because they will likely be one of the most important targets of cyber attackers. IoT: The Internet of Things (IoT) became one of the world’s fastest growing technology sectors, and simultaneously one of the fastest growing sources of security vulnerabilities for both consumers and enterprises. In the rush to release devices, manufacturers did not give them considerable security measures. Devices were designed for convenience, but not engineered with security in mind. As more and more devices become tied into the Internet, the insufficient security mechanisms will likely expand the security threats in this industry. WITH BREACHES CONTINUING TO HAPPEN, DO YOU SEE BUDGETS FOR SECURITY TECHNOLOGIES INCREASING? I think that most organisations should be spending more on security, but obviously

the concern is that even if there is an increase in the security budget, it doesn’t mean it will be spent wisely by most of the organisations IS IT TIME FOR US TO RETHINK THE TRADITIONAL APPROACH TO SECURITY? Yes, absolutely. Enterprises need to think about: • Managing risk in an environment that mixes a bewildering array of new devices, mobile computing, cloud adoption, cyber threats, and the widespread use of social networks • Protecting against increasingly sophisticated threats • Detecting and reacting immediately to security incidents • Reducing operational costs • Achieving compliance in a predictable and cost-effective way WHAT KIND OF SECURITY POSTURE WOULD YOU ADVOCATE TO PROTECT AGAINST NEW ATTACK VECTORS? The good news is that there is new security technology on the horizon, and some of it looks like it will be a worthwhile investment. Cutting-edge technologies show genuine promise and are already being used by enlightened companies. Analytics may give a huge boost to defenders, as well as machine learning and threat intelligence. Ixtel has launched some of these new cutting edge technologies to address the new attack vectors and we are already deploying some of these security technologies in GCC markets. www.securityadvisorme.com

INSIGHT

AT THE FOREFRONT OF INNOVATION By Stephen Brennan, Senior VP of Cyber Network Defence at DarkMatter

he Middle East exists at the margin between a prosperous future and valuable national assets. It finds itself with the burden of servicing the world’s energy needs while simultaneously defining the next generation of innovation and technology globally, all the while playing host to a concentration of complicated geo-political allies, adversaries and relationships. It should come as no surprise, therefore, that the Middle East is not immune to cyber attacks. In fact, according to a recent report from PwC, companies polled in the Middle East region suffered larger losses than the rest of the world last year as a result of cyber incidents: 56 per cent of respondents lost more than US$ 500,000 compared to 33 per cent globally; while 13 per cent lost at least three working days, compared to nine per cent. The PwC report goes on to highlight that businesses in the Middle East are also more likely to have suffered a cyber breach, compared to the rest of the world (85 per cent of respondents compared to a global average of 79 per cent), with 18 per cent of respondents in the region having experienced more than 5,000 attacks, which is higher than any other region, and compares to a global average of only nine per cent. Many of the countries and nation states in the Middle East are actively 16

08.2016

focused on cyber security solutions and developing initiatives to combat regional and global threats. The UAE, Saudi Arabia, Qatar, and Kuwait have been some of the most vocal and advanced in developing programs to date, but all countries in the region have spent considerable time and energy to protect their data and security. Given the region’s geo-political dynamics, many of the next generation initiatives focus on achieving national scale to provide a wider distribution of protection. For example, the United Arab Emirates (UAE) is embarking on a project to demonstrate that privacy does not need to suffer at the hands of stronger security as a result of its mandated national identification system. UAE residents may soon be able obtain derived credentials from their national Emirates ID (EID) through a trusted third party, in a process that is verifiable and audited. Subscribers can choose to use their raw EID, or substitute it with a derived credential from trusted thirdparty vendors, which can be generated with varying levels of access. These derived public key infrastructure (PKI) credentials offer a win-win-win situation; the UAE Government can rely on raw EID where it’s required, and facilitate strong security for the entire nation; commercial enterprises can benefit from strong ID assurance through derived credentials without the ability

to track users; and users can protect their privacy to the level they are comfortable with, but still have access to e-Government services where law mandates they use their EID. While many Western states have not embraced the concept of mandated national IDs at this stage, it is a daily reality across many parts of the Middle East and some of the benefits and lessons from the program may serve to inform future policies in the West. Other next generation initiatives in the Middle East include Resilient Smart Governments, where in the UAE a resiliency model has been developed that showcases and informs authorities of the interrelated impact of a cyber security breach; and a National Security Operations Center, from which Federal and Municipal authorities are able to assume a pro-active stance to cyber security, bringing their digital assets into a life-cycle encompassing planning, detection, protection, and recovery. Cyber security threats play an expanding role in the Middle East and lessons learned from combatting them today may well shape policies in Western countries and the rest of the world tomorrow. The region is a microcosm of the battle playing out digitally and cyber security initiatives taking place there, while in their infancy, are great examples of innovation necessary to combat the world’s foremost hackers. www.securityadvisorme.com

OPINION

ADVANCED CYBER THREATS, DEMYSTIFIED By: Ovanes Mikhaylov, Managing Director, Emerging Markets, Kaspersky Lab

few years from now someone will start writing the history of advanced, highly sophisticated cyber threats. This person will obviously start with Stuxnet, and go through the findings of campaigns like The Equation, Red October, Regin or Dark Hotel. These are the names every security researcher knows, as they significantly impact our understanding of cyber threat evolution. But they are not the ones that cause the most damage. Much simpler, unsophisticated but still dangerous targeted attacks are the ones businesses should fear the most. It’s not that high-profile threats are not dangerous. The major goals of people behind them are espionage and sabotage, and their victims, unfortunately, do feel the impact. The security community’s attention is biased towards the complicated cases, but this sometimes leads to false assumptions on the side of businesses. For example the following: “Those advanced threats are not targeting my particular company” – this is wrong, because even smaller businesses can be used as a vulnerable point to reach a larger and more protected company. Another example of the false assumption is “I can’t protect myself from such advanced attacks anyway, so why should 18

08.2016

There are many approaches to creating a technology to detect targeted attacks. The most effective are based on the knowledge of the normal behaviour of your company’s network.

I even try?” - this is not true, because detecting even the most sophisticated cybercriminal campaign is possible, and the security industry is definitely showing some progress here. This bias shifts the attention of corporate IT professionals from a simple fact: advanced threats are not the only ones that target them. Based

on our intelligence, we can roughly divide all threats into three categories: known threats, unknown threats and targeted attacks/advanced threats. Known threats are generic malware, phishing attacks. They are roughly 70% of all attacks faced by businesses today. These should not present a problem to a company, if IT security is deployed and maintained in a correct fashion. Basic security technology and intelligence systems (like cloud security) are required. Unknown threats are related to new malicious programmes. In general all the attempts of cybercriminals to evolve their tools and overcome protection belong here. Advanced technologies are required to prevent such threats, including proactive detection and heuristic technologies, application control and other approaches. Still, it’s quite clear how to deal with such threats, using existing endpoint security solutions, network filtering, etc. These threats amount to around 29% of all attacks. And finally, the remaining 1% are targeted attacks and advanced threats. What’s the difference? Advanced threats use advanced cyber weapons: zeroday vulnerabilities, and sophisticated tools to hide their presence in a victim’s network. Targeted attacks rarely use such an ‘expensive’ tool set, but what is common between the two is www.securityadvisorme.com

OPINION

the research of a specific victim and adaptation of attack methods, in order to increase its chances of success. Unlike the other 99% of attacks, people behind these threats know about your company much more than you know about them. They find a reckless employee. An unpatched machine with access to sensitive data. A web application created by a subcontractor with security lapses. Anything they could use to break in. And no matter how good your security perimeter is, they will break it eventually. So what should businesses do? The answer is simple. We all agree that companies need experts and technology to secure their perimeter (don’t forget that the other 99% of typical threats is still there). Likewise, they need intelligence and technology to identify and remediate attacks inside the perimeter, should they happen. The worst case scenario is when you learn about a compromise of your data from a newspaper, and not your Chief Information Security Officer. There are many approaches to creating a technology to detect targeted attacks. The most effective are based on the knowledge of the normal behaviour of your company’s network. Which websites and services do your employees visit? At what frequency? What is the typical time they do that? How often do you exchange data with your partners and clients? Knowing these patterns, threat detection solutions are able to spot irregular behaviour and alert IT personnel. Is it okay if a laptop connects at 3am to an unusual server in a distant country? Why is that machine sending gigabytes of data to a previously unknown location? In fact, this is where advanced threats and ‘unsophisticated’ targeted attacks start showing similar behaviour. No matter how brilliant, these cyber weapons have to communicate to their creators, propagate within the infrastructure and send data. That’s when an effective and highly flexible algorithm can be capable of spotting them. www.securityadvisorme.com

This evolution of the threat landscape requires a specific protection technology. That is what we have designed in the Kaspersky Anti Targeted Attack Platform. It uses sophisticated algorithms to analyse files, URLs and data to identify potentially suspicious activity: something that stands out of the normal office workflow. It enables businesses to identify targeted attacks at the point of infection and provides them with enough intelligence to counteract. Together with traditional security solutions, this helps businesses cover the entire range of cybersecurity threats they face.

08.2016

OPINION

RANSOMWARE REMEDIATION STRATEGIES By Raj Samani, VP & CTO, EMEA, Intel Security

fter slowing slightly in mid-2015, ransomware has overall regained its rapid growth rate. According to the June 2016 McAfee Labs Threats Report, total ransomware grew 116% year-over-year for the period ending March 31. Total ransomware rose 26% from Q4 2015 to Q1 2016 as lucrative returns continued to draw relatively low-skilled criminals. An October 2015 Cyber Threat Alliance analysis of the CryptoWall V3 ransomware hinted at the financial scale of such campaigns. The researchers linked just one campaign’s operations to $325 million in victims’ ransom payments. This spurt in Ransomware attacks can be attributed to three key reasons. The first driver is the syndication of the activity into ransom as a service with offers of revenue sharing to operatives facing the target recipients. The second driver is the development of polymorphism in ransomware generating a unique threat signature for each attack. And the third driver is the increasing sophistication within the malware, widening the scope of damages. With Middle East organisations becoming a target for Ransomware attacks, it is incumbent on the C-suite to take action and ensure that their data and organisations are not held ransom. 20

08.2016

REMEDIATION STRATEGIES FOR EACH STAGE Ransomware attacks occur in five stages – distribution, infection, communication, encryption and demand. So it is only logical that there should be prevention and remediation strategies for each of these stages. DISTRIBUTION STAGE Build a “human firewall”: The biggest threat is users who let the ransomware on their endpoints. People are the weakest link. Organisations need to make sure that all employees from the CEO down, understand both how ransomware works as well as the ramifications of an attack. Stop ransomware before the endpoint: The most-proactive method of protecting a network from ransomware attack (other than the human firewall) is to keep ransomware from reaching the endpoint in the first place. Consider a web-filtering technology. Apply all current operating system and application patches: Many ransomware strategies take advantage of vulnerabilities in the operating system or in applications to infect an endpoint. Having the latest operating system and application versions and patches will reduce the attack surface to a minimum Spam filtering and web gateway filtering: Again, the ideal approach is to keep ransomware off the network and

the endpoint. Spam filtering and web gateway filtering are great ways to stop ransomware that tries to reach the endpoint through malicious IPs, URLs, and email spam. Allow only whitelisted items to execute: Use an “application control” method that offers centrally administered whitelisting to block unauthorised executables on servers, corporate desktops, and fixed-function devices, thus dramatically reducing the attack surface for most ransomware. Limit privileges for unknown processes: This can be done easily by writing rules for host intrusion prevention systems or access protection rules. INFECTION STAGE Don’t turn on macros unless you know what’s happening: In general, do not enable macros in documents received via email. Notice that Microsoft Office turns off auto-execution of macros for Office documents by default. Office macros are a popular way for ransomware to infect your machine, so if a document “asks” you to enable macros, don’t do it. Make yourself “weaker” when working: Don’t give yourself more www.securityadvisorme.com

OPINION

login power than you need. If you allow yourself administrator rights during normal usage, consider restricting this. Surfing the web, opening applications and documents, and generally doing a lot of work while logged in with administrative rights is very dangerous. If you get hit with malware while you have fewer rights, you will reduce your risk because malware will also execute with fewer rights, which will reduce the threat’s attack surface. Use access protection rules on software installs: Write access control rules against targeted file extensions that deny writes by unapproved applications. This complements host intrusion prevention systems rules with a similar strategy Use sandboxing for suspicious processes: If a process is flagged as suspicious (due to low age and prevalence, for example), that process should be sent to a security sandboxing appliance for further study. Block “unapproved” processes from changing files: Block these by writing rules for host intrusion prevention systems or access protection. COMMUNICATION STAGE Firewall rules can block known malicious domains: Writing rules to block malicious domains is a standard capability of network firewalls. Proxy/gateway scanner signatures for known traffic: For those with proxy and gateway appliances, these technologies can be configured to scan for known ransomware control server traffic and block it. Most ransomware cannot continue operations if it cannot retrieve the public encryption key needed for asymmetric encryption. www.securityadvisorme.com

ENCRYPTION STAGE Back-up and restore files locally: By creating a storage volume and running archival differential-based file backups to that storage volume, remediation is as easy as removing the ransomware, going back in time with the backup to a point before the ransomware affected the files, and restoring all the affected files. This can be done today by network administrators who could either use external storage volumes with a good archival backup utility or partition a local drive and run the backup utility against that Limit shared file activities: Many ransomware variants will look for access to files on storage other than the boot volume—such as file servers, additional volumes, etc.—and will encrypt everything they can find to inflict maximum damage. Consider limiting operations allowed on shared volumes RANSOM DEMAND STAGE Restore from backup, keep a recent backup offsite and “air gapped”: Store a set of multiple, complete backups and assume an attack. An “air-gapped” backup is not connected to the computer or the network anywhere. (For an individual this could mean back up to an external hard drive. When the backup is done, unplug the drive and keep it in a drawer, away from any computers. That way ransomware cannot detect the backup and damage it.) Consider using a “bare metal backup” utility, which not only backs up your user files, but also lets you erase all storage volumes (in case the machine is stolen) and get you back to a usable state with all your applications and data restored Ensuring your organisation’s precious data is not ripe for the taking is a daunting task, especially with the steady rise of ransomware as an attack vector. By adopting a planned approach involving both end users and IT administrators, and implementing integrated security solutions that protect, detect and correct, businesses can avoid the unplanned downtimes and losses associated with such malware attacks. 08.2016

OPINION

TRUST IN THE NEW WORLD By Tomer Barel, Global Chief Risk Officer, PayPal

here have been some major changes related to risk management in the last few years that have made many people take notice. Businesses and consumers alike are faced with new threats. Take fraud as an example. According to LexisNexis, fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion just one year earlier. Additionally, between 500 million and 1 billion identities were stolen globally last year due to data breaches. Data breaches have remained an ongoing concern for many. It seems that these attacks are due to “bad guys” becoming more frequent and sophisticated. It also shows the importance of having a strong Chief Risk Officer at a company. But, the way we view Chief Risk Officers is evolving based on this changing landscape. For those of us in the industry, we need to shift our mindset and start thinking of ourselves as Chief Trust Officers. With this shift, we can focus on how to increase trust with our customers and key constituents. Here are four key ways we can help to restore trust in this new world: 1. CROS SHOULD TAKE FIRST LINE OF DEFENCE RESPONSIBILITIES In many organisations CROs play a 22

08.2016

pure oversight “second line of defence” role, but that might not be what is best anymore. Security and risk should be first priority for many companies, and in these companies risk organisations should be taking a first line of defence role, owning key business metrics such as loss rates, in addition to the oversight role. 2. BE INNOVATIVE, BUT STAY HUMAN A lot of risk management is about saying no, but true innovation happens when we can say yes. Trust isn’t just about keeping bad guys out and threats away. We have to maintain high levels of protection without interfering with actual customer experiences. For PayPal it’s our risk team’s job to enable the good guys to pay anywhere and across any device. To do that, one has to leverage to the full extent the data the organisation collects to manage risk effectively. “Big data” platforms and significant investments in data sciences capabilities are an important part of it. But they must be complemented by human insights. Using a combination of technology and deep understanding of human behaviour will help companies to quickly and accurately assess risk and thrive. 3. FUTUREPROOF YOUR RISK ORGANISATION As early as five years ago, even before mobile phones became the

device of choice for our customers, PayPal started preparing to manage risk on mobile devices. And in this process, we recognised there were some inherent security advantages to mobile devices. A personal connection to a person’s mobile device coupled with unique information such as location data actually allowed account verification more effectively. As a result, our mobile loss rate is lower than online. It’s important for CROs to spot trends, prepare to face them – and take advantage of what will come in the future. 4. DON’T TRY TO DO IT ALONE There isn’t a silver bullet when it comes to security and threats, and companies can’t just build a big wall to stop people from getting in. With new threats being created every day, trust must be built between companies, customers and governments – especially in a global organisation. Managing risk properly takes a group effort. PayPal was a founding member of DMARC and of the FIDO Alliance and also recently participated in the White House’s Cybersecurity Summit. We believe there needs to be a future where a password is no longer needed – but it will take industry collaboration and a focus on building trust to get there. Ultimately, building these relationships and industry solutions will benefit us all. www.securityadvisorme.com

A PA R T N E R S H I P F O R T H E

Road Ahead

The world of cybersecurity is filled with unknown threats. Get comprehensive attacks and robust security for your applications before, during, and after you deploy. Find out how Ixia and TNC are working together to help you discover more. www.t ncenter.com I sales@tncenter.com

INSIGHT

IMPROVING NETWORK SECURITY By Cherif Sleiman, General Manager, Middle East and Africa at Infoblox

n May this year, we posted results of our ‘network protection survey’, which looked – among other things – at best practices in companies that were highly successful at network security. I will drill down into these best practices, and how to achieve them. Some of the recommended actions have the added benefit of positively influencing multiple outcomes, so organizations in the Middle East can benefit by prioritizing these actions first. Recommendation #1: Get rid of departmental silos. Among survey respondents, there was a high correlation between those who reported best results with those who enjoyed a high level of cooperation between network, security, and application teams. You may need to retain data silos to ensure privacy and security, but colleagues should be made aware of those limitations. Technology can be a great facilitator to enforce essential policy and remove artificial boundaries or silos that limit data sharing across groups. 24

08.2016

Recommendation #2: Pay attention to operational realities. In network security and network operations (and probably most areas of the enterprise), technology alone will not alleviate certain realities about doing business. Technology must be part of a strategy to optimize processes and help people make intelligent, intuitive decisions based on information (not data) and enriched with the right context. Recommendation #3: Prioritize based on risk analysis. Actions should balance risk and reward. That requires laying the foundation for intuitive decisions with information and context derived not from all data, but from data required to provide a perspective on risk and impact on the business. Human beings should not have to correlate data themselves or use guess work to determine impact. To prioritize properly, they must have as much aggregated context as possible (that’s why getting rid of silos is so important). Recommendation #4: Be realistic about security staffing. Finding staffers who are experienced in three key areas – networks, security, and applications

– is no picnic. Sometimes finding an expert in just one area is difficult. If you do find them, they’re likely to be expensive and in demand. That’s why it’s important to look for technology that reduces the need for adding staff with cross-departmental expertise and can augment existing staff with insight that would have required additional manual work or resources. Recommendation #5: Automate routine tasks. Automation has value beyond avoiding mundane tasks and freeing people to make better decisions. It helps reduce delays and errors, as well as identifying incorrect or inefficient processes, while avoiding ad hoc workarounds. As survey respondents reported, automation institutionalizes tribal knowledge and allows staff to react more consistently when faced with certain situations. Perhaps our key recommendation from the network survey is to remember that every solution encompasses people, process, and technology. Overreliance on any one is hardly ever the right answer or approach. www.securityadvisorme.com

For more information, please contact ARROW team on + 971 4 501 5814 | marketing.ecs.ae@arrow.com | www.arrowecs.ae

OPINION

WHAT’S NEXT FOR RANSOMWARE? By David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet

he FBI recently published that ransomware victims paid out $209 million for only the first quarter of 2016 compared to $24 million for all of 2015. Ransomware is now completely dominating the threat landscape conversation. Fortinet’s FortiGuard Labs R&D team, for instance, is seeing one new ransomware strain every day. Historically, there are two types of ransomware − blocking ransomware (which prevents normal use of one’s computer) and crypto ransomware (which encrypts your personal documents, preventing them from being viewed). In recent times, however, hybrids of these two types of ransomware have started to emerge. For instance, there now exists crypto ransomware that prevent infected computers from accessing some Internet websites until payment is made to the hackers. The line is also blurring between targeted devices – some mobile ransomware attack both computers and smartphones. And as some smartphones are running on Android OS, we have also started to see some cases (like the FLocker variants) where the infection is hopping across to IoT devices like smart TVs, with the ransomware demanding things like a $200 iTunes gift card before you can watch your NHL Stanley Cup final. 26

08.2016

According to Gartner, there will be 6.4 billion connected “things” in use in 2016, rising to an estimated 21 billion by 2020. For attackers, that only means one thing − more potential victims. Malware evolve over time, and ransomware’s migration from computers to smart devices is a natural step in their evolution. We have seen some lateral movement through the network for SamSam and ZCryptor family samples. Some strains of those malware now show worm-like behaviour, spreading themselves to nearby networks. If you compare this to the biological evolution in Darwin’s theory, it’s like the time when fishes leave the sea and start using their fins as feet to walk, exploring uncharted territories. This evolution is happening sooner rather than later for one simple reason − victims are paying the ransoms asked of them. Not all the victims, but enough to keep this business rolling in money. Without doubt, ransomware authors are running their business like an enterprise, and are reinvesting a substantial portion of their ransom dollars into R&D. AT RISK: INDUSTRIAL CONTROL SYSTEMS, CLOUD AND OURSELVES Ransomware infections are already a plague, and you may think how could things possibly get worse. Firstly, there is still one domain that has been untouched by ransomware

− Industrial Control Systems (ICS). This software can be found in industrial applications like chemical manufacturing plants, nuclear power plants and electric power generators. No ransomware infections of ICS systems have been publicly reported so far, but such systems are not as impenetrable to malware as some may think. For example, the Bowman Avenue dam in New York has been the subject of a reconnaissance attack in 2013. Calpine, America’s largest generator of electricity from natural gas and geothermal resources, also had their detailed engineering drawings stolen by hackers. The current ransomware variants don’t need to achieve anything more than just knocking at the right door. This means the risk of them spreading into Operational Technology (OT) environments in the coming months is real and pretty high. These targets are potentially lucrative for ransomware authors – imagine how much a government will pay to prevent incidents in a nuclear power plant? Besides ICS, another target for ransomware authors could be the cloud. Today, the cloud is teeming with data, and that naturally makes it an attractive target for hackers. www.securityadvisorme.com

OPINION

Recently, for example, Apple announced that they will upgrade their free iCloud accounts from 20Gb to 150Gb. This means that in the coming months or years, in our always-connected world, almost all of our data will be stored in near real-time in the cloud. It’s not difficult to imagine that through some API abuse, cybercriminals will find ways to encrypt our online data and demand ransoms. In such a scenario, the importance of backing up one’s data cannot be overstated. Some best practices include regularly backing up your data and storing those backups offline in

Besides ICS, another target for ransomware authors could be the cloud. Today, the cloud is teeming with data, and that naturally makes it an attractive target for hackers.

a separate device, segmenting your network into different security zones so that an infection in one zone cannot easily spread to another, and having a failover plan that will keep things running for a while (even if in a limited fashion) when your computer systems or network is being rectified. On Fortinet’s end, we will continue to do research to bring new approaches to combating emerging threats − like improving detection and response, and developing counter-measures through new prevention models. In the longer term, a nightmarish scenario could await ransomware victims. In May 2010, a British scientist demonstrated that medical implants on humans can be infected with computer viruses. It is not unforeseeable that the day may come when ransomware could prevent you from using your prosthetic arm or leg, or threaten to stop your pacemaker. Is this science fiction? Judging from how far ICT technologies have come, and how ingenious hackers can be, perhaps not. www.securityadvisorme.com

08.2016

HOW-TO

HOW TO BLOCK PHISHERS J

ust like throwing out a fishing line into the water, a phisher waits for just the slightest nibble before pouncing on a network. Eyal Benishti, CEO of IronScales, says the way to cut off the phishers food supply is to first go to the core of the issue: employee awareness. The CEO notes that cybercriminals by nature are lazy. “If your organisation is a tough nut to crack, they will move on to find more low-hanging fruit,” Benishti says. According to the Verizon data breach investigation report published earlier this year, phishing remains a major data breach weapon of choice. Trend Micro added that ransomware is expected to be one of the biggest threats in 2016 and that a single ransom demand will go much higher, reaching seven figures. Here are some recommendations Benishti has for enterprises:

continuous assessment is even better to set the right mindset.

step by step on both phishing scenarios and training modules.

2. USE GAMIFICATION AS TRAINING METHODOLOGY Let’s admit it, people hate training. They are sick and tired of videos and training wizards with boring slides and bullets. Meanwhile, for the security managers, it’s not really measurable. This is why interactive training or ‘gamification’ is much more engaging. Plus, people love to get high scores to collect awards, so why not? Create fun and interactive games to deliver your messages!

5. ENFORCE TRAINING, AND FOLLOW EMPLOYEE PROGRESS To make it effective, employees must understand this is serious. They need to be reminded if they ditched the training. It’s your job to make sure they like it. It’s all about the messaging. They need to understand that they have a critical role in protecting the company and its assets.

1. LAUNCH PHISHING SIMULATIONS Running phishing simulations followed by ad hoc, gamified training is a proven tool to increase awareness and reduce risk. Repeat the process at least once every two months - changing behaviour is a process. Training is important, but

4. USE REAL-LIFE EXAMPLES It’s best to hit your employees with emails they might actually receive. Change difficulty levels and start from the ground up. Don’t expect people to understand advanced phishing examples from day one. Teach them

08.2016

3. DEFINITELY INCLUDE YOUR SENIOR MANAGEMENT They are main targets, especially for spear and whale phishing. Make no exceptions. Publicly promote their participation. It’s a good example for the rest of the company.

6. ENCOURAGE ONGOING PHISHING REPORTS Make sure each and every employee knows how to report back to the security team about suspicious emails. Many people tend to believe that the technology on premise will automatically stop all malicious emails and attachments for them. Make sure they understand that they are an active line of defense. EVER VIGILANT Phishing is the No.1 vehicle used by cyber criminals to deliver malicious software to your organisation. The level of sophistication is increasing dramatically so traditional defenses are lagging behind. Make sure people are aware of the risk and well trained to spot and report it as it happens. www.securityadvisorme.com

29th August 2016

18:00 - 23:00

Habtoor Grand, Dubai, UAE

For sponsorship enquiries

For general and agenda-related enquiries

Rajashree Rammohan Publishing Director raj.ram@cpimediagroup.com +971 4 440 9139 +971 50 173 9987 Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130

Jeevan Thankappan Group Editor jeevan.thankappan@cpimediagroup.com +971 4 440 9129

Merle Carrasco Sales Manager merle.carrasco@cpimediagroup.com +971 4 440 9147

STRATEGIC ICT PARTNER

For registration enquiries CPI Events Team +971 4 440 9100 bitevents@cpimediagroup.com

STRATEGIC INNOVATION PARTNER

SILVER PARTNERS

KNOWLEDGE PARTNER

CISOCouncil

™

CISOCouncil

™

www.cisocouncil.com

CISOCouncil

™

EVENT PARTNER

HOW TO

TIPS FOR SPOTTING INSIDER THREATS

ecurity pros are constantly being warned about insider threats. We’re told our companies need next-generation software, integrated threat intelligence, and the ability to correlate massive amounts of event logs and context to arm ourselves against these threats. We’re told that these tools are necessary to block attacks and to recover from attacks, should they be successful. Unfortunately, when companies eventually figure out that they’ve been compromised, they also discover their systems had been compromised for an extended period of time. “Insider threats can include a combination of malicious insiders, compromised insiders, and careless insiders,” says Wade Williamson, Director, Product Marketing, Vectra Networks. “You will need clear visibility for identifying all of these threats, but they will differ in behaviour and how security will be able to detect them.” To help companies spot the insider sooner, we collected advice from security experts aimed at helping companies find an insider attack sooner rather than later.

TIP 1: WATCH FOR STRANGE PATTERNS IN YOUR DNS TRAFFIC “DNS is often a layer that is forgotten,” says Arno Meulenkamp, Systems Engineer, Infoblox. “It can be used as a 30

08.2016

way to exfiltrate data. Weird patterns in DNS traffic, such as hashes, can signal that something is going on.” TIP 2: CHECK LOGS FOR HOST-TO-HOST AUTHENTICATIONS “When you see someone authenticate to a host from a different host while the target host is usually only authenticated to via the domain controller, you might have a problem,” says Yonathan Klijnsma, Senior Threat Intelligence Analyst, Fox-IT. “In this context, it’s important to know the tools the attackers use – such as PSExec (and variants of) or Mimikatz – and look for traffic associated with those tools. It’s common for tools like these to be used for lateral movement, to move between windows computers in a network, using host-tohost communications.” TIP 3: CHECK FOR EXPOSED EMPLOYEE CREDENTIALS ON THE WEB “Monitor paste sites such as Pastebin for exposed employee credentials,” says Nagraj Seshadri, Vice President of Marketing, Recorded Future. “If the leaked credentials on the Web have been exploited, you could have yourselves an insider and the employee who owns the credentials wouldn’t know it. Take action by changing passwords and consider implementing two-factor authentication.”

TIP 4: WATCH DATA FLOW AROUND KEY ASSETS “A malicious insider will often steal large volumes of data over a short period of time. Gathering up large volumes of data is easily identifiable by monitoring the internal assets,” adds Williamson of Vectra Networks. “By watching the internal traffic, teams can quickly see if data is being tunnelled out of the network, or bounced between multiple devices for exfiltration.” TIP 5: MAP MULTIPLE MACHINE LOGINS TO CLOUD-BASED STORAGE SERVICES “Look for users logging in to different machines from the same account, accessing large data stores on these systems, and syncing their data to a cloud-based storage service such as Dropbox,” says Itsik Mantin, Director of Security Research, Imperva. “An insider could leverage the user’s compromised credentials to access the users Dropbox account – this data upload could otherwise look like normal business use of the services.” TIP 6: USE FAKE CREDENTIALS AND FILES AS BAIT “An insider will move around the network, seeking out new credentials and using their newfound privileges to access data,” says Haroon Meer, Founder/ Researcher at Thinkst. “By setting up bogus credentials and fake files as bait, you can see when those (never-shouldbe-used) credentials are used.” TIP 7: LOOK FOR ‘THINGS’ THAT NO LONGER EXIST “Insiders will often attempt to cover their tracks and malware will attempt to remain persistent by deleting things,” says Fabien Perigaud, Security Expert at Airbus Defence and Space – CyberSecurity. “Look for registry keys, services, and helper objects that were accessed, used, or otherwise executed www.securityadvisorme.com

HOW TO

in the past but no longer exist on the machine. These could be telltale signs that an insider was there.” TIP 8: MAP ENDPOINT AUTHENTICATION LOGS WITH ACTIVEDIRECTORY LOGS “If a user previously only ever used three or four assets in the network, but now is accessing significantly more than that in a short timeframe, there is a chance of an insider,” says Mark Schloesser, Security Researcher, Rapid7. “Also the logs from Active Directory (AD) should be correlated and augmented with the ones from the endpoints, as these include local account authentication events that would not be visible to the AD.”

is a top priority, companies have gotten in the habit of identifying malware and immediately re-imaging the systems that have been infected so they can be brought back online,” says Ralph Pisani, Executive Vice President, Field Operations, Exabeam. “Malware is a sign of something

TIP 9: LOCATE THE FIRST INSTANCE OF AN EVENT “Look for the first time an activity is performed,” says Johan den Hartog, Sales Engineer, Tenable Network Security. “If you’ve never seen that activity before, it could point to the start of an insider attack that needs to be profiled. HSBC and Sabre are two examples of this where ghost employees were created using aliases and new activities performed under those new aliases.” TIP 10: IDENTIFY SHADOW IT TOOLS BEING USED “In our recent Application Usage and Threat report, we noted that more than 4,400 organisations had five or more unique remote access applications in use concurrently – the chances are they would expect one or two, but not as many as five,” says Greg Day, Vice President and CSO, EMEA at Palo Alto Networks. “While there may be intentional use, use of these tools could lead to unintentional consequences.” TIP 11: BEFORE YOU DELETE MALWARE, ANALYSE IT “Since keeping things running www.securityadvisorme.com

bad happening - companies shouldn’t be so quick to eliminate this important clue that could help them piece together the cyber kill chain. Malware is not the end; it’s often the beginning. It’s critical to know what users did before the malware was detected and where they went after the infection.” 08.2016

INSIGHT

WHY CIOs SHOULD CARE ABOUT CLICK FRAUD Click fraud is more than just a marketing problem. It presents a real security risk to your organisation, experts say. CIOs need to know their enemy.

he ancient Chinese military strategy guide ‘The Art of War’ says that if you want to have a chance of prevailing in battle, you need to know your enemy. It’s good advice for the battlefield, and it’s also good advice if you want to beat hackers in their constant attempts to take over your network. But in order to know these hackers you need to understand their motivations, and in many cases those motivations may not be what you expect. That’s according to Dan Kaminsky, the security expert who discovered a fundamental flaw in the Internet’s Domain Name System (DNS) protocol in 2008 and who discovered 32

08.2016

flaws in the widely used SSL protocol a year later. Kaminsky is a frequent speaker at Black Hat Briefings, and now works as Chief Scientist at White Ops, a security firm specialising in detecting bot and malware fraud. Cashing out compromised machines “If you are a CIO you must ask why people are breaking in to your network. The answer is to get your data — eventually. But initially it is to defraud advertisers,” Kaminsky says. “The major motivator for hackers is to commit click fraud as it provides a way to cash out a compromised machine. Only once they have done that will they look at what else they can do with the machine.”

As companies catch on that a given machine is responsible for click fraud, that machine’s ability to generate cash for the fraudsters drops dramatically until it has no further use to them. It’s at that point that access to the compromised machine will be sold off to someone else to exploit, with servers in large enterprises commanding far higher prices than compromised runof-the-mill consumer machines. “There is a whole ecosystem out there,” says Kaminsky. “One guy finds vulnerabilities, one guy deploys them, and then there are the guys who buy (compromised machines) afterwards and do all kinds of things with them.” This, Kaminsky says, includes corporate data theft and the full gamut of other crimes. www.securityadvisorme.com

INSIGHT

No obvious victims That leads to an interesting question about who the victims of click fraud really are, and Kaminsky says that it’s not immediately obvious. “When you rob a bank, people are angry. But when you rob an advertiser, their numbers are up, so they are happy,” he says. Many direct marketers also take the attitude that a certain amount of click fraud is factored into the price that they pay, so they may not be unduly worried or feel they are victims. In fact, on the advertising side very few people get angry, Kaminsky says. But aside from the advertisers that have been defrauded, the other victims are the CIOs of large companies, says Kaminsky. “They are the victims as they are the people whose machines are taken over,” he says. “If you are a CIO and your job is to protect the network, click fraud is the cause of a major class of threat that you have to deal with.” How click fraud works Hackers can carry out click fraud in two ways. The first is to set up a website that is never intended to be viewed by humans and populating it with “word salad,” meaningless content made up of random words. These sites are filled with ads that are placed through automated ad exchanges, and the hackers then point their botnets at the site to generate clicks and “earn” advertising revenue. The second way is simply to wait for a real site owner to contact them and pay to send a certain amount of bot traffic to their site. “A site owner may have sold a million hits to advertisers but only got a quarter of that. Do they give the money back? Never!,” says Kaminsky. “They will call someone with a botnet and the site will get those extra three quarters of a million hits,” he explains. Click fraud fuels malvertising To build botnets to carry out ad fraud, hackers need to compromise a steady stream of new machines to replace those that are no longer effective. To do this they are increasingly turning to malvertising: placing advertisements www.securityadvisorme.com

containing malware that infects viewers onto well known, reputable web sites, according to Kelley Mak, an analyst at Forrester Research. “Malvertising will either deliver ransomware or compromise the machine and recruit it to a botnet,” Mak says. “Malvertising is fuelled by click fraud because a malicious ad can recruit the new bots hackers need, and malvertising is cheap if all you are trying to do is infect people, not actually sell them something.” Hackers are more likely to use malvertising to recruit bots for click fraud rather than to deposit ransomware on a machine, Mak believes. One reason is that it’s easier to generate money from click fraud, but, more importantly, there’s

businesses have to work harder and harder for less and less.” $7.2 billion problem In terms of the scale of the click fraud problem, evidence suggests it’s a multi-billion dollar business. The 2015 Bot Baseline Study into fraud in digital advertising carried out by the Association of National Advertisers and White Ops found that click fraud will likely cost companies around the world a total of $7.2 billion in 2016, with advertisers unwittingly paying out an average of $10 million to fraudsters during the year. When it comes to the proportion of the clicks that are fraudulent, the study says advertisers were defrauded between 3 percent and 37 percent of the time.

“If you are a CIO and your job is to protect the network, click fraud is the cause of a major class of threat that you have to deal with.”

also much less risk involved for the hackers. “People hit by click fraud will probably not try and enlist the help of a government agency — they are more likely just to try and block bots, so the risk is substantially lower,” he explains. Threat to the Internet There’s little doubt that click fraud represents a major headache for CIOs and their security teams, but Kaminsky believes that this type of hacker activity harms businesses in a more fundamental way: it plunges the economics of the Internet as a business tool into doubt. “The entire ecosystem is threatened by click fraud,” he says. “Why? Because it costs money to build the web, and if money is being siphoned off by people who aren’t building it, then legitimate

So what can CIOs do to minimise the risk that an infected machine committing click fraud may be lurking on their networks? Kaminsky recommends keeping a close eye on the traffic generated by machines on the corporate network, and in particular monitoring DNS traffic. “No-one monitors DNS enough, but there are identifiable C&C (command and control) domains,” he says. “The benefit of monitoring DNS is that the info flow is relatively small, so the relative value of any data you analyse is high.” He also recommends encouraging marketing departments to use specialist click fraud protection software, such as that sold by his employer White Ops as well as competitors PPCSecure and Distil Networks. 08.2016

INTERVIEW

SECURING THE CLOUD To get a sense of what enterprises think about cloud deployments and cloud security, we recently reached out to Jim Reavis, Cofounder and Chief Executive Officer at the Cloud Security Alliance. As a nonprofit, the organisation promotes the use of security assurance best practices in cloud computing, as well as cloud computing education.

N YOUR ROLE AS PRESIDENT OF THE CLOUD SECURITY ALLIANCE, WHERE DO YOU SEE THE STATE OF ENTERPRISE CLOUD ADOPTION RIGHT NOW? When it comes to cloud, enterprises are really all in. They’re doing a lot more of their mission critical activities in cloud. The security around their cloud implementations is growing as well. Enterprises are getting better at securing their cloud environments and you’re seeing the tier one cloud providers certainly investing in the security of their services. And because of the scale of their services, they can invest in security in ways that enterprises just can’t on their own. We’re also starting to see the impact of the economics and scale when it comes to security 34

08.2016

investments, and that’s true whether it’s sophisticated intrusion detection, identity management, event monitoring, or whatever: they’re building a level of security in their systems that surpasses what a typical enterprise can do. Their level of investment is why we’re seeing that the bad guys will target cloud users and not try to breach the cloud provider itself directly because they are much more secure. Enterprises also are learning now how to transition into cloud and to understand the level of security they are getting from cloud providers. Enterprises will always have a role in securing their cloud deployments, whether it’s more of the implementation of the technical controls inside private cloud or if it’s more due diligence and procurement efforts and looking for the assurance from the providers that they adhere to secure practices.

THAT’S INTERESTING. WHAT DO YOU SEE THE CATALYSTS BEING TO CHANGE HOW ENTERPRISES RETHINK CLOUD SECURITY? It’s human nature to become attached to our servers and systems. Many enterprises have this mentality, and they will even name their servers after pets. And with physical machines, they very much had a defensive posture that prized keeping that system up for years and years. If there was a breach, they would identify it and try to cleanse that system because the cost of taking things down, the cost of downtime, could be severe. That creates entropy and systems just lose a lot of stability. What I’m seeing some of the enterprise leaders in this area do now, as a result of virtualisation, orchestration, and automation tools, is, instead of finding and cleansing malware, they just destroy the www.securityadvisorme.com

INTERVIEW

virtual machine and launch a new instance that points to the data source. There’s no downtime and no loss of production time doing the forensics. They just basically reimage that virtual machine. They’ll do the forensics later in a different way, and after cleaning up and restarting their infected workloads. WHEN IT COMES TO COMPANIES TODAY THAT ARE SUCCESSFUL IN HOW THEY MANAGE CLOUD IN THEIR ENVIRONMENT, WHAT ARE SOME OF THE THINGS YOU SEE THEM DOING TO MANAGE RISK AND EMBRACE INNOVATION, BUT IN A MATURE WAY? Gentle policing based on very strong knowledge of how their organisation is using cloud is very important. This way, they look at what people are trying to accomplish with cloud, and can step in and consult. Gentle policing isn’t meant to inhibit cloud usage, but it is there to guide the organisation to the more secure options that are available, if users chose an option that wasn’t secure. This ends up being a very good way for enterprises to embrace a mature approach to provide guidance and not just say ‘no’ all of the time. I also think that organisations are investing more into indicators of compromise as well as into being able to react more quickly when there is a breach. They understand that attack surfaces are becoming vast with the growth of apps and all the mobile endpoints. This creates a need for more agility in reacting to security issues and incidents. They are also investing more in sharing information in their industries, and we are seeing more interest in participating in ISACs or having more of these sorts of relationships to share best practices.

Enterprises are learning now how to transition into cloud and to understand the level of security they are getting from cloud providers. We would imagine that security analytics play an important role here. Many of the things you just described have a lot of metadata and other data around them, so the need for security data analysis is probably much higher now than five years ago. That’s a really good point. A lot of what I was talking about when it came to investing in incident response included security analytics. A lot

of that type of response requires that organisations invest in security analytics. Enterprises can gather all of their different data points across their infrastructure and cloud systems, and then this data will help them to figure out what to do there when a breach occurs. This is transforming a lot of how we think about securing our systems. There’s no doubt about that.

PRODUCTS

Brand: Pivot3 Product: VSS What it does: The Pivot3 Virtual Security Server (VSS) consolidates the hosting of the Video Management System (VMS), all security applications and their data, and all client workstations in one centralized platform. This enables flexible delivery of security monitoring any time, anywhere, on any device, reducing the need to invest in expensive, graphics-enabled PCs. The flexibility of permissions-based distributed security data enables entirely new operational models for surveillance. Brand: Norton by Symantec Product: Norton WiFi Privacy

What you should know: The VSS has access to video stored in a central Pivot3 virtual SAN and provides storage capacity to the recording servers. The virtual SAN uses patented Scalar Erasure Coding to distribute data across drives and across appliances for maximum fault protection. Stateless clients never store any video data locally, thus improving data safety. Eliminates risk of compromising data security by data copied to portable storage devices.

Brand: Honeywell Product: Uniformance Suite

What it does: To help people safely connect to public Wi-Fi hotspots, Norton by Symantec has introduced Norton WiFi Privacy, an easy-touse mobile app for Android and iOS devices that helps shield consumers’ information from hackers snooping on wireless (Wi-Fi) networks. Norton WiFi Privacy helps protect information, such as passwords and credit card numbers, and denies access to hackers who may be eavesdropping on the same network. What you should know: The Norton WiFi Privacy app is available on Android and iOS platforms for purchase in the iTunes and Google Play app stores. A yearly subscription service is approx. AED 110, which includes protection for one mobile device and 24/7 in-app support. PC, Mac and multi-device availability is coming soon.

07.2016

What it does: Honeywell (Process Solutions (HPS) has launched Uniformance Suite, a new, fully integrated system of process software solutions that turn plant data into actionable information enabling smart operations. The Uniformance Suite is Honeywell’s analytics platform for digital intelligence and a big part of the compnay’s Industrial Internet of Things (IIoT) strategy. What you should know: As part of the expanded Uniformance Suite, Honeywell has introduced Uniformance Insight, which allows customers to visualize process conditions and investigate events from any web browser. Built on an intuitive platform using thin-client software, there are no downloads or installations required. Uniformance Insight’s ad-hoc analysis capability helps customers find the root cause of issues faster. www.securityadvisorme.com

RE-IMAGINING

REALITIES

GITEX VERTICAL DAYS Retail, Healthcare, Government, Banking, Education and Energy leaders: here’s an agenda that speaks to your needs. Dedicated days at GITEX Tech Week for you to source solutions, network with industry peers, attend dedicated conferences, breakfast brieﬁngs and awards. Make sure you diarise the day most relevant for you. MARKETING MONDAY

HEALTHCARE MONDAY

FINANCE TUESDAY

INTELLIGENT CITY TUESDAY

RETAIL WEDNESDAY

EDUCATION WEDNESDAY

ENERGY THURSDAY

Tony Carter, Rafael Grossman, Co-Founder, Atom Healthcare Factory, Global Futurist, Head - Creator 1st Google VR Services, Spotify Surgeon

James Barrese, Ex-CTO, PayPal USA

Phyllis Schneck, CCSO, US DepartmentHomeland Security

Paul Clarke, CTO, Ocado

Assine George, CIO, University of Western Australia

Pascal Dauboin, R&D and Innovation Director, Total Russia

Greg Cannon, VP Dr. Timothy Low, of Marketing & CEO, Farrer Park, All Things Digital, Singapore Caesars Entertainment

Nicolas Cary, Co-founder, Blockchain

Dr. Aisha Bin Bishr, John Vary, Head Stuart Smith, Chief Director General, of Innovation, of Digital Service Smart Dubai John Lewis Innovation & Design, National University of Singapore

Keith Kaplan, CEO, Tesla Foundation

GITEX STARTUP MOVEMENT 400+ STARTUPS | 40+ COUNTRIES | 250+ INVESTORS Cyber Security Innovation Partner

Student Lab Headline Sponsor

Strategic Partner

VIP Majlis Sponsor

Digital Transformation Partner

BIOTECH Start Up Sponsor

Startup Incubation Partner

Start Up Incubation Sponsor

MOST STARTUP GLOBAL MOVEMENT the

Robotics Partner

Startup Support Sponsor

Oﬃcial GITEX Green Partner

App Hack Support Sponsor

Oﬃcial Publication

Oﬃcial Vertical Interact Sponsor Banking Sector

Organized by

BLOG

BUILDING A BUSINESS CASE FOR SECURITY By Jim Jaeger, Chief Cyber Services Strategist, Fidelis Cybersecurity

ccording to a March 2016 PwC report, ‘A False Sense of Security?’, that surveyed 300 Middle Eastern organisations, the region has become one of the prime targets for cyberattacks. In fact, according to the findings in the report, in 2015, 56% of businesses in the region lost more than US$500,000 as a result of cyber incidents compared to 33% globally. Faced with this reality, organisations across the region have upped their IT security spend. However, one of the biggest challenges when you go shopping for new security tools is answering the inevitable question from finance: “What’s the value?” Determining the ROI of a new security product isn’t an exact science. There are no hard and fast rules to follow – which is why generic ROI calculators should be avoided at all costs (pun intended). Measuring the impact of better security is like measuring a moving target. What’s more, every organisation is unique. The setup of an organisation’s existing infrastructure, its size, risk level and the potential impact of a security incident, will vary significantly. Ultimately, this means that successful security strategies can look very different. On the face of it, most security tools don’t appear to save you time or money. They generate new alerts and this can swamp an already overburdened security team with investigating and 38

08.2016

tracking down new potential threats. That’s not to say that security tools have no value, however, and it’s by evaluating this that a CFO can understand the true business case for a security solution. However, the challenges inherent in defining the ROI for security tools does not decrease the importance of defining this information and articulating it for corporate leaders and the Board. The recent explosion in the number of security vendors in the market, offering similar overlapping solutions, and their almost identical claims to “solve the security problem” makes picking a comprehensive security solution more difficult. The fact that its increasingly difficult for CIOs and CISOs to understand if and where security gaps still exist, doesn’t decrease the importance of helping C-suite executives and Board understand the value of proposed security programmes and the importance of resourcing them. In security, the biggest benefit will always be reduced risk; “buy this tool (or hire this person) and bad things are less likely to happen.” Unfortunately, this argument is highly theoretical, which doesn’t translate easily into a business case. It’s also likely that the same argument has been used for previous security procurements and consequently leads to a debate around the likelihood of data being stolen – a risky game to play. Instead of trying to estimate the level of risk a company has in terms of

security and how likely an attack may be, it’s arguably much more important to analyse the time and/or people a new tool might save and how much more efficient it could make an organisation. Some key questions would be: • Can it automate tedious day-to-day activities? • Can it reduce requirements for highly skilled, difficult to hire security personnel? • Will it let tier 1 analysts do the tasks of a tier 2 analyst? • Will it allow tier 3 analysts to do the work of an incident responder? • Does it reduce the time it takes to resolve a threat? • Will it help consolidate the security stack e.g., reduce the number of agents operating on endpoints or the number of network security appliances in your rack? • Will it reduce the requirements to integrate multiple security devices? • Will it reduce the number of screens that monitoring personnel have to focus on? • Can it improve the speed and accuracy of a company’s incident response? To the CFO, this approach presents clear opportunities to save critical funds and enhance the ROI of security solutions. At the same time, you are reducing the risk to the enterprise of a breach which is a primary focus of the Board of Directors. www.securityadvisorme.com

PERFORMANCE DEMANDS INTELLIGENCE FOR MORE ON WEB AND MOBILE PERFORMANCE VISIT WWW.AKAMAI.COM

RESPONSIVE DESIGN

CHANGING YOUR VIEW ON IMAGES 63% of page weight comes from web images.