ISSUE 19 | AUGUST 2017 www.tahawultech.com
Blockchain Securing cloud apps Network security
A FINE BALANCE
CYBERSECURITY START-UP CTM360 COMBINES THREAT DETECTION, PREVENTION AND RESPONSE
FACTS Ransomware Jumped 6000% in 2016 — Costing Businesses $1B 200,000+ New Malware Samples — Every Day 91% of Hacks Started With a Phishing Email Cybercrime costs to rise $6 trillion by 2021 *
Are you prepared for a CYBER BREACH? Recent Cyber Attacks have caused massive business disruption, wreak tangible property your organization’s security posture with a thorough risk management assessment and framework, enterprises can begin to mitigate and reduce cyber threats. IT SEC provides 360° Cybersecurity Services to Secure Your Network and Protect Your Data.
Contact us today for a FREE ASSESSMENT. NETWORK
CCTV BREACH
BREACH
RANSOMWARE
DATA LEAK
SECURING NETWORKS PROTECTING DATA
UAE: +971.4.242.3608
* SOURCE: Steve Morgan - CyberSecurity Ventures
info@itsec.ae | www.itsec.ae
ATTACK
STRATEGIC INNOVATION PARTNER
STRATEGIC PARTNER
CONTENTS
FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) PUBLISHING DIRECTOR Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147
20
CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119
A FINE BALANCE
PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 440 9159
Asrar Mirza Baig, founder and CEO of CTM360 talks about offensive defense strategy to fend off breaches.
Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100
06
DECODING BLOCKCHAIN The distributed public ledger technology promises to bolster cybersecurity.
Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of
© Copyright 2017 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for
any errors therein.
10
16
22
THE STATE OF
SECURING CLOUD APPS Cloud environments become increasingly vulnerable and attractive to cybercriminals.
28
CYBER THREAT INTELLIGENCE With increasing complexities around cybersecurity, the need for threat intelligence is becoming more apparent.
38
NETWORK SECURITY Experts from Juniper Networks talk about the latest trend.
TOP TECHNOLOGIES
FOR SECURITY Gartner highlights the top technologies for information security. MACHINE LEARNING Taking your security to the next level.
NEWS
CAREEM LAUNCHES CALL MASKING FEATURE TO ENHANCE USER PRIVACY
JOHN MCAFEE, INTEL SETTLE NAMING RIGHTS LAWSUIT John McAfee, the creator of the popular antivirus computer software, has settled a lawsuit against Intel over his right to use his name on other projects. According to a Reuters report, US District Judge Paul Oetken in Manhattan dismissed McAfee’s September 2016 lawsuit and a countersuit by Intel on Wednesday, five days after a settlement agreement was signed. McAfee has reportedly sued Intel after the company warned him that using his name, including by renaming his digital gaming and cybersecurity company MGT Capital Investments Inc as ‘John McAfee Global Technologies Inc,’ would infringe its trademarks. Intel countered by accusing McAfee of trademark infringement and unfair competition, and sought unspecified damages. Under the settled agreement, McAfee can continue using his name as long as it’s not for or related to cybersecurity and security products and services. However, the report said he retained the right in other contexts to use his name in advertising, promotions and presentations, including with regard to his role at McAfee Associates, which he sold to Intel for $7.7 billion in 2010. Neither McAfee nor Intel admitted wrongdoing in agreeing to the settlement, which was amicable, according to court papers. Intel spun off its cybersecurity division, now called McAfee LLC, in
4
08.2017
Dubai-based ridehailing service Careem has launched a new call masking feature to protect the privacy of its customers. With the call masking feature in place, the Captain will only receive an encrypted number instead of the user’s real phone number, ensuring the customer’s personal data remains completely safe and unexposed. The service is already live in the UAE, and will be introduced in other regional markets, including Saudi Arabia and Pakistan, within the coming 30 days. The feature gives Careem’s customers the option to keep their phone numbers undisclosed to the Captain (driver), adding another layer to customer privacy and security. This is the latest in a series of safety features introduced by Careem,
including facial recognition technology – all aimed at reinforcing the company’s commitment to making Careem the most trusted ride-hailing app of choice. With the call masking feature in place, the Captain will only receive an encrypted number instead of the user’s real phone number, ensuring the customer’s personal data remains completely safe and unexposed. “As a homegrown brand, Careem understands better than others the demands and dynamics unique to the markets in which we operate, and our aim is always to provide our users with localised solutions that not only respond to their needs and desires, but are respectful of their cultural values and norms,” said Mudassir Sheikha, CEO and co-founder, Careem.
GOOGLE DISCOVERS NEW ANDROID SPYWARE Google’s Android Security team announced the discovery of a new powerful Android spyware — named Lipizzan — which Google claims to be linked to Equus Technologies, an Israeli company that describes itself on its LinkedIn page as being specialised “in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organisations,” according to Bleeping Computer. Google says its engineers discovered only a small number of cases where Lipizzan was deployed, and they intervened and removed the apps from victims’ devices using a new Android security feature called Google Play Protect. In total, Google engineers discovered 20 apps infected with Lipizzan, found only on fewer than 100 devices. Some of these apps
were available through the official Google Play Store. Bleeping Computer report says the Lipizzan-infested apps managed to squeeze past Google’s security checks by splitting malicious behavior into a secondstage component. According to Google, it detected two waves of apps infected with Lipizzan uploaded to the Play Store, and the second wave included technical modifications to the second-stage component’s modus operandi. This means Lippizan’s operators were aware that Google had detected their malware, and were actively developing ways to bypass Google’s security system. It is unclear who was operating the malware, or what was the purpose of deploying it on the official Google Play Store. www.tahawultech.com
TRA FOILS 289 CYBER-ATTACKS IN Q1 2017 The UAE’s Computer Emergency Response Team, aeCERT, of the Telecommunications Regulatory Authority, TRA, has succeeded in preventing a reported 289 cyber-attacks during the first quarter of 2017, reflecting its efforts in countering attempts to hack websites or interrupt their services. According to the latest statistics released by aeCERT the attacks targeted government and quasi-government websites, as well as private sector websites such as those of several local banks. The cyber-attacks, which aeCERT successfully prevented from January to the end of March, represent 27.4 percent of the number of cyber-attacks that it dealt with in 2016, which reached 1,054. According to the latest statistics released by the TRA, the attacks targeted government and quasi-government
websites, as well as private sector websites such as those of several local banks. The first month of the current year witnessed the largest number of cyberattacks, reaching a total of 136, with 133 against government websites and three against private sector websites. In February, the number of cyberattacks reached 114, with 86 attacks against private sector websites and 23 against government websites. March witnessed a decline in the number of attacks to 39, with 21 against private sector websites and 18 against government websites. The attacks involved targeting and interrupting websites and their services, as well as deception, fraud and document theft, said aeCERT. The TRA always advises all concerned authorities of the necessity to follow essential information security policy, as well as creating backup copies of their data and saving them on other devices that are not connected to the Internet. It also offers advice on the best practices related to information security.
DESC, IEEE INK MOU TO ENHANCE CYBERSECURITY AWARENESS
(L-R) Dr Essa Basaeed, IEEE and H.E. Yousef Hamad Al Shaibani,DESC
The Dubai Electronic Security Centre (DESC) has signed a Memorandum of Understanding with the Institute of Electrical and Electronics Engineers (IEEE) UAE Section. The partnership aligns with one of DESC’s initiatives that supports Dubai’s cyber security strategic plan for innovation, knowledge dissemination and promotion of research and survey culture. The MoU was signed by H.E. Yousef Hamad Al Shaibani, chief executive officer www.tahawultech.com
of Dubai Electronic Security Centre, and Dr Essa Basaeed, IEEE UAE Section chair. Both parties underlined the importance of signing this MoU as a starting point for many joint projects and initiatives aiming to raise the awareness of cyber security, through hosting international events, supporting corporate social responsibility, as well as holding workshops, training courses and conferences. Furthermore, the MoU aims to strengthen mutual cooperation between both organisations with regards to developing educational materials and programmes on information security, in order to increase the community’s awareness as well as exchanging knowledge and expertise and supporting students projects and activities.
KASPERSKY LAB ROLLS OUT FREE ANTIVIRUS SOFTWARE Kaspersky Lab has reportedly rolled out a free version of its antivirus across the globe. The company has revealed in a recent blog post that the free antivirus will not be competing with any of the paid versions. It will not include the added features like Parental Control, Online Payment Protection, and Secure Connection (VPN) which are exclusive to the paid version. However, it will have the “bare essentials”, which include file, email and web antivirus; automatic updates, self-defense; quarantine; and so on. The company said that these functions ensure convenient and safe web surfing, making sure that users are protected while working with USB sticks and other portable storage media, and protecting against both phishing and infected files being run. In the blog post founder and CEO Eugene Kaspersky said the new free software has been in the works for over a year with pilot versions previously released in a few regions. He added that the free software would benefit all of Kaspersky Lab’s customers by improving machine learning across its products. Kaspersky Free was immediately available in the United States, Canada, and several Asia Pacific countries and would launch in other regions in the coming months.
30.23%
of Middle East businesses cite lack of communication and employee engagement as the biggest IT security hurdle in the workplace Source: SANS Institute
08.2017
5
FEATURE
DECODING BLOCKCHAIN Will this promising distributed ledger technology transform cybersecurity?
B
lockchain is making headlines lately – but what is it and what does it do? For the uninitiated, blockchain is a distributed public ledger technology used primarily for transactions. The blockchain has no central authority but instead participating computers exchange transactions in the ledger shared over a peer-to-pee networks. Each node in the chain keeps a copy of the ledger, and can trust others’ copies of it because of the 6
08.2017
way they are signed, making it tamperproof and secure. What is driving the hype? “Blockchain allows for fast, secure and transparent transactions directly between people, businesses and machines, instead of through third party intermediaries. As a result, Middle East organisations can find quick ROI thanks to leaner, more efficient, and more profitable blockchain process,” says Kashif Al Aziz, Head of Financial Services, SAP MENA.
While blockchain is being bandied about as a revolutionary way of creating distributed, unchangeable record of transaction, some question this technology’s relevance to enterprises, which typically rely on centrally managed databases to secure digital records. However, many companies are jumping on the blockchain bandwagon and major IT vendors such as IBM and Microsoft have thrown their weight behind this technology. For example, IBM offers a cloud based service to allow developers to www.tahawultech.com
FEATURE
set up blockchain networks and test and deploy related apps. Waqas Mirza, MD of Avanza Solutions, says blockchain is not a totally groundbreaking technology, since it combines numerous already existing concepts, such as distributed systems, peer-to-peer networks, asynchronous cryptography and cryptographic signatures.But the inherent framework that enables consensus among participating parties and the fact that data once stored in a ledger can never be tampered with is plugging a big hole in security and efficiency that software communities all over the world face today. The hype is being driven by the sheer demand of blockchain based platforms to address current gaps and inefficiencies. Mohammed Alsehli, founder and CEO of ArabianChain, says blockchain is now more of a reality than hype and its benefits are already being recognized by organisations in the region. “Dubai, for instance, has adopted a blockchain strategy to achieve a high degree of efficiency in government transactions and aims for the government to become paperless by shifting all transaction to blockchain. Saudi Arabia is also following a similar vision.” Niraj Vedwa, global head – banking, payment and cards, Tech Mahindra, adds that the technology has already proven its viability through bitcoins and other
Blockchain is now more of a reality than hype and its benefits are already being recognized by organisations in the region. - Mohammed Alsehli, ArabianChain
cryptocurrencies. “The technology is seen to be fundamentally changing some of the key processes across industries – cross-border payments, KYC in banking, land registry for government, trade settlements and identity management, to name a few.” Is blockchain good for security? Blockchain is a peer-to-peer network that allows multiple parties to transfer value in a secure and transparent way. As there is no third-party involvement, two parties can make the exchange without oversight or intermediation, strongly reducing or even eliminating counterparty risk,” says Tabrez Surve, Regional Head of Security, Middle East,Turkey & Africa of F5. Alsehli agrees: “Blockchain has security in-built in its design; it is a distributed and decentralised system
Blockchain allows for fast, secure and transparent transactions directly between people, businesses and machines, instead of through third party intermediaries. - Kashif Al Aziz, SAP MENA
www.tahawultech.com
where the data is encrypted using public and private keys. Any chain command is sent to the ledger will require consensus. All the parties participating in writing, maintaining this ledger has to agree before they add anything to it.” Judd Bagley, director of communications at US-based online retailer Overstock.com, which has adopted bitcoin in a major way, says blockchain trading is much more security than the current systems. “The distributed nature of the network that verifies the integrity of the transactions and associated account balances makes a successful attack mathematically impossible.” As any company with a big database knows, hackers love going after sensitive information. If a blockchain is used to store confidential contract information or payment data, then replicating the file could potentially offer hackers more places to get their hands on it. “Blockchain is an embryonic technology that is not completely understood, and even by supposed experts. As such, it presents a new attack surface which has resulted in several high-profile, large thefts from blockchain systems,” says Paul Obsitnik, VP of product line marketing, Juniper Networks. Blockchain isn’t without other problems and faces scalability issues. Blockchain-based transactions can cost a lot in hardware and energy, and consensus approval of each transaction 08.2017
7
FEATURE
takes about 10 minutes. This kind of performance doesn’t necessarily compare well to competing technologies. In February, 40 of the world’s largest banks conducted a trial of five blockchain technologies, including Ethereum, a public block chain platform, as well as blockchains from Chain, Eris Industries, IBM, and Intel. Ethereum claims to take only 17 seconds to process a transaction, while a San Francisco-based startup, Safe Cash, announced that it can process a transaction in under five seconds -- and can handle up to 25,000 transactions per second. But getting to that point could be extremely difficult, says Larry Tabb, founder and CEO at Tabb Group. Even if blockchain technology does prove to have advantages over other modern systems, there are still issues of compliance, regulations and enforcement that will need to be addressed. For example, centralized utilities often have to comply with rules about what kinds of public access they provide to their systems. Do groups of companies setting up private blockchains have to comply with the same rules? Other regulatory issues include clarity over jurisdictions and how to comply with know-your-customer and anti-money laundering laws.
The technology is seen to be fundamentally changing some of the key processes across industries – cross-border payments, KYC in banking, land registry for government, trade settlements and identity management, to name a few. - Niraj Vedwa, Tech Mahindra
There’s also a large network effect associated with some platforms. For example, according to Autonomous Research, card networks currently process around 2,000 transactions per second and do so very cheaply, meaning that merchants have little incentive to switch. Finally, one unintended consequence of full automation is the lack of circuit breakers. The current settlement process provides more opportunity to hit the brakes if something goes wrong. According to the “Future of Apps’ report commissioned by F5, the
It could be decades before blockhain becomes commonplace, although bitcoin is a clear example of a successful, widespread uses of the technology today. - Paul Obsitnik, Juniper Networks
8
08.2017
blockchain momentum hinges on significant technological advances, including edge computing and 5G. “As blockchain represents a shift to a decentralised network, it will require the buy-in of both users and operators. Initial implementation expenditure is also a factor for many, despite the potential for time-and cost-savings further down the line,” says Surve. Mirza from Avanza says the global uptake of blockchain solutions will see a spike when adoption reaches a certain critical mass. A certain number of organisations and consortiums will have to create a critical mass of adoption so that other organisations and entities can connect to these platforms and start contributing. The technology has to be widespread to a level that its technicians and experts are easily available and can guide organisation on not just how best to use this technology but also address post implementation issues. “It could be decades before blockhain becomes commonplace, although bitcoin is a clear example of a successful, widespread uses of the technology today. What’s more, a new technology such as blockchain does provide a way for technology laggards to leapfrog existing technologies that may be widespread in the developed world,” sums up Obsitnik. www.tahawultech.com
REDEFINING technology transformation
+971 4 440 9100
@TahawulTech
info@cpimediagroup.com
www.tahawultech.com
Media City, Building 4 Office G-08, Dubai, UAE, PO Box 13700
FEATURE
CHASING STORM CLOUDS AWAY As cloud technologies continue to proliferate in organisations cloud applications are becoming a norm in the workplace. While the technology brings a plethora of benefits to multiple industries, it is also a potential goldmine for cybercriminals who want to penetrate this borderless infrastructure.
A
ll groups within an organisation, including those that work in sales, IT and even the executive team, are using cloud applications. The advantages of cloud, by now, are already very well-established – it is cost-efficient and it enables businesses to be more agile and collaborative. The technology has now become commonplace, as organisations actively embrace select business cloud services as a strategic part of their IT infrastructure. However, as more and more data are shifted to cloud environments it becomes increasingly vulnerable and attractive to threat actors. The severity of potential
damage tends to depend on the sensitivity of the data exposed. Exposed personal financial information tends to get the headlines, but breaches involving health information, trade secrets, and intellectual property can be more devastating. Although, cloud providers such as AWS, Microsoft and Saleforce typically deploy security controls to protect their environments, ultimately, organisations are responsible for protecting their own data in the cloud. “Businesses are racing to the cloud without understanding the security implications,” says Mohammed AlMoneer, regional director, MENA, A10 Networks. “The cloud is full of substantial targets that are ripe for attackers to
Businesses are racing to the cloud without understanding the security implications. The cloud is full of substantial targets that are ripe for attackers to weaponise and exploit. Mohammed Al-Moneer, A10 Networks
10
08.2017
weaponise and exploit. Just as 2016 ushered in the DDoS of Things, our near future will see the emergence of attacks that originate from the cloud to attack other clouds.” He adds that cloud introduces new security risks to organisations as publicly exposed APIs are the underlying infrastructure that makes the cloud and cloud applications run. “Unlike the http/s view of websites, APIs are built with fully exposed controls to support orchestration, management and automated access to the environment and applications” Al-Moneer explains. “This makes it a rich target for exploitation and introduce another dimension the challenges of expanding boundaries that were not seen in traditional enterprise on-premises perimeters.” For many organisations, shifting to the cloud is viewed as dissolving the network perimeter, but in reality, it is an expansion of the traditional enterprise network through mobility and cloud applications. “Nearly 70 percent of a company’s IT investments go to network and perimeter security,” says Dragan Petkovic, ECEMEA Cloud Platform Leader, IDM/Security, Oracle. “However, a traditional approach is not sufficient for cloud applications.” www.tahawultech.com
Gartner Security & Risk Management Summit 2017 16 – 17 October / Dubai, UAE gartner.com/me/security
Manage Risk. Build Trust. Embrace Change. Key benefits • Reinvent your approach to security and risk for the digital age • Embrace new ways of protecting vital assets without slowing interactions • Learn how to shift to more adaptive, dynamic, people-centric approaches to security • Build a trusted, resilient environment for digital business For more information and to register, visit gartner.com/me/security. Use promotion code SECMP1 to save $300 on the standard registration rate.
“The summit not only provided insights on forward-looking cybersecurity trends, but also assisted valuable networking with peers who face similar challenges…” Bandar Al Harbi, IT Director, Saudi Electricity Company
Jeffrey Wheatman Director, Gartner Research
© 2017 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com.
FEATURE
Because cloud apps can be borderless meaning they are accessible from everywhere, are decoupled from the organisation’s on-premise policies and often hold very valuable information they tend to be more vulnerable to data breaches, data theft and other threats. “Advanced Persistent Threats are the primary risks that every organisation should be wary of,” explains Mohammad Jamal Tabbara, senior systems engineer – UAE, Infoblox. “These risks would increase if cloud applications are not sanctioned by a centralised IT.” Typical enterprises utilise hundreds of cloud applications, unfortunately many of these solutions fall into the category of shadow IT. A recent study by Stratecast, Frost & Sullivan’s Telecommunications Strategic Forecasting arm, showed that more than 80 percent of employees admit to using additional ad hoc cloud services to aid productivity. “End-users are now quicker to adopt the latest applications than the company’s IT, hence, we are seeing a trend of departmental purchasing bypassing procurement or IT altogether,” says Petkovic. Getting a grip of on shadow IT is generally the first step toward a comprehensive cloud security strategy. But how can security teams gain better control over the usage of cloud applications within the firm? Visibility and governance are key. Unsanctioned apps, according to Tabarra,
In a nutshell, CASB helps you translate your security policies, which used to be on premise, to the cloud. It is a critical aspect of any company’s cloud security strategy and should be a key priority. - Dragan Petkovic, Oracle
create data security and governance inconsistency across the Business Unit ITs (BUIT) that are not in compliant with the firm’s security policies and practices. “In order to mitigate these risks,” he says, “security teams should have the proper tools that would give them a comprehensive visibility over sanctioned and unsanctioned services. Organisations should also ensure to keep the balance between the data security governance and the objectives of the BUIT. More than that, it is imperative to enforce specific policies and controls across all departments, and that each division’s IT systems need to be compliant with the centralised IT security governance protocols. Data breaches and other attacks frequently result from weak passwords and lax identity, authentication or certificate management. “Today, identity is the new perimeter,” says Petkovic. “In most case, users’ on
Your security policies should have incident response procedures that reduce the kill-chain of a threat and can promptly involve the cloud provider when needed to take proper actions. - Mohammad Jamal Tabbara, Infoblox
12
08.2017
premise access is decommissioned when they leave the organisation, however their cloud applications continue to be active for several months. In such a situation, security becomes even more fragmented and the key is to have a unified view.” Deploying Cloud Access Security Broker (CASB) solutions, which intermediates as an in-line proxy within an organisation between the cloud application users, can fill the gap in cloud security. The need for CASB to provide visibility, compliance, data security, and threat protection has grown as IT functions move off-premise and security leaders need more granular visibility and policy management. By 2020, Gartner reports, 85 percent of large enterprises will use a CASB. “In a nutshell, CASB helps you translate your security policies, which used to be on premise, to the cloud,” says Petkovic, “It is a critical aspect of any company’s cloud security strategy and should be a key priority.” The very nature of cloud apps and their ability to simplify collaboration makes them susceptible to inadvertent sharing of sensitive content as well. Cloud apps tend to democratise the setting of sharing permissions by enabling individual users to easily upload content and share that content as they see fit. It is imperative to enforce governing policies across all of an organisation’s cloud activity, including both sanctioned and unsanctioned apps and personal and business accounts. www.tahawultech.com
Endpoint Security
Keep your system running at its best thanks to low system demands, accurate detections, virtualization support and optional cloud-powered scanning.
Secure Authentication
Secure access to company data via a mobile based ultra-strong -2factor authentication solution, using one time passwords or push authentication methods.
Data Encryption
Safely encrypt hard drives, removable media, files, text and email with a simple but powerful hybrid-cloud solution.
Security Vendor of the Year 2017
www.eset.com/me +9 71 4 4332 63 0
2017 Consumer Cybersecurity Confidence Index Do your customers feel safe online?
Top factors affecting consumer confidence in online security
60%
Password breaches on popular websites
50%
Use of location tracking by web/mobile applications
45%
35%
increased media coverage of cyber attacks
Explanded sharing of personal information
28%
of consumers admit to changing their password Only after a major breach is announced.
Best (and worst) performers in consumer security How secure do your customers feel online?
Most secure
96% Banking
Least secure
91%
Manage healthcare/ insurance records
53%
87%
Online shopping
63% Gaming
of consumers state they would stop using a company’s services if their information was breached.
61%
Social media
Consumers need to clean up their security hygiene
40%
of consumers write their passwords down on paper
1 in 4
use the same password for most of their online accounts
Personal information consumers are most concerned about losing in a Data Breach (Top 5) Banking or payment information 80% 79%
Social security number 62%
Passwords or PIN Home address
40% 38%
Date of birth
The consumer convenience vs. Security Debate
93%
want to be involved in choosing how their personal information and accounts are protected online.
91%
prefer a service provider who makes security visible during online transactions.
88%
would be willing to use a more in-depth log-in process if it provided stronger account security.
Passwords: not quite dead yet What alternative authentication methods are most acceptable to consumers?
21%
48% Fingerprint recognition
Voice recognition
46%
SMS/Text of a one-time passcode sent to your mobile device
28%
Facial recognition
33%
Eye recognition
Source: RSA
FEATURE
TURNING THE TIDE ON CYBERCRIME In the recent past, we have seen an alarming trend – attackers becoming faster innovators than the defenders. With increasing complexities around cybersecurity, the need for threat intelligence is becoming more apparent.
A
Ransomware is on the rise. With over 4,000 ransomware attacks occurring per day in 2016, it has now grown into a billion-dollar industry. As WannaCry and Petya have highlighted earlier this year, these kinds of cyberattacks are going nowhere, making it one of the top three malicious, most visible security incidents impacting every industry sector and society. The right security measures must be put into place in order to ensure businesses, their employees, and customers are kept safe.
For enterprises, threat intelligence could be key in fighting the growth in this particularly invasive and demoralising cybersecurity threat. Ray Kafity, vice president, Middle East, Turkey and Africa, Attivo Networks, says, “Organisations should always maintain strong prevention security controls.” In addition, he says, it is also ideal to implement advanced social engineering awareness programmes that continuously update employees on new forms of threats and how to avoid falling prey to them. “However, as demonstrated by the number of ongoing breaches, this is no longer sufficient
Organisations should always maintain strong prevention security controls. In addition, it is also ideal to implement advanced social engineering awareness programmes that continuously update employees on new forms of threats and how to avoid falling prey to them. Ray Kafity, Attivo Networks
16
08.2017
as attackers are sidestepping security measures.” Effectively harnessing and utilising threat intelligence have vast potential in terms of helping organisations close detection gaps and mitigate risks. “A proactive approach to cyber security is a must and can protect organisations from future threats,” adds Kafity. Hadi Jaafarawi, managing director, Qualys Middle East, shares the same opinion, highlighting that firms looking to avoid becoming victims of attacks like WannaCry should leverage threat intelligence solutions to get regular insights on their systems’ vulnerabilities. “In doing so, security teams will be able to take control of the situation and validate, rate, and prioritise which flaws require urgent mitigation before they are exploited,” he explains. “Additionally, they can utilise threat feeds to display how many resources are impacted by each threat to drill down into the data for remediation. They can also use cloud-based dashboards that visualise their security posture.” Cyber threat or threat intelligence aids in helping organisations develop their capabilities to recognise and react, based on indicators of attack and compromise scenarios, in a timely manner. It helps identify indicators of attacks as they progress, putting together the information around attacks www.tahawultech.com
Everybody.
Everywhere.
Every day.
Ordinary days require extraordinary protection. genetec.com
Find out more about the software behind the everyday at genetec.com/protectingeveryday
Š 2017 Genetec Inc. GENETEC and the GENETEC LOGO are trademarks of Genetec Inc., and may be registered or pending registration in several jurisdictions.
FEATURE
with the existing knowledge about attack methods and processes. John Shier, senior security advisor, Sophos, says that in order to fully protect an organisation from security threats such as WannaCry and NotPetya they should understand that threat intelligence is somewhat reactive. “Therefore, it would have limited value unless other mitigating factors had been properly set in place as well,” he explains. “As an example, protecting from WannaCry was as simple as applying a patch. With that done, knowledge of the kill switch domain would have added an extra layer of defence. However, that wouldn’t have helped if a modified version of the worm had been introduced into the environment by a rogue machine.” As security increasingly becomes an important part of the boardroom agenda, CIOs and CISOs are becoming more proactive in investing in tools that will bring insights and help them adopt an offensive security posture. However, they must first take the time to understand their organisation, their security posture, their important assets, and their ability to respond to an incident internally, says Warren Mercer, security researcher, Cisco Talos. “These are cost and risk/threat driven decisions, which the CIO/CISO must make based on information from their own firm. Technologies can only perform so much of this from an action point of view.” With the number of remote workers increasing, enterprise networks becoming more interconnected, and network visibility shrinking end-users and their endpoints have become the growing focus of advanced attacks. Mercer adds that apart from investing in technology they should also focus on hiring people with the right skill-sets who can complement the technology stacks put in place. “Once you fully understand your organisation you have a better chance at protecting it,” he says. When investing in threat intelligence solutions, IT security leaders should keep three important aspects in mind – processes, procedures and technology, explains Nahim Fazal, head of Cyber Security Development, Blueliv. 18
08.2017
The sheer volume or information, and sorting out the relevant and correct information from that, is a big bottleneck when it comes to threat intelligence. - Warren Mercer, Cisco Talos
“There should not be a single point of failure in any of these key building blocks of your threat intelligence programme,” he says “You should have a framework that can help identify which of these components you need to focus on more and which will need the most investment. These three key components are dependent on one another and any weakness in one area will bleed into another.” Fazal further explains that the final piece of the jigsaw is having a threat intelligence platform that is not only going to deliver the information but can also convey it in such a manner that it can be immediately actionable, which is the key to reducing the window of opportunity for threats. A challenge in harnessing the capabilities of security technologies is the lack of interoperability between these multiple tools. This makes information much less actionable because once it is received it should be manually fed and correlated across multiple devices. “Automation is key in helping cut the workload of a stressed and perhaps overstretched security team, says Laurence Pitt, security strategist EMEA, Juniper Networks. “Many actions performed daily are identical and repeated because they need to recur. Automation can take these repetitive actions and perform them perfectly every time, allowing security specialists to focus on improving strategies for security rather than just simply managing it.” Threat intelligence has, of course, data at its core. However, the ever-expanding perimeter of organisations today makes
identifying relevant information a challenge. A Ponemon Institute study revealed that 70 percent of security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights. “The sheer volume or information, and sorting out the relevant and correct information from that, is a big bottleneck when it comes to threat intelligence,” says Mercer. “There can be too much information for defenders to take on board and, unfortunately, that information can sometimes be inaccurate.” To address this issue, experts agree that information sharing is key. The challenge today isn’t that there aren’t enough sources for threat intelligence, but that there is simply too much data being generated, and that includes far too much redundancy. Information sharing of any kind is always useful when fighting threats. When done well it can force adversaries to continuously revise their tools, tactics and procedures. Implementing threat intelligence solutions as well as sharing information gathered from it can provide organisations with vast insights on the numerous threats surrounding the IT and business environments. This, in turn, leads to the establishment of better policies and processes that can be used to strategically safeguard enterprises and help them focus on security issues that will have the greatest impact. Moreover, it will help ensure the firm’s resilience and ultimately contribute to its success. www.tahawultech.com
PRESENTS
19TH SEPTEMBER 2017
DUBAI, UAE
REGISTER AT
www.tahawultech.com/datacentrebuild/2017 PARTNERS EXCLUSIVE STRUCTURED CABLING PARTNER
STRATEGIC VAD PARTNER
STRATEGIC THREAT DETECTION PARTNER
EVENT PARTNERS
For sponsorship enquiries Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 / +971 56 787 4778
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
OFFICIAL PUBLICATION
Merle Carrasco Sales Manager merle.carrasco@cpimediagroup.com +971 4 440 9147 / +971 55 118 1730
HOSTED BY
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
INTERVIEW
A FINE BALANCE The recent attacks such as WannaCry exploited vulnerabilities for which a patch or control mechanism was available, making threat management a vital element of any advanced defence strategy. This is where Bahrain-based cybersecurity start up CTM360 comes in, with its home-grown technology that covers all aspects of prevention, detection and response. We spoke to Mirza Asrar Baig, founder and CEO, for his views on the latest cybersecurity risks and the firm’s ‘offensive defence’ strategies.
20
08.2017
www.tahawultech.com
R
Recently, we have seen a spate of ransomware attacks globally, and our region has been largely insulated against it. Are we better prepared to tackle such threats? The global cybersecurity industry seems to be constantly lagging behind cyberattacks. The majority of businesses are not prepared to tackle these new threats, and businesses in the Middle East are no different. We usually see the first impact of such attacks in other parts of the world because we often lag behind in certain areas of technology enablement, which consequently means only specific types of attacks seem visible here. There are also times when our region seems more affected because the attacks are highly targeted. It is important for the industry to realise that the current risk management direction isn’t working. The overall industry is not attaining desired results, and most practitioners remain overconfident with companies and vendors claiming to be prepared. In my opinion, confusions on the very definitions and roles of IT security, information security and cybersecurity have also exacerbated the problem. Threat landscape is evolving while IT security budgets don’t seem to keep pace. What would be your advice for finding the right balance between managing risks and budgets? Budgets for security, specifically within larger organisations, can seem inflated at times and often misplaced. Buying more cutting edge technology does not necessarily mean better security, so I would like to recommend the ABCD method of security – awareness, basics, classification and detection. Awareness is the most important factor, with focus on monitoring behaviour and enforcing accountability for non-compliance. Basics are to be followed religiously, i.e. hardening and timely patching. Classification of information, even when defined, is not being ensured to be pragmatic for implementation. It is also crucial that businesses are able to detect anomalies in desktop and servers, both in application www.tahawultech.com
and network layers across the network. Consider the budget required for managing Petya ransomware that exploited open port 445 vulnerability. If the port is not visible from the Internet, you have solved a major part of the problem without any cutting-edge technology deployment. When my team analysed our region for port 445, we identified that there are still hundreds of machines across the region where the port is visible to the Internet, and SMB version 1 remains enabled. We need to understand that this region was not impacted heavily by the Petya worm because the domain identified as the kill switch was engaged early, thus deactivating the worm. Next time, we may not be so fortunate. Has security now become a boardroomlevel issue? Yes and no. Consider that over the last 10 years, the threat landscape has not just evolved, but also filled the headlines with news of breaches that have impacted organisations all over the world. Yes, this has aided cybersecurity to gain spotlight in boardrooms globally, but the shortcoming is that boardroom members are mostly business-minded people, and the majority of security discussions are jargon-heavy. Due to this noise, security is unfortunately still lower in management’s priorities, only to be appreciated from time to time as a reactive measure when there is a sizable impact or breach in their relevant industry. Attacks are getting more sophisticated, and targeted bypassing security protection systems. How can you defend against this? To date, we have been taught about information security management system (ISMS) where all domains of security are addressed adequately. This is layered with defence-in-depth but somehow this is not enough or not delivering what is required simply because organisations feel more insecure than yesterday; so the approach is clearly not working. So why do companies who implemented ISMS also feel insecure? In my humble view, security practitioners should adopt two key mindset shifts: the need to aspire to be offensive-in-depth and
not just defensive; secondly, to become predictive and pre-emptive in protecting the organisation. This is where I saw a gap and started the journey of the cyber security startup, CTM360. CTM360 is a cybersecurity team that operates 24 x 7 x 365 in cyberspace with a core mission of identifying and neutralising cyber-attacks by being “offence in depth”. The company looks to be very vigilant in detecting incidents by relevance and by severity. The goal remains to diligently tackle every suspicious or malicious incident, whilst identifying and neutralising all pieces of attack infrastructure. Can you tell us a little bit about your global expansion plans, and recently introduced products and services? As a cybersecurity start-up based in the Kingdom of Bahrain, CTM360 has managed to rapidly grow its subscription member base across the Middle East and South Asia. Our intent is to ‘follow the sun’, which means that CTM360 now requires new satellite security operations centres in multiple regions and across different timezones. This would enable us to provide a truly 24/7/365 localised offering on a global scale. Our immediate plans are to establish our European and APAC offices in the near future, followed by expansion into Africa and the Americas. Since this is a highly agile, cloud-based service, we believe the business can be scaled quickly across industries and geographies. On the product and services side, we have recently completed the development of CTM360’s mobile apps for incident response, central member portal and TRUST360 collaboration applications. We are also about to roll out our Cyber Asset Register with standardised audit features and health meters across various domains of cyber assets. Our R&D team is also working on a comprehensive set of tools, called Cyber Analytical Toolkit (CAT360). CAT360 will give IT and security practitioners a single-interface analytical playground with data visualisation, as well as the ability to generate and share cases within privately-defined groups, both internally or across organisations. 08.2017
21
INTERVIEW
THE STATE OF NETWORK SECURITY On a recent visit to Juniper Networks’ PoC Lab in Amsterdam, we caught up with Lee Fisher, security specialist and Laurence Pitt, security strategy director, to talk about the latest trends in network security.
M
ost enterprises already have a robust network security strategy in place. Should they pay more attention to application security? FISHER: What is at the heart of all this is data, which is what businesses are trying to protect. Data is the new oil, and whether it’s a network function or application function, it is just a means to an end. Almost all threats today use the network to gain access to systems and propagate; very, very few threats are from removable media such as USB sticks. Besides, a lot of applications have its own dedicated security function associated with it. What really matters is the ability to identify, stop and prevent all those things happening across the 22
08.2017
networks, and that’s why Juniper is in a great position.
the concept of zero-touch provisioning, so why not zero-touch security?
If we can’t keep the bad guys out, should we plan to fail? FISHER: I think we have to. It has become clear that it is impossible to try and cope with the sheer volume of attacks, and bear in mind the task of having 100 percent absolute security is a myth. However, what you need to do is gear your defence around not just prevention, but also the ability to detect, stop and limit the damage of breaches with proper segmentations of network, and data. If we build networks differently with layered in security, when you scale out to cloud services or move applications from one provider to another, security is built right into that. We have mastered
Can we detect breaches in real time? FISHER: Yes, it can be done. Most of the breaches today are opportunistic hacks. Threat actors send out a piece of software with remote control provision and someone happens to get infected. But, what is happening now is that these hackers are getting a lot more sophisticated, and use system admin tools built into the systems, rather than leverage some network scanner or keylogger. So if you miss the infection point, can you detect if a machine does something that it wouldn’t do normally or information leaving the business in real time? The answer is yes; we haven’t built networks or data systems like that, but the capabilities are there. www.tahawultech.com
INTERVIEW
Security systems these days generate lot of logs, and most security executives face the challenge of false positives. Aren’t we looking for the needle in a hay stack? FISHER: Take the case of SIEM as an example. Almost all the organisations I have spoken to use SIEM for catching all the needles. They capture all the data, generate reports, and when something bad does happen they use it from a forensic point of view, like a replay of what happened. My point is, rather than use it as an investigative tool, why don’t you put it as a rule into a policy mode, which says if this six of those steps happened again, then automatically do this. I don’t think that is what people today use SIEM for, they just collect the logs and paint a pretty picture in their SOCs. Do you think the recent spate of ransomware attacks could have been prevented with patching and backup? PITT: I don’t think it could have been prevented, but the impact could have been lessened. There is always businesses that wouldn’t have applied those patches. Ransomware is easy money for bad guys and they monetise everything they do; they might be
I think user awareness is the key to combat ransomware, because if you take the case of WannaCry, someone, somewhere, opened an email, clicked a link and the infection started. - Laurence Pitt, Juniper Network
working on the wrong side of the law but it doesn’t mean they are not intelligent. I think user awareness is the key to combat ransomware, because if you take the case of WannaCry, someone, somewhere opened an email, clicked the link and the infection started.
could target back-end services and encrypt customer database. If you are a ransomware author, you can either send it out 1000 computers and get 10 of them to pay, or attack a multinational organisation and take out their customer database. Who is more likely to give you ransom?
Do you think the next wave of ransomware attacks could target critical infrastructure and be life threatening? PITT: The next generation of IoT attacks are likely to do that because a lot of legacy industrial control systems are not designed to be online. What’s more, the next-gen ransomware
DDoS attacks have been around more than 20 years, and we still can’t seem to stop them. Do you think the industry has failed the users? PITT: DDoS is the most simple and basic of attacks, and it will never go away, which is why anti-DDoS services are important. DDoS attacks are at the perimeter of the network and what it does is stop people from accessing their systems. What is interesting is the whole IoT spectrum playing into that, like we have seen in the case of Mirai botnet. This is why our SDSN is important for companies; we are not trying to protect devices, but spot masses of unusual traffic patterns, things that shouldn’t be happening on the networks, and determining whether someone is remotely accessing your devices to do something nefarious so that we can spot it and quarantine those devices.
We have mastered the concept of zero-touch provisioning, so why not zero-touch security? - Lee Fisher, Juniper Network
www.tahawultech.com
08.2017
23
FEATURE
SECURING THE NETWORK Network protection has become increasingly important with the advent of IoT and clever hackers.
T
he recent spate of ransomware attacks has put the spotlight back on network security, making it an uphill battle for almost all organisations in the region. With hackers always trying to get into networks though new and creative ways, the spending on network security, especially on firewalls/UTM products, have gone through the roof. IDC forecasts worldwide revenues for security-related hardware, software and services will grow to $101.6
billion in 2020. The largest category of investment will be security-related services, which accounted for nearly 45 percent of all security spending last year. Security software is the second largest category, with endpoint security, identity and access management, and security and vulnerability management software driving growth. According to Gartner, worldwide spending on information security is expected to reach $90 billion in 2017, an increase of 7.6 percent over 2016, and to top $113 billion by 2020. Additionally, spending on enhancing detection and
We are already providing the capabilities required for securing your physical security system and that can help you keep your organisation safe from cyber threats and illegal or unauthorised access through encryption, authentication and authorisation. Firas Jadalla, Genetec
24
08.2017
response capabilities is expected to be a key priority for security buyers through 2020 and we are expecting to see a move away from prevention-only approaches to focus more on detection and response. Over the last two decades, the focal point of network security has been on perimeter, but now the advent of cloud computing and mobile applications has expanded the boundaries of the enterprise network. “Historically, network security has been focused on ports and protocols, and it has relied on the ability to scan network traffic – typically at the perimeter of the enterprise networks. Included in protecting the network are, firewalls, IPS, web gateways, DDoS protection, VP and more,” says Paula Musich, former research director of NSS Labs. While cloud and mobile applications have contributed to the crumbling walls of the network perimeter, IoT is expected to accelerate that trend further. “IoT will bring thousands or even more new devices to the corporate networks. These devices will have been designed mainly with two main considerations; features and cost. www.tahawultech.com
Don’t Fall Victim to Spear Phishing Real-Time Messaging Intelligence with Zero Impact on Network Performance
Protecting People, Businesses, and Brands Available today for Office 365, and coming soon to other platforms.
ArtiďŹ cial Intelligence
Barracuda Sentinel AI for Real-Time Spear Phishing and Cyber Fraud Defense
Domain Fraud Protection
barracudasentinel.com
sales@barracuda.com | barracuda.com
Anti-Fraud Training
FEATURE
Security usually is left out, which means that enterprises need to have a clear understanding on how to handle the new devices joining the network. Zero-day threat prevention is the natural evolution of the threat detection. The defenses have mainly been built around detecting threats after they have penetrated the network. Moving into prevention mode will allow organizations to stop the threats from entering the network completely,” says Kalle Bjorn, system engineering director at Fortinet. Mahmoud Mounir, regional director of SecureWorks, agrees: “Ransomware has now become the most profitable type of malware and criminal gangs will continue to develop it as long as it proves (at least as, or more) profitable than traditional banking trojans. Ransomware is an easy way for hackers to make quick money. Historically, ransomware has been directed at businesses for higher value ransoms. However, with the rise in poorly secured Internet of Things (IoT) devices we anticipate a shift towards attacks against consumers. The IoT environment is filled with security mistakes and bugs such as small embedded Linux systems, built by wellmeaning engineers with no security expertise are the norm for this space, so adversaries will take full advantage.” Musich says the the introduction of context-aware security has blurred
Security usually is left out, which means that enterprises need to have a clear understanding on how to handle the new IOT devices joining the network. - Kalle Bjorn, Fortinet
the lines between network and application security, and the integration of network security appliances and software with endpoint protection has contributed to that blurring. While security has traditionally been focused on securing the perimeter, there is a growing shift with more and more information accessible via the Internet and application on the internet. It has become imperative for organisations to secure access to cloud-based enterprise applications and mobile apps used by workers to collaborate. “While cyber threats are becoming more powerful, networks are becoming more disjointed and complex. To enable an effective defense, data and security elements across all of your various environments must be well-integrated, able to share intelligence and visible. Endpoint, network and application security must all work together to
Ransomware has now become the most profitable type of malware and criminal gangs will continue to develop it as long as it proves profitable than traditional banking trojans. - Mahmoud Mounir, SecureWorks
26
08.2017
defend the entire network,” says Bjorne. Firas Jadalla, regional director of Genetec, offers us a different perspective from the physical security standpoint: “At Genetec, we have been looking closely at the security of physical security systems and how to secure communications, servers and data. We are already providing the capabilities required for securing your physical security system and that can help you keep your organisation safe from cyber threats and illegal or unauthorised access through encryption, authentication and authorisation. Are enterprises placing too much focus on network security while most attacks are targeted at the applications layer? Industry pundits say security is neither a network nor an application problem, it’s a risk management problem. The solution is prioritising based on the sensitivity of data or applications in conjunction with understanding how high of a risk is actually present. Both applications and networks present risks and have the potential for malicious hackers to gain access to sensitive information inside the network or inside applications that have access to the network. When it comes to allocating resources, you can’t pick one or the other. CSOs will have to look at it from a risk perspective and decide where you are going to allocate between the two. www.tahawultech.com
24th October 2017 | Dubai UAE
WHO
For sponsorship enquiries Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 / +971 56 787 4778
C-level, VPs, Directors of marketing, operations, finance, technology and innovation
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
WHY Learn how digital and new technologies are disrupting companies and industries. Explore how your organisation can progress to the next phase of digital transformation with significant, measurable business impact.
Merle Carrasco Sales Manager merle.carrasco@cpimediagroup.com +971 4 440 9147 / +971 55 118 1730
Hear from industry luminaries about how they solved complex business challenges with effective approaches and technologies
OFFICIAL TECHNOLOGY PARTNER
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
GOLD PARTNERS
Register at www.tahawultech.com/evolve-forum/2017 OFFICIAL PUBLICATION
HOSTED BY
OPINION
TOP TECHNOLOGIES FOR SECURITY IN 2017 Gartner has highlighted the top technologies for information security and their implications for security organisations in 2017.
“
In 2017, the threat level to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks,” said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus. “Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps.” The top technologies for information security are: Cloud workload protection platforms Modern data centers support workloads that run in physical machines, virtual 28
08.2017
machines (VMs), containers, private cloud infrastructure and almost always include some workloads running in one or more public cloud infrastructure as a service (IaaS) providers. Hybrid cloud workload protection platforms (CWPP) provide information security leaders with an integrated way to protect these workloads using a single management console and a single way to express security policy, regardless of where the workload runs. Remote browser Almost all successful attacks originate from the public internet, and browserbased attacks are the leading source of attacks on users. Information security architects can’t stop attacks, but can contain damage by isolating enduser internet browsing sessions from enterprise endpoints and networks. By isolating the browsing function, malware is kept off of the end-user’s
system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed. Deception Deception technologies are defined by the use of deceits, decoys and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or detect an attack. By using deception technology behind the enterprise firewall, enterprises can better detect attackers that have penetrated their defenses with a high level of confidence in the events detected. Deception technology implementations now span multiple layers within the stack, including endpoint, network, application and data. www.tahawultech.com
gitex.com
Re - Imagining Realities
“
Dubai’s digitisation initiatives could generate a potential USD 4.87 billion in value by 2019”
Supporting 145,000 trade attendees with their Digital Transformation initiatives
John Chambers, Chairman, Cisco, 2017
BUSINESS
CONTENT
NEW FOR 2017
53% of attendees have a live RFP 83% of visitors do NOT attend
2nd Year of stellar startup line up @ GITEX Futurists
Fintech program
60% of visitors are Sourcing new
5 High Profile Workshops
any other event suppliers
6,048 Meetings happen through our Matching Portal
Smart Manufacturing & Data Centre area
9 Vertical Conferences 1
Visionary, prototype-led Summit
Future Tech: public private partnership program showing AR, AI, VR, Autonomous System & Robotics Solutions
Dubai attracted USD 7 billion in Foreign Direct Investment in 2016, with 73% directed to tech projects
CALLING out All innovators in 5G AR, VR, Artificial Intelligence, Big Data, Cloud, Cyber Security and IoT
CONTACT OUR TEAM FOR REMAINING PARTICIPATION OPPORTUNITIES +971 4 308 6282 / 4090 / 6566 / 6077 sales@gitex.com
Exclusive Digital Transformation Partner
Official Publisher
Official Publication
Official Airline Partner
Official Courier Handler
Organised by
OPINION
As attackers improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks. - Neil MacDonald, Gartner
Endpoint detection and response Endpoint detection and response (EDR) solutions augment traditional endpoint preventative controls such as an antivirus by monitoring endpoints for indications of unusual behavior and activities indicative of malicious intent. Gartner predicts that by 2020, 80 percent of large enterprises, 25 percent of midsize organisations and 10 percent of small organisations will have invested in EDR capabilities. Network traffic analysis Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for behaviors indicative of malicious intent. Enterprises looking for a networkbased approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events. Managed detection and response Managed detection and response (MDR) providers deliver services for buyers looking to improve their threat detection, incident response and continuous-monitoring capabilities, but don’t have the expertise or resources to do it on their own. Demand from the small or midsize business (SMB) and small-enterprise space has been particularly strong, as MDR services hit a “sweet spot” with these organisations, due to their lack of investment in threat detection capabilities. 30
08.2017
Microsegmentation Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded laterally (“east/west”) to other systems. Microsegmentation is the process of implementing isolation and segmentation for security purposes within the virtual data center. Like bulkheads in a submarine, microsegmentation helps to limit the damage from a breach when it occurs. Microsegmentation has been used to describe mostly the east-west or lateral communication between servers in the same tier or zone, but it has evolved to be used now for most of communication in virtual data centers. Software-defined perimeters A software-defined perimeter (SDP) defines a logical set of disparate, network-connected participants within a secure computing enclave. The resources are typically hidden from public discovery, and access is restricted via a trust broker to the specified participants of the enclave, removing the assets from public visibility and reducing the surface area for attack. Gartner predicts that through the end of 2017, at least 10 percent of enterprise organisations will leverage softwaredefined perimeter (SDP) technology to isolate sensitive environments. Cloud access security brokers Cloud access security brokers (CASBs) address gaps in security resulting from the significant increase in cloud service
and mobile usage. CASBs provide information security professionals with a single point of control over multiple cloud service concurrently, for any user or device.The continued and growing significance of SaaS, combined with persistent concerns about security, privacy and compliance, continues to increase the urgency for control and visibility of cloud services. OSS security scanning and software composition analysis for DevSecOps Information security architects must be able to automatically incorporate security controls without manual configuration throughout a DevSecOps cycle in a way that is as transparent as possible to DevOps teams and doesn’t impede DevOps agility, but fulfills legal and regulatory compliance requirements as well as manages risk. Security controls must be capable of automation within DevOps toolchains in order to enable this objective. Software composition analysis (SCA) tools specifically analyse the source code, modules, frameworks and libraries that a developer is using to identify and inventory OSS components and to identify any known security vulnerabilities or licensing issues before the application is released into production. Container security Containers use a shared operating system (OS) model. An attack on a vulnerability in the host OS could lead to a compromise of all containers. Containers are not inherently unsecure, but they are being deployed in an unsecure manner by developers, with little or no involvement from security teams and little guidance from security architects. Traditional network and host-based security solutions are blind to containers. Container security solutions protect the entire life cycle of containers from creation into production and most of the container security solutions provide preproduction scanning combined with runtime monitoring and protection. www.tahawultech.com
SUNDAY 8TH OCTOBER 2017
CONRAD HOTEL, DUBAI, UAE
REGISTER AT
www.tahawultech.com/ictawards/2017
PARTNERS EXCLUSIVE SOLUTIONS ADVISOR PARTNER
OFFICIAL SECURITY SOLUTIONS PARTNER
GOLD PARTNERS
SILVER PARTNERS
For sponsorship enquiries Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 / +971 56 787 4778
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
OFFICIAL PUBLICATION
Merle Carrasco Sales Manager merle.carrasco@cpimediagroup.com +971 4 440 9147 / +971 55 118 1730
HOSTED BY
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
OPINION
AN INTELLIGENT APPROACH TO NFV SECURITY Why addressing security issues related to NFV is important for the Middle East service providers.
B
y replacing dedicated network appliances, such as routers and firewalls, with software running on commercial, offthe-shelf servers, Network Functions Virtualisation (NFV) is transforming the way communication service providers (CSPs) deliver network services. 32
08.2017
And the benefits that NFV offers are becoming increasingly clear to CSPs in the Middle East. As well as delivering savings by reducing operation costs and the need for truck rolls to deploy new hardware, it also allows operators to improve the speed at which new services are introduced. But, with more network functionality being managed by software than
ever before come some unique considerations around security, particularly when an organisation moves its Domain Name System (DNS) infrastructure to an NFV implementation. Planning such a transition requires extra thought to be given around the protection in place. Many operators are still using open source or commodity www.tahawultech.com
software, for example, to protect their virtualised environments, which can involve risks they may be unaware of. A more intelligent approach Firewalls, intrusion detection tools and other traditional security solutions tend not to be designed with DNS protection in mind, especially in an NFV environment. Some aspects of NFV, such as centralisation and virtual machine (VM)-level security, can offer improved protection. However, the increased flexibility and higher level of configuration available can potentially result in network functions being misconfigured, which can open up new attack vectors. And even if these configuration issues don’t actually lead to security being compromised, the cascading effect they can create can impair the overall functionality of a network by giving the appearance of security issues where there are none. But, of course, genuine malicious actions do exist. Network resources can be quickly overwhelmed by a DNS-based DDoS attack which, by generating too many resolution requests for the DNS system to handle, will prevent legitimate requests from being resolved and effectively shut down the network. Attackers can replace a valid IP address with another that redirects the requestor to a malicious website. In other cases, individual VMs will be attacked using tunnelling techniques, which encrypt and exfiltrate information through channels not normally analysed by traditional security software. Furthermore, VMs, in common with physical hardware, are susceptible to infection by malware. If a machine isn’t quarantined sufficiently quickly after becoming infected, the infection can rapidly spread, disrupting the functionality of other machines throughout the network from within. www.tahawultech.com
NFV is emerging as the next stage in creating highly dynamic, automated networks. But, as technology continues to evolve, so network planning must evolve with it, managing the risks while reaping the rewards. - Dilip Pillaipakkam, Infoblox
Built in, not bolted on Such examples serve to illustrate why DNS-based security needs additional attention, and why monitoring the virtualised environment requires a different set of tools to those used in traditional network security. Rather than being bolted on, DNS security needs to be built into the NFV architecture. The integration of DNSspecific protection will help minimise any gaps in coverage that may be overlooked by add-on solutions, and exploited by attackers. Steps must be taken as soon as possible to minimise the impact of any attack that does take place. For example, the virtual environment must be able to rapidly deploy resources by spinning up new VMs without the need for operators to be involved. Automatically adding capacity in this way, while at the same time managing the attack, will prevent any interruption to service, thus reducing the risk of lost productivity and revenue. NFV-based security ought to be capable of detecting previously unknown threats such as zeroday vulnerabilities by continuously analysing network behaviour while simultaneously defending against established threats. Virtualised infrastructure should be able to track provisioned VMs, analyse
their IP addresses, and monitor all DNS traffic to detect suspicious behaviour as it occurs. It should also be able to quarantine infected VMs when necessary to prevent the infection from spreading. And importantly, while threats such as DDoS attacks may come from outside the firewall, malware on existing VMs can be just as dangerous. For this reason, any DNS-based security for NFV should include internal analysis and resource tracking as well as external. Lastly, we’ve seen how issues around configuration can cause security and performance problems, illustrating the need for network discovery and automation tools which are able to determine correctly – and incorrectly – configured network functions, and identify potential issues. NFV is emerging as the next stage in creating highly dynamic, automated networks. But, as technology continues to evolve, so network planning must evolve with it, managing the risks while reaping the rewards. Security must be addressed at the implementation stage rather than seen as an afterthought. Only then can service providers enjoy a flexible and transparent network that will meet their current and future needs, while ensuring continuing to protect their most valuable resources. 08.2017
33
OPINION
ADAPTING SECURITY TO MANAGE DIGITAL RISK
By Srinivasan C.R. – Senior Vice President, Global Product Management & Data Centre Services at Tata Communications
34
08.2017
www.tahawultech.com
T
rganisations today are embarking on their own distinct journeys of digital transformation as advances in new technologies like 5G and AI change the face of business. There is a common misconception that security hinders innovation, and limits the rate at which organisations can transform. The reality is that failing to factor in security at the outset of a digital transformation journey increases risk from outside threats. Periods of digital transformation should be seen as an opportunity to strengthen security in parallel with transforming your business. Data breaches are a concern for the general public and businesses alike. Only recently, the UK’s National Health Service (NHS) was the target of a sophisticated ransomware attack that ground emergency services at some hospitals to a crawl and genuinely endangered lives as a result. Hacks can also be reputationally and financially damaging to a business, as it was for Yahoo. When details emerged in 2016 about a 2013 data breach that affected one billion accounts, the company faced harsh criticism for not disclosing the event sooner, and had a considerable financial impact when Verizon announced that the breach would have a ‘material’ effect on their acquisition deal. In addition, the regulatory implications of large-scale attacks are mounting. Under the European General Data Protection Regulation (GDPR) for example, which will come into full effect in 2018, organisations may be fined up to 4% of global turnover or €20 million (whichever is greater) following a breach if the regulators decide that the organisation did not take the necessary precautions to protect the data. All of this considered, it’s clear that the landscape of digital threats has seen considerable advancement in recent years but organisations are failing to adapt. Many organisations are using outdated methods of protection that focus too heavily on blocking and prevention mechanisms. These methods www.tahawultech.com
Periods of digital transformation should be seen as an opportunity to strengthen security in parallel with transforming your business. - Srinivasan C.R, Tata Communications
are decreasingly effective against the advanced threats from today’s motivated, advanced hackers. There is no such thing as an unsinkable ship, and there is no such thing as impenetrable prevention against attackers. So how can organisations adapt? The first step is to accept that at some point, the hackers will breach your preventative security layer. The second is to invest in an adaptive security method that is able to keep up with increasingly sophisticated attacks. Adaptive security means putting preventative and responsive security processes in place at every step in your system that a threat could break through. Organisations should shift their mind-set from ‘incident response’ to ‘continuous response.’ Typically, there are four stages in an adaptive security life cycle: preventative, detective, retrospective and predictive. For organisations to protect themselves they need to get the right mix. Preventive security is the first layer of defence. This includes things like firewalls, which are designed to raise the bar against attackers, blocking them and their attack before they affect the business. Most organisations have this in place already, but there is definitely a need for a mind-set change. Rather than seeing preventative security as a way to block attackers completely from getting in, organisations should see it as a barrier that makes it more difficult for an attacker to get through – giving the organisation
more time to detect and disable an attack in process. Detective security detects the attacks within the system that have already breached your walls. The goal of this layer is to reduce the time that attackers spends within the system, limiting the subsequent damage. This layer is critical, as the organisation has already established that attackers will, at some point, encounter a gap in their defences. Retrospective security is an intelligent layer that turns past attacks into future protection – similar to how a vaccine protects you against diseases. By analysing the vulnerabilities exposed in a previous breach and using forensic analysis and root cause analysis, it recommends new preventative measures for any similar incidents in the future. Predictive security plugs into the external network of threats, periodically monitoring external hacker underground to proactively anticipate new attack types. This is fed back to the preventative layer, putting new protections in place against evolving threats as they’re discovered. These are the four ingredients you need to secure your business during your network transformation journey and they need to be baked in together in order to protect you to their full potential. All elements improve security individually, but together, these four distinct security mechanisms form a comprehensive, constant protection for organisations at every stage in the life cycle of a security threat. 08.2017
35
OPINION
MOVING BEYOND DEFENCE-IN-DEPTH Defensive cybersecurity strategies must evolve to meet the complexities of an evolving threat landscape, writes Jon Ramsey, CTO of SecureWorks.
E
very organisation, when developing a strategy to defend against online threats, fundamentally comes down to evaluating how to best minimise risk with finite resources. Over the past 20 years, defence-in-depth – using multiple layers of security controls to slow down attackers – has been an instrumental approach to risk mitigation. When we see a new threat tactic, the security industry responds with a new product to protect against it, thereby adding another layer of protection. But with hundreds of tactics and an increasingly complex threat landscape, is adding a new layer for each new threat the most effective use of resources? 36
08.2017
To quote, arguable one of the smartest people in the security field, Dan Geer, “If you want to reduce your risk by half, you have to double your cost.” As new threat tactics surface, you have to ask what is the risk reduced per dollar spent for adding the new layer. Knowing the new tactic could compromise your security, applying defense-in-depth principles, you would likely deploy the new product. But is it really worth it? If you’re adding a fourth layer or a tenth layer or even a 40thlayer, historically, it’s been the industry standard approach. On average, the 150 largest SecureWorks clients have 78 controls in place, but once you’re adding an 80th layer – which is not uncommon – the law of diminishing returns applies. The amount of risk reduced is less than the amount of significant investment needed for more layers.
Defence-in-depth to defence-in-concert Defence-in-depth has been a great strategy, but now we need a new methodology. Instead of adding another layer as a way of responding to new tactics, we need to drive collaboration and contextualise what’s happening within the infrastructure between the layers and let that context inform the action. That is defence-in-concert. You can buy new layers of defence, but that strategy becomes cost-prohibitive as new threats surface. By adopting a defence-in-concert strategy, you more efficiently apply your resources to garner more effective outcomes. Think about today’s security marketplace and the challenges organisations face to stay ahead of evolving threats. With a defence-in-depth approach, there’s a tradeoff that has to www.tahawultech.com
be made. Organisations must determine if they are better protected buying a suite of products from one vendor whose layers are collaborating with one another or buying best of breed products (endpoint, data security, application security, cloud, etc.) from different vendors, sacrificing collaboration. What you really want and what the market needs is the best-of-breed that’s also collaborating. Our job is to be able to get to defence-in-concert and allow for contextualisation and collaboration value while letting the market choose the best-of-breed technologies amongst those layers. Being vendor agnostic lets clients use the technologies with which they’ve already invested and get the value out of them. Businesses can choose the technologies they want and implement a defence-in-concert strategy without having to sacrifice capabilities of a particular layer. Orchestration is about the playbook, not the plumbing Automation is important to contextualising the collaboration between security layers, but it’s also worth noting that successful orchestration isn’t just about the ability to automate an action. It’s about understanding what actions need to be taken and what the effective gain-loss analysis is of that action. What I mean is automation is great, but if you’re not careful, you can break a lot of things automatically really quickly. So when you’re going to take an action across the infrastructure, first you want confidence that the action isn’t going to cause any negative, unintended consequences. Second, if you’re taking an action because of a security event, you want it to be effective, and that can require validating what’s actually happening. By collecting all of the contextualised information and synthesising it to understand what is occurring, you’ll be in a better position to take an action rooted in ground truth www.tahawultech.com
Automation is important to contextualising the collaboration between security layers, but it’s also worth noting that successful orchestration isn’t just about the ability to automate an action. - Jon Ramsey, SecureWorks
– what we can observe – instead of relying on inferences. Security needs to speak the same language Let’s assume the plumbing is in place and that all the security layers from different vendors can communicate with one another. The challenge then becomes aligning the semantics and interpretations from each vendor to determine what the next action should be. Contextualisation is important, but precision, timeliness and fidelity are also fundamental. If your endpoint vendor tells the network it has detected an instance of ransomware, is it making the right call? Could it be a false positive? If it has correctly detected ransomware, while that may be interesting, that alone does not provide enough details to inform an action. But if it tells you what version of Cryptolocker it has detected, then you might know what action to take. What makes this even more complicated is that the security industry has never had any kind of standardisation in terms of taxonomy. Vendors use different naming conventions for malware families and threat actor groups, so if security layers from different vendors are to communicate and collaborate, we need to establish a common taxonomy, map it, and share it so that there is industry-wide
consistency. Because we integrate with, monitor, and manage numerous third-party products, we understand the nuances of the different naming conventions currently in use. While one malware group may have different names used by different vendors, we can treat it as one entity using our mapping system. The industry does not currently use a shared naming system, and if we continue using incongruous language, the message gets lost in translation. Secureworks uses an internal taxonomy to map threats so that the message can clearly inform the necessary action. Taking the next step in security across the ecosystem Looking at the complexities of the threat landscape, malicious tactics are outpacing the efficacy of defencein-depth. Building more walls is an unsustainable strategy that cannot meet evolving security challenges businesses face. Instead, organisations need to adopt strategies that optimise their resources and focus on rapid, accurate detection and response. As an industry, we need to ensure that we’re creating an environment where layers of security can communicate in a way that can be consistently understood and interpreted and that provides the context, timeliness, and precision to drive the most effective actions to protect and defend. 08.2017
37
OPINION
RISE OF THE MACHINES Raj Samani, Head of Strategic Intelligence, McAfee, writes about taking your security team to the next level with machine learning
M
achine learning is all around us, enriching our online lives every day. We see it with our own eyes when search engines accurately predict what we’re looking for after we type only a few letters. We feel it protecting our bank accounts evaluating credit card transactions for signs of fraud. We notice it in selections of articles and ads in online newspapers. We no longer think twice about these conveniences; in fact, it’s hard to imagine online life without machine learning. In relation to cybersecurity, machine learning has been changing the game as a means of managing the massive amounts of data within corporate environments. However, machine learning lacks the innately human 38
08.2017
ability to creatively solve problems and intellectually analyse events. It has been said time and again that people are a company’s greatest asset. Machine learning makes security teams better, and vice versa. Human-machine teams deliver the best of both worlds. MACHINE LEARNING ALLOWS ENDPOINT SECURITY TO CONTINUALLY EVOLVE TO STOP NEW ATTACK TACTICS The dark web is driven by intelligent bad actors who are often financially motivated to create new threats with new attack techniques. Security becomes personal when considering the people behind the attacks, making the human-machine team the best sustaining defence. CSOs empower security operations to blend the best elements of art and science, where security team employees provide
creative responses and leverage machine learning to provide highperformance scientific responses. While machine learning can detect patterns hidden in the data at rapid speeds, the less obvious value of machine learning is providing enough automation to allow humans the time and focus to initiate creative responses when responses are less obvious. By using a filter for optimization across the best advantages of human and machine elements, it’s easier to evaluate the relationship between them. MACHINE LEARNING ADDS CRITICAL CAPABILITY TO SECURITY STRATEGIES The process of security researchers analysing malware to develop signatures is still important, but only as a capability to address the large volume of known malware because it cannot www.tahawultech.com
be expected to evolve quickly enough to meet the rapid pace of malware being introduced to the wild. Machine learning becomes the fastest way to identify new attacks and to push that information out to endpoint security platforms. The key differentiator in incorporating machine learning into endpoint security is the amount of relevant data consumed by the algorithms. Machine learning manifests itself in multiple ways in helping save security teams’ time and energy: User experience is optimised Machine-learning algorithms feed information to the endpoint about file attributes that indicate the presence of malware. These attributes may be related to type, size and source, as well as header anomalies and detected sequences of operating system calls. A quick scan before execution allows security to perform its preliminary triage without souring the user experience. Suspicious behaviour flagged automatically - Once the program is running, machine learning on the endpoint monitors behaviour for signs of an attack. This runtime detection is keyed by information on attack tactics again uncovered by machinelearning analysis of malware samples in the datacentre. While pre-execution checks file attributes to make a malware decision, runtime execution requires knowledge of specific actions attackers are likely to use. For example, ransomware can render your files useless in less than a minute. Machinelearning analysis of ransomware attacks may uncover timing and access patterns of file shares that would indicate an attack is underway – allowing endpoint security to stop the threat before all files are encrypted. Highly valuable investigation and response data available automatically - Helping security teams respond to an incident, machine learning can identify suspicious connects and create alerts based on equations. www.tahawultech.com
The presentation of machine-learning results enables people in security teams to do what they do best – create intelligent, innovative and effective solutions to new threats before significant damage is done to the business. - Raj Samani, McAfee
In this case, security analysts need precise information on the threat such as files touched, registry changes, server connections, etc. Because machine learning looks across multiple dimensions, much of the data that incident response teams require is already available, but has traditionally required extensive manual correlation. Ideally, highly valuable investigation and response data would be available through the already-present endpoint management console. The presence of machine-learning technology results in significant time savings – by a factor of 10 is not uncommon – that can help security teams keep the business running ELEVATE SECURITY TEAMS WITH MACHINE LEARNING People matter the most, but combining human intelligence with machinelearning technology creates strong security teams. The visibility into tactics throughout the entire attack chain that machine learning affords is critical to enhancing the relationship between security teams and technology. Machine learning enables security teams to devise new defences quickly to adapt to attackers’ automated processes and make it more difficult for them to be effective. Remember, machine learning places the time sequence of activity observed between security products.
With machine-learning assistance, security teams have greater insight into who the attacker is, the methods being used, where the attacks are coming from and how they are spreading, as well as which security measures are working and which are being defeated. Most importantly, the presentation of machine-learning results enables people in security teams to do what they do best – create intelligent, innovative and effective solutions to new threats before significant damage is done to the business. If people are the company’s greatest assets, then machine learning helps make them even greater. To close, machine learning should be a critical component of an enterprise’s endpoint security strategy. Given the volume and evolution of attacks hammering away at endpoints, security must be able to adapt without human intervention, and must provide the visibility and focus to enable humans to make more informed decisions. Machine learning has come of age with big data driving accuracy up and false positives down. The proof of successful human and technology teaming will be seen in the ability to rapidly dismiss alerts and accelerate solutions to thwart new threats. Your users deserve the best that cybersecurity has to offer, and today the best endpoint security products leverage machine learning. 08.2017
39
Dubai’s BIGGEST Events Are Now Accessible On Your Smart Phone Devices
Access to latest events
Search using the Browse chronologically key name, calendar or map
PRODUCTS
Brand: Axis Communications Product: Forensic WDR
Brand: Digital Barriers Product:SmartVis Identifier
What it does: Digital Barriers has announced SmartVis Identifier, the world’s first live facial recognition system for body worn law enforcement cameras. The integration of the company’s world-class EdgeVis and SmartVis technologies provides defence, security and law enforcement agencies with real-time facial recognition against multiple watch lists and databases. What you should know: The SmartVis facial recognition technology is already available for standard smartphones and has now been adapted to run live on the company’s body worn cameras designed for frontline law enforcement. Combined with EdgeVis – the world’s most effective mobile live streaming solution, already in use with flagship agencies around the world – it makes streaming from body worn devices both operationally and financially viable.
www.tahawultech.com
What it does: Axis Communications has introduced Forensic WDR, an enhanced Wide Dynamic Range (WDR) method that focuses on achieving high forensic value, in a number of new cameras. WDR is the term commonly used for the art of balancing both very dark and very bright areas in a scene. It is also known as HDR (High Dynamic Range). In the surveillance industry, the aim is to capture the forensic details at all times. Until now, the WDR methods on the market have not been able to add sufficient forensic value to ultra-high resolution cameras or surveillance scenes that feature a significant amount of movement. In launching its Forensic WDR, Axis has addressed both issues in several new cameras. What you should know: “Current WDR methods on the market struggle to capture the
forensic details needed, especially in challenging scenes with a great deal of movement and where high resolution is needed” explained Johan Paulsson, Chief Technology Officer at Axis Communications. “With Forensic WDR, the benefits of WDR can be realised even in such scenarios.
Brand: Kaspersky Lab Product: Secure Connection What it does: Kaspersky Lab has introduced Secure Connection, a solution for encrypting traffic on Windows and Mac computers. Based on VPN technology, it automatically enables encryption when the risk of data interception is most dangerous for the user, for example, when connecting to public Wi-Fi or using online banking or other sites containing private information. The unprotected or poorly protected transfer of data puts a person’s privacy, data and even their money at risk. By using tools that are freely available on the Internet, intruders can read and use information transmitted over these connections, including messages, passwords and files. What you should know: Kaspersky Lab’s Secure Connection ensures reliable encryption of transmitted data,
and if the user forgets to enable it, the solution will display a reminder when it is most needed. For example, it will offer its services if a Wi-Fi network is unsafe or – in the case of the Windows version – if the user attempts to open a site with critical information (email, online banking, e-payment system, online store or social networking site) without encryption. If preferred, Secure Connection can also be set to manual control or continuous encryption. Management of Secure Connection is worth mentioning separately. Monitoring the time, duration and volume of encrypted traffic transmitted for each connection is easy via a My Kaspersky personal account, and the same portal can be used to control remaining megabytes in the free version. 08.2017
41
BLOG
EXPLOITING DATA BREACHES Michael Marriott, security expert, Digital Shadows
H
igh profile data breaches are increasingly making headlines and, seemingly, businesses are losing the battle to protect their intellectual property (IP), corporate, and customer data from the threats posed by cybercriminals. It is no surprise that financial gain is the single biggest motivator for cyberattacks. The 2016 Verizon Data Breach Investigations Report highlighted that financial gain and espionage accounted for more than 89 percent of all data breaches they studied. Furthermore, financial gain was by far the biggest single reason for attacks, beating espionage and all other objectives into a distant second place. This is big business for cybercriminals. To deal with the threats posed by these breaches, organisations, need to step up their strategies for protecting their intellectual property. This is possible by doing two things. Firstly, by identifying the location and protections around critical IP, secondly keeping a watchful eye on the types of attackers and the methods they might use to obtain it.
42
08.2016
But despite the excitement, which is often rightly directed at new viruses or malware or attack techniques, it is exploit kits that remain one of cybercriminals’ most reliable and trusted delivery mechanisms to embed malware and conduct malicious activity. And, even as an exploit kit gets shut down, others pick up the slack and continue to deliver their payloads. Our report, ‘In the Business of Exploitation,’ found that the vulnerabilities exploited by the top 22 exploit kits showed that Adobe Flash Player was likely to be the most targeted software, with 27 of the 76 identified vulnerabilities exploited taking advantage of this software. Understanding the most commonly exploited software, and the most frequently targeted vulnerabilities, can aid in mitigating the threat posed by exploit kits and prioritising their patching. To protect their IP, it is critical that a company evaluates their security using the perspective of an attacker, which helps prioritise the work to address potential vulnerabilities. This
could involve looking at where their organisation is exposed on social media sites, points of compromise, and looking for evidence of previous attacks across the visible, dark, and deep web. The military use the term situational awareness, and we believe that it is useful for companies to use this approach when considering their cybersecurity controls. Companies can, therefore, remain quick to respond to incidents and limit the consequences of any potential breach. That way they can remove information from public view by issuing takedown requests as soon as an organisation finds its information being shared advertised or sold on the web. Similarly, by knowing what information is compromised, passwords can be changed, customers notified and points of weakness fixed. By being proactive, organisations can tailor their defenses and make better, more informed business decisions. In a world of complexity and uncertainty, this kind of illuminating context is key to preventing vital IP falling into the wrong hands. www.tahawultech.com
Does balancing speed, quality and scale feel like rocket science?
Support test driven development and continuous testing with HPE ADM. Deliver quality applications rapidly, and at enterprise scale. Manage tests with an integrated ALM toolchain built for waterfall and Agile application development. Grow from defining and managing work items tracking, to optimizing program and portfolio. Project Agile is not Enterprise Agile. Discover the New. Start your free trial today. saas.hpe.com/software/alm-octane
INTERCEPT A completely new approach to endpoint security.
Sophos Intercept X is a next-generation endpoint detection and response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence. • Stop ransomware before it can take hostages • Block zero-day attacks with signatureless anti-exploit technology • Get easy to understand threat insight and root cause analysis • Automate remediation and malware removal Learn more and try for free at
www.sophos.com/intercept-x For more information please contact salesmea@sophos.com