ISSUE 11 | NOVEMBER 2016 www.securityadvisorme.com
SECURITY BLUEPRINT NANJGEL SOLUTIONS’ MD TALKS ABOUT THE FUTURE OF INFORMATION SECURITY
Security and privacy Insider threats Cloud security
THE WORLD IS WAKING UP TO THE REALITY OF CYBER INTRUSIONS.
DON’T WAIT FOR THE ALARM TO RING.
Our world is bombarded by news of data breach almost every day. What used to be a one-off case is now one of the largest threats, lurking in every corner of our cyber world. At DarkMatter, we deploy industry-leading intelligence to defend your assets with a full spectrum of cyber security capabilities. We develop new solutions to combat tomorrow’s threats, today. Take your first step towards genius: contactus@darkmatter.ae
STRATEGIC INNOVATION PARTNER
STRATEGIC PARTNER
CONTENTS
FOUNDER, CPIMEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Rajashree Rammohan raj.ram@cpimediagroup.com +971 4 440 9100 EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129
12
Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153
UPLIFTING SECURITY
Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135
In an exclusive interview, Nanjgel Solutions’ Jude Pereira dissects the security landscape and discusses where the industry is heading in the future.
Deputy Editor Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 375 5680 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9159 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9138 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119 PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 375 5673 Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100
06
THE NEW BALANCE With the vast use of technology in the workplace ever increasing, is it possible for enterprise security and employee privacy to co-exist?
16
Published by
Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of
© Copyright 2016 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
18
ROAD TO RECOVERY Veeam Software’s Greg Petersen shares how organisations can take the cost and complexity out of cloud-based disaster recovery. TAKING CONTROL NetScout Systems’ Ramesh Reddy shares insights about the increasing need for service assurance solutions in the region.
22
26
34
THE DEFENCE HUB Yasser Zeineldin, CEO, eHosting DataFort and Jeff Ogden, Managing Director, eHDF Cyber Defense Centre, discuss CDC’s objectives and future plans for the region. THE NEXT TARGET FOR PHISHING AND FRAUD: CHATOPS As chat platforms become increasingly popular, they are an obvious target for the next wave of cyber-attacks. 7 WAYS DEVOPS BENEFITS CISOS DevOps aims to create a culture that values collaboration. We bring you seven different ways DevOps can bring advantages to your security strategies.
NEWS
DARKMATTER, DELL EMC PARTNER TO DELIVER SECURE STORAGE AND ANALYTICS
Mohammed Amin, Dell EMC and Rabih Daboussi, DarkMatter
DarkMatter and Dell EMC have announced a partnership to help regional customers leverage the business benefits of next-generation storage and analytics, while incorporating advanced cyber threat protection. Under the agreement, DarkMatter will combine its end-to-end, cross platform expertise in securing networks and data with Dell EMC’s technologies and products. Through this agreement, DarkMatter solutions will incorporate cybersecurity, Big Data analytics and the modern data centre infrastructure across private and public data. Rabih Dabboussi, Senior Vice President, Sales, Marketing and Business Development, DarkMatter said, “Our customers are increasingly asking us to help tap the powerful world of big data, but in a manner that keeps their data, networks and organisations safe. By partnering with Dell EMC, we can provide hardened data infrastructure that provides world-class defence against advanced threats while delivering architecture that combines operational efficiencies with accessible and powerful analytics.” Advanced data network implementations are themselves part of the cybersecurity solution, and the use of Dell EMC’s technology underpins the security incident and event management (SIEM) solutions that DarkMatter will incorporate into its Dell EMC-powered security deployments.
4
11.2016
INTEL SECURITY STUDY FOUND INCREASED CYBER THREATS IN HEALTHCARE SECTOR remains lower than financial Intel Security has released its account records and retail payment McAfee Labs Health Warning account information, despite the report, which assesses the increasingly time-sensitive, or marketplace for stolen medical perishable, nature of data such as records; compares it with credit and debit card numbers. the marketplace for stolen The research also found that financial services data; identifies the average health record price healthcare focused cybercrimepoint to be greater than that as-a-service trends; and profiles Raj Samani, Intel Security of basic personally identifiable cybercrime targeting intellectual information, but still less than property in the pharmaceutical that of personal financial account data. The and biotechnology industries. per record value of financial account data The Intel Security research asserts that ranged from $14.00 to $25.00 per record, the development of the market for stolen credit and debit cards drew around $4.00 to data and related hacking skills indicate $5.00, but medical account data earned only that the ‘business of cybercrime’ in the from $0.03 to $2.42. The findings suggest healthcare sector is growing. financial account data continues to be easier “In an industry in which the personal to monetise than personal medical data, is paramount, the loss of trust could be which could require an investment that catastrophic to its progress and prospects financial payment data does not require. for success,” said Raj Samani, CTO, Intel “When a well-developed community Security, Europe, the Middle East, and of cybercriminals targets a less prepared Africa. “Given the growing threat to the industry such as healthcare, organisations industry, breach costs ought to be evaluated within that industry tend to play catch-up to in the Second Economy terms of time, protect against yesterday’s threats, and not money, and trust—where lost trust can those of today or tomorrow,” Samani said. inflict as much damage upon individuals and “Gaining the upper hand in cybersecurity organisations as lost funds.” requires a rejection of conventional Intel Security found that the price per paradigms in favour of radical new thinking. record for stolen patient medical records
Sophos named as ‘Leader’ in Forrester’s new report Sophos has announced it’s been positioned as a ‘Leader’ in Forrester Research’s new report, The Forrester Wave: Endpoint Security Suites, Q4 2016. Recognising that Sophos received the highest scores in the Strategy category, Forrester refers to Sophos Endpoint Protection as delivering “the most enterprise-friendly SaaS endpoint security suite.” The report cites that “buyers will appreciate its intuitive administrative interface along with the flexibility and scalability required for most enterprise deployments, both large and small.” Forrester also found that overall Sophos customers report a “high level” of satisfaction.
“This study assesses both traditional and next-generation security vendors against consistent criteria. The placement of Sophos on the strategy axis to the extreme right indicates to us that Sophos is taking the lead by adding next-generation technologies to our proven endpoint protection portfolio,” said Dan Schiappa, SVP and GM, Enduser Security Group, Sophos. “I believe that our position as a ‘Leader’ in this report is a testament to Sophos’ continued ability to assess the dynamic security landscape and listen to our customer needs to develop effective endpoint security products that exceed expectations for protection and manageability.
www.securityadvisorme.com
HID GLOBAL: SECURE ACCESS TO CLOUD A TOP PRIORITY FOR ME ORGANISATIONS A recent survey by HID Global has said they stored mission-critical found that the increasingly mobile applications and data. workforce in the Middle East is Respondents to the survey driving organisations to focus on included CIOs, CISOs, IT Managers watertight security strategies in and decision-makers from the order to protect and secure their public sector, retail, manufacturing, digital assets when accessing government, oil and gas, transport, applications and data in the cloud. banking and finance and real estate Miguel Braojos, HID Global The survey revealed that 47 from across the GCC. percent of organisations believe that securing Miguel Braojos, Vice President Global access to cloud based data and application is Sales, IAM Solutions, HID Global., said, “A as important as securing physical premises. robust security strategy and solutions with With 41 percent stating that secure access to multi-factor authentication is an important cloud based data and applications was their step to take because the loss or damage number one priority. of digital assets can have significant Of the respondents that participated in ramifications for an organisation. We are the survey, 72 percent said that they relied glad to find that organisations are assessing on private cloud solutions and 48 percent and evaluating their security strategies used it for collaboration solutions including and reviewing implementing multi-factor databases, CRMs, and email. 33 percent also authentication.”
Help AG receives information management certification Help AG has announced that it achieved the Information Security Management System ISO/IEC 27001:2013 Stephan Berner, certification. The Help AG certification confirms that Help AG has implemented over 110 stringent security controls relating to physical and environmental security, technical security, personnel security, supplier relations, operations security, business continuity, incident management, and compliance. The audit and certification was carried out by BSI Group following a stringent internal audit by Help AG’s own Strategic Security Consulting division.
www.securityadvisorme.com
“We understand that there are some reservations that regional businesses have about trusting security controls to service providers. Our ISO27001 certification enables us to guarantee the right level of controls exists and is audited by an external agency at regular intervals,” said Stephan Berner, CEO, Help AG. “This together with initiatives such as delivering all services locally, offering an on-premise deployment option, fully recording all access, and strictly adhering to all local laws has helped us address customers’ concerns and challenges regarding management and access to sensitive data by our MSS team.” Berner added, “Even large enterprises in the region lack the financial and human resources to have specialised teams of IT security experts. This leaves them with little time to continuously monitor their infrastructure for cyber threats and makes incident response a tremendous strain on already overworked employees. Our MSS is an affordable way for businesses to gain ready access to the very best security experts to significantly enhance their security posture.”
INFOBLOX NAMES NEW EVP OF WORLDWIDE FIELD OPERATIONS Infoblox has announced that Bill McCarthy has joined the company as its new Executive Vice President of Bill McCarthy, Worldwide Field Infoblox Operations. McCarthy will be reporting to Infoblox president and Chief Executive Officer Jesper Andersen. In his new role, McCarthy will drive the company’s worldwide sales, support and professional services functions to accelerate growth and extend Infoblox industry leadership beyond DNS, DHCP, and IP address management (DDI) into security, cloud and analytics. McCarthy joins Infoblox from Cisco, where he was Area Vice President for the Americas in Cisco’s Service Provider business. McCarthy was responsible for growing revenue and market share in the fields of mobility, web services, social media, gaming as well as media and broadcasting. “I’m incredibly excited to join Infoblox’s outstanding management team and help capitalise on the growth opportunities that result from the hyper-connected and global nature of every business,” said McCarthy. “The network is the fabric on which today’s digital economy functions, and Infoblox’s actionable network intelligence is the key that enables organisations to control and secure their mission critical networks.”
$3.8M
value of reported average total cost per data breach across the globe Source: IBM and Ponemon Institute
11.2016
5
FEATURE
THE NEW BALANCE With the vast use of technology in the workplace ever increasing, the line between enterprise security and employee privacy can be easily blurred. Is it possible for these two to co-exist?
O
rganisations and individuals within them have become increasingly captivated by the convenience of mobile processes. However, as mobile device use becomes a norm within the modern workplace, there seems to be growing concerns from both employers and employees in the areas of privacy and enterprise security. 6
11.2016
Thomas Fischer, Global Security Advocate, Digital Guardian, says, “The debate between enterprise security and privacy is a long one with no clear winner, but both can coexist. An enterprise must balance the need for security and the privacy of its users or customers. At the same time, both the enterprise and the end-user need to play a role in ensuring that balance.” Fischer then underlines that enterprises need to deploy solutions
that will allow them to protect the data in an active way, but they must also ensure that the system is flexible enough to whitelist personal data. Rafik Hajem, Vice President, EMEA, Guidance Software, maintains that enterprises should look closely at the systems where security and privacy intersect. “Mostly, the intersection is evident through the use of company email, phones and other IT devices.” According to Hajem, the growth of www.securityadvisorme.com
FEATURE
bring-your-own-device (BYOD) also adds to the complexities of the security vs privacy issue. In response to this, he advises employers with BYOD policies to use mobile device management (MDM) solutions to monitor for things like malware and other security threats. “There needs to be enterprisewide policies that clearly define which information is collected and which communications are monitored. They should also identify any other potential impacts, like data wipes or interference with functions like cloud synching. While enterprises do not necessarily need to inform employees on all the specifics of security strategy, they should be transparent with employees on the monitoring processes that will take place,” he explains. While achieving the balance between corporate security and data privacy may be challenging, it is not an impossible task. However, it is important to keep in mind that for any successful security policy to work, all parties involved must understand and adhere to it. With the numerous threat actors surrounding the IT landscape, corporate data security is something modern enterprises are not taking lightly, and employees must be aware of the likelihood that their data will be monitored. “First, it’s as much about protecting as it is monitoring the data,” explains Scott Manson, Cyber Security Leader, Middle East and Turkey, Cisco. “We need to consider this a shared responsibility between those who process or use the data, the privacy and information security teams. Security is always going to have a role in protecting that data, but protecting the data involves more than just keeping it secure. Protecting data starts with using it for the purposes for which it was collected, and continues through responsibly storing it, restricting access, and disposing of it when that intended purpose is complete.” www.securityadvisorme.com
Protecting data starts with using it for the purposes for which it was collected, and continues through responsibly storing it, restricting access, and disposing of it when that intended purpose is complete. - Scott Manson, Cyber Security Leader, Middle East and Turkey, Cisco
In terms of access limitations, Manson underlines that organisations should establish guidelines for accessing and using this data, based on roles, responsibilities, and genuine needs. According to Fischer from Digital Guardian, the current trend today is that data policies and controls are now the responsibility of a Data Protection Officer. “Typically, this person must have a clear understanding of the company’s critical assets,” he explains. “The role should also have the responsibility of defining which data is classified and how. Data in most cases should remain anonymous if possible or should be based on ‘metadata.’ The real data should only be made accessible or viewed by authoritative parties (perhaps lawyers or HR managers) in front of the end-user.” Over the last few years, several industry studies have noted that more than 250 million collections of confidential data were reported lost or stolen. As a result, organisations both in the public and private sectors - are increasingly implementing data security and employee privacy best practices. “There has been an increase in awareness when it comes to security, and this has resulted in security policies playing a larger role than previously,” says Nick Saunders, Security Specialist, Middle East and Africa, Mimecast.
“Businesses globally are becoming more aware of the new risks that interconnected applications bring, where one compromised vector such as email is linked into other critical applications.” Harish Chib, Vice President, Middle East and Africa, Sophos, explains that while companies in the region are doing their bit to set up an adequate set of policies with regard to security and employee privacy, it is not enough. “The need of the hour is the deployment security solutions that offer comprehensive security, work as a system and are easy to deploy,” he says. “The focus should be on using integrated solutions made up of industrial strength components whereby the endpoint communicates with the firewall to share threat intelligence. Also, companies should keep the privacy factor in mind, wherein, security policies cover only that data which comes under the bracket of sensitive company information, and they are able to ensure employee privacy vis-a-vis their personal information.” Data is the exhaust of our digital lives— personally and professionally. Protecting it is paramount for enterprises and individuals alike. To keep the security and privacy balance within the workplace, industry experts underline that it would be ideal to ensure that corporate data and personal 11.2016
7
FEATURE
data generated by employees are kept separate. “Organisations need to design their infrastructure so that corporate, customer and employee data is in separate systems – virtually or logically,” says Manson. “They must create a data architecture, information classification system and access policies in order for employee datato be kept separate from the corporate and customer data sets. There may be areas where organisations may need to manage both, like CRM or sales management tools, but in those instances, organisations must have strict access controls in place, and defined roles and responsibilities.” However, Saunders from Mimecast explains that keeping both data sets secure and private can be challenging for most organisations, as the line between work-life and personal-life is blurred when work emails are accessed on personal mobile devices. “Restricting access to certain websites is one way of preventing personal activity using company devices, but what is most important is for the company to determine the reason for restricting the ability for employees to access personal platforms,” he says. “If it’s a security concern, for example, introduce secure large file sending tools or ensure
that corporate versions of consumer platforms like Skype are used. If it’s a bandwidth concern, restrict access to the sites concerning your business. Inevitably, employees will find a way to bypass most IT limitations, so it’s best to understand their behaviour and reasons for accessing certain sites and find a way to enable them to do it securely to help protect your business.” A study by Crowd Research Partners found that over the last year, 62 percent of security professionals said that insider threats have become more frequent, yet fewer than 50 percent of organisations have appropriate controls to mitigate this. “Dealing with insider threats is very much about understanding what data/information is valuable and then safeguarding the same,” says Nicolai Solling, CTO, Help AG. “This could be in the form of data loss prevention systems and strict access management to sensitive systems, as well as proper control of who has access to what. Unfortunately, the way we store information today welcomes unstructured access, even to sensitive information.” Fischer agrees to these sentiments, and advises that systems need to be able to easily detect and track the movement of corporate data. However,
Organisations can consider solutions that will focus on using and reporting based on metadata; that is to say, only capturing the relevant information that allows for detection, alert and control but not the contents. - Thomas Fischer, Global Security Advocate, Digital Guardian
8
11.2016
he underlines that these steps should be done while ensuring that employee privacy is not compromised in the process. “Organisations can consider solutions that will focus on using and reporting based on metadata; that is to say, only capturing the relevant information that allows for detection, alert and control, but not the contents,” he says. “The solution needs to be matched to a good and well-defined classification policy, which will allow the critical assets to be easily identified. Not forgetting that a proper usage policy needs to be communicated and accepted by the users and the enterprise.” While it is undeniable that threat activities coming from insiders are increasing, it is important to note that in many instances, employees are often not aware of the threat they are posing to the organisation. “This is why educating staff is an important first step for any organisation to take,” says Saunders. “Having the right technology to safeguard the organisation from malicious insiders is also essential to prevent data leak prevention, protect against malware and ensure productivity is maintained through business continuity.” Tony Zabaneh, Channel Systems Engineer, Fortinet, seconds this notion explaining that education and transparency among employees and IT security officers are the core requirements of an IT security strategy, especially for BYOD employees. “It is imperative that IT staff and IT operations officers know how SSL interception and zero-day emulation works and analyses traffic,” he says. “Educating employees and IT personnel ensures a better understanding of the technology and how to fully utilise it for an optimum and superior security enforcement without affecting employee’s private data access.” www.securityadvisorme.com
Nothing happened today In a perfect world, no one thinks about access control except you. The hundreds of people coming and going don’t think about you, or what a good job you’re doing, or how they always manage to get seamlessly where they need to go. Because you chose Synergis access control, it was another great day.
© 2014 Genetec. All rights reserved. Genetec and Synergis are either registered trademarks or trademarks of Genetec.
genetec.com/synergis
BACK THAT COMPUTER UP PREVENTING COMPUTER DISASTERS IN THE AGE OF THE CLOUD
Everyone has heard a terrible story about a friend’s hard drive tragically crashing the night before an important project is due, or a family member losing thousands of pictures and memories to a failed hard drive. Backing up your computer is easier, and more secure, than ever before.
HARD DRIVES AREN’T FOREVER
Manufacturers claim a 1% failure rate, however recent studies done by Carnegie Melon University show that a 2-4% failure rate is more common, with some hard drives as high as 13%
140,000
The number of hard drives that crash each week in the United States
74%
of organisations have experienced data loss at the workplace. 32% take several days to recover from data loss. 16% never recover
70%
of small businesses in a survey reported that a single loss in data could have a significant and costly impact on the business
THE CLOUD IS GROWING Currently, it is estimated that there are over
50 million
servers worldwide, making cloud storage more accessible ever
REGARDING THE CLOUD, POLLED EXECUTIVES RANKED ITS BENEFITS IN THIS ORDER:
63%
51%
CENTRALISED DATA MANAGEMENT
44%
SAVINGS IN COST
DISASTER RECOVERY
$15,000 per day
Estimated financial impact a disruption in technology resources can have on a small to medium-sized business
SECURING YOUR INFORMATION Now that the importance of computer backup is abundantly clear, look out for these signs of a corrupted hard drive:
i
• Irregular crashes that are increasing in frequency • Error messages when performing simple tasks, such as moving files • Scrambled or changed file/folder names • Extended wait times when opening up files/folders • Disappearing files/folders • Audible grinding noise when hard drive is retrieving information For complete assurance, it is best to have both a physical local backup, as well as a cloud backup.
BACKING UP VIA EXTERNAL HARD DRIVE:
THE HARD DRIVE ON YOUR COMPUTER IS AT RISK OF FAILING
STILL SKEPTICAL OF THE CLOUD?
50%
64%
80%
Purchase an external USB hard drive
Follow the instructions in the software to backup your hard drive externally
Plug it in to your computer
Install the software on your computer
Purchase a software that easily allows you to backup both locally and in the cloud
of the US Government uses cloud computing, spending over $2 billion annually on these services
BACKING UP VIA THE CLOUD:
of cloud activity is from the banking industry
• Purchase software for cloud backup • Install the software onto your computer • Follow the instructions to have your information safely uploaded to the cloud within minutes
of companies that moved to cloud have seen improvement within six months of adoption
With so many opportunities to backup your computer in this day and age, you should never lose information to a faulty hard drive ever again! Source: Novastor
INTERVIEW
Uplifting security In a freewheeling interview, Jude Pereira, MD of Nanjgel Solutions, dissects the security landscape and tells us where the industry is heading in the future.
12
11.2016
www.securityadvisorme.com
INTERVIEW
I
s the security industry getting more mature to tackle the challenges? The security industry is fully matured. It is not easy to hack into networks and vendors are doing their job well. Now, hackers are finding collaborative measures because it is no longer easy to drop some software onto a network and get in. If you have done your job well, and implemented some sort of security frameworks, you are safe. You may not be 100 percent secure but you are safe. Do you see organisation budgeting for security? Yes, companies are budgeting for security. If you run a business, it is mandatory to have a security budget. There is a paradigm shift in security now; people are no longer talking about static tools, but it is more about how you augment, integrate and automate all these silos. If you ask me any conversation about security has to be centred around two important factors – risk and resilience. Do you have the right privacy controls? Do you have the right processes and governance in place? When it comes to resilience, the questions should be, if I am breached, what are my measures to mitigate? How quickly can I get back? What kind of service assurance can I provide? These are the terms security people are not familiar with and this is where you have to start. If you are a CISO, you can’t just be contented with implementing the next big solution. You should also be able to counter the attacks and understand what really happened. To achieve this, having the right people, processes and education is important. Are we evolving beyond basic tools? We have gone way beyond basic tools. CISOs often ask me, what is next beyond these? They don’t want us to 14
11.2016
There is a paradigm shift in security now; people are no longer talking about static tools, but it is more about how do you augment, integrate and automate all these silos.
talk about firewalls, IPS, SIEM, etc. They want to know what is beyond all these. CISOs are no longer just looking for simple security tools and processes anymore. This is why we are building management dashboards and visibility tools that can bring security that previous technologies can’t provide. Going forward, I think artificial intelligence and machine learning will play a major role in security. I still don’t see cognitive analytics in the security market, and machine learning that vendors are talking about is very basic. However, these are the next set of tools you can expect to see. Is security now a boardroom discussion? Security is indeed a boardroom game now, and CISOs are directly responsible. Before, they didn’t even know what devices or policies they had. Now the top is getting hammered. If a company is impacted by a breach, the first party to be reprimanded is the top management, not a junior engineer at the bottom. This shift is very important. What kind of new attack vectors are you seeing? Forget new attacks, we are not even rugged for the old. I haven’t seen specialised penetration tests in the Middle East. You might find some who does the basics but they are not doing the way it should be done. A good pen
testing should cover all aspects – is the coding right? Can it withstand SQL injections? Can someone get into your system by dropping in a malware? The problem is that we are more tool-centric, than threat-centric. Some of the companies don’t even know what they are deploying security tools for. When I talk to customers I ask them what are they trying to achieve and they don’t have an answer to that. If you are a bank, forget the perimeter, focus on securing the core banking system. Your perimeter is only as good as your core. What should be the cornerstone of a good security architecture? The cornerstone of security should be a framework. You can start off with the tools and they go much beyond that to processes, governance and resilience. But, the most important thing is education, because people will always be weakest link. Can any vendor guarantee you that they can stop ransomware or phishing attacks? If an employee wants to click a link or download something, he or she will. Here, the awareness is the key. The complexity of solving threats is increasing and human beings are needed to compensate for the lack of automation. The problem is that there are so much manual processes, which is why I always say security should be automated, and not fragmented. www.securityadvisorme.com
INSIGHT
ROAD TO RECOVERY By Gregg Petersen, Regional Director, Middle East and SAARC, Veeam Software
W
HEN DOWNTIME IS NOT AN OPTION Downtime saps the energy from organisations. Every minute of lost productivity drains revenue. Meanwhile, competitors get a head start, when they should be left far behind. Availability of applications and data have a direct impact on its top and bottom-line performance for modern businesses. The result? There is absolutely no tolerance for downtime today. To reduce unplanned downtime to an absolute minimum and keep businesses operating smoothly, a secondary site for disaster recovery (DR) is vital. When disaster strikes, organisations need offsite, ready-to-go replicas of all critical apps and data, so they can get back up and running quickly. But setting up and maintaining a separate disaster recovery site is expensive and time-consuming, which is why cloud based Disaster Recoveryas-a-Service (DRaaS) presents such a compelling alternative. Thus far, DRaaS has mainly been seen as a way for SMBs (small-to-medium sized businesses) to utilise real disaster recovery capabilities. Tight budgets and limited staff were constraining SMBs from maintaining their own remote sites, so DRaaS has helped them overcome this challenge. Now, industry trends confirm that enterprises start to enjoy DRaaS without extra complexity and high cost implementation. A recent report by MarketsandMarkets highlighted that the 16
11.2016
www.securityadvisorme.com
DRaaS market size is estimated to grow from $1.68 Billion in 2016 to $1 billion by 2021, at an estimated CAGR of 45.9 percent from 2016 to 2021. WHAT IS DRAAS While various forms, of subscriptionbased disaster recovery services have been around for quite a while, true DRaaS is still largely undefined. The Forrester Wave gives one of the clearest DRaaS definitions as “services that enable customers to failover their on-premises infrastructure to a multitenant, cloud environment that they purchase on a pay-per-use basis.” The defining characteristic of DRaaS is when organisations rent an allocation of CPU, RAM, storage and networking resources at a shared facility to replicate and recover their data, rather than building and maintaining a dedicated, private disaster recovery site. For SMBs and SMEs with moderatesized IT environments and without the necessary in-house resources, DRaaS is an affordable way to benefit from an effective disaster recovery platform. However, for larger enterprises with complex infrastructures and larger data volumes spread across disparate systems, DRaaS has often been too complicated and expensive to implement. As the technology improves, choices increase and costs drop, DRaaS adoption is rising fast across organisations of all sizes. It’s not just that DRaaS is more cost-effective than traditional disaster recovery. Now setting it up is much less complex, with minimal downtime and minimal impact on users. Bottom line, DRaaS offers a simple way to meet today’s demand to deliver Always-on services. With mature DRaaS offerings, smaller organisations no longer need to struggle without in-house disaster recovery expertise. Larger organisations no longer need to waste money on secondary disaster recovery sites that require expensive capital acquisition, with little return on investment when the site is not used. www.securityadvisorme.com
For IT leaders challenged to increase resiliency without increasing costs, DRaaS could soon be seen as an essential piece of the modern data centre puzzle.
As more and more customers are interested in DRaaS, service providers estimate that 56 percent of high interest is among their current customers and 72 percent is among their target market. WHY CHOOSE DRAAS? DRaaS adoption is speeding up, and the most popular reasons to consider DRaaS are a lack of disaster recovery site and lack of disaster recovery expertise. For IT leaders challenged to increase resiliency without increasing costs, DRaaS could soon be seen as an essential piece of the modern data centre puzzle. By overcoming traditional cost and complexity issues, large IT organisations can start to realise the many benefits of DRaaS, including: • Fast recovery — If a disaster occurs, every second your system is down means you are losing money. DRaaS can enable you to restore normal operations in minutes, rather than hours or even days. • Cost control — Building and maintaining a remote disaster recovery site is expensive and complex. DRaaS eliminates the need to run your own disaster recovery site, reduces CAPEX (capital expense) and provides predictable OPEX (operating expense) costs with pay-as-you go pricing models. • Flexibility — Rather than traditional disaster recovery’s rigidity, DRaaS allows you to activate virtual off-site
resources on demand. And you can choose from a variety of recovery scopes, depending on the nature and severity of the disaster. • Simplicity — New technology advances allow you to quickly and simply implement DRaaS and manage backup and recovery far more easily. • Security and compliance — The best DRaaS solutions ensure that data is encrypted in transit and at rest. They also enable in-house, IT teams to maintain data residency control. Some industry solutions require failover tests periodically. A DRaaS solution with automated testing capabilities can greatly reduce expenses required to run those tests. BRIGHT FUTURE FOR DRAAS Networking is one of the biggest problems for any cloud-based, enterprise disaster recovery solution. Traditionally, service providers have had to wrestle with complex VPNs, custom rules, network overlaps and the painstaking task of reconfiguring network routing to redirect data to cloud recovery sites. However, new technology is removing the pain points, making it easier for service providers to offer DRaaS and easier for enterprises to take advantage of it. DRaaS is set to surge in adoption and enterprises jumping on the bandwagon early on will reap the most benefits. 11.2016
17
INTERVIEW
TAKING CONTROL Ramesh Reddy, Solutions Manager, Middle East and Africa, NetScout Systems, discusses the developments within the company post its acquisition of Danaher’s communication business last year and shares insights about the increasing need for service assurance solutions in the region.
C
an you please give me a brief overview of NetScout Systems? NetScout Systems is a Boston-based company that has been in operation for 30 years now. We are focused on providing business assurance solutions – a combination of service assurance, cybersecurity, and business intelligence solutions. Our service assurance solutions are primarily targeted at enterprises and telco companies, ensuring that they have visibility and control over the services they provide. Among the major highlights within the company is the acquisition of Danaher Corporation’s communication business, which includes Arbor Networks, Tektronix Communications, VSS Monitoring and certain parts of Fluke Networks, that took place over a year ago. This acquisition has positioned us to be the biggest company in the world that has capabilities focused on driving data intelligence. Right now we provide services to around 43 to 45 percent of Tier 1 telco companies globally. We believe that this brings significant advantages to our customers because the mobile traffic that we look after 18
11.2016
globally, provides us with the ample cyber intelligence that is reflected in the innovations we apply to our products and solutions. How has the acquisition impacted the company’s position in the market? The combined offerings and capabilities of NetScout and the aforementioned companies have made us an even stronger player in three key areas – security, service assurance and telecoms. In addition, it has given us the opportunity to expand and enhance our product offerings. Through this, we believe that our customers will benefit from the end-to-end solutions
we have on offer. We are actively working towards ensuring the seamless integration between all the products and services we now have in our portfolio to make sure that we provide our customers with the best solution there is on the market. How’s the demand for service assurance here in the Middle East region? In the last two years, there has been a huge push within organisations to consolidate, optimise and deliver more IT innovations. Businesses today are so dependent on IT systems that there’s just no going back anymore and we understand this
We aim to continuously educate customers and make them more aware of the different kinds of security threats that they should be wary of.
www.securityadvisorme.com
scenario explicitly. Especially in this region, organisations have this need to deliver smart services and follow smart government initiatives, which pushes private organisations to be at par with government entities. This results to more and more organisations investing significantly on infrastructure and applications, making service assurance a critical requirement for their business because when they don’t have these solutions in place then they’re risking service downtime. That’s where we bring in our capabilities. We bring them proactive and predictive solutions that can help them better ensure control over their services. That also reflects on our security offerings because we have solutions that can help them detect anomalies that occur in their systems and analyse how it will impact their services. We are seeing this need among enterprise organisations and increasingly in small and medium businesses.
For example, banks in this region are extremely conscious of the different threats that are out there some have even set up special teams that are charged with mitigating threats and devising security strategies. However, we can also see that there are some new companies that are much more focused on the growth rather than setting security strategies in place. This can be a problem and this is where I think we can help. We aim to continuously educate customers and make them more aware of the different kinds of IT threats that they should be wary of. As a global organisation, we believe that our knowledge in this space spans across numerous industries and we can really give businesses in this region top insights and a better understanding of how they can thwart off the threats that they will potentially face.
How important is the Middle East region for NetScout? On the security front, do you think organisations in this region are well-equipped to cope with the ever-growing threat landscape? The Middle East and Africa region is the fastest growing market for us. This is among the key regions where we have been experiencing double digit growth. What you should understand is that while technology usage and adoption in this region are high it is not as high compared to matured markets like the US. This means that this region has a big room for growth. As a business, this market also give NetScout an opportunity to grow even more and we have very ambitious plans for this region. In terms of security, we can see that most organisations in this part of the world are very aware of the different threats surrounding the landscape. www.securityadvisorme.com
11.2016
19
INSIGHT
What lies within Mohammed Abukhater, Regional Director, Middle East and North Africa, FireEye, discusses the risks brought by insider threats and what it means for your business.
C
oming across news of cyberattacks is almost commonplace now. If data breaches were a peripheral issue years ago, they’ve certainly become a prime business concern now. The Middle East, particularly the GCC region, has not been immune to this menace, seeing a worrying share of cyberattacks lately. But while the threat from a host of external players is a given, there is one vulnerability that often tends to get overlooked by most organisations – the insider threat. The phrase “you’re only as strong as your weakest link” could not be more apt for this particular scenario. You can have the most proactive and 20
11.2016
robust cyber strategy in place, backed up by industry-leading technology and expertise, but in the end, an organisation’s security hinges on the actions and behaviour of its employees. There is no denying it: the insider threat poses a significant risk to organisations. Any accidental or malicious act by an employee could be a catastrophe for the company in question, and worse, compromise its brand value. The insider threat can take a number of forms. A simple example is an employee with access to sensitive company information and the intention to use it for malicious purposes. In this instance, the insider might anonymously threaten to release the data unless a ransom is paid. These attacks may be
carried out by financially motivated staffers or disgruntled employees experiencing financial hardships. The insider might also be affiliated to an external party and act on their behalf. The other example is the accidental insider. While most people tend to assume that malicious insiders are the main threat to organisations, this is actually not the case. The accidental insider is the one that organisations need to watch out for. These individuals are manipulated by external threat actors using a variety of techniques, including clever phishing and social engineering. Following a successful subterfuge, the external attacker is then able to use the accidental insider’s machine and access to infiltrate a network and compromise www.securityadvisorme.com
the organisation’s environment. While most might call for tighter restrictions and say, “Why not limit access to sensitive data?” this is much easier said than done. The fact is that such a measure is not feasible in practice and despite the risks posed by insiders, companies need to give employees access to data to enable them to perform necessary functions. While it is difficult to implement controls that are able to detect or mitigate these risks, there are processes that organisations can develop to reduce the likelihood of a successful insider breach. All this requires is foresight and planning on an organisation’s part. There are two pillars to a strategy focused on tackling the problem of insider threats: detection and prevention. When it comes to detection, the first step is to identify critical data assets and employee data access activities to increase the chances of discovering anomalous insider behaviour. Data protection mechanisms should be established in a way that will alert the organisation to unauthorised data transfers, such as sensitive information sent via email or data copied to removable
drives. Regular security awareness training that stresses the importance of identifying and reporting insider threat activity to the appropriate security teams should also be conducted. It’s also important to educate employees about spear phishing emails and staying away from attachments or links within unsolicited emails. The organisation should also stay on the lookout for unusual outbound traffic patterns, such as odd connections to unknown IP addresses and abnormally large amount of data transferred from the environment. The other pillar is prevention. Since employees have approved access to company information assets, preventing insider threats can be just as challenging as detecting malicious insider activity. However, organisations can implement measures to reduce the chance that a malicious insider will be able to compromise the integrity, availability or the confidentiality of company data. A key issue to be addressed is the question of how much access should be allowed to employees – if it is to be allowed at all. Follow the principle of “least privilege,”
The accidental insider is the one that organisations need to watch out for. These individuals are manipulated by external threat actors using a variety of techniques, including clever phishing and social engineering.
www.securityadvisorme.com
Mohammed Abukhater, FireEye
and ensure that employees are not able to access data unless it is absolutely and undeniably essential to their current job function. Care should also be taken with regards to portable storage devices. Implement preventative controls such as removing access to removable drives, so that valuable company information will not be stolen. Implement data loss prevention (DLP) technology that can be used to analyse company emails and reduce the chance that an insider can email sensitive data from the environment. It’s also imperative that employees be provided with regular security awareness training which stresses the scrutiny of suspicious emails, links and attachments. Detecting and preventing insider threats is no easy task, but if organisations are able to identify the most critical assets and ensure that they have good visibility into the activities of those assets, the chances for detecting unauthorised activities increases. It goes without saying that organisations must stay vigilant against external threats, but the risk of insider threats cannot be overlooked at any cost – the fallout could potentially be far worse. 11.2016
21
INTERVIEW
The defence hub Earlier this year, eHosting DataFort (eHDF) together with Netcure and LogRhythm launched a Cyber Defense Centre (CDC) in the UAE. Yasser Zeineldin, CEO, eHosting DataFort and Jeff Ogden, Managing Director, eHDF Cyber Defense Centre, discuss CDC’s objectives and future plans for the region.
C
an you please tell us your objectives behind launching the Cyber Defense Centre? Yasser Zeineldin (YZ): The Cyber Defense Centre was launched in May this year. It aims to offer customers a range of Managed Security Services (MSS) and Remote Managed SIEM Services. eHDF as a company has been in the managed services business since 2002, offering 24/7 management for critical customer infrastructure. With the rise of security threats globally and here in the region we thought it’s very important to ensure that our customers in the Middle East specifically here in the GCC to have access to state-of-the-art security services and support. We felt that there was a gap in that space during the previous years. There are a lot of resellers and distributors of security products present in the 22
11.2016
Yasser Zeineldin, eHDF
overseas. The customers will then have to wait for those operations centres to get back to them only to find out that they will only be given a set of recommended steps to address the threats. We felt that that was a very ineffective system because from a security perspective they shouldn’t leave the response part to the customers. This is because your customers aren’t security experts and they may find it challenging to put your recommendations into action. With our legacy as a 24/7 managed services provider, this is an area we excel at. So that’s the market gap we intend to fill with the new Cyber Defense Centre.
market. However, when it comes to managing and responding to threats in real-time there are only a few organisations that provide those services. Moreover, what typically happens is that the organisations that provide those services also rely on security operations centres
What are the primary security challenges that you aim to address through the new Centre? YZ: A lot of our customers have been experiencing increased activities in ransomware and DDoS attacks. There are also significant cases of data leakage here in the www.securityadvisorme.com
region, which happens through a malware penetration prompting the communication of data outside the organisation. We have also seen a significant number of cases of employee related data leakage. In fact, several industry studies have shown that 59 percent of employees tend to leak corporate data after they leave a company. That’s a lot of intellectual property leaking out of organisations, which can have serious implications for a business. Another driver we have for establishing the CDC is the absence of skills in the market. What we have been seeing is that many customers are buying certain solutions but they don’t have the necessary expertise or talent to properly utilise the tools that they have. We can provide them assistance on that front. Can you please give us an overview of the kind of services you offer at the CDC? Jeff Ogden (JO): Our key focus is mainly on giving customers the visibility of what’s going on within their infrastructures either globally or locally. So what we have done is launched a service called real-time threat monitoring (RTTM). What that service does is collect all the data from a customer’s network and bring those data into a centre point, which is the SIEM solution. Our analysts will then take a look at it and evaluate whether it’s safe or there are indications of threats in that data. After which, they will alert the customer on the end result and make a decision to mitigate any threats on the customer’s behalf. The RTTM platform is something that we have invested significantly in. Some of our customers have already bought that technology and have it www.securityadvisorme.com
on their sites. Through the platform, we can import their data into our data centres in the UAE and do the analytics for our customers. We believe that you can’t manage what you can’t measure. So the first step is always to measure everything. Take the data, analyse it and only then can you help your customers secure it and make long-term strategic decisions regarding that data. The second offering that we have is the Remote Managed SIEM Services (RMSS), which does the same processes as the RTTM but for an on-premise implementation. So if a customer doesn’t want to buy the technology they can get in touch with our analysts to examine their data and do the same analytics for them from our data centre. Apart from managing mission critical applications we also do other security and data protection services as well. We do things like firewall management, DDoS protection and web application protection among others. We have already invested on those components and we deliver them as managed services. Other vendors in the market may provide customers with the monitoring solutions but they don’t usually provide all the support services around that; whereas with eHDF we have around 25 to 30 people working within our security and network operations and we provide all the peripheral services that customers want. What are your plans over the next few months? Will you be launching new solutions and services? JO: Going forward we plan to launch two to three other services through the CDC. A lot of customers are struggling with cloud security and
Jeff Ogden, eHDF Cyber Defense Centre
soon we will introduce a cloud access security platform (CASP). This will enable organisations to control the access of users’ devices to cloud platforms like Office 365, Salesforce. com and so on. This will allow us to monitor and secure those applications and prevent any data loss. The second service we’d like to introduce in the coming months is centred on encryption. Various customers today have growing concerns over sending unencrypted data out of their organisations. So, depending on policies, we can encrypt any data that leaves the organisation to make sure that if it does fall into the wrong hands they won’t be able to access it. Traditionally that’s an on-premise solution they have to buy a certain technology and install it into their systems but with our offering, it’ll be very easy to deploy from the cloud. Those are among the two services we aim to releases soon and you can expect more from us over the next few months. 11.2016
23
INSIGHT
AN EYE TO THE FUTURE By Firas Jadalla, Regional Director, Middle East and Africa, Genetec
T
he move to keep our cities and encompassing communities secure is no longer the responsibility of law enforcement agencies and authorities only. Today, everyone is tasked to do their bit in keeping the city safe — from various public organisations, local businesses, architects, city planners to 24
11.2016
community-based groups and the public at large. In fact, the need to protect citizens and maintain public safety has become a top priority. Governments everywhere require advanced security solutions to effectively fight threats from organised crime, street gangs, terrorism and random acts of violence. A recent report from Research and Markets has thrown the spotlight on
the continuing growth of the Middle East region’s surveillance market and the key drivers that have influenced its upward trajectory – the growing construction industry, rising security concerns and IT spending. Countries like the UAE, Saudi Arabia and Qatar hold the majority of the revenues generated by the industry and are considered the leading countries in terms of adoption www.securityadvisorme.com
of IP technology based surveillance systems; subsequently these markets are also facing challenges such as implementation of government regulations, declining prices, growing consumer awareness, remote accessibility and video analytics. Across this industry, the IP video surveillance segment has shown aggressive growth over the analogue video surveillance segment. Amongst all verticals, the government and transportation sector has acquired the highest market revenues in the overall video surveillance market in the region. Industry analysts are quick to share that among the key factors that are driving in more growth for this segment; the initiatives that have been developed and implemented by the government are quite noticeable, as their efforts have seen the incorporation of newer technologies to maintain safety and security within the public segment. For one, municipalities and government entities are now investing in some of the most advanced security solutions to proactively assess, investigate, manage and mitigate high-risk situations. Key efforts are now also being made to ensure public road safety, which includes assessment of accidents, monitoring of traffic and its flow across major roadways and intersections, identifying stolen vehicles and developing ways on how to proactively detect safety threats on our roads. Initiatives are also underway to help curb, or totally avert, street level criminal activity and to provide assistance across counter-terrorism operations. The industry is also witnessing the emergence of newer trends, which are completely aligned with the more modern IP digital technologies. These innovations include higher mega pixel video, built-in camera analytics, www.securityadvisorme.com
behavioural analysis and smart solutions like RFID, GIS and so on. Security professionals in the Middle East in particular, have expressed requirements that can deliver benefits and advantages like enhanced public safety with proactive detection and prevention; increased information sharing and consolidation of real-time data; support for anti-gang and counterterrorism investigations; improved response times with automated alarm notification; the ability to manage a growing number of analogue, IP and LPR cameras; leveraging past access control and video hardware investments; enhanced operator productivity and decision-making and a reduction in operational costs and total cost of ownership. In order to address these requirements, the surveillance-security segment has been working to innovate and bring to market the availability of new security solutions that can greatly help the advancement of the industry. In terms of smart video analytics, we are predicting fast paced growth for this segment, taking note that customers today are always in search for a faster way of looking through hours of video to get evidential information. There is also an increasing demand from companies and organisation, especially those from the security, retail, education, construction and transportation segments, for managed security services. This gives them the opportunity to outsource their IT hardware and management requirements while also removing the need for on-premise IT infrastructure and management, allowing companies to focus on security, parking and enforcement. The service also makes use of the cloud to offer end-users independence from on-premises storage, IT management and depreciation costs.
Firas Jadalla, Genetec
Lastly, a solution that is being hailed as a highly-advanced surveillance system is the Automatic Licence Plate Recognition (ALPR) solution, which has the key capability of capturing the image of vehicles and identifies their license number. ALPR systems are composed of high-speed cameras with IR filters, processors capable of performing optical character recognition (OCR), application software, user interface, and an alert capability to notify operators in case of a match. The system can be offered as a standalone device or can be used with existing traffic enforcement cameras or closed-circuit televisions and are used by the police forces across the globe to prevent and detect crimes. These systems are also used for electronic toll collection on roads, monitoring traffic activities such as red light adherence and speed enforcement, and for identifying cars in a massive car park. Additionally, ALPR systems can assist in the detection of stolen vehicles. The ALPR technology varies from location to location depending on the designs of number plates. 11.2016
25
INSIGHT
THE NEXT TARGET FOR PHISHING AND FRAUD: CHATOPS By Kevin O'Brien, CEO and Co-Founder, GreatHorn
26
11.2016
www.securityadvisorme.com
E
nterprise chat applications have surged in popularity. What’s more, the popularity of these apps has given rise to a new phenomenon known as ChatOps, which is what happens when these new messaging systems are used to automate operational tasks. The ChatOps term was coined by GitHub to describe a collaboration model that connects people, tools, processes and automation into a transparent workflow. According to Sean Regan, Atlassian’s Head of Product Marketing for HipChat, this flow connects the work needed, the work happening and the work done in a consistent location staffed by people, bots and related tools. Its transparent nature hastens the feedback loop, facilitates information sharing, and enhances team collaboration, but also ushers in a new set of challenges for security and risk professionals. Take, for example, the General Services Administration in the US. Earlier this year, the agency and one of its outside partners shared a series of documents and spreadsheets through a chat application called Slack. In doing so, they opened up a programmatic access to more than 100 Google Drive accounts for nearly half a year, in violation of the acceptable permissions policy defined by the GSA’s information security team. This is not a security flaw in Slack – instead, it is a risk exposed by the combination of unfamiliar systems being used and managed by business users who are not security specialists familiar with the many regulatory and www.securityadvisorme.com
compliance-related rules around data protection. Chat systems, however, can be securely adopted and managed. In understanding how, first consider how these systems have been adopted. The ease of using these platforms, coupled with their cloudnative integration capabilities with other systems, is largely responsible for rapid growth in the enterprise. Business users are also leveraging chat systems to automate tasks such as filing expense reports, developing to-do lists and scheduling meetings, thanks to the ability to integrate bots and AI into the messaging applications. Microsoft’s Bot Framework for Skype, Slack and Office 365 allows organisations to build and connect intelligent bots that interact naturally where their users are talking. By interweaving third party content into the daily communication stream of the typical employee, and coupling that with extensible capabilities, these chat applications are beginning to supplant not only email as the dominant daily messaging system, but also the command line and even the web browser for many repetitive tasks. AGE OLD THREAT While integration means new risks, the surging popularity of chat tools opens the door for a more basic threat, spear phishing, an issue the industry has been grappling with – largely unsuccessfully – for some time. Over the past 18 months the FBI says more than $3 billion has been lost to phishing. In large part, this category of attack has been successful because existing email security
Kevin O'Brien, GreatHorn
products have been designed to block, quarantine, or prevent delivery of malicious mail. This is changing as vendors realise that this strategy has failed to prevent attacks that rely on deception and targeted social engineering, rather than malware or blacklisted sending servers. Unfortunately, much of the security market remains focused on point solutions and perimeter controls for email. As chat platforms become increasingly popular, they are an obvious target for the same kinds of impersonation attacks. Especially for organisations that allow external users, such as customers or contractors, to engage via chat platforms. CISOs and security teams need a comprehensive strategy for identifying these attacks broadly. While the legacy vendors have yet to catch up to this new threat surface (excepting limited data loss prevention functionality), safeguarding against targeted attempts to steal IP, financial resources, or other sensitive data should be part of a comprehensive security posture for Slack. 11.2016
27
INSIGHT
MALICIOUS APPS AND PERMISSIVE BOTS A second major area of focus when establishing a security programme to address risk in ChatOps programmes involves third-party access. Like many cloud platforms, chat tools allow external organisations to leverage internal APIs to extend functionality, ranging from scheduling assistants to travel booking tools to various engineering and product management systems. Overall, this extensibility represents a core strength of these systems. From a security perspective, however, they can represent data exfiltration opportunities that must be addressed. First, not every thirdparty company is a good steward of the data they have access to; corporate policies for vendor review and acceptable use should apply to chat programmes in the same way that they do for any system. As with the GSA example, relying on users to understand the technological limitations and risks around connecting technologies is not a strong strategy. The root problem is that many CISOs and CIOs have limited visibility into what third party apps are even being used, and effectively no capabilities for removing them when in violation of internal security policy. While trusted applications can be a productivity boon, being able to detect and manage risks from apps and bots that fail to meet organisational standards – ideally with access to information that identifies the risk profile for each application in real time – is a critical security capability for these new ecosystems. 28
11.2016
Like many cloud platforms, chat tools allow external organisations to leverage internal APIs to extend functionality, ranging from scheduling assistants to travel booking tools to various engineering and product management systems.
CREDENTIAL LOSS AND ACCOUNT MISUSE The final consideration from a chat security perspective is ensuring that credentials are not being stolen and misused. As with any enterprise application, the most difficult threat to detect is the internal user whose account is compromised and then used to move laterally within the organisation. For a chat programme, this can lead to data loss through impersonation, the installation of malicious bots, or even direct system compromise for other pieces of corporate infrastructure. In addition to enforcing strong passwords and multifactor authentication, information security teams should ensure they have comprehensive analysis capabilities for credential use, capable of detecting unusual login or access activity across not only their chat environment, but all of the systems that are connected to it. Furthermore, suspicious events should prompt automated
alerting and response, minimising the window of opportunity for an attacker to bypass controls and exfiltrate sensitive information. The reality for most organisations is that the pace of cloud app adoption is continuing to accelerate. Chat systems are simply a manifestation of modern hyper-connected infrastructure, and protecting against threats within these systems requires a disciplined but ultimately businessempowering approach, where threat detection and remediation are seen as being part of how organisations can embrace rather than attempt to block new technologies. On balance, the rise of cloudbased chat systems is both a positive and productivity-enhancing paradigm shift. However, as with any new system, security considerations need to be identified and planned for – and these platforms introduce a unique set of requirements given the breadth and depth of their access to potentially sensitive data and personnel. www.securityadvisorme.com
DATA IS THE NEW GOLD. LET'S PROTECT IT
®
Learn how the NANJGEL data protection portfolio secures your valuable data. PERIMETER SECURITY
Message Security (anti-virus, anti-malware)
Secure DMZs
NETWORK SECURITY
Perimeter IDS/IPS
NAC
Enterprise Message Security Enterprise ENDPOINT SECURITY Wireless Security Endpoint Security Content Security Enterprise FDCC (anti-virus, anti-malware) Enforcement Remote Access Compliance
Enclave/ DataCenter Firewall
PO LIC
Cyber Threat Intelligence
YM
Security Awareness Training
Host IDS/IPS Desktop Firewall
AN AG EM EN
T
Threat Modeling Penetration Testing
LICATION SECURITY APP WAF Database Dynamic App Testing Monitoring/Scanning
Static App Testing/Code Review
SECU DATAIdentity & RITY
PKI
Vulnerability Assessment
DAR/DIM/DIU Protection Data Wiping Cleaning
Access Management Enterprise Right Management
Data Classification Data Integrity Monitoring Data/Drive Encryption
Intellectual Property, Personally identifiable information (PII)
Patch Management DLP
SIEM
NS IO AT R E OP Continuous
SOC/NOC Monitoring(24x7)
Incident Reporting Detection, Response Monitoring and (CIRT) Focused Ops Assessment Situational Security Dashboard Escalation Awareness Management Security SLA/SLO Reporting Digital Forensics
Database Secure Gateway (Shield) DLP
DLP
DHS Einstein
PONSE & RES
PREVE NTIO N
Enterprise IDS/IPS
Security Architecture & Design Risk Management
Continuous C&A
Web Proxy Content Filtering
NG ORI NIT MO
Security Policies & Compliance
Inline Patching
DLP
VoIP Protection
Perimeter Firewall IT Security Governance
Honeypot
FOR MORE INFORMATION
DUBAI - TEL : +971 4 4330560 - FAX : +971 4 4537281 - EMAIL: sales@nanjgel.com
ABU DHABI - TEL : +971 2 6226301 - FAX : +971 2 6226302 - WEBSITE : www.nanjgel.com
HOW TO
10
WAYS TO MAKE SURE YOUR REMOTE WORKERS ARE BEING SAFE
W
ith an everexpanding mobile workforce, infosec teams are increasingly tasked with extending cybersecurity safeguards beyond the physical and virtual walls of their organisations. With endpoints not only increasing but on the move, the challenge is real. In addition to implementing the appropriate technical defences, there is an important aspect to protecting corporate data and systems – asking end-users to get involved. 30
11.2016
Here are 10 security best practices today’s workforce should keep in mind:
1
LIMIT USE OF OPEN-ACCESS WIFI Free WiFi (hotspots that are not password protected) are “ohso-available” and “oh-so-tempting,” particularly for employees who pay for their own data plans. End-users should be made aware that these networks are not secure enough to use when logging into secure systems or transmitting sensitive information (customer data, credit card numbers, etc.). Travelers should use a mobile hotspot (or enable
the function on their mobile devices) when they need secure connectivity. Word to the wise: Free WiFi is a hard habit to break, even for cyber-savvy individuals.
2
ENSURE HOME NETWORKS ARE SECURE If a home wireless network is left unprotected (with no password or technical safeguards in place), it will be as vulnerable as any free WiFi hotspot. At minimum, it’s critical that remote users password-protect their networks and enable encryption (preferably www.securityadvisorme.com
WPA2). Even better, infosec teams should develop a checklist for remote employees to use in applying security settings.
3
INSTALL (AND USE) A VPN ON ALL MOBILE DEVICES Most organisations that have remote employees utilise a VPN — and those that don’t should. While this will protect company-issued devices, it won’t help in BYOD situations. And plenty of BYOD users access corporate systems from their phones and tablets. Don’t put up road blocks (like assuming this step is too technical for end users to handle). Instead, identify an appropriate VPN application for employees, ask them to install it, and provide tips for using it. Even partial adoption is a step in the right direction.
4
CHANGE DEFAULT PASSWORDS Remote workers are highly likely to connect corporate devices to personal networks and devices (home WiFi, wireless printers, fitness trackers, and other IoT equipment). End-users should be instructed to change default passwords on these kinds of devices (particularly wireless routers). Default passwords are often accessible online, and hackers use this information to exploit unsuspecting users.
5
DON’T MIX PERSONAL AND BUSINESS DATA There has been plenty of press about these types of discretions, but the security ramifications aren’t up for political debate. As a general rule, corporate data should not be transferred to personal devices. Every time sensitive data is co-located, the risk to that data is www.securityadvisorme.com
compounded and most of the risk will fall to the end-user who moved the data outside of the audit trail. In a similar vein, employees should be cautious about placing their personal data on corporate devices for the simple fact that the information leaves their jurisdiction and could potentially be accessed by others.
6
STOP OVERSHARING ON SOCIAL MEDIA This is a danger for on-site and remote end users, but those who consistently work from home could feel disconnected from corporate policies and procedures and not realise that sharing details of their work lives could create an issue for their employers. As well, individuals who travel a lot often fall into the trap of oversharing (posting checkins at airports, hotels, restaurants, and more). Employees should clearly understand the dangers of making business itineraries, corporate information, and daily routines public on social media.
7
KEEP SOFTWARE AND PLUG-INS UP TO DATE Like default passwords, cyber criminals seek opportunities to exploit known vulnerabilities in software and plug-ins like Adobe Flash, Acrobat Reader, and Java. Remote workers should be made aware that plug-ins and software — including mobile operating systems and trusted applications — should be regularly updated on all devices they use (with automatic updating activated whenever possible).
8
BE ALE RT TO EAVESDROPPERS AND SHOULDER SURFERS Employees who work in their own homes can sometimes take security for granted. However, they’re likely to be visited by plenty of people who shouldn’t be privileged to know sensitive or confidential details about their work or personal lives. When traveling, the “stranger danger” factor increases ten-folds. Remote workers should be cautious about discussing any confidential matters on the phone when nonauthorised individuals are within earshot. As well, they should make sure that sensitive data on screens, printouts, or notepads is not visible to snoopers.
9
RAMP UP PHYSICAL SECURITY This goes hand-in-hand with avoiding eavesdroppers and shoulder surfers as it has everything to do with taking control of personal space and personal devices. In home offices, computers and paper files should be locked and secured when not in use. When traveling, extra care should be taken with devices and confidential materials; phones and files should not be left unsecured in unoccupied hotel rooms or vehicles.
10
TRAVEL SMART When going on a business trip (or a personal trip, for that matter), end-users should pare down to the bare necessities as far as devices and sensitive data are concerned. If a laptop is not needed, it would be best to leave it behind in a secure location. Superfluous files, credit cards, and devices shouldn’t also be taken in the trip. 11.2016
31
INSIGHT
SECURING THE CLOUD ENDPOINT In the quest for securing the cloud, one key aspect is often left out of the discussion – the security impact of the cloud endpoint – most notably the imperilled browser, writes Kurt Roemer, Chief Security Strategist, Citrix.
32
11.2016
www.securityadvisorme.com
A
s enterprises and individuals increasingly move computing to the cloud, security at the endpoint has been an escalating concern. Taking matters into their own hands, many enterprise consumers are going “direct to cloud” – avoiding enterprise IT practices that would otherwise protect endpoints, connectivity and data. Meanwhile, IT executives that once viewed cloud-based shared computing and storage infrastructure as their least trustworthy option now see the cloud as the safest choice. And, while there’s increasing evidence that the cloud can provide real security benefits over on-premises solutions, there is a dark side: If your company has moved infrastructure, apps and data to the cloud for security – the endpoint browser is now your weakest link. Cloud security involves provider services, networking, applications, data and the cloud endpoint. The cloud endpoint consists of all the components the user interacts with, including hardware, peripherals and the ubiquitous browser interface. Like it or not, today’s enterprise security landscape is heavily endpoint and user-dependent. The actions and inactions of users, coupled with unmanaged networks and questionable device states combines to make endpoint security a frustration of trust. That’s especially true for cloud-based applications that are accessed from unmanaged systems in untrusted locations while using arbitrary browsers and security settings. Common enterprise practice is to configure and roll out a single and all-powerful browser at the endpoint, with this standard browser supporting the needs of all applications. Plugins that include Flash, integrations with local and remote file systems, certificate chains, private keys and all www.securityadvisorme.com
other needs have been factored in for local and remote application access. The problem is that this standard browser is over-configured for everyday tasks, allows for excessive access, and presents excessive risk. The exploitation of browser platform and plugin vulnerabilities, malicious active content and phishing attacks teach the painful lessons of browser insecurity everyday across the world’s web, SaaS and cloud-based services. For cloud’s sake, let’s reduce our security dependence on browsers. To begin with, configure browsing to be specific to purpose. By publishing the browser specifically to the needs of an individual application or a distinct class of usage and cloud application, there are several core benefits. The specific browser version that works best with the cloud application is available to all users for consistency. The browser is hardened – with only the security extensions, frameworks and required settings for supporting a specific use case. These use cases range from mission-critical applications to administrative portals and social media browsing. Next, extend the browser to support services that extend security functionality. Multi-factor authentication can be enabled to secure applications and reduce the dependency on simple passwords. Integrate content management, information rights management and ad blocking where appropriate. Don’t forget privacy – limit access to location data and personal info on endpoint. And provide these services isolated from other browser instances and in a one-time-use browser configuration whenever non-persistence benefits the security experience. In addition, consider the benefits of virtualisation of apps and data not just within the cloud provider, but all the way out to the endpoint. Virtualisation enables the ability to control copy and paste in and out of specific apps and
Kurt Roemer, Chief Security Strategist, Citrix
between apps, along with control over use of USB and specific peripherals. Arbitrary links in email and other applications can be redirected to a one-time-use browser that is isolated from key resources, severely limiting the impact of malware. Support for multiple browser frameworks, versions and app-specific configurations is enabled for specific use cases. Virtualisation also supports minimal footprint endpoints such as Chromebooks, tablets, thin and zero clients for endpoint de-scoping and cost optimisation. And the biggest benefit of all – data stays within the cloud and only a pixelated representation of data hits the endpoint while apps look and work the same! It is recommended that organisations use the cloud to provide full end-to-end security by publishing browsers for access across enterprise and cloud apps. With the deprecation of Flash and whole-scale move to HTML5, it’s a good time to update your organisation’s web application and browser strategy – especially for the cloud endpoint. The cloud endpoint is a new class of device and usage. Extend your endpoint strategy to include the cloud endpoint and the benefits of delivering virtualised browsers, apps and desktops to the cloud endpoint. 11.2016
33
HOW TO
7 O
WAYS DEVOPS BENEFITS CISOS
rganisational culture and its processes and technology are evolving at a pace we have never experienced before. But as technologies evolve, enterprise systems become more exposed to vulnerability, and security cannot be the elephant in the room that everyone avoids because it gets 34
11.2016
too complicated. Here are seven different ways DevOps can bring major benefits to security.
1
BUILDING A CULTURE OF COLLABORATION AND BREAKING SILOS One of the main goals of DevOps is to create a culture that values collaboration, finding ways to make
work better for all the teams involved. Developers struggle with writing secure code, and many security tools have been thrown aside because the development team wasn’t properly instructed on how to use it or the tools just couldn’t adapt to the rapidly changing software development life cycle methodologies. With DevOps, the silos come down, allowing for security to be better www.securityadvisorme.com
integrated, more automated, and, therefore, easier for the rest of the development team to understand and improve.
2
HELP ALIGN SECURITY WITH THE REST OF THE BUSINESS Along with the improved relationship with developers and other team members, another benefit from DevOps for the security team is a new alignment with the rest of the business. According to a recent Puppet Labs survey, high-performing organisations spend 22 percent less time on unplanned work and rework. Integrated security testing creates the ability to catch issues much earlier in the systems development life cycle (SDLC), security budgets are driven down and refocused to earlier security processes. Most importantly, the risk of a breach and the time for breach discovery are lowered. It becomes easier to put in place policies and procedures to respond to potential breaches and make decisions based on risk. Altogether, the potential business downtime is lowered.
3
PROMOTE SAFE INNOVATION AND AGILE DEVELOPMENT More organisations are moving towards Agile Software Development (ASD), and it’s already become a pervasive tactic for the majority of organisations across the globe. However, consistency and speed only go so far in developing software without taking security into consideration. Agile software development requires proper security implementation for optimal results. When the security team is more integrated into the development culture, it’s easier to secure new developments from their inception. With DevOps, teams can seamlessly bring security review into developers’ sprints, quickly adding secure new www.securityadvisorme.com
features or innovations. Enabling innovation with security considerations both assists the business and helps establish your team as a valuable cornerstone of software development.
training programmes, capture the flag exercises and more, the overall security knowledge of the team can be improved.
4
6
5
7
MAKE AUTOMATION A PRIORITY DevOps is driven by a desire to create a streamlined approach to software development where processes can be automated. By working with fellow operations managers and development team leaders, security teams can develop automated processes that include checking security functions and policies, identifying insecure components and regulatory issues and building secure virtual machines to work in. This offers a whole new level of involvement that security hasn’t been afforded before. Bringing a static code analysis solution into an automated development process will help ensure that only code that passes certain security, regulatory and compliance standards will be used. MAKES SECURITY EVERYONE’S RESPONSIBILITY One of the most challenging yet rewarding results of the shift to DevOps is everyone in the SDLC now touches security. It can be scary for security teams to hand over security duties to other teams, but doing so can lift burdens on the security team and free up bandwidth to tend to other pressing security matters. For example, by integrating security testing at the very start of development, security no longer has to ensure releases aren’t stalled by late-stage SDLC testing. When Dev and Ops teams take a bigger responsibility over secure code, members of the development team most interested in security have the opportunity to expand their security expertise. With the right
ENHANCE MONITORING AND MEASUREMENT Short development sprints allow for constant improvement. Prior to integrating security into DevOps, monitoring was often done separately from security. When security is integrated into the development process it can also become integrated into existing software monitoring and measurement. As a result, new security metrics will align more with Dev, Ops and management. For example, DevOps teams may aim to catch 75 percent of bugs early on in the development process. With SecDevOps, teams can monitor and measure for security vulnerabilities early in the process, ensuring that all bugs that could prevent a delayed deployment are not only caught, but also quantified. ELIMINATES BOTTLENECKS Without DevOps, users must follow a trail of information and jump through hoops to find the right contact to assist with issues. Since DevOps teams open the lines of communication between groups, users have a clear path to multiple contacts and can work to solve issues as they arise. Along with open communication, education is a core component of a DevOps programme. In fact, the same Puppet Labs survey mentioned earlier found that high performing [DevOps] organisations spend 50 percent less time remediating security issues than low performers and ensure that Information Security makes preapproved, easy-to-consume libraries, packages, toolchains and processes for developers and IT operations to use in their work. 11.2016
35
PRODUCTS
Brand: ESET Product: Smart Security Premium
Brand: BlackBerry Product: DTEK60 What it does: The DTEK60 is the second device in the DTEK series of Android smartphones. It is equipped with all the security features that BlackBerry’s Android OS devices have, including security patching and the DTEK by BlackBerry app that allows users to monitor and control their privacy on their phone. Key features available on the DTEK60 include a fingerprint sensor, the BlackBerry Intelligent Keyboard and the BlackBerry Hub, which consolidates messages in one place – whether it is email, calendar, social or phone calls. What you should know: The DTEK60 supports BlackBerry’s powerful suite of EMM applications and secure productivity solutions, including WatchDox by BlackBerry for secure file-sharing, Good Work for business-class email and collaboration tools, Strong Authentication as a VPN solution, SecuSUITE for Enterprise for secure voice and instant messaging communication, BBM Protected for encrypted messaging and BES12 for secure crossplatform management.
36
11.2016
What it does: ESET has announced the availability of its premium line of security solutions for home users – ESET Smart Security Premium. According to the company, the new solution is built upon its NOD32 technology that offers the best mix of detection, speed and usability. In addition, its top-tier product provides ESET Password Manager for easier and safer authentication, as well as ESET Secure Data for convenient and strong encryption. The security vendor further noted that through the ESET Smart Security Premium, users can for the first time enjoy the brand new ESET Internet Security while the ESET NOD32 Antivirus 10 remains the ideal suite for gamers with enhanced protection against script Based attacks. What you should know: ESET Smart Security Premium includes ESET Password Manager. The tool stores all users’ passwords and generates and stores
extra-strong new passwords each time the user needs one. The new product also includes ESET Secure Data, a convenient and strong encryption tool that protects users against data theft in the event of USB-key or laptop loss and allows for secure collaboration and data sharing. Other features include Script-Based Attack Protection, which proactively protects users from script-based attacks and nontraditional malware attacks; Home Network Protection, which protects computers from incoming network threats and enables vulnerability tests on home routers to improve weak passwords or out-of-date firmware; and Webcam Protection, which controls processes and applications that access computer connected web cameras and displays notifications when unwanted applications try to access the camera.
Brand: A10 Networks Product: A10 Thunder 14045 TPS What it does: According to the company, the new A10 Thunder 14045 TPS provides highest DDoS attack mitigation for Service Providers, Web 2.0 and Cloud Providers - 300 Gbps of mitigation throughput capacity (or 2.4 terabits per second in a cluster). What you should know: The new device has SPE with FPGA, 4x18 core Xeon, 3 RU, 4x100 GbE, 2+2 redundant 80 Plus Platinum rated power supplies. It also has a dual power supply-capable and feature solid-state drives (SSDs) and use no inaccessible moving parts for high availability. In addition, it benefits from Flexible Traffic Acceleration (FTA) technology, featuring Field
Programmable Gate Arrays (FPGAs) for hardware optimised FTA processing, providing highly scalable flow distribution and Distributed Denial of Service (DDoS) protection capabilities. A10 Networks also highlighted that the device offers excellent performance per rack unit and the ‘80 PLUS Platinum’ certification for power supplies to deliver a green solution and reduce power consumption costs.
www.securityadvisorme.com
24 7
CTM360
365
X
CYBER THREAT MANAGEMENT
25 of the top 50 GCC Banks trust us Would you like to know why?
REQUEST A
FREE
CYBER THREAT EVALUATION
▪ Cyber Footprint ▪ Impersonated Emails / Profiles
Preven�on ▪ Detec�on ▪ Response www.ctm360.com
▪ Company Data in the Dark Net ▪ Spear Phishing ▪ Leaked creden�als ▪ Social Media Fraud +30 other parameters
+973 77 360 360 info@ctm360.com
Comprehensive Cyber Threat Detec�on & Incident Response Service
BLOG
USING AN ATTACKER’S ‘SHADOW’ TO YOUR ADVANTAGE By Alastair Paterson, CEO and Co-Founder, Digital Shadows
W
ith more than three billion individuals interacting across social media, mobile and cloud services, digital footprints are increasing. The age of digital business has, for the most part, been a positive thing. It has increased the ease and speed of communication at the same time as reducing the cost. However, some of this information can be inadvertently exposed and may be used maliciously. A ‘digital shadow’ is a subset of a digital footprint and consists of exposed personal, technical or organisational information that is often highly confidential, sensitive or proprietary. Adversaries can exploit these digital shadows to reveal weak points in an organisation and launch targeted attacks. This is not necessarily a bad thing, though. Some digital shadows can prove advantageous to your organisation; the digital shadows of your attackers. The adversary also casts a shadow similar to that of private and public corporations. These ‘shadows’ can be used to better understand the threat you face. This includes attacker patterns, motives, attempted threat vectors, and activities. Armed with this enhanced understanding, organisations are better 38
11.2016
able to assess and align their security postures. The chief aim of cybercriminals is to make money. The anonymity offered by the ‘dark web’ creates a safe-haven for these actors. By observing what is being sold on online marketplaces, you can gain a better understanding of the latest tools being used and which vulnerabilities are being exploited. You can then use this information to better position your security defenses. You need not penetrate the dark web in order to exploit the shadows of adversaries, however. Hacktivist activity, for example, more typically uses social media such as Twitter and Facebook, and sharing sites such as Pastebin. Hacktivists tend to be more visible and easy to track because a primary motivation is to be heard and cause disruption and embarrassment. Their activity can be broken down into three main parts:
1
Indication and warning Social media is a useful tool for monitoring for hacktivist operational announcements. The use of operational hashtags, which are prevalent, aids this process. Groups will invariably provide operation names and specify target lists. If a hacking group name you on a target list, you are going to want to know.
2
Evidence of attack - You can also monitor for claims of defacements, DDoS attacks and breaches. This may occur on social media, often Twitter, but also on code-sharing sites such as Pastebin. Getting there first can help to reduce the reputational impact on your organisation. But it also helps from a historical view; understanding what tactics, techniques and procedures (TTPs) have used in the past help you to gauge how to best prioritise defense spending.
3
Significant activity - Organisations can monitor social media and news sources for significant activity. While more mature organisations may use Activity Based Intelligence (ABI) to draw this information out, this approach need not be that complex. This approach may simply include observing arrests, reference to new techniques, declaration of links to other groups or actors. The dark web can be a useful place to find out about the latest TTPs of cybercriminals, but do not underestimate the power of social media and sharing sites. These can provide a valuable insight into the activities, motivations and TTPs of attackers. Simply put, those who possess an understanding of these will be in a stronger position to defend themselves. www.securityadvisorme.com
INTERCEPT A completely new approach to endpoint security.
Sophos Intercept X is a next-generation endpoint detection and response
Sophos Intercept X is a next-generation endpoint detectionand platform designed to stop ransomware, zero-day exploits, provide detailed intelligence. response platformand designed to stopthreat ransomware, zero-day exploits,
and provide detailed threat intelligence. • Stop ransomware before it can take hostages • Block zero-day attacks with signatureless anti-exploit technology
• Stop ransomware before it can take hostages • Get easy to understand threat insight and root cause analysis • Block zero-day attacksremediation with signatureless anti-exploit • Automate and malware removal technology • Get easy to understand threat insight and root cause analysis Learn more and try for free at
· Automate remediation and malware removal www.sophos.com/intercept-x
Learn more and try for free at
www.sophos.com/intercept-x
+971 4 367 2210