ISSUE 10 | OCTOBER 2016 www.securityadvisorme.com
RETHINKING SECURITY
F5 Networks on modernising security for the new era of IT Security and IoT
Cloud security
Ethical hacking
ARE YOUR DIGITAL ASSETS VULNERABLE TO ATTACK? NOT ON OUR WATCH.
Cyber crime is growing in frequency and sophistication every day. Traditional security defences are no match for today’s cyber criminals. At DarkMatter, we deploy industry-leading intelligence to stay ahead of evolving cyber threats. By thoroughly understanding technology, people, and processes involved, we provide a holistic approach to cyber security. Take your first step towards genius, visit darkmatter.ae
STRATEGIC INNOVATION PARTNER
STRATEGIC PARTNER
CONTENTS
FOUNDER, CPIMEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Rajashree Rammohan raj.ram@cpimediagroup.com +971 4 440 9100
12
EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129 Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153
RETHINKING SECURITY
Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135
F5 Networks’ Diego Arrabal explains why it’s time to modernise security in the cloud-first, mobilecentric world.
Deputy Editor Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 375 5680 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9159 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9138 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119 PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 375 5673 Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100
06
STAYING ON TOP OF IOT SECURITY As the field of IoT devices continues to grow, so do the threats to well-established security practices.
22
Published by
Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of
© Copyright 2016 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
28
THE RISE OF ETHICAL HACKING Ibrahim AlMallouhi, VP, Security Operations, du, explains why hackers are becoming increasingly important for businesses. SECURING SMART CITIES Fortinet’s Nader Baghdadi discusses five areas of vulnerability CIOs should watch out for to better secure Smart Cities.
32 36
42
ON GUARD We bring you the highlights of SecureWorks’ recent roundtable that shed light on the shifting cybersecurity landscape in the Middle East. WRANGLING RETAIL THEFT Mark Gentle, VP, Merchandise Availability Solutions Asia Pacific, Checkpoint Systems, talks about shrinkage and crime in the retail industry. THE FUTURE OF IAM Richard Walters, SVP, Security Products, Intermedia, on why identifying users by their ongoing actions is key to achieving a secure work environment.
NEWS
PALADION NAMES NEW HEAD OF EMEA OPERATIONS Paladion has announced the appointment of Amit Roy as its new Executive Vice President and Regional Head for Amit Roy, Paladion EMEA. Roy is one of the founding members for Paladion’s operations in the Middle East and has been with the company for over 12 years. He will now head the company’s business operations across Europe, Middle East and Africa (EMEA), and will be responsible for continuing Paladion’s impressive growth, overseeing sales operations and increasing the company’s presence across the region. “Paladion has spearheaded several cyber security initiatives in its 16 years to combat ever evolving cyber threats,” said Roy. “I have witnessed, firsthand, for more than a decade how our teams have adapted their cyber defense techniques and mechanisms to changing technologies, attack strategies, evolving malware, evasion techniques and more to protect our customers from cybercriminals. The company is at the height of its innovation with its ‘CyberActive Threat Defense and Response’ model; a cyber defense model that is constantly innovating and a security design that enables analysts to think like attackers and respond in a coordinated manner. I am excited to be leading the charge to bring this service to the Middle East.”
91%
of decision-makers believe they face obstacles in defending against digital attack due to regulatory obstacles Source: BT & KPMG
4
10.2016
ABU DHABI SET TO HOST RSA CONFERENCE 2016 IN NOVEMBER
RSA Conference has announced the agenda for RSA Conference 2016 Abu Dhabi, which will feature a spectrum of captivating sessions and thoughtprovoking workshops. The Conference will be held from 15th to 16th November 2016 at Emirates Palace Hotel and will host a variety preconference activities on 14th November 2016. RSA Conference 2016 Abu Dhabi is once again being held in conjunction with the UAE National Electronic Security Authority (NESA). The event, with its over-arching theme of ‘Connect to Protect’, will feature seven tracks, nine keynote sessions and pre-conference offerings that will involve in-depth conversations across a range of topics and industries. The tracks are critical infrastructure,
cybercrime and threats, policy and government, analytics and incident response, security strategy and operations, cloud and smart security and sponsor special topics. An exciting learning lab based on a cyber-crisis live exercise scenario, in addition to a Security Foundations Seminar will be featured in the preconference sessions. This year’s conference features a line-up of sponsors and exhibitors from leading edge companies that include Cisco, DarkMatter, Qualys, RSA, Spire Solutions and Tenable Network Security. “The evolving threat climate has led to an increase in security spending, with Gartner estimating the regional market is expected to spend more than $2 billion by 2020. During RSA Conference 2016 Abu Dhabi, we aim to host some of the brightest minds in the industry, and share insights into how to protect organisations from cyber threats,” said Linda Gray, General Manager, RSA Conferences.
Qualys enters global strategic alliance deal with Wipro Qualys has announced an expanded strategic partnership with Wipro, a global information technology, consulting and business process services company. As part of the agreement, Wipro will leverage Qualys vulnerability management, policy compliance and web application security services in its managed enterprise security service offerings for its customers across the globe. Wipro will also integrate the Qualys Cloud
Platform with its existing managed security services. “Wipro has built an impressive global managed security services practice and we are confident that together, we will deliver leading-edge IT security and compliance solutions to organisations around the world,” said Philippe Courtot, Chairman and CEO, Qualys. “Our cloudbased delivery model will enable Wipro to incorporate superior global security and compliance into the fabric of their customers’ managed environments.”
www.securityadvisorme.com
NEWS
CISCO INTRODUCES CLOUD-BASED SECURITY SOLUTIONS Cisco has announced new distributed environments and the services and cloud-based security active adversaries aggressively solutions built with Cisco’s threattargeting these expansive centric security architecture. attack surfaces every day. Our The company highlights that customers are finding that they its security portfolio provides need a more integrated approach companies with a more effective to security, and Cisco provides Mike Weston, approach for securing their them with a threat-centric Cisco Middle East digital business models. From security architecture that is the network to the endpoint to the cloud, much more effective in a digital world,” Cisco’s architectural approach detects said Mike Weston, Vice President, Cisco more threats and helps customers on Middle East. average reduce their time to detection to Among the solutions and services less than 13 hours — much faster than that the company will be releasing are the industry standard of 100 days. Cisco Umbrella Roaming, Cisco Umbrella “Digital business is the most impactful Branch, Cisco Defense Orchestrator, the disruption to security in the history of Cisco Meraki MX Security Appliances the technology industry. As a result, with Advanced Malware Protection companies are struggling to manage (AMP) and Threat Grid, and the Cisco the security challenges from both large, Stealthwatch Learning Network License.
McAfee Labs highlights ransomware threats in healthcare Intel Security, has released its McAfee Labs Threats Report: September 2016, which assesses the growing ransomware threat to the healthcare industry, surveys the ‘who and how’ of data loss, explains the practical application of machine learning in cybersecurity, and details the growth of ransomware, mobile malware, macro malware, and other threats in Q2 2016. Following a rash of targeted ransomware attacks upon hospitals in early 2016, Intel Security investigated the attacks, the ransomware networks behind them, and the payment structures enabling cybercriminals to monetise their malicious activity. The researchers identified nearly $100,000 in payments from hospital ransomware victims to specific bitcoin accounts. While healthcare is still clearly a small proportion of the overall ransomware ‘business,’ McAfee Labs expects a
www.securityadvisorme.com
growing number of new industry sectors to be targeted by the extensive networks launching such attacks. The report also found Dark net discussion board communications that suggest that a particular cybercrime actor had accumulated profits of $94 million during the first six months of this year. “As targets, hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, Vice President, Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”
BT, KPMG REPORT SHEDS LIGHT ON INDUSTRIALISATION OF CYBERCRIMES According to a new research from BT and KPMG, only a fifth of IT decision-makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cybercriminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks. The report, ‘Taking the offensive – working together to disrupt digital crime,’ finds that while 94 percent of IT decision-makers are aware that criminal entrepreneurs are blackmailing and bribing employees to gain access to organisations, roughly half (47 percent) admit that they don’t have a strategy in place to prevent it. The report also finds that 91 percent of respondents believe they face obstacles in defending against digital attack due to many regulatory obstacles. Mark Hughes, CEO, BT Security, said, “The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft. The twenty-first century cybercriminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market. With cybercrime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers. Businesses need to not only defend against cyber-attacks, but also disrupt the criminal organisations that launch those attacks. They should certainly work closer with law enforcement as well as partners in the cyber security marketplace.” The research also flags the need for budgets to be adjusted, with 60 percent of decision-makers reporting that their organisation’s cybersecurity is currently financed by the central IT budget while half of those (50 percent) think it should come from a separate security budget.
10.2016
5
FEATURE
Staying on top of IoT security As the field of IoT devices continues to grow, so do the threats to well-established security practices.
T
he Internet of Things (IoT) offers many possible benefits for organisations and consumers – with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organisations need to address. Not surprisingly, IoT security spending is on the rise. Gartner in an April 2016 report said worldwide spending on IoT security will reach $348 million in 2016, a 24 percent increase from 2015 spending of $281.5 million. And spending on IoT security is expected to reach $547 million in 2018. Gartner predicts that IoT security market spending will increase at a faster rate after 2020, as improved skills, organisational change and more scalable service options improve execution. The market is growing as both consumers and businesses start using connected devices in ever greater numbers, the firm says. Gartner has forecast that 6.4 billion connected 6
10.2016
things will be in use worldwide this year, up 30 percent from 2015, and will reach 11.4 billion by 2018. The firm predicts that by 2020, more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets. Security vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT and the decentralised approach to early IoT implementations in organisations, Gartner says. The effort to secure IoT is expected to focus more on the management, analytics and provisioning of devices and their data. And by 2020, Gartner predicts that more than half of all IoT implementations will use some form of cloud-based security service. “The IoT is exponentially increasing the number and type of attack vectors, creating many new and unforeseen challenges for organisations and those responsible for defending the infrastructure. Cisco estimates that the Internet of Everything (IoE) will create $19 trillion in Value at Stake (net profits) globally over the next decade
(2013-2022), driven by connecting the unconnected – people-to-people, machine-to-people (M2P) and machineto-machine (M2M) via the IoE,” says Scott Manson, Cyber Security Leader, Middle East and Turkey, Cisco. Kalle Bjorn, Director of Systems Engineering, Fortinet, agrees that IoT represents a new risk since it adds layers of vulnerability that needs to be addressed, not just to protect personal information, but to protect critical infrastructure, all www.securityadvisorme.com
FEATURE
www.securityadvisorme.com
10.2016
7
FEA-
of which is adopting and deploying IoT devices into products and environments. “Analysts estimate that over 50 billion new, non-user, IP-enabled devices will be added to the Internet over the next few years, and most of these are going to be sitting on corporate networks. The problem here is that these devices are not designed with security in mind – this itself poses a critical security risk in an IoT environment. BYOD devices are highly mobile, hard to identify on networks, blend personal and work profiles, and represent real risk as critical data is accessed from public locations, or when devices are lost or stolen. Headless devices often lack an interface to interact with the system, and therefore can’t be updated,” he adds. Industry analysts point out IoT brings along in its wake new types of threats, that can’t be tackled by traditional security tools. “Increasingly complex landscape of threats in the IoT environments makes the traditional security tools redundant. In the future, enterprises will need to create an intelligence based approach built on top of existing security to deal with threat detection and mitigation. This requires creating an analytics based approach by collecting and analysing large amounts of data. It’s unlikely that the existing tools can keep pace with all of the changing and emerging threats,” says Sunil Paul, COO, Finesse. IoT is likely to be among the top cyber security priorities for
In order to deal with whatever new challenge cybercrime-asa-Service serves up, what’s needed is visibility and control everywhere and all the time: across attack vectors and the full attack continuum – before, during, and after an attack.
organisations in the coming years. What should enterprise do to prepare for IoT? “For enterprises looking to integrate IoT into their environment, the fundamental question to ask is what business benefit are you trying to derive, and whether the risk (and there will always be a risk) can be managed to a level that is acceptable,” says Raj Samani, VP and CTO, Intel Security. Samani cites the example of the oil and gas industry. “A recent IoT implementation into the world of digital oilfields has increased production by 150 percent for a company within the region. This does introduce a risk of potentially allowing more malicious actors to target this infrastructure, but can be managed to reduce the likelihood by considering integrated security solutions that protect, detect
BYOD devices are highly mobile, hard to identify on networks, blend personal and work profiles, and represent real risk as critical data is accessed from public locations, or when devices are lost or stolen. - Kalle Bjorn, Director of Systems Engineering, Fortinet
8
10.2016
and correct, into the design of both greenfield and brownfield installations. Not only is security by design imperative, so too is the continuous analysis of the threat landscape to keep ahead of malicious actors.” In order for the adoption of a more preventive security approach, orgainisations are going to need to be looking at a more holistic security solution, says Manson from Cisco. This is a combination of multiple security solutions, procedures and people that are fully integrated– together they are considered as a whole to achieve the highest level of security. In order to deal with whatever new challenge cybercrimeas-a-Service serves up, what’s needed is visibility and control everywhere and all the time: across attack vectors and the full attack continuum – before, during, and after an attack. “It is important for IT managers to acknowledge the need for a more holistic approach – one that is scalable and addresses mobility, security governance, virtualisation and network policy management – in order to keep management costs in line while simultaneously providing optimal experiences and reaping savings. They must always be alert and aware of the cyber threats they face each day and run an active programme to educate every employee on the importance of protecting sensitive information,” he sums up. www.securityadvisorme.com
PRACTICAL SECURITY FOR THE INTERNET OF THINGS The Internet of Things (IoT) is one of technology’s most interesting recent developments, promising efficiencies across industry, cost-savings in healthcare, safety on the highway and convenience in the home. But the prospect of a world with greater-than-ever numbers of connected devices also poses real challenges for information security at all levels.
CAUSE OF CONCERN
2020
63% 63% OF IT
26 BILLION
professionals say the IOT poses a security threat to their organisations
devices will be connected to the IOT by the end of the decade.
7 OUT OF 10
people are concerned that a connected appliance in their home might result in a breach of their personal data.
KEY CHALLENGES
The main security objective of the present-day Internet is to present a reliable second-party identity to the human user, in order to assist them in making an access decision. In the Internet of Things, there are no human users. The security objective shifts to making a reliable access decision without human assistance.
Conventional safeguards become less effective – and less affordable – in a large, geographically distributed wireless network configuration
If compromised, autonomous machinery can cause massive inconvenience, huge cost and damage to life and limb.
Threats to privacy and extortion become much more subtle, but potentially much more damaging.
SECURING THE IOT UTILISE STANDARDS, LEARN FROM EXISTING TRUST MODEL
Existing trust models have proven effective at securing large-scale information environments.
By leveraging existing standards (e.g., PKIX and TLS), users can accelerate adoption, lower security risk and foster competition – all benefits to the end-user.
FOCUS ON DEVICE ENROLLMENT
Understand that the reliability and cost dictate modified enrollment procedures as scale increases.
Leverage device certificates to ensure that only authorised devices,applications, payment cards, servers and appliances can access connected systems.
Examine established programmes – from ICAO, UK Smart Meters and even the Web – to learn what has worked, then apply the lessons to a hyper-connected world.
BALANCE SECURITY & PRIVACY
Security protocols can introduce a threat to privacy. Mitigate the threat with careful system design.
OPTIMISE SOLUTION DELIVERY
Download pressure on unit cost dictates that complexity must be moved into the infrastructure.
Scarcity of the required security management skills also dictates a cloud approach.
Leverage need for centralised management to increase security and improve ease of use.
Source: Entrust
INTERVIEW
Rethinking security Diego Arrabal, MEA , F5 Networks, says it is time to modernise security in the cloudfirst, mobile-centric world.
T
he threat landscape is changing rapidly with new kind of threats surfacing every day. Does this demand a change in security approaches in the Middle East? The proliferation of cutting-edge technology in is the Middle East is increasingly influential, particularly as innovative tech-enabled development plans continue apace. The region’s businesses and government institutions have also historically been seen as prime targets for ambitious cybercriminals and statesponsored hacking initiatives, so it is vital that defences are in order. In particular, we are finding that businesses are still coming to terms with the onslaught of new technologies and concepts – such as the Internet of Things – infiltrating all aspects of our professional and personal lives. As a result, IT departments are often unprepared and under-resourced to implement sufficient defence strategies. 12
10.2016
Poor visibility on the application layer, application migration to the cloud, he explosion of mobile devices and a lack of preparation within development teams are among the key issues organisations need to address with speed and substance. We recently revealed findings from our first Annual State of Application Security report, which was conducted in partnership with the Ponemon Institute, and identified a number of worrying trends. Despite a third of all applications deemed critical to day-to-day activity, only 35 percent of surveyed respondents claimed to have the resources needed to detect vulnerabilities, and a mere 30 percent said they had the technology to remediate these issues. A full 88 percent were concerned about new and emerging cybersecurity threats weakening the future state of application security. One of the major challenges is a sea-change in IT responsibility as business becomes more applicationcentric. In our work with the
Ponemon Institute, we found that 56 percent of respondents believe accountability for application security is shifting from IT to the end-user or application owner. While 21 percent respondents claimed the CIO or CTO is accountable, another 20 percent said nobody had full ownership. There are accountability issues here, and they need to be dealt with. Companies in the region are faced with the challenge of supporting cloud-based applications and mobile environment while maintaining network reliability, security and speed. How can F5 address these challenges? Traditionally, application delivery services have helped a business ensure its apps are secure, have high availability and are delivered fast, wherever and whenever the user needs them. As apps are moving to the cloud, so too are its application delivery services. As more of the data centre becomes cloud-based and/or virtualised –via software-defined data centres - it www.securityadvisorme.com
INTERVIEW
follows that the management tools businesses rely on should enjoy the same level of flexibility. Today, it is important to have application services that can operate across cloud, on-premises environments, and hybrid deployments. Companies can then scale IT resources across those environments, offering the same optimisation, security and availability you would expect from a traditional deployment contained within a data centre. The way forward is very much an app-centric approach to availability services. It means fitting your infrastructure around the apps and the needs of those who use them, resulting in better speed, reliability, availability and security. Ultimately, application services in the cloud are all about enabling businesses to fully tap into the benefits this environment brings. Decision-makers are increasingly aware of this, and are continually pushing for more flexibility and agility, without compromising any of the benefits a traditional onpremises deployment. Most enterprises focus their security strategies around network perimeter, but it seems attacks are often targeted at applications and user identities. What kind of security architecture would you recommend for this new era of IT? The traditional perimeter is dissolving and run-of-the-mill security strategies are quickly becoming a thing of the past. Today, the world is entirely different. Workers are mobile, applications are in the cloud, and we’re connecting billions of devices to our networks. Security spend need to be realigned to focus more on protecting applications and users. In theory, the objective of securing 100 percent of your data and 100 percent of your communication networks is a daunting task. However, we believe the answer lies with the www.securityadvisorme.com
Today, the world is entirely different. Workers are mobile, applications are in the cloud, and we’re connecting billions of devices to our networks. Security spend need to be realigned to focus more on protecting applications and users.
idetermination of the identity of users and the full-proxy isolation and defense of critical applications. F5 stands out by securing access to applications from anywhere while protecting them wherever they reside. Based on an elastic security services fabric, F5 helps businesses protect sensitive data and intellectual property while minimising application downtime and maximising end-user productivity. F5 is generally thought of as a network infrastructure vendor. Can you tell us about your security portfolio? F5 offers a unique point-of-view on security. Traditional security point solutions focus on network protection and are therefore blind to application content. F5’s placement in the network provides visibility and analysis to all application traffic and allows customers to make decisions based on the potential risk to the application, and take necessary action against malicious activity. Cloud applications and mobility have changed the game; data is stored and accessible by devices that you don’t control, on networks that you don’t own. So, the question is, why are most enterprises still spending the bulk of their security budgets to protect the traditional network perimeter? In many respects, today’s security investments are misaligned with the reality of the threat landscape.
This view is confirmed by data from our F5 Labs team, which combines the expertise of our security researchers with threat intelligence data we collect to provide actionable, global intelligence on current cyber threats—and to identify future trends. The way businesses and organisations approach security issues needs to change. F5 can play a unique role here, providing visibility into all application traffic, enhancing security portfolios with additional layers of intelligence that traditional defenses leave exposed. It is the contextual information that we keep on every user and session that allows us to layer all these defenses together in the F5 security platform. What advice would you give to CISOs in the region? Ultimately, application security is a collective responsibility. Stakeholders in the equation of a successful application deployment strategy should include the IT department, developers and DevOps. C-level executives also need to attribute more resources to this important area of business. Determining a sustainable ownership strategy for application security will help firms to deploy applications securely across their employee network for 24-hour access, on any device and from any location. 10.2016
13
INSIGHT
Cloud security’s today and tomorrow By Prof. Yale Li, Chief Cyber Security Evaluation Expert of Huawei Internal Cyber Security Lab and Chairman of Cloud Security Alliance (CSA) Greater China Region
I
n the early days of public cloud computing, a cloud service provider’s (CSP) priority was to sign up businesses by providing low-cost shared resources, faster service, and on-demand elasticity. Security was only considered when customers inquired or attackers forced CSPs to do so. In August 2006, Amazon introduced its Elastic Compute Cloud. When I asked an Amazon security representative to inspect my resource access log in their cloud data center as a customer at that time, he scratched his head. Soon, most cloud customers and service providers had realised that security is the biggest challenge for public cloud computing. Two years later, Microsoft’s Windows Azure was announced, and 14
10.2016
Huawei Desktop Cloud was released for employee trial. Security was rated as the No. 1 concern by CIOs from enterprises interested in adopting the cloud. Indeed, even David Cutler, the father of Windows NT, was unable to satisfy many of my basic security requirements relating to Red Dog (Code Name of Azure). To overcome the security challenges, the Cloud Security Alliance was born in 2008 and officially announced at the 2009 RSA Conference, with the release of its inaugural whitepaper “Security Guidance for Critical Areas of Focus in Cloud Computing V1.0”. The guidance shed a light on cloud security for both customers and services providers. Microsoft, Huawei, as well as other vendors and enterprises joined CSA to band together and address the security challenges. Later on, the leader of IaaS,
Amazon AWS, joined CSA after initially resisting but finally realising the value of industry-wide partnership. The first time I met Jim Reavis, the founder of Cloud Security Alliance, I asked him how many years do you think we need to resolve the cloud security problems. He said, “It will take a long time, probably 20 years.” Today, just 10 years later, cloud computing security has improved significantly. Yet, the old problems have not all been resolved, while new ones continue to appear for the next 10 years. Cloud security today The industry has matured significantly over the years in terms of cloud security to be at par with enterprise on premise security. Here are some of the developments the industry had witnessed in recent years. www.securityadvisorme.com
INSIGHT
Cloud architecture and key technologies Several organisations have developed reference architecture for cloud computing. For example, the Enterprise Architecture (knows as Trusted Cloud Initiative – Reference Architecture initially) was first created by CSA then evolved into NIST Cloud Computing Reference Architecture through CSANIST partnership. ISO published “ISO/ IEC 17789:2014 Information technology – Cloud computing – Reference architecture”. Oracle and a few other companies released their own Cloud Reference Architecture. Security has earned a place in cloud architectural design through the reference architecture. Meanwhile, technologies continued to advance. More security capabilities and operation security tools have been added into cloud products, solutions, and services. The vulnerabilities in virtualisation layer have been reported, fixed, and reduced. Hotfix technologies in Xen, KVM, Hyper-V, VMware enable applying security fixes without rebooting the host. The latest versions of cloud management tools, such as OpenStack, have considered security hardening. A cloud security ecosystem or market place provides customers choices to select optional security features and solutions based on their needs. Threat analysis CSA has published three versions of “Top Threats to cloud computing”. The number of identified cloud threats increased from eight in the first version to nine in the second version, and increased to 12 in the third version. The latest version released at RSA Conference 2016 in February has become widely adopted by vendors when they develop cloud services. Among 12 top threats that are common internationally, Huawei has identified a unique threat in China cloud market, and added counter measure in Huawei Enterprise Cloud deployed in China. Security responsibilities Under the general guidance to have shared security responsibilities between www.securityadvisorme.com
A cloud security certification demonstrates a cloud service provider or technology vendor meets the basic compliance by implementing security controls required by security requirements. This means Customers who bought certified services will have lower risk.
cloud service providers and customers, Huawei, Amazon, Microsoft and other major vendors have all developed their own specific responsibility boundary diagrams for IaaS, PaaS, and SaaS, covering all layers of cloud building stacks from infrastructure to data. Although many cloud service providers collect and analyse data in the cloud to gain business advantage, Huawei Enterprise Cloud announced a new principle “Never touch applications at top and never touch data at bottom”. Security requirements and standards The first de-facto cloud security standard CCM (Cloud Control Matrix) was created by CSA with version 3.01 as the latest. It was referenced by many governments, standards organizations and vendors when they create cloud security standards specific to their country, region, or industry. Later, FedRAMP (The Federal Risk and Authorization Management Program) and NIST SP 800-53 was published US. “ISO/ IEC 27017:2015 Information technology –Security techniques –Code of practice for information security controls based on ISO/IEC 27002 for cloud services” was published by ISO. China Government also published their National Cloud Security Standards “Information security technology – Security capability requirements of cloud computing services”. Evaluation and certification CSA STAR (Security, Trust, & assurance Registry) is the most recognised cloud security certification scheme for
service providers worldwide. The STAR Programme comes with 3 levels: Level 1 – Self Assessment, Level 2 – Third Party Assessment-based Certification, Level 3 – Continuous Monitoring. A specific version of STAR for China market called C-STAR was co-developed by CSA and CEPREI. British Standards Institute (BSI) and several third party labs are accredited to evaluate cloud service providers against CSA standards (e.g. Cloud Control Matrix) and grant CSA STAR certifications. In Europe, EuroCloud Star Audit Certification and TUV Rheinland Cloud Security Certification are also available to European cloud service providers. Huawei cloud services have achieved CSA STAR, CSA C-STAR and government issued several certifications. Cloud penetration test A cloud security certification demonstrates a cloud service provider or technology vendor meets the basic compliance by implementing security controls required by security requirements. This means Customers who bought certified services will have lower risk. However, the certification itself cannot guarantee vulnerabilities are minimal to effectively defend the cloud against skilled attackers. Most cloud service providers hire white hat security experts or companies to perform penetration test on regular basis as a best practice. At Huawei, the security test and penetration test are conducted twice to double check and double ensure the security quality of Huawei cloud products 10.2016
15
INSIGHT
and solutions. One test is done by the blue army, penetration testers hired by the product team. Another test is then performed again by the red army, an independent and professional Huawei cybersecurity lab, ranging from lower virtualisation and network layers to upper application and business logic layers. Tomorrow’s cloud security Clearly, many cloud security issues have not been completely resolved today. Governments and enterprise customers are still cautious when they migrate from on premise to the public cloud. However, the market has shown that cloud adoption will accelerate in the next 10 years. Of course, the industry will also accelerate security investments for cloud computing and emerging technologies in the next 10 years. Here are some examples of work ahead: Security-as-a-Service Security is a concern for the cloud on one side, but it the cloud enables security on the other side. By utilising the power of cloud computing, delivering security can be easier in the cloud than on premise. SEaaS (Security-as-a-Service) will be a new way to provide security as a service to vast number of business, from small, medium to large. CSA has released implementation guides for 10 different types of SEaaS such as encryption, SIEM, IAM and so on. Standards and certification The compliance-type audit and testing is a basic assurance for cloud service.
Currently organisations put a focus on higher level security requirements, similar to ISO 27001 series, from customer’s perspective. However, a lower level security requirements at detailed product and solution level needs to be defined and tested for cloud service to defend itself against certain level of attack. CSA STAR Tech, a product and solution level security certification is under development based on CSTR “Cloud Security Technology Requirements” standard, which was originally created by a Research Work Group in CSA Greater China Region. With Mobile App as client in the cloudclient ecosystem, CSA STAR Mobile, a mobile security certification, will be available for apps that meet MAST (Mobile Application Security Test) standard developed by another Work Group with members mainly from greater China region. With DevOps and fast deployment of software builds in the cloud, STAR Level 3 is under develop to enable continuous check of security status of a cloud service. CSA Cloud Vulnerability Reporting standard will enable vulnerability information sharing between different cloud customers and service providers. Secure next generation technologies Emerging Technologies such as cloud computing, Big Data, SDN, and IoT introduce emerging threats to business. The industry must keep up with countermeasures though innovation in security solution research and development. CSA, Huawei, and big
Emerging Technologies such as cloud computing, Big Data, SDN, and IoT introduce emerging threats to business. The industry must keep up with countermeasures though innovation in security solution research and development.
16
10.2016
cloud service providers and vendors, in addition to security tech startups, have already invested in these areas. CSA SPD (Software Defined Perimeter) is a solution to create dynamic trust boundary in cloud and IoT environments to shield resources from attackers. Top 10 Big Data security challenges, IoT Security Framework, Quantum Safe Framework have been published or under development by CSA Work Groups. Container Security including Docker security guidance, architecture, and requirements are been initiated by NCC Groups, Huawei, CSA and other companies. CABS to independent third party supervision CABS (Cloud Access Security Brokers) are a category of security tools that help enterprises safely enable cloud apps and mobile devices. Although CASBs provide limited visibility and data security for cloud customers, a new approach may deserve discussion in the industry. This concept is called I3PS (Independent Third-Party Supervision),an independent and neutral authority, is licensed and fully trusted by both cloud customers and cloud service providers. It provides complete security check and visibility for cloud services by automated trust protocols, APIs, tools, and processes. Cloud Service’s security compliance status, administrator’s operations to tenant’s resources, and other anomalies will all be collected, analysed, and reported by I3PS on behalf of cloud customers, service providers, governments and industry regulation bodies. This provides ultimate assurance efficiently for the entire cloud eco-system. Conclusion Cloud security requires collaboration between industry players, governments, and academia. Huawei and CSA collaboration have set an example how we can achieve security and enable business together in the cloud. I believe customers will have confidence to put their crown treasure in the cloud in next ten years. www.securityadvisorme.com
OPINION
SSL TRAFFIC INSPECTION: SELECTING THE RIGHT TOOLS TO BEAT NETWORK BLIND SPOTS Chris Gale, EMEA Partner Director at A10 Networks
E
ncrypted traffic accounts for a large and growing percentage of all network traffic. While the adoption of SSL, and its successor, Transport Layer Security (TLS), should be cause for celebration – as encryption improves confidentiality and message integrity – it also puts organisations at risk. This is because hackers can leverage encryption to conceal their exploits from security devices that do not inspect SSL traffic. According to a Gartner survey, “less than 20 percent of organisations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.” This means that hackers can evade over 80 percent of companies’ network defenses simply by tunneling attacks in encrypted traffic. 18
10.2016
To prevent cyber-attacks, enterprises need to inspect all traffic, and in particular encrypted traffic, for advanced threats. To do this, they need a dedicated security platform that can decrypt inbound and outbound SSL traffic. This can be complex though as SSL inspection potentially touches so many different security products – from firewalls and intrusion prevent systems (IPS) to data loss prevention (DLP), forensics, advanced threat prevention and more. To help with the process, here are the main features that all SSL inspection platforms should provide:
Meet current and future SSL performance demands Performance is perhaps the most important evaluation criteria for SSL inspection platforms. Organisations must assess their current Internet bandwidth requirements and ensure that their SSL
inspection platform can handle future SSL throughput requirements. While doing so, IT teams must analyse appliance performance with essential security and networking features enabled. This is important as testing SSL decryption speeds without considering the impact of deep packet inspection (DPI), URL classification or other features will not provide a clear picture of real-world performance.
Satisfy compliance requirements Privacy and regulatory concerns have emerged as one of the top hurdles preventing organisations from inspecting SSL traffic. IT security teams must walk a thin line between protecting employees and intellectual property, and violating employees’ privacy rights. To address regulatory requirements like HIPAA, Federal Information Security www.securityadvisorme.com
STAY SECURE WITH THE IXTEL SOC Whether we’re supporting fully managed services or individual devices, you can rely on our UAE-based, 24x7x365 Security Operations Centre (SOC) to deliver the right people, process and technologies to ensure outstanding performance and resolve issues before they impact your business.
THE SMARTER SOLUTION TO SECURITY INTELLIGENCE With a proven track record of delivering first-class security services, the wealth of experience inside our SOC is second to none. And, of course, as well as working to ITIL frameworks, we’re IL2, IL3 and ISO 27001 accredited
To learn more about how the ixtel SOC can improve security and performance for your business, contact 04 342 3366 email us at info@ixtel.com
OPINION
Management Act (FISMA), Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX), an SSL inspection platform should be able to bypass sensitive traffic, like traffic to banking and healthcare sites. By bypassing sensitive traffic, IT security teams can rest easy knowing that confidential banking or healthcare records will not be sent to security devices or stored in log management systems. The SSL inspection solution must be able to categorise web traffic using an automated URL classification service and also support manually-defined URL bypass lists. To drive transparency and employee confidence, IT teams should also be able to display customisable messages to users informing them that encrypted traffic may be monitored for cyber threats and unauthorised activity.
Maximise the uptime and the overall capacity of security infrastructure Most firewalls today can granularly control access to applications and detect intrusions and malware. Unfortunately, analysing network traffic for network-borne threats is a resource-intensive task. While firewalls have increased their capacity over time, they often cannot keep up with network demand, especially when multiple security features like IPS, URL filtering and virus inspection are enabled.
Therefore, SSL inspection platforms should not just offload SSL processing from security devices. They should also maximise the uptime and performance of these devices. When evaluating SSL inspection platforms, organisations should look for platforms that can scale security deployments with load balancing; detect and route around failed security devices; provide better value by supporting N+1 redundancy rather than just 1+1 redundancy; and support advanced health monitoring to rapidly identify network or application errors.
Securely manage SSL certificates and keys Whether providing visibility to outbound or inbound SSL traffic, SSL inspection devices must securely manage SSL certificates and keys. SSL certificates
The SSL inspection solution must be able to categorise web traffic using an automated URL classification service and also support manuallydefined URL bypass lists.
20
10.2016
and keys form the basis of trust for encrypted communications. If they are compromised, attackers can use them to impersonate legitimate sites and steal data. To ensure that certificates are stored and administered securely, organisations should look for SSL inspection platforms that provide device-level controls to protect SSL keys and certificates. The solution should integrate with thirdparty SSL certificate management solutions to discover, catalog, track and centrally control certificates. It is also necessary for it to support FIPS 140-2 Level 2 and Level 3 certified equipment and Hardware Security Modules (HSMs) that can detect physical tampering and can safeguard cryptographic key. With SSL accounting for nearly a third of enterprise traffic and with more applications supporting 2048-bit and 4096bit SSL keys, organisations can no longer avoid the cryptographic elephant in the room. If they wish to prevent devastating data breaches, they must gain insight into SSL traffic. By following the above mentioned guidelines, organisations can make well-informed decisions and avoid the deployment pitfalls that SSL inspection can potentially expose. www.securityadvisorme.com
OPINION
THE RISE OF ETHICAL HACKING Ibrahim AlMallouhi, Vice President, Security Operations, du, explains why hackers are becoming increasingly important for businesses
I
n today’s digital environment, businesses have a plethora of data at their fingertips – about their business, about their partners and about their customers. This data has quickly become one of the most valuable cargos of any modern business as it allows for slicker, quicker business. This incredible growth opens many doors for hackers and cybercriminals to penetrate the host of connected devices on which we rely. Historically, the answer to these has been to keep hackers at bay with software and tools that detects and block malware and suspicious activity. However, with the rapid evolution of technology and the capabilities of the Internet, now is the time to consider comprehensive solutions, which include collaborating with ethical hackers who foresee the threats before they can occur. In 2015, more security breaches through hacking occurred than ever before; a report from IBM found that, 22
10.2016
www.securityadvisorme.com
OPINION
internationally, there were 65 percent more security incidents in 2015 than in 2014. Businesses worldwide were subject to attacks to their data. We have seen this most recently with the Yahoo data breach, where hackers reportedly stole the data of 500 million users in 2014, and in the past with the TalkTalk scandal in the UK, whereby hackers stole over 20,000 customers’ data, as well as a security breach for international business Hilton Worldwide which left customers’ credit card details open to fraudulent attacks from hackers. These security breaches tend to have a negative business impact, regardless of the breach itself, from a drop in customer base, to a decrease in share price or credibility of the company affected. However, when it comes to security, many businesses find themselves illprepared and under-armed through lack of a clear strategy or defense. The concept of battling such sophisticated and technical malware can be a daunting challenge for any business due to lack of sufficient resources or tools to spot a cybersecurity attack when it occurs, or spot the weaknesses in security before an attack occurs. It is important for businesses to arm their systems with the right tools in order to protect valuable information and data from malicious software. Leading cybersecurity solutions provider, Cisco, really sees the market
consolidating with as little OPEX constraint and human capital as possible. According to Cisco, one of the primary challenges in our marketplace is complexity. No longer is cyber security just about firewalls, whether on the perimeter or in the data centre. It’s much more complicated now, the effects and the capabilities of hackers are ensuring that we have to get even deeper into the granularity of how we’re protecting our environments. This is where the expertise of ethical hackers can be of most value. Companies must undertake proactive security measures essential to security planning. Understanding the Cyber Security and Security threat landscape can ensure a tested response plan will empower a business to resist an attack if it occurs, or to minimise the negative effects if an incident occurs. It is this understanding amongst businesses – particularly those most prone to attacks such as government, finance or healthcare – which has given rise to the role of the “Ethical Hacker” in business. The concept and simultaneous role of an “ethical hacker” has grown in recent years, as companies have realised its potential as a powerful strategy against online threats. Although traditionally the term “hacker” connotes destructive behavior, associated with hooded figures in dark rooms with computers – “ethical
No longer is cybersecurity just about firewalls, whether on the perimeter or in the data centre. It’s much more complicated now, the effects and the capabilities of hackers are ensuring that we have to get even deeper into the granularity of how we’re protecting our
www.securityadvisorme.com
hackers” can be a fundamentally crucial aspect of a secure and safe network. Ethical Hackers are hired by an organization to use their skills to break into that business’ computer system. In doing so, enterprises will discover the vulnerabilities in their systems. Many businesses are wary of inviting hackers into their business for fear that such a profession can never be responsible. However, it is the technical and disruptive mind of code breakers which enables them to hack into some of the world’s most secure systems which makes them so valuable to a business at risk; a profession which is known for disturbing authority and disrupting regimen will therefore not be deterred by such process and able to spot and solving technical flaws which would otherwise be overlooked. On a global level, more and more businesses have bug bounty programs whereby individuals can receive recognition and compensation for reporting bugs, especially when it comes to detecting vulnerabilities or exposing exploits. As a result of an upsurge in cybersecurity threats, there are more and more accredited ethical hacking certifications that are accepted by businesses and governments around the world, who rely on these individuals as a first response in their cybersecurity model. As we move towards a digital society, cybercrime and the importance of cybersecurity will only continue to rise in conjunction. However, ethical hacking can be a powerful strategy in the fight against online threats by identifying weaknesses before a security breach can occur – leaving customers open to attack. By authorising approved hackers to break into secure networks without malicious intent, businesses can discover vulnerabilities which would otherwise go unnoticed – thus saving them valuable time, money and brand affinity with customers who know their data is safe in the hands of your business. 10.2016
23
OPINION
SMART CITIES: FIVE SECURITY AREAS CIOS SHOULD WATCH By Nader Baghdadi, Regional Enterprise Director, South Gulf and Pakistan, Fortinet
24
10.2016
C
ar navigation systems that can predict where and when traffic jams might occur, by siphoning data from sensors in roads and other vehicles. Cameras that can spot litter in public places and call in the cleaning crew. Self-adjusting street lamps. These are just a few of the scenarios that could become commonplace as smart cities take hold over the next few years. Driven by rising urbanisation and fueled by technologies such as the Internet of Things (IoT) and data analytics, smart cities are on the cusp of explosive growth. Glasgow, Barcelona, Nice, New York City, London and Singapore have already
www.securityadvisorme.com
OPINION
embarked on the trek. The Smart City technology market could be worth $27.5 billion annually by 2023, according to Navigant Research. Smart City initiatives are driven by public sector initiatives. However, they will have a big impact on businesses. CIOs will have to learn how to tap on the new connected city infrastructure for their business. Smart City technologies like IoT and data analytics are expected to drive innovative business ideas in the future. But the new wave of Smart City services and technologies are also expected to create new security vulnerabilities. Here are FIVE areas CIOs should watch out for. 1. A further fragmentation of IT The last few years saw a rapid proliferation of cloud services and mobile device adoption in the workplace. The trend has transformed business productivity. But it has also wrecked the tight-fisted control that CIOs used to be able to exert on their IT systems. CIOs now have to grapple with the idea of employees using unsanctioned cloud services via unsecured phones to hook up to corporate servers and accessing sensitive business data. The expected explosion of IoT devices − researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion worldwide − will result in a further fragmentation of IT in businesses. Instead of fighting the losing battle of trying to lock down devices and services, CIOs should look at protecting the data. Look for IoT devices that offer device-to-device encryption. Consider implementing − as well as bolstering − comprehensive encryption schemes to protect data in networks, cloud services and endpoint devices. 2. Device vulnerabilities In the past year, security researchers have exposed holes in Wi-Fi-enabled Barbie dolls, Jeep Cherokee cars, fitness trackers and other new-fangled connected devices. Fortinet’s FortiGuard www.securityadvisorme.com
Labs already see IoT based attacks on the radar and happening in real time around the world. This shows the risks that are coming as toys, wearables, cars and power grids get attached to sensors that are linked to a common network and the Web. IoT will bring forth a larger surface attack. Hackers will eye IoT devices as a launching pad for ‘land-andexpand’ attacks. One scenario: hackers take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect. So how do CIOs protect against the risks of connected devices and their own IoT implementations? Short of physically separating such devices from all other network systems, they can consider deploying networkbased protection schemes. Internal segmentation firewalls, or ISFWs, for instance, can mitigate the proliferation of threats inside the business network. They also need to employ an IoT network security solution which is capable of mitigating exploits against this growing and vulnerable attack surface. IoT vendors need to harden their products and develop proper product security (PSIRT) teams. 3. IoT gateways can be exploited In a typical IoT deployment, the majority of connected devices will be always connected and always on. Unlike mobile phones and laptops, such devices are likely to go through only a one-time authentication process across multiple sessions. This will make them attractive to hackers looking to infiltrate into company networks, as it allows easy control and sniffing of traffic. Shoring up the security of the gateways that connect IoT devices is therefore a must. CIOs should map out where these gateways are and where they are linked to − they can reside internally or externally, and even be connected to IoT device manufacturers. There must also be a sound plan for updating security
patches on these gateways, as well as the IoT devices. 4. Big Data, more risks If there is a constant in Smart City deployments, it is that more data will be generated, processed and stored. Connected devices will generate huge data repositories. Businesses that adopt Big Data systems will see an even larger data deluge. Unfortunately, such data will also become attractive targets for corporate hackers. To protect huge amounts of data with large inflows and outflows, the bandwidth capabilities of security appliances will come to the fore. And when dealing with data analytics, it often isn’t just a single data set, but multiple repositories of data that may be combined and analyzed together by different groups of people. For instance, a pharmaceutical company’s research efforts may be open to employees, contractors and interns. This means individual access and auditing rights. 5. A new can of worms New worms designed to attach to IoT devices will emerge − and they could wreck more havoc given the extended reach of the new converged networks. Conficker is an example of a worm that spread on PC’s in 2008 and is still persistent and prevalent in 2016. Likewise, worms and viruses that can propagate from device to device can be expected to emerge – particularly with mobile and the Android operating system. Embedded worms will spread by leveraging and exploiting vulnerabilities in the growing IoT and mobile attack surface. The largest botnet FortiGuard labs has witnessed is in the range of 15 million PC’s. Thanks to the Internet of Things, this can easily reach in excess of 50 million if the spread of IoT worms is not properly mitigated. Patch management, and network based security inspection – particularly intrusion prevention systems or IPS – that can block IoT worms is a must. 10.2016
25
OPINION
THE ART OF DECEPTION By Rashmi Knowles, Chief Security Architect EMEA, EMC and Greg Day, VP and Chief Security Officer, EMEA, Palo Alto Networks
T
here isn’t a single aspect of our modern-day lives that is not influenced in some way by technology. It has paved the way for some of mankind’s greatest inventions, and has improved our society for the better in multiple ways. Unfortunately, with such widespread innovation also comes the inevitability of cybercriminals using these technologies with malicious intent. While companies experience security breaches, a gap in the effectiveness of many businesses’ security strategies becomes clearer with each attack. Which leads one to question: what are organisations doing in retaliation? Rashmi Knowles, Chief 26
10.2016
Security Architect EMEA, EMC and Greg Day, VP and Chief Security Officer, EMEA, Palo Alto Networks look to delve into the growing new technology segment of deception technology, explaining how it is used, its effectiveness, and the future of these techniques.
specifically set up to gather information on an attacker or intruder within a system. “It works by utilising deceit to either thwart an attacker’s intellectual processes, render their tools useless or disrupt breach progression,” said Rashmi Knowles. “These techniques use the trust that What is deception criminals and their aids Greg Day, VP and Chief Security technology? must have in the network Officer, EMEA, Palo Alto The concept of deception Networks protocols, infrastructure, was formulated over a applications, systems decade ago and was first and data elements they implemented in the form of honeypots, interact with or access throughout which are decoy servers or systems their intelligence gathering activities www.securityadvisorme.com
OPINION
and turn it against them. In its true form, deception is used for defensive or disruptive purposes, and is not offensive in any way,” added Knowles. Over time, its use has become widespread, effectively enhancing threat detection and being deployed as a threat response strategy in a range of enterprise technology and security programmes.
are event-driven and supported by forensics that can be analysed alongside additional records.” In the event that further information is required during an attack, some advanced deception systems open communications with the criminals’ command and control (C&C) server to learn more about the methods and tools they are using, allowing information security teams to prepare for future attempts.
attacker is forced to work harder, which can only be a positive, and any mistake he makes means that his entire attempt can be shut down before he gets the opportunity to try again. Cybersecurity measures, just like the threats they are dealing with, continue to evolve; How it differs from traditional new capabilities such as security measures deception tools provide According to Day, “Deception technology Rashmi Knowles, Chief Security new ways in which to works in sync with security solutions, Architect EMEA, EMC manage risk. However and is intended to enhance pre-existing with availability of solutions as opposed to replace, making skilled cyber staff being it a suitable addition to a holistic perhaps the most significant challenge, security strategy. There is a growing any new innovative capability must trend to not only rely on signaturebe able to integrate into the broader based solutions, but to also gain Parting words of advice cybersecurity platform in order to be as real-time visibility into an increasing In a world where many enterprises are automated as the attacks it’s defending volume of unique new attacks that focused on defending against intrusions against” said Day. have circumvented more traditional coming from the exterior, deception techniques. There is a number of new technology works to defeat threats The present day and beyond capabilities, such as deception tools, already inside perimeters. With highAs virtual environments become that help discover and manage the risk profile breaches making news headlines commonplace, it has become easier of these unknown attacks enabling on a regular basis, it is crucial to for organisations to deploy deception infected components to be identified combine cybersecurity strategy strategies. In fact, research from and isolated promptly.” with innovative thinking. Deception Gartner has shown that it is one of the Day added, “To prevent against technology is having an impact on the top 10 recommended technologies today’s cyber-attacks, organisations threat landscape, and is applicable to for information security professionals must leverage a strategy that does not companies of any scale. in 2016. It is estimated that by 2018, depend solely on castles and moats. “It’s an age-old saying that 10 percent of enterprises will use Deception technology is designed defenders have to be right all the time, deception tools to actively participate in to detect threats that have already while an attacker only has to be right operations against criminals. penetrated the network, hence, alerts once. With deception techniques, the Despite this, Knowles concluded: “Many organisations do not fully comprehend how useful deception technology can be for their business. IT decision-makers should take it upon themselves to learn how threat deception techniques can be used to bolster their existing capabilities in order to protect against enemies that are becoming Greg Day, VP and Chief Security Officer, EMEA, Palo Alto Networks all the more sophisticated. Empowering them with the correct knowledge will be instrumental to advancing the adoption of deceit technologies and concepts.”
It’s an age-old saying that defenders have to be right all the time, while an attacker only has to be right once.
www.securityadvisorme.com
10.2016
27
OPINION
WHY ENTERPRISES NEED A MULTILAYER APPROACH TO PUBLIC CLOUD SECURITY Scott Montgomery, Vice President and Chief Technology Officer, Public Sector, Intel Security
S
ecurity has long been the principal fear that weighs on cloud investments. While perceptions are improving, Intel Security’s recent State of Cloud Adoption study found that data breaches remain the biggest concern of companies deploying Software-as-aService (SaaS), Infrastructure-as-aService (IaaS), and even private cloud models. A 2015 survey by Crowd Research Partners found that nine in 10 security professionals worry about cloud security. These concerns, however, are not stopping enterprises from investing in the cloud. The Intel Security study found that while the survey shows that confidence in cloud 28
10.2016
security is increasing, only onethird of respondents believe their senior executives understand the security risks. Investments in cloud security should be commensurate with the level of migration to cloud services. But budgeting for security in the public cloud is distinctly different than planning for on-premise prevention. One fundamental shift is that cloud providers use a ‘shared responsibility model’ that spreads risks between vendor and customer. Another difference, customers don’t buy the same mix of products and equipment to secure the cloud that they do in the data centre. Budgeting for security in the public cloud begins by considering which applications
and infrastructure components will live there. Some, like website hosting and document serving, are of relatively low risk and don’t demand the most stringent safeguards. Also consider the consumption models you’ll use. SaaS providers generally assume responsibility for security and the application and system levels. However, IaaS providers tend to cede those responsibilities to the customer. What’s more, no public cloud provider is likely to assume responsibility for user access and data protection, although there are measures they can take to support your own efforts. There are three levels of security to consider as you build out your public cloud strategy: www.securityadvisorme.com
24 7
CTM360
365
X
CYBER THREAT MANAGEMENT
25 of the top 50 GCC Banks trust us Would you like to know why?
REQUEST A
FREE
CYBER THREAT EVALUATION
▪ Cyber Footprint
▪
▪ Response
www.ctm360.com
▪ Impersonated Emails / Profiles ▪ Company Data in the Dark Net ▪ Spear Phishing ▪ Social Media Fraud 30+ other parameters
360 360 77 973+ info@ctm360.com
OPINION
System-level security for IaaS This is secured plumbing: systemslevel components such as operating systems, networks, virtual machines, management utilities and containers. Here, you want to invest in cloud providers that make it easy for you to keep your systems current with the latest patches and updates. The service provider should also provide thorough visibility into your cloud instances so that you can see all instances that are running. One of the challenges of public cloud is that it’s so convenient to spin up new VMs and containers that you may forget to shut them down later. These so-called “zombies” are latent security threats because they present potential attack vectors into more business or mission critical systems. If you plan to use containers, as a growing number of enterprises are, be diligent about the level of security protection they offer. The market for containers is still immature, and security – while improving – is considered one of the technology’s weakest areas. Remember, you are responsible for system-level security in your Infrastructure-as-a-Service (IaaS) and Platform-as-a-Server (PaaS) instances. Integrating these security controls and reporting in with your on-premises systems will create efficiencies. Be sure to include the appropriate controls for the type of server employed. These may include tools such as intrusion prevention, application control, advanced antimalware solutions and threat detection. These should all be centrally managed for visibility and compliance in addition to policy and threat intelligence sharing with your on-premises infrastructure.
Application-level security This level is primarily about identity and access management. Your best investment here isn’t financial; it’s a 30
10.2016
policy that limits the ability of users to deploy cloud applications without IT’s knowledge. After ensuring policies are in place that offer IT visibility, the next step is to invest in multifactor authentication and identity management. The first approach uses two or more devices or applications to permit access. Identify management locks down application access by requiring users to authenticate through a secure
Many cloud providers, for example, offer encryption as a standard option, but you may be surprised at how many do not, or who encrypt data only part of the time. Anything less than 256-bit encryption is considered inadequate these days. More important is that you have full control of the encryption keys. If a cloud provider insists on owning them, you have no guarantees that your data will be safe. Seek another provider.
If you plan to use containers, as a growing number of enterprises are, be diligent about the level of security protection they offer. The market for containers is still immature.
resource such as LDAP or Active Directory. If your organisation already uses a directory, consider investing in cloud brokering software that supports single sign-on so that users can authenticate to all their cloud services through their local directory. This gives IT complete visibility and shifts access control from the cloud service to your own IT organisation. Consider also investing in a secure VPN tunnel so sessions are never exposed to the public Internet.
Data-level security This level of protection involves securing the data itself. No cloud provider will take responsibility for your data, but there are solutions you can purchase to help.
In addition, make sure your data is unencrypted only when in use. Some providers require that data be transmitted to their facilities in plain-text format. That’s a security risk. Whatever cloud provider you adopt, make sure their security guarantees spelled out in their contract and SLA. A good contract should spell out exactly what procedures will be employed, along with any penalties the provider will face for non-compliance, how they will report upon it, and how you can audit to ensure your contractual terms are being met. A strong SLA ensures that you don’t simply toss the keys to your cloud provider as you’re walking out the door. www.securityadvisorme.com
Nothing happened today In a perfect world, no one thinks about access control except you. The hundreds of people coming and going don’t think about you, or what a good job you’re doing, or how they always manage to get seamlessly where they need to go. Because you chose Synergis access control, it was another great day.
© 2014 Genetec. All rights reserved. Genetec and Synergis are either registered trademarks or trademarks of Genetec.
genetec.com/synergis
EVENT
ON GUARD SecureWorks recently hosted a media roundtable in Dubai, touching on the shifting cybersecurity landscape in the Middle East and examining ways in which the company helps to protect companies in the region from damaging attacks.
32
10.2016
www.securityadvisorme.com
EVENT
S
ecureWorks, 59 countries. risks becoming more a provider of “It’s no longer good pervasive and difficult intelligenceenough to just manage to prevent, we are driven information and monitor people’s encouraging companies security solutions, environments,” said in the Middle East is looking to strengthen its focus on Bancroft. “It’s now to be more vigilant helping prevent, detect and respond to much more about and invest in cyber cybercrime in the Middle East. applying what we know defences to protect their The company is investing further – the intelligence - that infrastructures,” said in the region in the hope of providing additional detail.” Bancroft. ‘optimal solutions and best practices’ Alain Kallas, He concluded, to better protect banks, government Managing Director, “Studies have shown ministries, oil installations, telecom Middle East, that attackers can go providers and other key organisations. SecureWorks, discussed undiscovered within a Ian Bancroft, Executive Director Speaking recently at the roundtable the ever-changing victim’s IT infrastructure and General Manager, EMEA, SecureWorks event, Ian Bancroft, Executive threat landscape at for months or Director and General Manager, EMEA, the roundtable. He SecureWorks said, “When we look explained how the cost at the threat landscape, we’re not of damage to a single company in talking about thousands of end-points the region on average has “risen 21 anymore; we’re talking about millions. percent in the last year to $3.7 million You need to have the capability to per attack.” protect yourself from a cyber-security He also pointed out how there are point of view.” currently two main threat actors in the SecureWorks is now offering a cyber industry. “There are those who broad portfolio of information security are interested in your information, who solutions that provide an early warning are typically nation state sponsored, system to not only prevent and detect but the rest are mainly those interested threats, but also predict future cyberin money and making money out attacks. The Counter Threat Platform of their cyber operation, such as (CTP), which Bancroft describes as DarkNet,” he said. a database with “16 years’ worth of With SecureWorks’ solutions understanding exactly and extensive threat what threats occur intelligence knowledge, and how these threats a company can be inseminate themselves alerted within 15 into the market place.” minutes of a threat Working within this having been detected. platform is the Counter Over 50 percent of Threat Unit (CTU); SecureWorks’ customers a research team of globally are in the over 70 analysts who finance industry, so it is even years. With a combination of monitor the threat of imperative importance monitoring, detection and prevention landscape and apply that these attacks are solutions leveraging timely threat the intelligence to detected and prevented intelligence, SecureWorks enables SecureWorks services, if at all possible to avoid organisations to bolster their cyber in order to protect their Alain Khallas, Managing Director, devastating results. defences and reduce the time and cost 4,300 customers across Middle East, SecureWorks “With security of responding to security breaches.”
The cost of damage to a single company in the region on average has risen 21 percent in the last year to $3.7 million per attack.
www.securityadvisorme.com
10.2016
33
OPINION
SECURITY AUTOMATION EXPLAINED Eran Barak, CEO and Co-Founder, Hexadite
T
here’s been a lot of talk about security automation, but it’s increasingly unclear what is what. The fact is, the technology is starting to go beyond prevention and detection, reaching into other important components of IT infrastructure to more reliably protect organisations. Here are four of the newest and most advanced elements you should consider when discussing security automation:
1. Policy execution. As networks have grown significantly more complex, manually managing associated security 34
10.2016
policies has become nearly impossible. Enter policy execution automation, which refers to the automation of any administrative work required of IT security. A variety of vendors offer tools for automating the management of network security policies, which can help you more easily meet internal or regulatory security requirements. Some also offer automated services for administrative tasks like user onboarding/off-boarding and user lifecycle management. Automating the provisioning, deprovisioning and user access can help IT teams gain greater control over data, costs and time, and the companies offering the tools
sometimes refer to themselves – or are generically referred to by others – as offering security automation.
2. Alert monitoring and prioritisation. Some people view the job of automation through the lens of monitoring and prioritising alerts. Traditionally, alert monitoring and prioritisation was a manual task, and a very tedious one at that. A team of analysts in a security operations centre would have to compile alerts and literally stare at monitors all day in order to determine which data points were important. Today, there are methods for automating alert www.securityadvisorme.com
OPINION
monitoring and prioritisation that vary in sophistication. For example, this might include setting rules and thresholds, relying on threat intelligence or implementing more advanced behavioral analytics or machine learning technology. Setting rules and thresholds is dwindling in its effectiveness, as it relies on manual input from a person to determine which alerts are important and which aren’t. And it also requires regular maintenance of those rules because cybersecurity threats are constantly changing and often hackers know exactly which alerts companies will be looking for. Relying on threat intelligence, on the other hand, is a little more reliable. This form of automation refers to the collection of threat intelligence from multiple sources, and it can help companies know which alerts to look for and which are important. For instance, if a company is able to access and consume multiple intel sources, it would know when a certain type of attack is occurring across the globe. Automated threat intelligence can then help the company prepare to protect itself against that potential, incoming attack before it’s too late. Behavioural analytics and machine learning are among the most advanced forms of automation for alert monitoring and prioritisation because they don’t rely on rules and thresholds or “known threats.” Instead, this type of technology can learn what normal network behaviour looks like, easily and immediately pinpoint any abnormal behavior, and then statistically score the priority of each potential threat that should be investigated.
3. Incident response planning. Incident response planning is also being referred to as security automation. One way to think about this technology is as a smart ticketing system that helps companies track the evolution of a www.securityadvisorme.com
Behavioural analytics and machine learning are among the most advanced forms of automation for alert monitoring and prioritisation because they don’t rely on rules and thresholds or ‘known threats.’
security incident and coordinate the actions required to respond. Vendors in this space help companies develop playbooks for different types of threats so they can automate portions of their response when every second counts. They automate workflow so companies can make sure they’re communicating with the appropriate internal and external contacts, adhering to regulations for topics like privacy notifications, and establishing a clear audit trail.
4. Investigation, action and remediation. Automating the investigation, action and remediation of a cyber threat is about utilsing technology to perform tasks just as a qualified cyber analyst would. In a way, the other elements of security automation – from policies, to prioritisation, to planning – are all working towards this end goal of quickly finding threats and shutting them down before they impact operations. There are different aspects of what a vendor might automate when it comes to investigation, action and remediation. For example, some might only address one of those three components, while others focus on a specific task, such as automating the containment of compromised devices. There are also companies that use automation and
artificial intelligence to conduct the entire process from end-to-end, just as a cyber analyst would. All of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane – but essential – tasks, and more focused on strategic initiatives that will make their organisation more secure. According to data from the Breach Level Index, 1.9 million online records were compromised every day in 2015. That’s 80,766 records every hour, or 1,346 records every minute. The near constant occurrence of data breaches shows no signs of slowing down, so companies can’t afford to have any lingering questions about the concept and capabilities of security automation. Prioritise the automation of your IT security infrastructure and recognise that multiple elements can be automated to help keep your business safe. Automating policy execution, alert monitoring and prioritisation, and incident response planning can drastically increase company productivity and reduce costs. And by fully automating the investigation, action and remediation of threats, companies can simulate the experience and logic of experienced cyber analysts at scale, thereby, guaranteeing stronger security and compliance overall. 10.2016
35
INTERVIEW
WRANGLING RETAIL THEFT Mark Gentle, Vice President – Merchandise Availability Solutions Asia Pacific, Checkpoint Systems, talks about shrinkage and crime in the retail industry.
C
an you please tell us the key findings from your new security report?
According to the Global Retail Theft Barometer Study commissioned by Checkpoint Systems, Inc., shrinkage, defined as losses from shoplifting, employee or supplier fraud and administrative errors, cost global retailers a total of $123.4 billion during 2014-2015, representing 1.23 percent of their total retail sales. The shrinkage rate in 2013-2014 was only 0.94 percent. Following are the key findings: • Employee theft and shoplifting were the major sources, accounting for 39 percent and 38 percent respectively of the total shrinkage, while administration errors /non-crime losses and supplier fraud accounted for 16 percent and seven percent respectively. • In every market surveyed, we saw that fundamentally, shoppers ended up paying the price for such theft. For example, the cost of mysteriously vanishing merchandise came to $615 annually per household. • A majority of shrinkage occurred 36
10.2016
during winters, globally. The weather has made it easier for thieves to conceal stolen items under heavy clothing. Surveyed respondents reported that 46 percent of yearly losses occurred in winter, followed by autumn at 24 percent, spring at 18 percent and summer at 12 percent. • As a general trend, we saw that apparel stores suffered the highest rates of shrink (2.28 percent) followed by pharmacies/drugstores (2.25 percent) and non-grocery retailers (1.9 percent). When sorted by retail vertical, the most stolen items included footwear (apparel and fashion accessories); batteries (DIY home improvement); mobile device accessories (electronics); and razor blades (health and beauty). The report, which covered 24 countries in North America, Europe and Asia has set the benchmark in identifying and managing trends in the retail space and critically, how to mitigate these risks. Our experience is that in the retail sector, the Middle East mirrors much of the rest of the world. The rapid retail expansion of markets such as Dubai means that retailers need to be able to mitigate these risks as
much as possible so they can focus on expanding their business.
How can Chief Information Security Officers address these challenges? There are several ways that Chief Information Security Officers can address these issues, and we have found that the most effective solutions are ones that are visible to potential thieves. There has been a shift towards ‘visual deterrence’ in loss prevention solutions. Historically, tags may have been hidden in products, but now they’ll actually be printed on the packaging ‘security protected’. This has proven to be a deterrent against opportunistic crime. Anything that’s visual tends to have a stronger result. If a store has security measures in place that are visual and this is combined with good customer service, there’s a very good chance that potential shoplifters will leave the store and go to a softer target. Our study revealed a number of best practices that can help MENA www.securityadvisorme.com
INTERVIEW
retailers address their problems with cost-effective ways. These included: - Leveraging internal data to better understand shrink performance metrics at stock keeping unit (SKU), category and store levels - Using a mix of loss prevention solutions: Electronic Article Surveillance (EAS), fixtures, manual screening, employee training to prevent external theft - Using source-tagging to reduce store labour and ensure tagging compliance
Can traditional security tools protect enterprises against the new breed of threats? Traditional security tools such Radio Frequency Electronic Article Surveillance are working – but you can always do more. One area we identified in the report was what we saw as “erosion in performance” by retailers in reducing shrink after the “honeymoon” period. The economic environment of the last year coupled with a decrease in money spent by retailers on
www.securityadvisorme.com
The rapid retail expansion of markets such as Dubai means that retailers need to be able to mitigate these risks as much as possible so they can focus on expanding their business.
combating theft has possibly led to the increase in the shrinkage rate. During our recent Innovation Conference held in Dubai, we discussed three areas to help protect enterprises against the new breed of threats, including: a. Source tagging solutions (comprising paper-thin radio frequency (RF) labels that are embedded seamlessly and invisibly into all types of consumer product packaging at the point of manufacture; b. The EVOLVE-Store series, which has a real-time app that provides real-time visibility on merchandise and shopper numbers by driving staff compliance to alarm events; and c. The Hyper Guard solution, a digital based software solution that can detect foil-lined clothing or bags used by organised retail crime (i.e. Professional shoplifters) operations and prevent theft by alerting staff. By installing solutions like these, the direct impact on a business even in its first year can be huge. For a larger business, a saving of 30-40 percent on their losses could mean the difference in when they are able to open their next store. This is fundamentally about profit protection for SMEs and enterprises. 10.2016
37
OPINION
THE FUTURE OF IDENTITY AND ACCESS MANAGEMENT It is undeniable that people today share devices and Web applications, so to achieve a secure work environment identifying users by their ongoing actions is key.
U
sernames and passwords act as a gateway. Insert another authentication step on top of these credentials and this gateway becomes harder to infiltrate. But once access is gained, how can the device or Web application be certain that the authenticated user is, in fact, the same person throughout the entire session? For example, you may log in and walk away from your device, creating an opportunity for someone else to take over your session and thus, your identity. Or more commonly, you may hand the device to a colleague – a non-authenticated user – trusting they won’t do anything nonsensical or malicious. In fact, according to a survey by B2B International and Kaspersky Lab, 32 percent of respondents who share an Internet-enabled device with their relatives, colleagues or 38
10.2016
friends noted that they do not take any precautions in protecting their information. In reality, people share devices and web applications with little concern for the potentially detrimental consequences – whether a co-worker gains access to proprietary information or an acquaintance accidentally views personal medical records or bank account details. Traditional onetime or two-factor authentication methods are no longer sufficient. Without continually checking you are who you say you are, it’s next to impossible to tell who is actually using the device or web application at any given time. The future of identity and access management (IAM) must be rooted in continuous authentication. So, where is the industry in developing these tools? And, what needs to occur for continuous authentication to take hold as a reliable, more secure element of IAM?
Tools in development A promising form of continuous authentication is centered around unique human behaviours. Known as behavioural biometrics, these tools can monitor things like keystroke patterns – which analyse typing rhythm, mouse movement, iris patterns and more. The technology acts in the background – unbeknownst to the user. By tracking these actions and building a unique behaviorbased profile, the technology can automatically and continually check to see if a device switches hands, or a Web application switches users. For example, when tracking keystroke patterns, the tool can determine how quickly you find the right key and how long you hold down certain keys. If the typing pattern becomes abnormal, the nonauthenticated user will get locked out of the device or Web application. Other techniques being developed include behavioural profiling, which www.securityadvisorme.com
OPINION
Richard Walters, SVP, Security Products, Intermedia
uses Webcams to monitor your face and even the color of clothing, as well as micro-movement and orientation dynamics that take into account how you grasp, hold and tap your smartphone.
Hello enterprise For continuous authentication tools to take hold in the enterprise, much more research and development is needed to ensure precision. People don’t have the tolerance or patience for inaccuracies. For example, if you are authorised to access a particular Web application and the device continually restricts access, the frustration mounts. You are you
but explaining that to the computer requires IT intervention. Think of it in these terms: You try to enter a bar with an establishment and you present your ID, but the security personnel believe it’s a fake and won’t let you in. You know you have the right to go in, but there’s little you can do. They have made up their mind. Obviously not being able to get into work devices and Web applications has more severe consequences, as it hinders productivity and your overall livelihood. It leaves you turning to less-secure devices and Web applications, getting less done or potentially compromising confidential information.
It’s unlikely that employees will ever rid themselves of the bad habit of device and password sharing – a recent survey shows 46 percent of respondents share logins with multiple users.
www.securityadvisorme.com
It’s unlikely that employees will ever rid themselves of the bad habit of device and password sharing – a recent survey shows 46 percent of respondents share logins with multiple users. The onus to recognise these challenges and amp up security falls on you. While continuous authentication is still in its early stages, businesses are adopting technologies like contextbased authentication that define trust by contextual elements such as user role, geolocation, device type, device health and network. When you log into a Web application, contextual factors are analysed and access is granted or denied. Beyond authentication lies authorisation – what you can and can’t do within the application. If you are already logged into a Web application and move from the trusted corporate network to an unknown wireless network, context-based authorisation can dynamically re-shape the features, functions and data that you are able to access. What’s clear is continuous authentication needs to evolve into a more accurate and proven method before enterprise adoption is seen. But once this step is taken, the security and convenience it provides will be an ideal fit for today’s increasingly mobile workforce. 10.2016
39
PRODUCTS
Brand: Axis Product: Q6155-E PTZ surveillance cameras
Brand: Acronis Product: Acronis True Image 2017 Software What it does: Acronis True Image 2017 is the latest personal backup software launched by Acronis. According to the vendor, the 2017 release provides the most complete personal data protection available on the market. It combines the company’s capabilities for local and cloud backup for computers with new wireless backup for mobile devices to local Windows computers or the secure Acronis Cloud. Acronis also noted that it supports an unlimited number of mobile devices, and provides complete backup of Facebook account data. What you should know: Acronis noted that the True Image 2017 software has many additional new features, such as search in local and cloud backups, encryption for archives, comments for backups, Windows Explorer integration, a refreshed touch-friendly user interface on iOS and Android devices, and more.
40
10.2016
What it does: Axis Q6155-E PTZ Dome Network Camera features a built-in laser that measures the distance between the camera and the object of interest. According to the vendor, this allows the camera to focus much faster and to greater accuracy, capturing clear images at all times. The camera features Sharpdome, a technology which allows for monitoring of objects as much as 20-degrees above the camera horizon. It also offers HDTV 1080p resolution and 30x optical zoom and is equipped with the Axis Lightfinder technology and Speed Dry function. Axis highlighted that its sleek design, compact size and re-paintable casing allows the camera to blend in with its surroundings. It offers quick and precise pan-tilt-zoom
(PTZ) and high scene fidelity at all angles of view. What you should know: The company noted that the AXIS Q6155-E is supported by the industry’s largest base of video management software through the Axis Application Development Partner (ADP) Programme and AXIS Camera Station. Third-party video analytics applications can also be installed via AXIS Camera Application Platform. ONVIF support allows for easy integration into existing video surveillance systems.
Brand: Qualys Product: WAS for Splunk Enterprise App What it does: The Qualys Web Application Scanning (WAS) App for Splunk Enterprise, according to the company, aims to deliver end-users with information about affected web applications and prevalent vulnerabilities into the Splunk dashboard. In addition, it enables preconfigured searches and reports, for customers using both Qualys and Splunk. The vendor noted that just like with Qualys WAS, this new app also helps users analyse consistent WAS data across application lifecycles, detect unauthorised apps and rapidly harden web apps with the help of Qualys Web Application Firewall (WAF). What you should know: Based on Qualys’ real-time integration with Splunk’s data
analytics dashboard, the Qualys WAS App for Splunk Enterprise leverages its existing Technical Add-on (TA) for Splunk, which allows Qualys WAS data to be injected along with Qualys Vulnerability Management (VM) and KnowledgeBase data into a Splunk Indexer. Qualys highlighted that it built this integration to handle data across time – the first value of Splunk – and deliver even greater security posture awareness to users across Qualys VM and now also Qualys WAS. www.securityadvisorme.com
OFFICIAL COUNTRY PARTNER
KINGDOM OF SAUDI ARABIA
Companies globally are reimagining business realities fast. Join Gitex to stay ahead
Dedicated Event Day just for your industry. VERTICAL DAYS AExperience the best in your business MONDAY 17
TUESDAY 18
WEDNESDAY 19
THURSDAY 20
MARKETING & HEALTHCARE
FINANCE & INTELLIGENT CITIES
RETAIL & EDUCATION
ENERGY
Aseem Puri
James Baresse
Paul Clarke
Keith Kaplan
CMO, UNILEVER INTERNATIONAL, Singapore
Former CTO, PAYPAL
Chief Technology Officer, OCADO
CEO, TESLA
Insider on Unilever’s ‘zerobased budgeting’ strategy
One of the leading minds behind the biggest fintech disruptor
Becoming the world’s largest online grocery store using AI & robotics
Industrial revolution 4.0 - how do you integrate cyber autonomy in everyday lives
Rafael Grossman
Jonathan Reichental
Assine George
Pascal Dauboin
Healthcare Futurist, Technology Innovator and Surgeon, US
CIO, CITY OF PALO ALTO
CIO, UNIVERSITY OF WESTERN AUSTRALIA
R&D and Innovation Director, TOTAL
How to transform into a number one digital city in the world
World’s first Google Glass surgeon
Learn how companies apply the
Mapping a path to the most connected campus & pioneering the future of learning
We curate 4,000 of the best tech suppliers from 77 countries
newest and most innovative concepts to clinch global success.
OVER 150 SPEAKERS
Insider on Total’s integration of nanosensors & robotics in digital oilfields
Featuring 150+ high profile practitioner speakers who achieved awe-inspiring breakthroughs
We recognise dare to change companies with enviable achievement awards
Applying groundbreaking technologies to outrun your competitors. HEAR LIVE FROM THESE VISIONARIES WHO DID IT. Troy Carter
Debbie Wosskow
Nicolas Cary
Evan Burfield
Head of Client Liaison, SPOTIFY
Founder, LOVE HOME SWAP
Founder BLOCKCHAIN
Founder 1776
The owner of world’s largest home swap club, biggest competitor to AirBnB.
GITEX
Startup
DUBAI WORLD TRADE CENTRE
Tech investor, startup founder, music mogul defining the careers of numerous recording artists including Lady Gaga
Founder of world’s leading bitcoin software company, raised over $30million from top tier investors
Named an ‘Emerging Tech Leader’ by Politico as well as a ‘newsmaker to watch’ by Washington Business Journal
Game changing tech
LAUNCHING
MOST GLOBAL the
Learn how the best companies across every industry including yours integrate these technologies to sharpen their competitiveness
Be part of the
largest indoor VR experience
STARTUP
MOVEMENT MOVEMENT
Powered by
OUTTALK CONFERENCE - PITCH COMPETITION MENTOR CLINICS - CORPORATE ACCELERATOR NETWORKING
Robotics UAVs
Machine Learning
Augmented Reality
3D Printing
REGIS TER NOW & SAVE!
& 18 more sectors
and
www.gitex.com/visit | Tel : +971 4 308 6037 / 6901 | Email : gitex@dwtc.com | For conferences : fahad.khalife@dwtc.com Cyber Security Innovation Partner
Exclusive ICT Transformation Partner
Cyber Security Innovation Partner
CIO Breakfast Briefing Sponsor
Strategic Partners
Tech Talks Support Partner
Digital Transformation Partner
Startup Digital Engagement Partner
Entrepreneurship Enabling Sponsor
Startup Incubation Partner
Entrepreneurship Enabling Sponsor
Robotics Partner
Startup Support Sponsor
Lead Industry Partner
Startup Partner
VIP Majlis Partner
Startup Ecosystem Partner
Digital Data Center Partner
Digital Strategy Partner
Green Partner
Official Publications
Student Lab Headline Sponsor
Official SME Partner
Banking Vertical Sponsor
Official SME Partner
Official Airline Partner
Inteligent Cities Vertical Sponsor
Organised by
INTRODUCING THE OPTIVIEW XG NETSCOUT EDITION
OptiView® XG Network Analysis Tablet The network engineer’s all-in-one analyzer for full portable WLAN lifecycle management and troubleshooting network infrastructures. FEATURES: • Network Discovery and Analysis • Traffic and Packet Analysis at 1G / 10G with zero loss. • Wireless Analysis of 802.11 a/b/g/n/ac environments • Network Performance Testing • Intuitive user interface with customizable dashboards, smart navigation and easy reporting
FOR MORE INFORMATION VISIT enterprise.netscout.com/xg OR CONTACT US AT mea@netscout.com
We make the Internet business ready — FAST, RELIABLE & SECURE
To thrive in the faster forward world, you need to meet your customers demand for instant, secure, and reliable online access to all content and services — on any device, anywhere, at any time. As a global leader in Content Delivery Network services, Akamai securely distributes and accelerates web content, enterprise applications, and video and protects your business against data theft and downtime.
Visit us at booth B7-10 from 16-20 October to learn more about Akamai, and to win loads of prizes. See you at GITEX.