ISSUE 21 | OCTOBER 2017 www.tahawultech.com
Threat hunting Top security players at GITEX Securing the IoT era
WATCHING WIRES JUNIPER REDEFINES NETWORK SECURITY WITH REAL-TIME INTELLIGENCE AND MACHINE LEARNING
Everybody.
Everywhere.
Every day.
Ordinary days require extraordinary protection. genetec.com
Find out more about the software behind the everyday at genetec.com/protectingeveryday
Š 2017 Genetec Inc. GENETEC and the GENETEC LOGO are trademarks of Genetec Inc., and may be registered or pending registration in several jurisdictions.
STRATEGIC INNOVATION PARTNER
STRATEGIC PARTNER
CONTENTS
FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) PUBLISHING DIRECTOR Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 440 9129 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 Glesni Holland glesni.holland@cpimediagroup.com +971 4 440 9134 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Neha Kalvani neha.kalvani@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Sales Manager Merle Carrasco merle.carrasco@cpimediagroup.com +971 4 440 9147
20
CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 440 9119
BETWEEN THE PIPES
PRODUCTION Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 440 9159
Juniper Networks General Manager Hatem Hariri shares the company’s unique approach to security with its SDSN platform, which delivers pervasive protection across multivendor environments, and private and public clouds.
Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100
06
SEARCHING FOR THE UNKNOWN We find out why organisations should shift to a proactive defence model.
Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press Regional partner of
© Copyright 2017 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for
any errors therein.
10
16
THE ENEMY WITHIN Why companies need to check how they handle insider threats. DEFENDING THE NATION Kaspersky Lab’s Maxim Frolov on why nations should start developing a holistic and sustainable approach to cybersecurity.
24
‘YOUR ENEMY’S BEST FRIEND’ Infoblox discusses the pressing issues about DNS security.
28
DIGITAL DEFENCES
38
We feature some of the security specialists taking part at GITEX 2017. SECURING THE IOT ERA IBM’s Saeed Agha share five fundamental aspects to keep in mind in securing the connected era.
NEWS
TWITTER REMOVES 300,000 ACCOUNTS FOR PROMOTING TERRORISM CONTENT Twitter has reportedly removed over half a million terrorist accounts in the first six months of 2017. According to the social media company’s latest transparency report, 299,649 accounts promoting terrorism and violence were taken off the platform. Of those, less than one percent of account suspensions were due to government requests, and roughly 95 percent were identified by the company’s spam-fighting automation tools. Currently, Twitter has around 328 million users, with monthly active users in the US around 68 million. The company said that about 75 percent of the blocked accounts this year were spotted before a single tweet was sent, and that 935,897 accounts had been suspended since August 2015. Twitter, along with Facebook Inc. and YouTube, have recently faced criticisms from US and European governments for not doing enough to combat online extremism. “Our anti-spam tools are getting faster, more efficient and smarter in how we take down accounts that violate our policy,” Twitter said in a statement. The company said it had received about three percent more legal requests and court orders to remove content posted by users in the first half of this year than during the last six months of 2016. About 90 percent of those removal requests came from Turkey, Russia, France and Germany. Twitter said it aims to balance its commitment to free speech against pressure from policymakers who want to see social media companies do more to fight extremism and hate speech.
4
10.2017
UBF LAUNCHES THREAT INTELLIGENCE SHARING GROUP organisation and aims to enhance the understanding of threat intelligence, showcase the value of collaboration, and provide ongoing training. Founding members include HSBC, CBD, ADCB, Barclays, CBI, Citibank, ENBD, FAB, Mashreq, Noorbank, SCB, ADIB, and NBF. Professional body UBF and the ISAC are set to grow in a phased approach to The UAE Banks Federation (UBF), encompass all of UBF’s member banks. the professional representative body “We are proud to bring the 2017 comprising 48 member banks operating Cyber Threat Intelligence Initiative into in the UAE, has today launched its first implementation; our partnership with Information Sharing and Analysis Center Anomali to build this platform will allow (ISAC) in the UAE powered by Anomali. banks to get quipped with the tools and The threat intelligence sharing group intelligence to better identify, protect, will initially bring together 13 banks’ cyber detect and respond to cyber-attacks., said security data in Anomali’s ThreatStream platform. This will aggregate, correlate, and HE Abdul Aziz Al Ghurair, Chairman of UBF. He added, “Together, we can then analyse threat data from multiple sources reduce sensitive data exposure and in real-time to support defensive actions. make more informed decisions and According to UBF, the new ISAC investment strategies.” highlights the strong foundations of the
FIREEYE REVEALS DETAILS OF IRANIAN HACKING GROUP FireEye has announced details of an Iranian hacking group with potential destructive capabilities which FireEye has named APT33. APT33 has targeted organisations – spanning multiple industries – headquartered in the United States, Saudi Arabia and South Korea. The group has shown particular interest in organisations in the aviation sector involved in both military and commercial capacities, as well as organisations in the energy sector with ties to petrochemical production. From mid-2016 through early 2017, APT33 compromised a US organisation in the aviation sector and targeted a business conglomerate located in Saudi Arabia with aviation holdings. In May 2017, APT33 appeared to target a Saudi Arabian organisation and a South Korean business conglomerate using a malicious file that attempted to entice victims with job vacancies for a Saudi
Arabian petrochemical company. The group sent spear phishing emails to employees whose jobs related to the aviation industry. These emails included recruitment themed lures and contained links to malicious HTML application files. The files contained job descriptions and links to legitimate job postings on popular employment websites that would be relevant to the targeted individuals. John Hultquist, director, Intelligence Analysis, FireEye said, “Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities. Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world. Identifying this group and its destructive capability presents an opportunity for organisations to detect and deal with related threats proactively.”
www.tahawultech.com
EQUIFAX HACK EXPOSES 143 MILLION US CONSUMERS Equifax, one of the largest credit bureaus in the US, last month, confirmed that an application vulnerability on one of their websites led to a data breach that exposed about 143 million consumers. “Criminals exploited a US website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorised access occurred from mid-May through July 2017. The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases,” the company said in a statement. The statement goes on to say that those responsible for the data breach accessed records containing social security numbers, birth dates, addresses, and in some cases driver’s licence numbers. Moreover, 209,000 consumers also had their credit card data exposed. The data breach included “certain dispute documents with personal identifying
information for approximately 182,000 US consumers.” “As part of its investigation of this application vulnerability, Equifax also identified unauthorised access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted,” the company said. Equifax has launched a website (www.equifaxsecurity2017.com) for those potentially impacted, and will offer credit monitoring to all US consumers. The company will also be contacting those directly impacted via USPS with additional details. The company has hired a forensics firm to help with the investigation and offer guidance on preventing such a data breach from happening again.
DED CRACKS DOWN ON WEBSITE OFFERING UNAUTHORISED SERVICES The Commercial Compliance and Consumer Protection (CCCP) sector in Dubai Economy has reportedly reprimanded a Mahir Al Marzouki, website for offering DED specialised courses without license. The unauthorised website was monitored and penalised by the Electronic Compliance section in CCCP as part of the efforts to streamline and regulate e-commerce through protecting the rights of vendors as well as consumers and ensuring transparency and competitiveness across business activities in Dubai. In addition to the fine for violation CCCP has asked the website to remove all its www.tahawultech.com
content with immediate effect. The hotel that hosted the course programme without verifying the authenticity of the website or its capability to conduct the programme was also fined by Dubai Economy for violating commercial rules and regulations. Mahir Al Marzouki, head of Electronic Compliance section, said, “The website had invited individuals and companies to attend various specialised courses and offered to provide certificates for the same too. Our investigation showed that not only that the website was unauthorised but also that the certificates were unaccredited and the lecturer was not qualified to conduct the course.” Al-Marzouqi added the closure of the website meant suspension of around 600 courses that the website was planning to roll out. With five slots in each course the total fees collected would have been no less than AED 33 million.
UAE RESIDENTS OVERLOOK SMARTPHONE SECURITY: REPORT The latest research by Kaspersky Lab has revealed a contradiction in the way people regard their data and their security practices. The study found that an overwhelming majority of people recognise there are security threats to their information, with more than three quarters (77 percent) in the UAE agreeing that cybercriminals and hackers pose a high risk to their data, and 68 percent saying malware is a high-risk threat. However, there exists a discrepancy between the concerns people have about the safety of their data, and the measures they take to protect their data. Worryingly, of those surveyed only 68 percent are using a password for their smartphones, 46 percent for their tablets and 52 percent for their computers. Moreover, 56 percent of people in the UAE admit that their own inattentiveness can put their data safety at high risk, yet when asked how they’ve lost data in the past, in one-in-five cases, users admitted they have actually accidentally deleted it themselves. Andrei Mochola, head of Consumer Business at Kaspersky Lab, said, “Reliance on multiple devices to store what matters most, calls for a more robust and reliable approach. Only then can all points of vulnerability be covered and any gaps in user knowledge or unintentional data mishaps be taken care of.” Kaspersky Lab advises users to safeguard valuable data by backing up data to the cloud encrypting sensitive information and password protecting devices and apps.
26%
of Q2 2017 security incidents were in the heathcare sector Fortinet Global Threat Landscape Report
10.2017
5
FEATURE
SEARCHING FOR THE UNKNOWN For any kind of business, a cyber-attack can be devastating. With the increasing number of cybersecurity incidents occurring across the globe, IT teams are now shifting from a reactive defence model to a proactive one.
6
10.2017
www.tahawultech.com
FEATURE
I
n the Paleolithic age, humans subsisted by hunting and gathering. Living in the wilderness they were exposed to a number of predatory beings and hunting increases their chances of survival. They had to learn how animals behaved, and develop tools and tracking methods to eliminate these threats. Pursuing today’s cyber threats is much like hunting during the prehistoric age, in that we have to gather and hunt to survive. Gathering data and proactively searching for security threats ensure that our organisatdgaions IT systems do not collapse should a breach occur. The cyber-attacks we face today are organised, motivated and more sophisticated. The methods often used by advanced adversaries are undetectable by typical security tools. This has prompted security leaders to go on the offensive and seek out anomalies and hunt down intruders. Unlike the usual security approaches, threat hunting combines the use of threat intelligence, analytics, and security tools and, of course, human analysis. “Threat hunting is a different practice because it assumes your defenses have
www.tahawultech.com
Ultimately, threat hunting involves looking for evidence of compromise that wasn’t detected by the security stack an organisation has. John Bambenek, Fidelis Cybersecurity
already been breached as opposed to traditional reactive security processes,” says Mike Lloyd, CTO, RedSeal. “The security business has gone through a fundamental change in mindset, away from perfect protection, over to digital resilience. Resilience means assuming that your adver saries are persistent, and will eventually get in. It depends on three disciplines: being hard to hit, responding quickly to breaches, and being able to recover after an event.” Though the concept of threat hunting isn’t new, for many organisations the very idea of threat hunting is. “It taps the human side of IT security,” explains Thomas Fischer, global security advocate, Digital Guardian. “It focuses on our capacities to analyse and see things that tools don’t.” Humans are naturally instinctive and inquisitive beings, and are more used to ‘finding stuff’ instead of just waiting for a technology to alert them. John Bambenek, threat manager, Fidelis Cybersecurity, says, “Ultimately, threat hunting involves looking for evidence of compromise that wasn’t detected by
the security stack an organisation has. Sometimes it’s seeking out indicators of compromise of emerging threats, but often it’s trying to look at abstract patterns that are suspicious but not tied to some known IoC that would have generated an alert eventually.” Moreover, hunting for threats pushes organisations to approach security with the assumption that their systems may already be compromised. It entails identifying perpetrators who are already within the organiastion’s systems and networks. “It is a cybersecurity act of processing information and processoriented searching through networks, assets, and infrastructure for advanced threats that are evading existing security solutions and defences,” says Morey Haber, CTO, VP of Technology, BeyondTrust. Firewalls, intrusion prevention solutions and log management are all designed to detect and protect against threats. “Threat hunting is the layer under this,” adds Haber. “It’s about finding out what threats are actively running in my network that I am missing, and how I can find them?”
10.2017
7
FEATURE
Apart from having a keen eye for hunting threats, the process also requires having the right tools. About 90 percent of companies use existing tools to help hunt for threats, with another 61 percent using customisable tools, such as scripts, according to the SANS Institute report. The first thing you’ll need, of course, is data. “The important thing is to gather as much data as possible,” says Fischer from Digital Guardian, “so you should make sure that you have tools that can aggregate and incorporate various data sources, and have the ability to identify and correlate patterns. Specialised tools from Sqrrl, Endgame and Infocyte are good examples of this. “Intelligence feeds that provide not only indicators but also TTPs (Tactics, Techniques and Procedures) for malicious groups and attackers are also good to have,” says Fischer. On one hand, security teams need to be critical about the solutions that they will deploy and ensure that it is not noisy and does not have any false positives. Warren Mercer, Security Researcher, Cisco Talos, says, “Network captures (PCAPs), NetFlow Analysis tools/platforms, forensic analysis software/machines, any additional logging and context capable information which can be reported to a SIEM are ideal for threat hunting.
For organisations on a budget, there is a multitude of great open source tools available for log capture and analysis, host and memory forensics, reverse engineering malware and so on. Proponents say that an ideal SIEM alternative is setting up an ELK Stack – Elastic Search, Logstash and Kibana. Once you have the data and the tools needed, it is ideal to automate any best practices. The ability to automate can help speed up threat hunting and make it less likely that telltale evidence of a compromise is missed. “Threat hunting can be an automated or a manual process to find hidden threats,” says Haber from BeyondTrust. “The process involves processing multiple sources of data simultaneously and correlating information with an inherent knowledge of the systems, mission, and infrastructure producing the information.” He adds that to aid with this and provide data intuition, the threat hunting process can be automated using behavioural analytics or machine learning. Fischer from Digital Guardian concurs, “However, automation is not necessarily the goal in threat hunting and cannot be fully automated. In fact, in most cases, threat hunting begins where automation stops.” To be successful in threat hunting, it is important to choose the right
The tools you have would allow you to build a timeline of events, which can help pinpoint unusual activities. But, ultimately your most important tool is the people you have administrating your network who understand the things that don’t look quite right. Warren Mercer, Cisco Talos
8
10.2017
personnel for the job but given the current skills gap, it may be difficult to hire experienced threat hunters. Mercer from Cisco Talos underlines that tools like SIEM is only as good as the data it receives and this is often missed. “The tools you have would allow you to build a timeline of events, which can help pinpoint unusual activities,” he says. “But, ultimately your most important tool is the people you have administrating your network who understand the things that don’t look quite right.” He adds, “CISOs should first determine why they would need/require a team of threat hunters. I would recommend that CISOs consider hiring new expertise and try upskilling some of their current operational teams, consider table top exercises, class based training, and reflect on ‘why’ you may need to have people who detect threats within your environment.” Mercer says that the answer to this can as ‘We do not want to be compromised,’ so it is ideal to begin to think about where and how you could be compromised and determine if you need new talents to help with that. Bambenek from Fidelis Cybersecurity says, “Effective usage of threat hunting presupposes having strong supporting teams in incident response, security operations, vulnerability management, and the use of typical front-line security tools. If you aren’t patching, a threat hunting team isn’t going to help you. That said, once the essentials are in place, a threat hunting team will help find the unknown threats that are likely to get past security tools.” As we continue to develop new technologies to support and enable our businesses, we will continue to grow opportunities for adversaries to exploit and gain access to data that is critical to us. Proactively hunting cyber-threats is a great way to boost security efforts and help stay on top of attacks before they cause significant disruptions to your systems. www.tahawultech.com
Gartner Security & Risk Management Summit 2017 16 – 17 October / Dubai, UAE gartner.com/me/security
Manage Risk. Build Trust. Embrace Change. Key benefits • Reinvent your approach to security and risk for the digital age • Embrace new ways of protecting vital assets without slowing interactions • Learn how to shift to more adaptive, dynamic, people-centric approaches to security • Build a trusted, resilient environment for digital business For more information and to register, visit gartner.com/me/security. Use promotion code SECMP1 to save $300 on the standard registration rate.
“The summit not only provided insights on forward-looking cybersecurity trends, but also assisted valuable networking with peers who face similar challenges…” Bandar Al Harbi, IT Director, Saudi Electricity Company
Jeffrey Wheatman Director, Gartner Research
© 2017 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com.
FEATURE
THE ENEMY WITHIN Why companies need to check their handling of insider threats.
10
10.2017
www.tahawultech.com
FEATURE
W
hile most businesses are focused on preventing and mitigating external threats, there is often a greater danger their security teams need to worry about closer to home – insider threats. Contrary to popular belief, breaches occur not just at the hands of disgruntled employees, but also from non-malicious ones unintentionally as a result of ignorance. Security teams tend to focus more on technologies and processes, often ignoring human element, which has emerged as the biggest challenge. There is always a huge price to pay when companies don’t invest in creating and improving employee awareness about their security policies. “Insider threats are as old as walled cities, and the traitors within them – history books are filled with examples of people inside a defensive structure who find it to their advantage to compromise security. Indeed, insider threats are hardly an IT problem at all – they are primarily an organisational and personnel problem,” says Mike Lloyd, CTO, Redseal. Marc Kassis, security director at Ingram Micro, says trends indicate that the majority of insider attacks are caused by accidental actions of employees. The consequences of
The need of the hour is a holistic approach to security, encompassing people and processes in addition to technology. Marc Kassis, Ingram Micro
these threats range from leakage of confidential data to non-availability of business-critical infrastructure. “Addressing insider threats through the lens of technology alone is not sufficient. For instance, phishing and social engineering involve minimal technology exploits. The best technology controls can be bypassed by a well-crafted phishing mail. Hence, the need of the hour is a holistic approach to security, encompassing people and processes in addition to technology,” he adds. Brian Chappell, senior director, Enterprise and Solution Architecture, BeyondTrust, says the Insider threat, while distinct, is also a massive part of the external threat pattern. “In
When looking at protecting employee privacy on the data collected, one important method is to build the proper process and procedures to control and compartmentalise access to the data. Thomas Fischer, Digital Guardian
www.tahawultech.com
virtually all successful outside attack patterns, once the attacker is through the initial layer of defence, they are, for all intents and purposes, an insider. They are using the same techniques and methods that are associated with the insider threat. Given that the initial defence is an ever-changing landscape, we also need to assume that it will be breached (if it hasn’t already happened).” There are some typical patterns and trends found in insider threat cases. Werno Gevers, business development manager, Middle East, Mimecast, says there are broadly around three insider threat profiles which businesses need to understand. “First one is the compromised insider, when an external attacker takes over the accounts, credentials or systems of unsuspecting users through either phishing email or installation of various forms of malware. Second, is the case of the careless insider, who simply ignore or don’t fully understand their organisation’s security policies and rules.” Then comes the malicious insider. Gevers says these threat actors either intend to profit personally from, or do damage to the organisation by stealing, leaking or compromising confidential data and employee or customer information. When they 10.2017
11
FEATURE
strike, malicious insiders can cause significant damage. Thankfully, it seems that businesses now starting to recognise that the authorised users on their networks are a risk, and they’re taking steps to minimise that risk. However, the challenge is striking the right balance between insider threat protection and employee privacy.
“A balance is often hard to maintain. When looking at protecting employee privacy on the data collected, one important method is to build the proper process and procedures to control and compartmentalise access to the data. One example would be to put into place a dual authentication method where someone from human resources or legal is present to inspect the data. Of course this assumes that any solution has the ability to obfuscate data that might be sensitive or private,” says Thomas Fischer, global security advocate, Digital Guardian. John Bambenek, threat manager. Fidelis Cybersecurity, says two major best practices greatly reduce the risks: separation of duties and least privilege. If insiders don’t have access beyond what their job can do, the amount of harm they could cause is greatly limited. Before any employee can do something ‘sensitive,’ there should be another approver in the chain of events which makes insider threats easier to detect. How do you protect against insider threats? Admitting the problem exists is the first step to addressing it. If organisations and IT admins recognise
the risk posed by internal users, they can take steps to mitigate or minimise that risk. The best protection remains education and training employees to identify risky behaviour and malicious attacks. Ensuring that employees understand company policies on information usage and that these policies are easy to adhere to is paramount. Solutions that notify or prompt the user when an activity could potentially put the company at risk works most effectively, enabling the user to make informed decisions and learn in the process. Systems are being breached with direct access via compromised credentials, which means your perimeter-based approach is no longer as effective as you once believed, since it focuses on networks, firewalls and devices “Implementing strong security controls and access policies are paramount to minimising the risk of loss – of credibility, revenue or even a dip in stock price as evidenced by the Day One market reaction to the recent Equifax breach,” says Kamel Heus, regional manager, MEA, Centrify. “Organisations should strive towards a state of zero trust through Just Enough Privilege, granted Just In Time. Central to this theme is migrating to a rolebased access control (RBAC) model that is dynamic, using short-lived instead or long-lived privileges.” Attackers will take the path of least resistance, and employees – and IT in
Before any employee can do something ‘sensitive,’ there should be another approver in the chain of events which makes insider threats easier to detect. John Bambenek, Fidelis Cybersecurity
12
10.2017
many instances – will unwittingly help them, says Mohammed Al-Moneer, regional director, MENA, A10 Networks. There will always be employees who will fall prey to phishing, surf exploited sites, or use free Wi-Fi from a coffee shop to open the door for the attacker. Also, common infrastructure weaknesses are the ‘exploit of choice’ to land a beachhead within an organisation, such as using an SQL query to find cached credentials, or finding a publicly exposed unpatched server to exploit. And then there is always the fallback to first-initial-pluslast-name with password1234. “The best way to prevent this is to slow attackers down by using good identity hygiene: implementing multi factor authentication, using longer pass phrases over passwords, deprecating expired employee accounts and monitoring access logs. However, the industry is making improvements in identity around trust by using multi-context analysis strategies that include time of access, country of origin, host computer in use, and other behavioural analyses to add weight to identity,” says Al-Moneer. Miguel Braojos, VP, Global Sales Identity and Access Management Solutions, HID Global, highlights that ompartmentalisation, monitoring, and MFA are ideal approaches to curbing access to sensitive data and avoid unauthorised access for insiders. “Education is paramount if employees are to be aware of the phishing emails and emails containing ransomware. For outsiders, most attacks are financially motivated and it’s important that employees are aware of the basic signatures that come with malware. Companies need to practice basic security hygiene that could help in warding off a number of security breaches.” Having a proactive insider threat protection framework entails proper planning, appropriated policies, reporting structure, and human and technological systems. www.tahawultech.com
ALM Octane A Application Dev/Test
Do you need to bridge for hybrid application development today?
Support choice in the enterprise application portfolio with Micro Focus Application Delivery Management. As you transform your enterprise application portfolio from waterfall development to Agile and DevOps based delivery, a tool that supports Project Agile will not deliver to enterprise scale. This is why an integrated application lifecycle management toolchain matters. Manage complexity across the portfolio, to continuously deliver quality applications at scale. Discover the New. Start your free trial today. microfocus.com/alm-octane
WHAT YOU NEED TO KNOW ABOUT THE
DEEP WEB Accessing the Deep Web, requires the use of a dedicated browser. TOR (The Onion Router) is the most commonly used.
When using the Surface Web, you can access data directly from the source.
YOU This direct approach tracks the information downloaded, from where and when it was accessed, and your exact location.
Information on the Deep Web cannot be accessed directly. This is because data is not held on any single page, but rather in databases, which makes it difficult for search engine to index.
Files are shared through any number of computers connected to the Internet that hold the information from the web. This is known as peer-to-peer networking.
The Deep Web involves the sharing of encrypted data making it difficult for your location and the kind of information you access to be tracked or monitored.
Due to the anonymity that TOR offers, the Deep Web has also become a popular nesting ground for criminal activity. THIS INCLUDES THINGS SUCH AS Drugs
Weapons trading
Other criminal activities
WHAT IS THE DEEP WEB? Put simply, it is the part of the Internet that is hidden from view.
SURFACE WEB
40%
Also known as the ‘Visible Web’, it has contents that can be found using search engines such as Google or Yahoo.
of www content
DEEP WEB
90%
Also known as the ‘Invisible Web’, it has the contents that cannot be indexed by search engines. And it is hard to keep track of.
of www content
The Deep Web is estimated to be
500X
the size of the Surface Web.
BITCOIN AND THE CASE OF SILK ROAD A lot of illegal transactions in the Deep Web are reportedly done with the use of the virtual currency bitcoin.
First Bitcoin traded
2006 2011
JAN
Silk Road founded by the user ‘Dread Pirate Roberts’
FEB
Bitcoin triples in value
JUN
US senate investigates link between Bitcoin and Silk Road
NOV
Bitcoin loses over 90% of its value
Bitcoin allows users to conduct business transactions anonymously.
2013
OCT
FBI locate and arrest the person accused of being the ‘Dread Pirate Roberts’. Silk Road is shut down.
NOV
Silk Road 2.0 founded Bitcoin triples the value*
*Bitcoin is known to be a volatile currency. Even though its value has an average constantly increased since its inception, it is prone to large fluctuations in perceived value.
$1 BILLION worth of goods were sold on Silk Road before it was shut down. Source: www.deepweb-sites.com
INTERVIEW
DEFENDING THE NATION Maxim Frolov, managing director, Middle East, Turkey and Africa, Kaspersky Lab, discusses why nations should start developing a holistic and sustainable approach to cybersecurity.
W
hat has been Kaspersky Lab’s focus here in the region during the past 12 months? Over the past year, we have made significant progress in the region. We have successfully established our headquarters in Dubai as part of our operations in the Middle East, Africa and Turkey region. So, all the team members who were handling META accounts from Moscow have moved to be on ground here, which I believe demonstrates our commitment to our business in this part of the world. In addition, we have also experienced noteworthy changes within the company. In order to address the massive opportunities in the region, we transformed our organisational structure and made it more enterprise focused and technology-oriented. On the operational side, we have invested heavily into our workforce by adding more people into our account management, sales and engineering teams. Most importantly, we have introduced ‘segment’ specific roles such as Industrial Cybersecurity, an area that we believe to be one of the biggest and fastgrowing in the Middle East. We have had huge success in our regional initiatives, from partnerships and cybersecurity awareness events to roll-outs of our nextgeneration security products. 16
10.2017
www.tahawultech.com
.
INTERVIEW
How has the region’s attitude towards IT security innovation evolved over the years? In some ways, it is still a work in progress. But the good news is, organisations across a majority of industry verticals are already realising that there is no single solution that can guarantee the protection of their systems. We support them in this regard through a massive push in educational initiatives. A year ago, we have made a brave and unusual move for a cybersecurity vendor. We changed the way we treat our customer relationships. We realised that almost all organisations, at a certain level, already have security technologies in place. However, while they may have the latest technologies, they might not necessarily be using them in a strategic manner. So, as a security technology vendor, instead of just trying to convince organisations to replace their current systems, we decided to take on the role of cybersecurity advisors. Armed with the latest services portfolio that we have, which include a number of threat intelligence, detection and response, and security assessment services, we help enterprises asses their vulnerabilities and enhance their capabilities without necessarily pushing them to buy our products. We also educate them on the kinds of solutions or products that best suit their requirements. We also guide them on how they can elevate the capabilities of their security operations centre and security teams.
What do you see as the biggest security challenge today? Today, a holistic and sustainable approach to security is lacking. Cybersecurity should not be a concern for only individual organisations. We strongly believe that it is something that needs to be addressed by nations, as a whole. First and foremost, it should be regulated and managed at a national level. If you think about it, ransomware is not the biggest security threat for the region. Yes, it is alarming and we shouldn’t ignore the damage it is capable of, but would it collapse a whole country? No, however, cyberterrorism most certainly has the potential to do that. There are three vital aspects for any country’s survival – critical infrastructure, financial sector and the young generation. In the modern world, a cyber threat actor who wants to cause chaos to a nation could infiltrate or disrupt any of these within 20 hours. We have run multiple test scenarios and have proven that this can very much be a reality. Cyber terrorists can shut down power plants and stop critical functions within a nation such as electricity, transportation (metro), cooling systems and the likes. They can disrupt our telecoms systems by sending alarming mass messages or by simply preventing everyone from making any calls. Next, is the banking and financial sector where in cyber-attackers can target stock markets, hack ATM machines or mobile banking systems.
Cybersecurity should not be a concern for only individual organisations. We strongly believe that it is something that needs to be addressed by nations, as a whole.
18
10.2017
Imagine these things happening all at once, it will be total chaos. Lastly, we have to look out for the younger generation. Today, they are the ones who are the most exposed to the digital world. They can be easily targeted and influenced by bad actors. We must keep all these elements in mind and start thinking about long-term survival and sustainability when it comes to cybersecurity for entire nations. How do you aim to help address this? As a team, we are investing time and energy in educating customers on the importance of cybersecurity in a holistic approach. We conduct cybersecurity awareness programmes and organise a host of events such as trainings, workshops and conferences to highlight the impact that these issues can potentially have and educate firms, both in public and private sectors, on different best practices. We are also working continuously with government organisations to identify new ways on how we can raise cyber resilience and awareness to a national level. What are your plans for the coming months? Our long-term plan includes the continuous push for more growth. The market will see us strengthening our regional team, especially as we have plans to expand to Bahrain. We will be rolling out our new solutions, which include our new endpoint detection and response (EDR) offering. We are planning to launch the piloting programme for Kaspersky EDR during our participation at GITEX Technology Week 2017. We believe that EDR is one of the crucial parts of any cybersecurity strategy. Kaspersky EDR has capabilities such as enhanced incident mitigation, better visibility over endpoints, compatibility with traditional endpoint protection products and investigative capabilities for security teams and SOC (Security Operations Centre). www.tahawultech.com
COVER INTERVIEW
20
10.2017
www.tahawultech.com
COVER INTERVIEW
BETWEEN THE PIPES Juniper Networks is taking a unique approach to security with its Software-Defined Secure Networks platform, which delivers pervasive security across multi-vendor environments, private and public clouds. We spoke to Hatem Hariri, general manager, Juniper Networks MEA, about SDSN and the trends driving the security market in the region.
C
ustomers are facing a huge problem with respect to complexity in security. How can you help reduce it? Transformation plans being implemented across the GCC and wider MEA are en route to usher in an era of digital transformation in the region. This year, trends including IoT, automation and machine learning have come to the forefront, especially in technologically advanced countries like UAE and the KSA. However, with such innovation comes the proliferation www.tahawultech.com
of cyber threats. Today’s complex security landscape of ransomware, malware and targeted attacks means organisations in the region need to think differently about security and consider a new approach. With a Software-Defined Secure Network (SDSN) from Juniper, powered by virtualised routing and security elements, automated remediation, real-time intelligence shared across organisations via the cloud, and machine learning, enterprise networks will know when and how to defend valuable data, and infrastructure.
What are the benefits of building security into the network fabric itself? IT security is intimately tied to the network, as much as the network is intimately tied to business transformation. The biggest challenges faced by enterprises in this space are the evolving nature of attacks, the threat surface expanding exponentially and lastly, that companies are struggling to keep up. Building security into the network fabric provides enterprises with exceptional performance, reliability and intelligence to thwart attacks and minimise the disruption of services. 10.2017
21
COVER INTERVIEW
For example, Sky ATP is a cloud based advanced threat prevention solution that defends against malware by automatically screening downloads and apps prior to entering the network and Juniper’s Spotlight Secure is a threat intelligence platform, enabling real-time threat intelligence to be fed to the firewall, enabling fast remediation action. Will your SDSN eventually support third-party devices? It already does! In June 2017, we announced an industry first of pushing security enforcement to third-party switches, including Cisco. We’re also adding management, enforcement and threat containment for both public and private cloud via integrations with VMware NSX and Microsoft Azure. Finally, we’re fighting the spread of ransomware with enhancements to our cloudbased malware prevention service, Sky ATP, which now adds threat detection in email. We also perform extensive testing prior to officially validating a switch for use with Policy Enforcer. Additionally, back in February we announced technology alliance partnerships with several leading security providers across a variety of critical areas, including endpoint security, cloud access security and network access control. The companies joining Juniper’s existing alliances include market leaders Carbon Black, Netskope, CipherCloud, ForeScout and Aruba, a Hewlett Packard Enterprise company. These partners will integrate their technologies with Juniper’s SDSN platform, allowing customers to create cohesive security infrastructures with easily managed and deployed best-in-class products for advanced threat intelligence sharing and prevention. 22
10.2017
Security is not just a technical issue, but a business one as breaches can cause severe disruption to an organisation’s operations and cause severe damage to a brand’s reputation and revenues.
Are we focusing too much on network security while majority of attacks are targeted at applications layer? At Juniper, we offer an holistic approach to this challenge. Our firewalls detect and defend against application-borne threats, whilst also protecting against networkbased exploits, malware, and other content threats using intrusion prevention (IPS) and unified threat management (UTM). CISOs face budget pressures and shortage of skills. How can they address these challenges? To overcome obstacles like budget constraints and skills shortages, organisations should look to automation. As automation reduces the complexities of underlying network infrastructure, fewer person-hours are required for configuring, provisioning, and managing services and the network, which also has the potential to result in significant cost savings. Another approach to work around any skills shortage within an organisation is to work closely with partners who can provide a wide range of outsourced security capabilities, based on Juniper’s technology. Bearing in mind our ability to offer physical and
virtual secure networking technology makes this option more feasible than ever before. Is security truly a business issue now? Security is not just a technical issue, but a business one as breaches can cause severe disruption to an organisation’s operations and cause severe damage to a brand’s reputation and revenues. Also, digital disruption is all about business transformation; this means the network is at the heart of any business nowadays. According to a recent Juniper survey, 68 percent of UAE business respondents see security/compliance as the biggest risk factor in Digital Cohesion. Therefore, IT security is a fundamentally-important business issue too. As such, we focus on delivering innovative solutions to address the changing threat landscape and network performance needs of companies to help them differentiate and grow their business. In fact, according to the market research Juniper commissioned on Digital Cohesion earlier this year, 61 percent of UAE consumer respondents specify security as the most important factor when selecting a new smart device. www.tahawultech.com
24th October 2017 | Dubai UAE
WHO
For sponsorship enquiries Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 / +971 56 787 4778
C-level, VPs, Directors of marketing, operations, finance, technology and innovation
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
WHY Learn how digital and new technologies are disrupting companies and industries. Explore how your organisation can progress to the next phase of digital transformation with significant, measurable business impact. Hear from industry luminaries about how they solved complex business challenges with effective approaches and technologies
OFFICIAL TECHNOLOGY PARTNER
SOFTWARE TESTING PARTNER
GOLD PARTNER
Merle Carrasco Sales Manager merle.carrasco@cpimediagroup.com +971 4 440 9147 / +971 55 118 1730 Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
STRATEGIC VAD PARTNER
SILVER PARTNERS
EVENT PARTNERS
BY
SUPPORT PARTNER
MEDIA PARTNER
OFFICIAL PUBLICATION
HOSTED BY
Register at www.tahawultech.com/evolve-forum/2017
EVENT
‘YOUR ENEMY’S BEST FRIEND’ In partnership with Infoblox, Security Advisor ME hosted an in-depth roundtable discussion at Dubai’s Armani Hotel, last month, to highlight the challenges that are keeping CSOs awake at night, and get to grips with why DNS security is increasingly becoming a priority for businesses across the region.
“
It’s a fascinating time to be in information security,” said Jeevan Thankappan, group editor of CPI Media Group’s technology division, to kickstart proceedings. “The role of the CSO has changed so dramatically over the last few years. It’s no longer about just keeping the bad guys out, babysitting your firewalls or fighting spyware off your laptops. It’s now much more 24
10.2017
of a risk management role, with the consequences of not managing this risk being higher than ever before.” And this risk is only going to increase. The statistic that 50 billion devices will be connected to the internet by 2020 is unsurprising for anyone working in the industry, but as Thankappan rightly points out, “that’s an average of seven devices per every man, woman and child worldwide, generating 1.8 terabytes of data per day,” – let that just sink in.
So how can CSOs expect to manage this new influx of data and mitigate the increasing risk this poses to their organisation? Cherif Sleiman, Infoblox’s vice president for the EMEA region, pointed out that one common layer that businesses everywhere should begin to prioritise is their DNS architecture. “More than 90 percent of malware campaign use DNS at various stages of the cyber kill chain to penetrate the network, infect devices, propagate www.tahawultech.com
EVENT
laterally and exfiltrate data,” said Sleiman. “DNS by itself is a very trivial thing, but the impact it has on our organisations is massive. It has become the best friend of your enemy.” He went on to highlight that CSOs should no longer believe that DDOS attacks are their main concern; hackers today are focusing on exfiltrating data directly from an organisation’s network. “You can continue to put multitudes of security and virtualisation in place, deploy web application firewalls and fortify your intrusions, but then still continue to suffer breaches,” said Slieman. “In order to combat this, there are fundamental changes that need to happen in the way that businesses and vendors work together going forward.” The discussion then shifted to focus on the fact that cloud computing is here to stay; it’s not about whether organisations will embrace it, but when. Aldar Properties head of IT security and compliance, Sunil Kumar Sharma shared his experience with moving applications to the cloud, and shed light on the security challenges the organisation had faced during that time. “Going forward, we’re evaluating the possibility of shifting our entire disaster recovery service onto the cloud,” he said. Ahmad Al Emadi touched on the transformation that Dubai Municipality saw when shifting its 15-year-old network to a software-defined network.
26
10.2017
DNS by itself is a very trivial thing, but the impact it has on our organisations is massive. It has become the best friend of your enemy. Cherif Sleiman, Infoblox
“We drastically changed the data centre capacity speed from 10GB to 240GB, and we now manage the data centre in such a way that it is managed services,” he said. He went on to highlight the primary concern for many of the CSOs in the room; people. “Everything regarding security is shifting from focusing on the server to the end-user, and with this comes a complete shift in processes. It’s no longer about whether a specific tool can help you, but it’s a collective effort between people, processes and frameworks.” Rashid Al-Ali, ADNOC Distribution’s IT security manager, said that one of the main challenges they are coming up against is data leakage. “To try and combat this, we are investing heavily in education and information security awareness, because it is important to change the culture within the organisation if we are to succeed in staying protected.”
The recurring theme throughout the discussion, as Sleiman pointed out, was “data, data, data.” Diaa Moustafa, head of IT infrastructure operations at ADCB, explained how having a dedicated SOC, operating 24/7 was a major benefit when trying to detect threats before they penetrate the network. “But while securing data is key, identify theft is another major headache for us,” he admitted. “If someone clones your details at an ATM machine, they have immediate access to your data – and I can’t protect that.” And while SOCs can come in use with these kinds of scenarios, Sleiman added that on average, organisations are able to see and respond to just 8 percent of incidents through SOCs. “They’re a tickbox that I’m sure many of us feel the need to have,” he said. “But at the end of the day, it’s how you operationalise a SOC that makes it beneficial to your organisation.” Sharjah Electricity and Water Authority’s head of IT, Sayed Rahmen was also present at the discussion, alongside Shabeer Mohammed, VP of IT at Mashreq Bank, Emad Maisari, SVP and head of information security, Mubadala Development Company, Abizar Nulwala, IT data centre manager at ADCB, Vivek Gupta, CISO at Landmark Group and Al Hilal Bank’s AVP of security operations, Ameen Harahashah. www.tahawultech.com
INTELLIGENCE THREATENED? Protect Your Critical Data & Eliminate Repetitive Task
DO YOU WANT? To stop threats faster
Immediate protection upon deployment
To enhanced it operational efficiency
Comprehensive protection from a single vendor
Get Help From Professionals:
+971 44428910 sales@nanjgel.com www.nanjgel.com #2204, Shatha Towers, Dubai Internet City, P.O.Box: 500804,Dubai, UAE.
A NNI V ERSA RY
BEST IT SECURITY SYSTEM INTEGRATOR AWARD 2017 - (5 YEARS CONSECUTIVELY)
Offices : Dubai | Abu dhabi | Qatar | Saudi Arabia | Kuwait | Oman | USA | UK | India
th
2017
GITEX PREVIEW
BUILDING DIGITAL DEFENCES As Middle East organisations set out on their digital transformation journeys, security is now more than ever a vital aspect they should be mindful of. At the 37th GITEX Technology Week, tech players will be showcasing the latest innovations in AR/VR, Internet of Things, 3D printing and, of course, IT security. Here are some of the top players who will be present at the show:
CENTRIFY SHOWCASES IDENTITY SERVICES PLATFORM Kamel Heus, Centrify
C
entrify, as part of its participation at this year’s GITEX, will showcase its identity services offerings and demonstrate how organisations can stop the breach using its solutions. Kamel Heus, regional sales manager, Centrify, said, “GITEX, being the most important event for the region’s IT industry, is a perfect opportunity to meet face to face with security practitioners looking to manage their organisation’s security based on identity. Our aim is to promote our award-winning identity services platform, meet with our clients and channel partners, discuss the evolving threat landscape and new 28
10.2017
security trends, and raise awareness about the importance of securing identities to reduce the risks of data breaches.” Centrify provides solutions focused on securing enterprise identities against cyber threats that target today’s hybrid IT environment of cloud, mobile and onpremises. “We are proud to help organisations across a variety of industries to secure their identities in the region,” said Heus. “As the only industry-recognised leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure every user’s access to apps and infrastructure in today’s boundaryless hybrid enterprise through the power of identity services. We aim to use GITEX as a platform to demonstrate how our world-class identity and access management solutions help organisations secure their identities and critical data.”
Visit them at: Hall 1, D1-1
FIDELIS TOUTS NETWORK AND ENDPOINT SECURITY SOLUTIONS Roland Daccache, Fidelis Cybersecurity
A
t GITEX 2017, Fidelis will be showcasing its new purposebuilt platform, Fidelis Elevate, which delivers automated detection and response across networks and endpoints. “Fidelis Elevate is the first fully automated compromise detection and response system designed to improve security operations,” said Roland Daccache, Systems Engineer, MENA, Fidelis Cybersecurity. “Engineered to provide unprecedented visibility across networks and endpoints working both in real-time and historically to detect and respond to an attack.” www.tahawultech.com
Elevate is designed to automate the actions and insights of a skilled engineer and incident responder, to significantly increase the efficiency and effectiveness of a security team. The two pillars of the Elevate Platform are Fidelis Network and Fidelis Endpoint. “Fidelis Network stops modern threats that make it through the perimeter,” said Daccache. “It solves the problem of alert fatigue by automatically validating alerts and grouping related alerts together. It helps eliminate response and investigation back and forth with IT teams, with one-click investigations and built-in response automation from a single UX (user experience).” Meanwhile, Endpoint equips security organisations to confidently prevent, detect and respond to, and resolve security incidents in a fraction of the time it takes using traditional approaches, according to Daccache. “Purpose built to work hand in hand with Fidelis Network, Fidelis Endpoint automates incident response activities that normally take days or weeks.”
Visit them at: Hall 1, E1-30
FORCEPOINT FOCUSES ON ‘HUMANCENTRIC’ APPROACH TO SECURITY Mahmoud-Samy Ibrahim, Forcepoint
F
orcepoint, a relatively newcomer to the security space, aims to showcase its breadth of security
www.tahawultech.com
solutions, as well as its approach to tackling security matters at this year’s GITEX. “We are reinventing cybersecurity by creating uncompromising systems that understand people’s behaviours and motivations as they interact with data and IP everywhere,” said Mahmoud-Samy Ibrahim, AVP, Emerging region, Forcepoint. As part of the company’s participation at the region’s largest technology trade show, it will be demonstrating the latest version of its products in Network Security (including Next Generation Firewall), Cloud Security, (including CASB) and Data and Insider Threat (including our latest data loss prevention). Representatives on the stand can discuss hot topics impacting organisations across the region including GDPR, AMD (advanced malware detection) and CASB. “Visitors at our stand will learn and understand our human-centric approaching to security, which helps organisations better understand indicators of normal cyber behaviour and quickly identify activity and operations, such as shadow IT, that pose the biggest risk,” said Ibrahim. “As enterprises and government agencies shift their applications to SaaS and cloud IT models, they require intelligent systems that quickly spot anomalies, assess risk and facilitate rapid resolution to protect users and their data in an increasingly zero perimeter world.” Forcepoint’s goal is to support and prepare organisations across the MENA region, but ultimately to ensure businesses are full-enabled to do their job and to avoid mistakes that could lead to loss of critical data.
Visit them at: Hall 2, B1-1
FORTINET SPOTLIGHTS ‘SECURITY FABRIC’ FOR ‘BORDERLESS’ ENTERPRISES Alain Penel, Fortinet
F
ortinet, during its participation at this year’s GITEX, will focus on the extended capabilities of the Fortinet Security Fabric. The company will also demonstrate how it is helping ‘borderless’ enterprises across the Middle East meet the challenges of securing their IoT and the cloud infrastructure and everything in between. To tackle these modern day security challenges, Fortinet has extended the performance, automation, visibility, and management of the Fortinet Security Fabric into all types of cloud environments, spanning across private and public cloud ecosystems. “Our goal at GITEX is to inform and educate IT decision-makers on the importance of maintaining the security lifecycle which requires constant attention through monitoring and analysis, responding to threats, and improving policies and protocols,” said Alain Penel, regional vice president – Middle East, Fortinet. Fortinet will also advocate its cloud-based threat intelligence platform, FortiGuard Threat Intelligence Services (TIS) that provides threat metrics and activity trends to enable CISOs in the region to stay ahead of the global and regional threat landscape and proactively defend their enterprises against rapidly evolving threats. “Organisations in the region are prime targets for sophisticated attacks from cybercriminals who leverage methods like machine learning and AI-like attacks to more effectively accomplish their tasks without detection. The FortiGuard threat intelligence 10.2017
29
GITEX PREVIEW
service, helps to give that visibility of the threat environment and is a valuable addition to the threat intelligence toolbox of any security operations team,” added Penel.
Visit them at: Hall 1, E1-10
sign-on, multi-factor authentication and risk-based analytics. “The solution also improves user experience by providing Smart Cloud Single Sign-On (SSO) for authentication, and leverages a powerful data-driven policy engine for enterprises to optimise business security and use convenience via scenario-based access conditions,” said Pavie.
Visit them at: Hall 1,114
GEMALTO INTRODUCES SECURITY-ASA-SERVICE OFFERINGS HID GLOBAL LAUNCHES NEW IAM SOLUTIONS
Sebastien Pavie, Gemalto
W
ith Gemalto’s pursuit for constant innovation to address its customers’ growing digital security demands, it will be using its participation at GITEX Technology Week to showcase its core technologies aimed at transforming enterprises and driving profitability. “We are using this year’s GITEX to launch the industry’s first global cloud-based on-demand encryption as-a-service platform with SafeNet Data Protection On-Demand (DPoD),” said Sebastien Pavie, director, Middle East, Africa and Turkey, Enterprise and Cybersecurity, Gemalto. “This on-demand platform delivers a full spectrum of data security-as-aservice offering,” he added, “including encryption, key management, hardware security modules and tokenisation to protect sensitive information across a wide range of uses cases such as Big Data, IoT, digital payments, transactions and compliance.” The company will also put focus on its SafeNet Trusted Access, a cloud-based access management solution aimed at simplying and securing access to cloud applications. It enables companies mitigate risk through an integrated single 30
10.2017
customer and employee satisfaction.” HID Global will present its extensive portfolio of Trusted Identity and Access Management solutions including live demonstrations of the HID Approve app and HID Location Services and offer visitors a hands-on understanding of how to address real-world secure identity challenges. “GITEX gives us a platform to educate organisations on benefits of the solution that help their customers to be more confident and have more control over who is accessing their confidential and proprietary information,” added Braojos. In addition, the company will also launch and showcase its latest ecofriendly Secure Card Issuance solutions and service.
Visit them at: Hall 6, MAC 6-35
Miguel Braojos, HID Global
INFOBLOX DEMOS ACTIONABLE NETWORK INTELLIGENCE PLATFORM
H
ID Global, identity solutions company, will utilise its presence at GITEX 2017 to launch its next generation multi-factor authentication tool the HID Approve app. Accoding to the company, the app adds a new level of trust for consumers and employees to securely transact online via their mobile devices. HID Global will also showcase HID Location services, its predictive analytics for workplace optimisation for the first time in the Middle East. “Trusted identities are increasingly being employed to help organisations secure, customise and enhance the user experience across a growing range of industry segments that are embracing the power of the IoT,” said Miguel Braojos, VP Global Sales - IAM Solutions, HID Global. “HID Global is delivering the next generation of multifactor authentication capabilities to help increase cybersecurity for digital business and help enterprises improve
Cherif Sleiman, Infoblox
I
nfoblox has announced that it will demonstrate its Actionable Network Intelligence Platform, a unified, platform that empowers enterprises to elevate every aspect of network availability, agility, security, and performance – on premises, across data centres, and in the cloud, at GITEX Technology Week. Cherif Sleiman, vice president, EMEA, Infoblox, said, “Network landscapes are rapidly evolving, driven by trends in security, virtualisation, cloud, IPv6 adoption, and the Internet of Things (IoT). Conventional network management solutions are manual, fragmented, and vulnerable to attack. They are no longer www.tahawultech.com
INTERCEPT A completely new approach to endpoint security.
Sophos Intercept X is a next-generation endpoint detection and response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence. • Stop ransomware before it can take hostages • Block zero-day attacks with signatureless anti-exploit technology • Get easy to understand threat insight and root cause analysis • Automate remediation and malware removal Learn more and try for free at
www.sophos.com/intercept-x For more information please contact salesmea@sophos.com
GITEX PREVIEW
able to keep pace with the exponential growth of devices, IP traffic, and sophisticated security threats” Domain Name System (DNS) security will be a big focus for Infoblox at GITEX. DNS is a foundational Internet technology used in every non-trivial IP-based transaction. If it’s not working properly, Internet transactions can grind to a halt leading to disastrous results including lost revenue due to downtime, diminished customer satisfaction, and lost productivity. In addition, Infoblox will be showcasing its ‘context-aware’ security solutions that will help organisations close the security gap.
Visit them at: Hall 1, D1-1; D1-20
MIMECAST SHEDS LIGHT ON LATEST EMAIL-BORNE CYBERATTACKS
consistent with the security training offered to employees, if it is done at all. We will help educate both existing and potential customers that conditioning employees to recognise phishing email is critical to reaching the end goal of identifying and reporting attacks to security teams to minimise business impact.” Using GITEX 2017 as a platform, Mimecast will highlight how its cloudbased email security services and capabilities of Targeted Threat Protection including Internal Email Protect, a cloudbased security service providing threat capabilities for internally generated email, helps reduce the risk, complexity and costs traditionally associated with protecting email. Mimecast’s security experts will discuss the top email attack strategies being used by cybercriminals and demonstrate how they work by performing a series of live hacks for visitors at the stand throughout the duration of the five-day event.
Pro, Video Doorbell Elite, Ring Floodlight Cam and the new Ring Spotlight Cam in addition to announcing new partnerships across the region. “Ring re-imagined the doorbell so consumers could respond – using a smartphone – to someone at their front door from anyplace, anytime,” said Mohammad Meraj Hoda, managing director, Ring. “Our mission is to reduce crime in neighborhoods and empower consumers by creating a Ring of Security around homes and communities with our suite of smart home security products.” With the UAE witnessing a positive growth of the property sector with many developers focusing on building master-planned communities, Ring believes that the time is right for them to introduce their capabilities in the region. “At GITEX, we want to create awareness of our brand and products, demonstrate how our products can reduce crime, and meet with channel partners and sign on strong partners to expand our market reach,” said Hoda. “We are confident that our smart home security products will be well accepted in this region.”
Visit them at: Hall 1, D1-42 Visit them at: Hall 6, Stand CLD-24
Brandon Bekker, Mimecast
M
imecast, an email and data security company, will discuss how organisations can build a comprehensive cyber resilience strategy for email as part of its participation at GITEX Technology Week. The recent Mimecast Email Security Risk Assessment (ESRA) report revealed that the number of impersonation attacks detected during the quarter rose more than 400 percent last quarter. “At GITEX 2017, we plan to make visitors aware of the top cyber-attack techniques being adopted by cybercriminals and demonstrate how to defend against these attacks and human errors,” said Brandon Bekker, managing director, Mimecast MEA. “Organisations struggle with being
32
10.2017
SONICWALL DISPLAYS ADVANCED SECURITY SOLUTIONS AT GITEX
RING MAKES GITEX DEBUT Mohammad Meraj Hoda, Ring
R
ing, a home security firm, is making a foray into the Middle East market and will make its debut at GITEX Technology Week 2017. The company will use the exhibition as a platform to unveil its latest suite of smart home security products such as Ring Video Doorbell, Ring Video Doorbell
Shahnawaz Sheikh, SonicWall
S
onicWall will showcase its range of advanced network security products and services at GITEX Technology Week in Dubai. The range of products works to accelerate speed thresholds for its Automated Real-Time Breach Detection www.tahawultech.com
⬀
⬀
匀攀挀甀爀椀琀礀 愀猀ⴀ愀ⴀ匀攀爀瘀椀挀攀
䌀礀戀攀爀 吀栀爀攀愀琀 䴀愀渀愀最攀洀攀渀琀 伀渀攀 倀氀愀愀漀爀洀 簀 䤀渀琀攀最爀愀琀攀搀 䴀漀搀甀氀攀猀 簀 䌀氀漀甀搀ⴀ戀愀猀攀搀 簀 一漀 䤀渀猀琀愀氀氀愀愀漀渀猀
刀攀挀漀爀搀猀 椀渀搀攀砀攀搀 椀渀 䠀愀挀欀攀搀 䄀挀挀漀甀渀琀猀 䐀䈀
䌀礀戀攀爀 椀渀挀椀搀攀渀琀猀 洀愀渀愀最攀搀 吀栀爀攀愀琀 䐀攀琀攀挀挀漀渀 ☀ 刀攀猀瀀漀渀猀攀
䐀椀最椀琀愀氀 愀猀猀攀琀猀 愀甀搀椀琀攀搀 瘀椀愀 䐀椀最椀琀愀氀 刀椀猀欀 䴀愀渀愀最攀洀攀渀琀
䔀砀攀挀甀甀瘀攀猀 瀀爀漀琀攀挀琀攀搀 瘀椀愀 嘀䤀倀 䈀爀愀渀搀 倀爀漀琀攀挀挀漀渀
GITEX PREVIEW and Prevention Platform across wired, wireless and mobile networks. SonicWall president and CEO Bill Conner, said, “This automated, real-time breach detection and prevention platform ensures organisations can build smart, consistent and sound security postures while meeting the speed, performance and cost-ofownership demands of today’s businesses and their users. We are happy to launch the platform for our Middle East customers at GITEX technology Week in Dubai.” The platform enhancements include more than 50 new SonicOS features, a new high-performance firewall, a series of new 802.11ac Wave 2 wireless access points, an intuitive cloud analytics application and advanced secure federated single sign-on (SSO) capabilities. “It’s imperative that any wellmeaning, responsible organisation take appropriate action to safeguard their networks, customer data and business as a whole,” said Shahnawaz Sheikh, sales and channel director, META and Eastern Europe, SonicWall. He added that the threat landscape in the Middle East moves far too fast to rely on static solutions. “More emphasis should be placed on real-time threat mitigation across wired and wireless networks. Companies of all sizes need to consider TLS/SSL decryption and inspection solutions as well, now that most common internet traffic is encrypted by default.”
SOPHOS SPOTLIGHTS NEXT-GEN SECURITY SOLUTIONS Harish Chib, Sophos
S
ophos, as part of its GITEX Technology Week, will put the spotlight on innovative approach to next-gen security.
34
10.2017
“The threat landscape is constantly evolving and the adoption of digitization in the Middle East has increased the risk of cyber-attacks that are now unpredictable and complicated. Hence cybersecurity remains a top priority for all organisations,” said Harish Chib, vice president, Middle East and Africa. “Today it has become increasingly easy to build and launch ransomware, regardless of skill. All one needs is ill intent and access to the dark web – a marketplace where malware kits are peddled like shoes or toys on Amazon. This trend is known as ransomware as a service.” Chib highlighted that Sophos is looking forward to participating at GITEX this year as it aims to use this as a platform to enlighten our customers on Ransomware as-a-Service and Dark Web through Sophos’ in-depth report on the subject called “Ransomware as a Service (Raas): Deconstructing Philadelphia. “We also intend to educate decision makers across the Middle East about our highly differentiated range of industryleading IT security solutions that will protect their organizations against advanced threats like Ransomware.” Sophos will showcase its nextgen technology that is built into its security solutions that offer the latest in anti-ransomware, anti-exploit, anti-malware and Advanced Persistent Threats protection across all the devices and data.
Visit them at: Hall 1, D1-10
VEEAM SETS OUT TO CLOSE ‘AVAILAILITY GAP’ Gregg Petersen, Veeam
V
eeam Software will demonstrate its new Availability Suite v10 aimed at bridging the ‘Availability Gap’ (the gap between users demand for uninterrupted access to IT services and what businesses and IT can deliver) and drives business continuity and agility to new levels. Gregg Petersen, regional sales vice president, Veeam Software, said, “According to the latest Veeam Availability Report, 82 percent enterprises in the Middle East admit to suffering an ‘Availability Gap.’” This gap, according to Petersen, is impacting the bottom line to the tune of $21.8 million per year, and almost two thirds of respondents admit that this is holding back innovation. “Today’s users are very demanding,” he added. “At home, work or school, users want a seamless digital experience and 24.7.365 access to data and applications. Companies that want to succeed in today’s fiercely competitive business environment realise that there is zero tolerance for downtime.” GITEX attendees will get an opportunity to learn about Veeam Availability Suite v10’s end-to-end Availability and cross-cloud data management platform for enterprise customers by supporting any workloads on any infrastructure in multi-cloud and hybrid cloud environments. “At GITEX we intend to educate CIOs and IT managers about the need to re-think their IT strategies and service models and move away from legacy backup and recovery solutions as they virtualize their infrastructures and move to the cloud. Availability solutions for the modern data centre is the way forward and is central to digital transformation.”
Visit them at: Hall 6, CLD-16
www.tahawultech.com
Presents
IN ASSOCIATION WITH
SUNDAY 8TH OCTOBER 2017
CONRAD HOTEL, DUBAI, UAE
REGISTER AT
www.tahawultech.com/ictawards/2017 PLATINUM PARTNER
EXCLUSIVE SOLUTIONS ADVISOR PARTNER
OFFICIAL SECURITY SOLUTIONS PARTNER
GOLD PARTNERS
SILVER PARTNERS
For sponsorship enquiries Natasha Pendleton Publishing Director natasha.pendleton@cpimediagroup.com +971 4 440 9139 / +971 56 787 4778
Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
OFFICIAL PUBLICATION
Merle Carrasco Sales Manager merle.carrasco@cpimediagroup.com +971 4 440 9147 / +971 55 118 1730
HOSTED BY
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
INTERVIEW
THE UNBLINKING EYE Firas Jadalla, regional director, Middle East and Africa, Genetec, discusses the firm’s latest offering, Retail Sense, and how security and surveillance systems can help retail players improve customer engagement and operational efficiencies.
A
t the end of 2016, the UAE retail sector was valued at $56.6 billion with sales turnover expected to exceed $71 billion by 2021, according to recent data from Euromonitor International. The increasing proliferation of e-commerce trends and expanding customer expectations present new challenges for traditional brick and mortar stores pushing them to rethink their strategies. Meanwhile, with the UAE video surveillance segment is poised to reach $200 million in the next four years, retailers are encouraged to utilise such systems to improve customer experiences and business operations. This can be achieved using security and surveillance technologies and integrating them with intelligent solutions that can help provide insights on the shoppers’ buying behaviours. Genetec’s Retail Sense is an application that leverages existing security infrastructure to deliver insight 36
10.2017
into in-store customer behaviours and trends for retail marketing, operations and merchandising teams. “The application adds value to traditional security and surveillance systems,” says Firas Jadalla, regional director, Middle East and Africa, Genetec. “It utilises existing IP cameras within retail stores not just for security but also for boosting operational efficiency, which in turn can help improve profitability.”
Retail Sense ensures that end user expectations are exceeded by leveraging data captured by the security system for business and management tasks. According to Jadalla, it filters and analyses incoming video surveillance data to produce actionable intelligence about store operations, buying patterns and trends. “As-a-service, we offer comprehensive solutions for visitor counting, directional analysis, heat
“The application adds value to traditional security and surveillance systems. It utilises exisiting IP cameras within retail stores not just for security but also for boosting operational efficiency, which in turn can help improve profitability.”
www.tahawultech.com
maps and conversion rate analysis, whether it be for a previously or newly installed cameras,” explains Jadalla. “Retail Sense can also notify relevant staff in real-time to respond to an influx of shoppers in the store or within a specific department. Features such as the heat maps and directional analyses give retailers deeper insight as to which areas of the stores are getting more interest than others. Armed with this information these stores or brands will be able to improve their customers’ experience, increase consumer engagement, and ultimately positively affect in-store success. Retail Sense, according to Jadalla, can also be optimised by various retail brands’ marketing teams. “They can easily monitor the outcomes of their marketing campaigns by getting data on the traffic at a particular store on the day when a specific promotion is launched,” he explains. “They can also view similar information from other stores and, in doing so, they can conduct a comparative analysis regarding the campaign’s impact on different locales.” The application is also integrated into other tools such as point-of-sale machines of the cashiers. “With this, we can provide companies with the ‘close ratio,’” says Jadalla. “This counts the number of people who enter the store and measures them against every purchase that has been closed on that day.” Jadalla highlights that the new solutions require minimal investments as it Genetec offers it on the cloud. “It doesn’t require retailers to acquire new servers or any kind of hardware,” he says. “As long as they are connected to the Internet they can access the dashboard, view the analytics and utilise the solution.” He adds that it is on a subscriptionbased model, so there is no significant upfront payment required. “You can also activate or deactivate your subscription as and when you need to.” According to Jadalla, having only launched Retail Sense earlier this year, www.tahawultech.com
the company is expecting high demands from Middle East businesses. This is primarily due to the strong retail market in the region. There is a wealth of information collected by security systems that have gone virtually untapped until now. Moving forward Jadalla says that he’s expecting more industries optimising surveillance cameras in gathering more data that will enable them to improve various aspects of their operations. “Today, there are various establishments who are using similar solutions,” says Jadalla. “For example, several airports have already implemented solutions that monitor the number of passengers they have near a particular gate. This gives them an idea as to how many people should be evacuated from a specific area should there be any kind of emergency. “Airport operations teams can also use the same data for their
Duty Free stores, which goes back to its usability for retail operations, helping them monitor and facilitate traffic in these stores,” he explains. But, ultimately, Jadalla highlights the goal of Retail Sense and similar solutions that Genetec offers is to help organisations boost their operational efficiency and more informed decisions regarding improving their businesses.
10.2017
37
INSIGHT
FIVE
FUNDAMENTALS OF SECURITY IN THE INTERNET OF THINGS ERA By Saeed Agha, security, Business Unit Leader, IBM Gulf and Levant
T
he sad truth is that many consumers now find themselves asking the same questions that security researchers asked many years ago: What do we trust, who can we trust, and why should we automatically trust anything, regardless how familiar or benign it looks? 38
10.2017
With an estimated 6.4 billion devices already in circulation, we’re almost to the point where there’s an Internet of Things (IoT) device for every person on the planet. According to GSMA Intelligence, Internet and mobile penetration across the Middle East, and particularly in the Gulf, is especially high and continues to grow. In the UAE for instance, mobile penetration currently stands at 92 percent.
By 2020, devices will outnumber us by almost three-to-one. While we’re still working on securing desktops, laptops, servers, phones and tablets, we must start applying those same standards of trust to the smaller (and sometimes larger) devices that don’t seem as dangerous. While automation, connectivity and intelligence have increased in www.tahawultech.com
information technology, industrial control systems, and most recently in our living rooms and cars, innovation and convenience have taken precedence over security. We’ve considered basic environmental and safety concerns, but not sufficiently enough for sabotage or subterfuge situations. With the popularity of IoT products, both vendors and consumers are learning quickly what works and what does not. The seemingly minor issue of leaving default passwords enabled on security cameras and digital video recorders turned into a major security flaw, as the Mirai botnet fueled a massive distributed denial of service (DDoS) attack against domain name system provider Dyn in October 2016. As recently as March 2017, IBM X-Force researchers found a new variant of the Mirai botnet attempting to mine Bitcoins using compromised IoT devices. Connected cars are among the latest IoT devices to come under scrutiny by the security community. Earlier this year, it was reported that four major auto manufacturers left security and privacy gaps in the mobile apps controlling their connected cars, allowing previous owners to geo-locate, unlock and control the vehicles in unintended ways. This is particularly prescient in the UAE, where driverless cars are already being prototyped in Abu Dhabi. New vulnerabilities in products are discovered frequently, which erode consumer confidence. Securing the IoT requires partnership by both the public and private sectors. Here are five fundamentals of IoT security: Software security degrades over time: All software needs to be patched eventually. Manufacturers need a way to get IoT sensors and devices patched in very distributed and uncontrolled environments. They need to provide updates for the life of the device.
1
www.tahawultech.com
Manufacturers need a way to get IoT sensors and devices patched in very distributed and uncontrolled environments. - Saeed Agha, IBM
Static secrets don’t stay secret: Default or hardcoded credentials can quickly become security issues by becoming known over time. Recent examples, including Mirai, demonstrate how malware takes advantage of such a situation to take over IoT devices for DDoS tsunamis. Organisations need to design devices that prompt a change of passwords on the first use.
2
Weak configurations persist: The default configuration of an IoT device persists unless changed by the user. If manufacturers ship IoT devices in the least secured state, it is the responsibility of the device owner to take measures to improve that security. If vendors set the default configuration to the most secure choice, users must consciously select more secure options.
3
Without lifecycle management, data accumulates: Because of all the data generated from IoT devices, the security of the data and how it’s created, used and deleted becomes important. What happens if the data falls into the wrong hands? Over time, connections between different seemingly disparate datasets
4
may emerge. IoT devices accumulate massive amounts of personal data, such as voice searches, GPS locations or heart rate information. If the data isn’t managed and secured, it could lead to loss of privacy and issues of data ownership. Choose vendors that can be trusted with personal data. Secure devices that operate in hostile environments: In contrast to mobile devices, like phones, laptops and tablets, IoT devices often operate without any human supervision. Such devices must be rugged and resistant to physical tampering and have an ability to alert a central command centre if they are under attack. Administrators of IoT operations need the visibility and control to be able to safely degrade and decommission devices that have failed or been compromised.
5
Securing the Internet of Things is not the sole responsibility of the cybersecurity industry. Manufacturers, developers, and most importantly, consumers must reach an understanding about the dangers and remedies moving forward. Here in the Middle East, as we continue to see a massive migration of public services and governmental functions over to the digital landscape, we must ensure that security keeps pace with innovation. 10.2017
39
INSIGHT
SECURITY AT YOUR FINGERTIPS By Harish Chib, vice president, Middle East and Africa, Sophos
T
he increase of smartphone usage is now a major concern for organisations in the areas of mobility, flexibility and productivity as these devices are the new frontier for hackers. Employees download a number of apps and use their personal devices to access corporate applications and data creating significant security challenges for organisations especially when it comes to the potential loss of sensitive company data. This has also given cybercriminals an opportunity to build 40
10.2017
mobile malwares in order to infiltrate into the network and steal data. A recent study on 2017 malware forecast done by SophosLabs reveals the specific malware designed for Android devices. Organisations have now begun to understand the importance of protecting mobile devices and must manage this increased risk while at the same time empower users and respect their privacy. In 2016, SophosLabs analysis systems processed more than 8.5 million suspicious Android applications. 75 percent was pure malware and 25 percent was potentially unwanted applications (PUA), including
poorly-behaved adware. As malware is designed to harm, PUAs are those apps that keeps popping up on your screen until you install it. Given these trends, organisations must have a clear set of priorities that allow you to provide flexibility, but also protect your networks and corporate data. Most organisations are looking for solutions to control data accessed through a mobile device, defend against mobile threats and enforce security policies. Providing management, antimalware and data protection for mobile devices is just as important as it is for laptops or any other corporate asset – www.tahawultech.com
of native lost device and wipe device features • Providing Self Help tools for users to reset their own passwords and reduce the burden on IT • Assuring that effective and current antimalware software is installed and active on all devices (especially Android) Protect the enterprise network Managing connections and the data that flows over them is critical to managing mobile security risk. Good network and device security is in place by • Establishing and enforcing Wi-Fi network access policy • Restricting access to the network to compliant users and devices • Restricting unwanted or risky applications from accessing the network • Securing access to frequently used and approved mobile applications and websites, through the use of a corporate browser solution.
the devices are small but they can be hacked and cracked just like any PC. Mobile Device Management came to market to help IT staff manage these issues. The lifecycle of mobility management has evolved and it includes areas like Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Security, and Mobile Content Management (MCM) and most recently containerisation. Holistic enterprise mobility management is where the right answers lie. Weaving an effective strategy requires keeping all keystones together – including productivity, privacy, security and compliance. www.tahawultech.com
As these risks remain pervasive, protecting users and their devices is the first key step to securing our mobile workforce. Millennials believe their personal devices are part of their lives, and increasingly are demanding liberal mobile usage and BYOD policies as part of their job criteria. The division between work and personal identity is blurry. Therefore, organisations must step up and fill gaps in areas that became vulnerable due to employees’ constant use of their devices, this can be done by: • Implementing good password policy • Ensuring that users take advantage
Protect corporate data A lot of valuable data passes through our mobile devices when we engage in email and other collaboration services such as file sharing and discussions. In order to protect this data we must: • Ensure that email, file sharing and other collaboration and information exchanges take place in secure application “containers” and workspaces • Protect applications that support key business processes like order management, customer support, finance, sales and marketing, and product development • Enable encryption of important files when they are accessed and shared on cloud storage services like Box, Dropbox and Google The mobile risks and rewards for workers will continue to grow and enterprise mobility management will prevent or limit the damages that malware or data loss can cause for unprotected workers. 10.2017
41
INSIGHT
BEYOND THE APPLIANCE By Michael Xie, founder, president and CTO, Fortinet
F
or anyone reading the news regularly, it’s not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider’s perspective, I can add that tackling them is a fast mounting challenge for the millions of businesses that come under attack daily. Modern cybersecurity technologies – assuming you have already put in place the right professionals, policies 42
10.2017
and processes − are a must but organisations deploying them need to look beyond the boxes that sit on their racks. What underpins the security appliances is invisible, but plays a pivotal role in ensuring that those boxes block the threats that imperil your business. Threat intelligence − or more specifically, the security appliances’ ability to know the ins-and-outs of the evolving threat landscape and respond to them appropriately – is the fuel that powers your cyber defences.
Getting timely, accurate and predictive threat intelligence is much tougher than it sounds. It calls for a robust R&D set-up, which comprises a few components: Divide and conquer − In many aspects of business, large teams equate to large outputs. When trying to outsmart well motivated cybercriminals, however, following conventional wisdom seldom works well. In my experience, an effective threat research organisation should be made up of many small teams, www.tahawultech.com
@gitextechweek
gitex.com
EXCITE. ENGAGE. EXPERIENCE.
Converging technologies, disruptive business models and moonshots collide across 60 real-world case studies from 80+ disruptive global practitioners
HOW?
Eight dedicated power conferences at this year’s GITEX
MON/TUE 9-10
MON 9
MON 9
NEW FOR 2017
SMART CITIES
HEALTHCARE
RETAIL
TUES 10
WED 11
FINANCE
DIGITAL MARKETING
NEW FOR 2017
WED 11 TRANSPORT & LOGISTICS
Big data, happiness, AI, Cognitive cities
Robotics, 3D Printing, AR/VR, Patient Experience, Cyber-security
Digital transformation, customisation, AR/ VR, drones, magic mirrors
Blockchain, AI, robotics, automation, machine learning
Gamification, data analytics, AI, digitalisation, automation
Autonomous vehicles, robotics, AI, smart technology
EXPERTS INCLUDE
EXPERTS INCLUDE
EXPERTS INCLUDE
EXPERTS INCLUDE
EXPERTS INCLUDE
EXPERTS INCLUDE
Siim Sikkut, Government CIO (Estonia)
Shafi Ahmed, Associate Dean, Barts & London Medical School (UK)
Scott Emmons, Head of the Innovation Lab, Neiman Marcus (USA)
Raj Chowdhury, Previous Head of Innovation, ICICI Bank (India)
Tin Hang Liu, CEO & Founder, OSVehicle (USA)
World’s first AR/VR livestream surgeon (Google Glass, Snapchat, Twitter) / curator of NHS Twitter account
Retail business model innovator through AI and big data
World’s first to execute inter-bank blockchain transfer
Patrick Grove, Co-founder and Group CEO, Catcha Group/ Co-founder & Chairman, iflix (Malaysia)
Taking on Bitcoin & Etherium with an official virtual currency for Estonia and the EU
NEW FOR 2017
+ TECH LEADERS
Financial review Richlister overtaking Netflix in Asia
Saved mobility sector millions of $$$ creating an open-source, modular autonomous vehicle platform
THURS 12 + EDUCATION
Game-changing advantage from the full GITEX experience – grow your network and source technology as you gain critical insight
Invite-only executive briefings daily
NEW FOR 2017
CO-LOCATED WITH
HOSTED BY SAP, Google, Oracle, Wipro, Dark Matter, Microstrategy, VMWare, F5 and Enterprise Ireland Over 120 hours of high-level networking across 8 unique options
Find out how you can apply - Email: Fahad.Khalife@dwtc.com
WITH TODAY’S FAST CHANGING TECHNOLOGY, IT’S EITHER EVOLVE OR BE EXTINCT. Get your passes before they run out at www.gitex.com or call +971 4 308 6805 Organised by
Finance Vertical Title Partner
Cyber Security Innovation Partner
Smart Cities Vertical Title Partner
Exclusive ICT Transformation Partner
Grow your Business with Google
Xerox Future of Work Global Tour
VIP Majlis Lounge Partner
Mobile Reseller Feature Sponsor
Business Transformation Partner
Official Publisher
Exclusive Digital Transformation Partner
Official Publication
Official Airline Partner
Autonomous & Robotics Partner
Official Courier Handler
INSIGHT
with each team dedicated to a particular type of threat. Creating such research focuses boosts each team’s specialisation and competency − leading to faster discovery of threats, and the identification of more threats − while shortening customer response times to incidents. Stay fleet-footed − Threat research teams must be nimble. The threat landscape is highly dynamic, changing by the day, or even hours and minutes. The teams must be able to adjust their priorities and refocus on the fly. See the big picture − Researchers must be encouraged to think big and pursue their own interests, even if those interests don’t have a direct link to the company’s products. Research on IoT vulnerabilities, for instance, can deepen an enterprise security provider’s understanding of the threat landscape. Hone your instincts − Research leaders must train their teams to develop the acumen to identify a threat as important before that fact becomes obvious to all. Good threat researchers, for instance, have been warning for years that IoT vulnerabilities are the next big menace − before the Mirai IoT botnet appeared last September and made it plain to the world. Threats emerge and evolve swiftly. If a security provider is slow to research on them and react, its customers will be slow to get protected. Amass data – The more data a threat research team has access to, the greater the potential of its research outcome. Enlightened research organisations share – not hoard – information. Threat intelligence sharing is an ideal approach and joining groups such as the Cyber Threat Alliance helps all parties build and benefit from a bigger threat database to monitor, block and trace malware back to their sources. 44
10.2017
The security appliances’ ability to know the ins-and-outs of the evolving threat landscape and respond to them appropriately – is the fuel that powers your cyber defences. Michael Xie, Fortinet
Invest in research technology – The days of manually analysing threat information have long passed us by. Effective research teams need advanced tools to interpret and correlate the reams of data coming through to them every second. While today we have Content Pattern Recognition Languages (CPRLs) to help identify thousands of current and future virus variants with a single signature, the future belongs to technologies like Big Data analytics and artificial intelligence. Soon, AI in cybersecurity will constantly adapt to the growing attack surface. Today, human beings are performing the relatively complex tasks of connecting the dots, sharing data and applying that data to systems. In future, a mature AI system will be able to automate many of these complex decisions on its own. No matter how advanced AI becomes, however, full automation – or the passing of 100 percent of the control to machines to make all the decisions all the time – is not attainable. Human intervention will still be needed. Big Data and analytics platforms allow malware progression to be predicted but not malware mutation. Only the human mind could have foreseen that ransomware like WannaCry would
embed the National Security Agency’s vulnerability exploits to propagate on unpatched systems. Malware evolution will intrinsically follow human evolution and how people blend new technologies into their everyday life. If in the coming years, for instance, self-driving cars and wearable IoT find widespread adoption, cybercriminals will – as they have always done – find ways to ride the wave and exploit those cars and devices. Likewise, cryptocurrencies, if they continue to find favour at the rate they gained momentum this year, will attract herds of hackers. The concept of automation is opening up many new possibilities for cybercriminals, and turning up the heat on organisations. As hackers step up the amount of automation in their malware, attacks will not only come at organisations faster, they will also reduce the time between breach and impact, and learn to avoid detection. Increasingly, firms will need to respond in near real time − in a coordinated fashion across the distributed network ecosystem, from IoT to the cloud. Not many enterprises have the capability to do this today, and that’s something CIOs should start worrying about. www.tahawultech.com
Dubai’s BIGGEST Events Are Now Accessible On Your Smart Phone Devices
Access to latest events
Search using the Browse chronologically key name, calendar or map
BLOG
THE NEED FOR DETECTION AND RESPONSE By Rajat Mohanty, co-founder and chief executive officer, Paladion
B
y the time data breaches have run their course, it is often too late. The resulting loss of revenue, reputation, and customer confidence can be irreparable. Managed detection and response service can help in early detection and faster response to contain breaches and limit damages. At Paladion, we’ve seen our clients benefit from the following six enhancements as part of the MDR service.
Avoid the attacks that have hit other enterprises and organisations. Every day, we see news about a specific security threat that has already claimed multiple victims. When their initial attack has succeeded, attackers typically repeat it against other targets across industries and geographies. Failure to learn about and act on these incidents can leave you vulnerable. Yet do you really have the time to keep track of all security attacks and attackers globally, learn from them, and apply those lessons in your own network in the form of detection rules or response methods? The right MDR service can do all of that for you.
1
Detect hidden or unknown threats that were missed in basic monitoring. Traditional security monitoring is rule based, but attackers today can bypass those rules by
2
46
10.2017
using new techniques. Security analytics and machine learning are the new methods to detect these advanced attacks. With an MDR service, you can benefit from enhanced security without the complexity of deploying your own Big Data analytical platform or hiring data scientists. Monitor attack campaigns instead of chasing individual alerts. Traditional MSS (managed security services) only provide visibility of point-in-time threats. You receive notifications as these threat events occur in your systems and network, but this may result in chasing many irrelevant alerts. Sophisticated attacks today often happen over longer periods using multiple stages of a cyber kill chain. These campaigns can therefore go undetected in the deluge of daily alerts you receive. Our MDR service uncovers connections between alerts over the longer term using analytics to detect campaigns and reveal entire cyber kill chains. You can then mitigate relevant threats with visibility of the entire attack.
3
Quickly investigate the impact of the threats. Traditional security monitoring systems send you alerts based only on rules and signatures. You must then investigate them to determine their relevance and the threat it poses to your environment. This not only eats up your time, but can be a very slow
4
process to assess the overall impact. Today’s fastpaced attacks can cause significant damage in the time it takes for investigation. Contain incidents at machine speed. If a breach in progress is discovered, urgent actions required may include changing configurations in firewalls or routers to block access, removing user accounts, killing a process or deleting files, or applying virtual patches via intrusion prevention systems (IPS) and web application firewalls (WAF).
5
Eradicate root causes beyond any immediate threat. Apart from immediate containment, an effective incident management process involves three other critical steps: remediation; recovery; and lessons learnt. We create clear playbooks for these steps for the different incidents affecting your organisation. These playbooks can be executed through collaborative workflows in our MDR service platform involving your team and our expert responders. Traditional MSS provide you base security in the form of log collection, log monitoring, scanning and device management. MDR services builds on that base to detect and respond to threats swiftly to prevent breaches that MSS may have missed. Together, MDR and MSS can provide a solid defence against conventional and advanced threats and attacks.
6
www.tahawultech.com
ARE YOU PREPARED FOR A CYBER BREACH?
Incident Response Penetration Testing ICS / SCADA Security Web Application Security Managed Security Services IT SEC provides 360° CyberSecurity Services to Secure Your Network and Protect Your Data
SECURING NETWORKS PROTECTING DATA
+971.4.242.3608 www.itsec.ae