ISSUE 32 | NOVEMBER 2018
www.tahawultech.com
CLOUD CLOUT HOW TO LEVERAGE THE POWER OF CLOUD FOR DISASTER RECOVERY
EDGE THE MULTI- IT SECURITY SECURITY CLOUD ERA ECONOMICS
CYBER EXPOSURE PARTNER
CYBERSECURITY SOLUTIONS PARTNER
CONTENTS
The Cyber Exposure Company FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Managing Editor Michael Jabri-Pickett mjp@cpimediagroup.com +971 4 440 9158 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135 Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128
10
Sales Manager Nasir Bazaz nasir.bazaz@cpimediagroup.com +971 4 440 9147 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111
SILVER LININGS
PRODUCTION Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107
How the cloud can enable effective disaster recovery strategies
DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin webmaster@cpimediagroup.com +971 4 440 9100 Published by
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409
16
THE SECURITY SPECIALIST
20
Printed by Al Ghurair Printing and Publishing Regional partner of
26
© Copyright 2018 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
Bulwark Technologies’ Jose Thomas Menacherry on the trends accelerating the regional security landscape
LOGIC LOCKING A glimpse at NYU Abu Dhabi’s “unhackable” microchip BANKING ON SECURITY Why the banking sector needs a comprehensive cybersecurity programme
30
THE BATTLE FOR BUSINESS BUY-IN
34
38
Top tips on how organisations can justify IT security spending
THE NEW PERIMETER How privilege access management can secure the expanding IT perimeter
BLOCK BY BLOCK
Securing the growing blockchain ecosystem
NEWS
DARK DATA ACCOUNTS FOR ALMOST HALF OF DATA STORED BY UAE FIRMS: STUDY Veritas Technologies has unveiled the findings of its 2018 UAE Databerg Report, which underlines that ‘dark’ data – whose value has not yet been identified – accounts for the majority of data (48 percent) that is stored and processed by organisations in the UAE. The findings highlight the vast and as-yet-untapped potential to leverage the prevalence of dark data, to drive transformational growth across the region. One hundred respondents in the UAE, covering all key sectors – including government and business – were surveyed for the report on enterprise data management. It focuses on identifying the pervasiveness of ‘databergs’ – reflecting the data hoarding culture – and the risks associated with allowing data growth to continue unabated. The survey highlights that while dark data accounts for 48 percent – compared to 52 percent globally – organisations in the UAE are taking more control of data. Clean data – which has been tagged or classified – has more than doubled from eight percent in 2016 and now stands at 19 percent, which has led to a significant reduction in Redundant, Obsolete or Trivial (ROT) data decreasing from 43 percent to 33 percent in the past two years. Damian Wilk, Senior Regional Director – Middle East, Veritas, said, “The UAE has been taking the lead in adopting advanced data management – which is reflected in the noticeable decrease we’ve seen in ROT data over the past two years. However, the large volume of dark data that persists in the UAE points to the fact that managing dark data is becoming a business-critical issue for organisations. By identifying the value of such data, organisations can move towards faster decision-making, greater operational efficiency and increased productivity. By illuminating the dark data and erasing ROT, organisations can assume stronger control of their data management. Veritas can help in identifying dark data, exposing the risks and extracting true value for organisations.”
4
11.2018
RING TIES UP WITH RETAIL GIANT TO MAKE UAE HOMES SAFER
Sharaf DG’s Nilesh Khalkho and Ring’s Mohammad Meraj Hoda
Ring has partnered with Sharaf DG, a specialty electronics retailer in the UAE. As part of the collaboration, Sharaf DG will promote and retail Ring’s innovative home security products and solutions in their stores as well as at their innovative in-store Solution Bar, giving customers the opportunity to experience the Ring products first hand and to learn about its features and benefits via demos. “Ring believes in keeping homes and communities safe rather than just comfortable, and we hope to change the way
homeowners view security by keeping an eye on their family and property, even when they can’t. Ring re-imagined the doorbell so consumers could respond – using a smartphone – to someone at their front door from anyplace, anytime while simplifying the technology with the combination of App, Cloud and Security hardware. Sharaf DG is a trusted and reputed retailer with a wide store footprint and customer reach in the UAE with wellexecuted experience zones and trained staff and we are confident of their capabilities in best in class retail execution for Ring’s range of the products and solutions,” said Mohammad Meraj Hoda, Vice President of Business Development – Middle East and Africa at Ring. As a retailer, Sharaf DG will retail Ring’s latest suite of smart home security products such as Ring Video Doorbell 2 that helps you communicate with visitors from anywhere. Sharaf DG staff will also conduct live demos which will be great opportunities for customers to touch and feel the product and understand how effective, easy-to-use and affordable Ring’s solutions for home security are.
FORTINET SNAPS UP CLOUD-BASED THREAT ANALYTICS FIRM Fortinet has completed the acquisition of ZoneFox Limited, a privately-held cloud-based insider threat detection and response Ken Xie, Fortinet company headquartered in Edinburgh, Scotland. The acquisition further enhances the Fortinet Security Fabric and strengthens its existing endpoint and SIEM security offerings. “Enterprise organisations are experiencing a dramatic increase in the number of endpoints and users accessing data and cloud resources, which is also increasing the need to defend against insider threats”, said Ken Xie, founder, chairman of the board and chief executive officer, Fortinet. “In fact, 30 percent of breaches involved insiders acting negligently or
maliciously according to the 2018 Verizon Data Breach Investigations Report. By combining ZoneFox’s cloud-based threathunting technology with Fortinet’s existing endpoint and SIEM security offerings, we are well positioned to provide our customers with an integrated approach to defend against insider threats, eliminate network blind spots and protect today’s expanding attack surface with automation and machine learning.” The integration of ZoneFox’s machine learning-based threat-hunting technology will complement FortiClient endpoint security to provide endpoint detection and response (EDR) capabilities and will extend FortiSIEM with additional user entity behaviour analytics (UEBA) features, both on-premises and in the cloud. Fortinet expects that the new endpoint security capabilities provided by ZoneFox will allow enterprise organisations to better leverage machine learning to detect anomalous behaviour and provide an even faster response to insider threats.
www.tahawultech.com
NEWS
GOVERNMENT, EDUCATION SECTORS SEE HIGHEST DATA LEAK INCIDENTS: REPORT InfoWatch Group has released a report on confidential data leaks from organizations in the Middle East, covering the period from 1st July 2017 through 30th June 2018. Kristina Tantsyura, According InfoWatch Middle East to InfoWatch Analytical Center, local government agencies and educational institutions experienced 36 percent and 20 percent of all leaks, respectively (twice as many as worldwide average). While 66 percent of all global incidents over the reporting period affected personal data, the majority (over 38 percent) of Middle Eastern data breaches compromised trade secrets and know how, with personal data in the region leaked in less than 30 percent of cases. While two thirds of all leaks from the Middle East companies was caused by external intruders, almost the same share worldwide (63 percent) was attributed to internal offenders.
One in five incidents in the Middle East was caused by non-privileged, rank-and-file employees, while top managers were at fault 2.5 times more often than globally. While the network channel was used in the majority of enterprise data leaks over the period both worldwide and in the Middle East, there is a big difference in local and global leak breakdown by channel. The shares of leaks through mobile devices and instant messengers in the Middle East were more than three and almost four times larger than global figures, respectively. Kristina Tantsyura, InfoWatch Group’s Business Development Director for Middle East and InfoWatch Gulf’s CEO, said, “To prevent sensitive data breaches, Middle East companies need to reconsider their security approach in terms of both information handling and use of particular external and insider threat protection tools that should combine Data Loss Prevention (DLP) with, say, User and Entity Behavior Analytics (UEBA) technology, which analyses enterprise information flows and uses machine learning-based models to predict cybersecurity risks.”
CLOUD MISCONFIGURATIONS LEAVE ENTERPRISES VULNERABLE TO DATA LOSS: STUDY McAfee has released its Cloud Adoption and Risk Report, which revealed that nearly a quarter of the data in the cloud can be categorised as sensitive, putting an organisation Rajiv Gupta, McAfee at risk if stolen or leaked. Coupled with the fact that sharing sensitive data in the cloud has increased 53 percent YoY, those who do not adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls, will endanger the security of their most valuable asset—data—while exposing themselves to increased risk of noncompliance with internal and external regulations. The study found that while organisations aggressively use the public cloud to create new digital experiences for their customers, www.tahawultech.com
the average enterprise experiences more than 2,200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. Cloud service providers only cover the security of the cloud itself, not customer data or customer use of their infrastructure and platforms. Companies are always responsible for securing their data wherever it is, hence highlighting the need to deploy cloud security solutions that span the whole cloud spectrum, from SaaS (software-as-aservice) to IaaS and PaaS. Rajiv Gupta, senior vice president of the Cloud Security Business, McAfee, said, “Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organisations need a cloudnative and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS.”
ALPHABET SHUTS DOWN GOOGLE+ SOCIAL SITE Alphabet Inc’s Google will shut down the consumer version of its social network Google+ following its announcement that the private profile data of at least 500,000 users may have been exposed to hundreds of external developers, Reuters reported. The company also pledged to tighten its data sharing policies. The issue was discovered and patched in March as part of a review of how Google shares data with other applications, Google said in a blog post. No developer exploited the vulnerability or misused data, the review found. The Wall Street Journal reported earlier that Google opted not to disclose the security issue due to fears of regulatory scrutiny, citing unnamed sources and a memo prepared by Google’s legal and policy staff for senior executives. Google feared disclosure would invite comparison to Facebook Inc’s leak of user information to data firm Cambridge Analytica, the Journal reported, adding that Chief Executive Sundar Pichai had been briefed on the issue. Google declined to comment beyond its blog post. Launched in 2011, Google+ could pinpoint ads to users based on data they had shared about their friends, likes and online activity. The social network was launched to compete with Facebook. But Google+ and the company’s other experiments with social media struggled to win over users because of complicated features and privacy mishaps.
$1.9 billion predicted spending on enterprise information security spend in Middle East and Africa in 2019
- Gartner 11.2018
5
NEWS
Mimecast moves into web security
Werno Gevers, Mimecast
Mimecast is known for its email security solutions, with the company offering an integrated cloud suite to manage a wide variety of email risks. At this year’s GITEX Technology Week, the company showcased its recently launched web security offerings.
Mimecast Web Security was officially inaugurated earlier this month, although the early adopter programme opened in mid-2018. “We’re leveraging our existing gateways engine. We’re offering product against malicious URLs, for example. We all of us use these engines to filter URLs, to see if websites are good or bad. That’s built into our existing platform. It’s the same [solution], which already has a vast amount of scalability,” said Werno Gevers, Mimecast’s Middle East business development manager. The technology can be used to block particular categories of website, such as social media, and is described as “very simple and easy to deploy”, taking as little as 60 minutes. Mimecast has built up a reputation across an array of sectors, which ties in with the reality that “email is pervasive across all sectors and the same goes for web.” “Every customer uses web, as they
use email [so] we don’t have any specific vertical focus,” said Gevers. Although Mimecast’s technology can be applied across a huge array of industries, Gevers said that, globally, the company is particularly strong in healthcare, retail and finance. According to Gevers, over the last year it has onboarded more than 120 customers. “It’s an extremely competitive market. You have vendors of all sizes and colours. What really makes us unique is that we can solve multiple challenges,” said Gevers, adding that this meant that the company was able to develop more of a strategic relationship with clients. “Customers can use our platform to solve multiple business challenges. That’s what gives us a competitive edge. It’s a single platform; no point solutions to manage.” “The focus will remain to get market share in the UAE. Saudi is the next biggest opportunity for us and then across the rest of the Middle East,” said Gevers.
Veeam spotlights intelligent data management solutions, cloud availability Gregg Petersen, Veeam
Veeam has highlighted its five steps for intelligent data management and shared the company’s progression through backup, aggregation, visibility, orchestration and automation in the last 12 months during the recently held GITEX Tech Week. The company also showcased the Veeam Availability Orchestrator, which was launched earlier this year. “This means we can now help customers 6
11.2018
to plan and simulate disasters, which plays a huge part in assisting them with risk and compliance regulations, as we can now proactively foresee the impact of these incidents and help our customers plan accordingly,” said Gregg Petersen, regional vice president, Veem. Claude Schuck, regional manager for the Middle East and Central Africa, added that the region’s emphasis on private cloud investments is also an area where Veeam can make its
mark. “Big technology players, such as Azure and AWS, are now putting down investments in this space here in the Middle East, and we’re very well positioned to help with this. As a result, I expect we’ll see a huge shift in how customers deal with cloud investments and plan their availability strategy moving forward over the next 12 months. Private cloud is no longer a pie in the sky dream, but it’s here and now in this region,” he said. www.tahawultech.com
NEWS
AI-powered malware is genuine threat: Sophos
John Shier, Sophos
AI powered machines would soon be competing with other AI powered machines within the next four to five years in creating and detecting malwares. The ability of machines to be trained to create malwares that can bypass other machines, deployed to detect the same and the resulting tug of war for supremacy will be a regular feature of tomorrow’s security scenario said John
Shier, Senior Security Advisor at Sophos. The global network and endpoint security provider -which recently expanded its security infrastructure, by introducing endpoint detection and response (EDR) to its Intercept X endpoint protection portfolio – allows deep learning technologies to help faster, more extensive discovery of malwares. “We receive almost half a million malwares on a daily basis. Our deep learning network is trained to look for suspicious elements or codes,” he said. We are even witnessing a trend where hackers are creating codes that do not follow a particular pattern so that in an effort to trick security experts. We call it polymorphism,” he says adding that tomorrow as AI is used to track
malware, hackers with deep pockets or institutional support could use AI to create new types of threat. The business of hacking, according to him has grown with millions of dollars as ransomware, using cryptocurrency. According to him phishing continues to be the main means to disseminate threats. “We are also witnessing a move towards manual infections, where hackers identify vulnerable machines and attack them with brute force. “The rate of success here is pretty high,” he said. Sophos has been using machine learning tools to identify such threats. “We have been using machine learning to identify such threats. Our latest solutions to clients offer both machine learning at both the network level and at the endpoint,” he added.
Palo Alto Networks reveals misunderstanding around cybersecurity responsibilities
Tareq Abbas, Palo Alto Networks
There is a misunderstanding in who is responsible for cybersecurity within the public cloud shared responsibility model, a study by Palo Alto Networks has found. The study, which was revealed at GITEX 2018, conducted research on www.tahawultech.com
500 IT decision makers, responsible for cybersecurity n organisations of 500 to 5,000 employees, across Europe and the Middle East. Tarek Abbas, systems engineering director, Emerging Markets, Palo Alto Networks said that the findings were unsurprising. “We carried out this study because we felt there was a misunderstanding in the market around who is responsible for what when it comes to cybersecurity within the public cloud,” he said. “The findings show that a high majority of cybersecurity professionals (83 percent) have complete confidence in their cloud service provider to secure their infrastructure, but only 51 percent of respondents claim full awareness of the shared responsibility model.” While the shared responsibility model makes service providers responsible for
their cloud infrastructure, organisations are wholly responsible for securing their own data and applications. “One in ten respondents incorrectly believe that the shared responsibility model refers to multiple cloud providers sharing security responsibilities,” Abbas added. Commenting on the progress of cloud adoption in the Middle East, Abbas said that while adoption is undoubtedly slower in the East compared to most advanced markets in the West, it is nonetheless very high on the agenda of business leaders in the region. Looking ahead to 2019, Palo Alto Networks is looking to expand its presence to multiple locations across the Middle East and Africa, with the goal of partnering with large enterprises and governments across the region to better enhance cloud adoption, digital transformation and cybersecurity awareness. 11.2018
7
NEWS
ESET to focus on cybersecurity consulting
Dimitris Raekos, ESET
IT security firm ESET says it is transforming itself from a software provider to cyber security consultant, even as the company experienced more than average growth in the region. The company’s general manager for the region Dimitris Raekos said ESET
has overhauled its services during the past year to help enterprise IT teams prevent, detect, respond to and predict cyber threats. “We first launched our managed console that can handle multiple operating systems including Linux, iOS and Android; which was followed by a cloud sandbox for malware analysis and a cloud administrator – mainly aimed at SMB customers,” said Raekos. ESET’s latest customizable solution, the Enterprise Inspector, is an endpoint detection and response (EDR) tool and enables customers to concentrate on product development. “Today the industry is looking for endpoint security suites that are fully capable to handle every type of threat. Alongside they want a simple solution without much complications,” he says. According to him, clients will have an advantage with this fully customisable
solution. The company is yet to launch the latest EDR solution in the Middle East. “We will be rolling out the solution here in the coming months,” said Raekos. “The key is to offer clients an ability to monitor network traffic and early detection of threat. Our Security Management Center provides a central console for security management,” he added. For ESET, business across the Middle East has been better than the rest of the world during the past year. The company has seen a notable growth globally with the Middle East region in the lead. ESET has been especially strong in the UAE and Saudi Arabia. “Our offerings are also compliant with the regulations of SAMA in Saudi Arabia. There has been a lot of demand from the Kingdom,” he added.
Forcepoint highlights “humancentric” approach to security Security expert Forcepoint has launched a trio of solutions at GITEX as well as announced a new approach to ensure more holistic data protection across the enterprise. Jawad Toukna, Forcepoint’s regional sales director for network security in emerging markets, highlighted the firm’s “human-centric approach” to security. According to Toukna, Forcepoint’s new approach to security would rely heavily on behavioural analysis. “It’s about moving away from focusing on endpoint solutions and just selling products,” he said. “It’s now about trying to build infrastructure that provides a risk-adaptive architecture. The idea is to integrate and offer different solutions, which can be behavioural, and work across the infrastructure. If we can follow data and understand the user, it enables us to anticipate risk. 8
11.2018
“The weakest link in an organisation isn’t a firewall, but the human behind the machine. Human behaviour keeps changing, so we need solutions that adapt based on human beings.” Toukna went on to offer an example of how particular employees could have their access to certain information limited once certain actions are triggered. “The head of HR will typically have access to CVs and payslips,” he said. “If that person is due to leave the company, does it make sense for them to access this kind of information? Systems should be able to re-categorise them to determine what information they can access. “Most threats target executives, IT database administrators, and IT security teams. They have privileged access to critical data, and they’re the ones that need to be secured.
Jawad Toukna, Forcepoint
“We’re working in a way that makes it easy for customers. They don’t have to buy the full suite. They can migrate to our solutions piece by piece.” Forcepoint has also launched its SDWAN, Data Guard and user behaviour analytics (UEBA) solutions during its fourth outing at GITEX, and Toukna said the response to the products has already been positive. www.tahawultech.com
EVENT
LEVEL THE PLAYING FIELD In a panel discussion at the recently held Oracle OpenWorld in San Francisco, three of the world’s most-respected national intelligence experts discussed how IT professionals can leverage AI and machine learning to tilt the balance in favour of cyber-defence, security correspondent Daniel Bardsley reports from California.
M
achine learning and artificial intelligence will shift the balance against cyber-attackers by offering greater assistance to cyber defence efforts, Oracle’s chief corporate architect has said. At a keynote discussion at Oracle OpenWorld 2018 in San Francisco, Edward Screven suggested that technology would lead to a decisive shift in favour of defence but warned that major companies could find themselves in the cross-hairs of geopolitical struggles in cyberspace. “Machine learning and artificial intelligence is a more effective tool for defence than offence,” Screven said in a session moderated by the Oracle CEO Mark Hurd. “Because it’s been easier to automate attacks, the spread-out bunker [form of defence] doesn’t work. But if you have a www.tahawultech.com
few strongholds you’ve got management control. I think it’s far, far more secure.” Screven has held security-related roles at Oracle for two decades and said that, over that time, the nature of the security threat had evolved beyond recognition. Where once it was unsophisticated phishing emails sent out by lone, poorly funded attackers, today the danger comes from well-funded criminal organisations or state-sponsored operations. “Their motives are sometimes financial, sometimes political. Their motivations are sometimes to affect companies that are important,” said Screven. “We’ve had to build new technology and figure out ways to respond that aren’t manual, that don’t have long think times.” Speaking alongside Screven, Jeh Johnson, the United States Secretary of
Homeland Security from 2013 to 2017, said that “cyberspace is really the new battlespace”. “We need to have as an international priority the defence in cyberspace,” he said, adding that more use should be made of public-private partnerships in the defence of critical infrastructure. In terms of wider security issues, Johnson, a former general counsel at the US Department of Defense, said that the western world had done a good job of dealing with terrorist threats from overseas. However, he said a key vulnerability that was yet to be dealt with was the home-grown terrorism threat coming from individuals radicalised on the internet. He described such actors as being “increasingly tenacious and aggressive”. “We struggle to keep up. We’ve yet to turn that corner.” he said. 11.2018
9
COVER FEATURE
SILVER LININGS At a time when companies rely on data and computer systems for their survival, a disaster recovery plan should no longer be an afterthought. How can the cloud enable effective disaster recovery?
10 11.2018
www.tahawultech.com
COVER FEATURE
D
isasters are inevitable but mostly unpredictable, and they vary in type and magnitude - be it natural calamities such as earthquakes, flooding and hurricanes or man-made disasters such as cyber-attacks. Unfortunately, most businesses don’t normally think they will be a victim of such crises, not until it happens, and the company ends up with thousands or millions of dollars in financial and operational losses. In the recent past, most companies often neglect disaster recovery implementations largely because of the costs and complexities it involves. A recent study by IDC has estimated that as many as 50 percent of global organisations have inadequate disaster recovery plans. The analyst firm warned that such companies might not survive a significant disaster because of their inability to recover IT systems. “Many organisations do not have properly protected and staged offsite data, have not tested the disaster recovery environment, or do not have automated disaster recovery processes as part of documentation and planning,” says the IDC report. The report underlines that the primary reasons behind this are complex, but principal among them are cost, time, and training. The increasing prominence of cloud has made the disaster recovery process easier, faster, and more cost-effective. “Cloud computing offers an excellent alternative to these traditional disaster recovery methods, be it using disaster recovery as-a-service (DRaaS) from a service provider or simply putting backups in the cloud,” explains Mohamad Rizk, Manager System Engineers, Middle East, Veeam in an article titled, Disaster Recovery 2.0: Protecting Businesses from Potential Catastrophic Risks. According to Rizk, DRaaS is a valuable cloud-based model as it delivers www.tahawultech.com
Cloud should be seen as an opportunity to address these concerns. Cloud providers offer disaster recovery capabilities at a lower cost and with lower complexity. While the disaster recovery solution may not be as sophisticated as a full internal disaster recovery capability, it will be maintained and managed quickly and efficiently. - Jeff Ogden, Mimecast
comprehensive disaster recovery by replicating a business’ physical or virtual servers to provide failover. Jeff Ogden, general manager, Mimecast Middle East, explains that generally, organisations have struggled with time, budget, resources and technical architecture for disaster recovery. “Cloud should be seen as an opportunity to address these concerns. Cloud providers offer disaster recovery capabilities at a lower cost and with lower complexity. While the disaster recovery solution may not be as sophisticated as a full internal disaster recovery capability, it will be maintained and managed quickly and efficiently.” In addition, Ogden says that organisations today are increasingly recognising that defence-only strategies are no longer enough. They see the importance of ensuring comprehensive security control before, continuity during, and automated recovery after an attack. “It’s important for organisations to restore their data effectively and
as quickly as possible,” Ogden says. “A secure cloud archive solution is an incredibly effective way of helping organisations ensure full and efficient recovery. A cloud archive provides a scalable, secure backup of all email in the cloud to protect against data loss, corruption and malicious activity. But more importantly it offers more than simple backup and recovery, it enables access to archived emails anywhere, anytime, and on any device in record speed.” When it comes to disaster recovery implementations, the recovery point objective (RPO) and recovery time objective (RTO) are the main things to consider. Cloud-based DR’s primary selling point is that it lowers the RTO to as close to zero as it’s reasonably possible to be. By deploying a DRaaS solution, business-critical applications can be up and running almost instantaneously after an incident, writes Rizk. “Like other ‘as a Service’ models, DRaaS offers significant advantages for businesses of 11.2018
11
COVER FEATURE
a range of sizes. The lower costs open up availability for smaller businesses, who could otherwise have struggled to implement such a service in-house. Equally, its scalability benefits the larger enterprises, whose needs might vary depending on the number of servers, applications and databases being used at any one time.” Effective cloud disaster recovery provides continuity for services and the ability to fail over to a second site if there is a hardware or software failure of IT systems. No matter the size or nature of the company, “IT teams recover valuable time that might otherwise have been dedicated to back-ups. As a result, DRaaS is an increasingly popular option, with 25 percent year on year growth predicted for the offering over the coming decade,” explains Rizk. What factors should organisations consider when setting up a cloud-based disaster recovery strategy? In evaluating how to effectively implement a cloud-based strategy, it’s important to first think through the overarching objectives of the business. “The best place to start is with a business impact assessment,” says Rizk. “It’s important to work out which apps and business processes are most critical to keeping the business available all day, every day. Estimate the maximum amount of downtime the business can stand for each of these business processes before it fails. From there, work out what your ideal recovery targets would be for these apps and processes,” he adds. Rizk also notes that running through some hypothetical scenarios might be helpful. “Analyse – ‘How much data loss can you handle? How quickly do you need to be back up and running? How much would downtime cost the firm, in terms of output and broader consequences?’ All of these questions will help to define the RTOs for the business and the best approach as a result,” he explains. 12
11.2018
A DRaaS provider should be fully compliant with the legal requirements of the geographies they operate in. By finding the right platform, businesses can be confident that their strategy is both comprehensive and fully adherent to local laws. - Mohamad Rizk, Veeam
Another factor to consider is compliance, according to Rizk. Regulations such as GDPR and the NIS Directive urge companies to ensure that they understand where specific data will go once shared. “A DRaaS provider should be fully compliant with the legal requirements of the geographies they operate in. By finding the right platform, businesses can be confident that their strategy is both comprehensive and fully adherent to local laws,” he says. Meanwhile, Ogden says email access is critical to business continuity management. Of all the aspects of business continuity, ensuring access to email during a planned or unplanned outage must be a top priority. “An email outage can wreak havoc throughout an organisation, as email has become indispensable to business communication. When an email outage prevents users from sending or receiving email, business grinds to a halt,” he explains. “If PCs or the broader network are affected by an incident, a continuity solution should take into effect and provide alternative email access points through the web and mobile continuity apps. The
absence of a continuity solution means there’s no access to company email, which often leads to employees utilising their personal email, which likely doesn’t meet compliance requisites.” Ogden further reiterates the importance of having an archive solution which enables organisations to recover against data loss, should the company’s primary email system be compromised. “Simply put, no disaster recovery or digital business continuity plan is complete without a solid email archiving solution in place,” he says. Organisations can no longer bury their heads in the sand when it comes to disaster recovery. Disasters, whether it be natural or man-made, are inevitable and having a plan to recover from it must be a top priority. In failing to do so, organisations risk not only the safety of their data and applications but of the entire business. All that said, even with the cloud, an organisation can’t simply set up a disaster recovery plan and hope for the best. They need to make their due diligence and regularly review their disaster recovery plans and test it at least yearly to ensure its effectiveness. www.tahawultech.com
REDEFINING technology transformation
+971 4 440 9100
@TahawulTech
info@cpimediagroup.com
www.tahawultech.com
facebook.com/tahawultech
twitter.com/tahawultech
linkedin.com/in/tahawultech
INSIGHT
HOW AI WILL DRIVE PUBLIC SAFETY TRANSFORMATION Charles Yang, President, Huawei Middle East, delves into how artificial intelligence is transforming technologies and industries to enhance public safety.
B
reakthroughs in deep learning and reinforcement learning are driving a new wave of AI advances. AI applications are now widely deployed across almost all industries, whether through auto-piloting technology, unmanned supermarkets, intelligent voice assistants, and more. AI has become a new powerful engine that drives industry digital transformation. After decades of research and development, AI has evolved to a new stage. Today, AI research extends to areas such as natural language processing, pattern recognition, image recognition, data mining, machine learning, intelligent interface technology, and intelligent information processing. 14
11.2018
AI is creating brand-new experiences for everyone and every organisation, from Computer-Aided Diagnosis techniques to voice-aided smartphones, handwriting recognition, financial transactions, smart logistics, spam filtering, and translation. AI technology is bringing about major changes in the way businesses develop. It has also had a social impact, delivering public goods like precision medicine, environmental sustainability, and education. As AI becomes more developed, AI-driven technologies are being implemented across every sector. One sector particularly relevant to the Middle East is public safety. In Abraham Maslow’s hierarchy of needs, safety, food, and water are the most basic needs for human
survival. This is especially true for the growing cities of the world. AI is gaining attention not only for the protection of life and property but also for the promotion of modern governance. AI will directly improve the quality of life of citizens by creating a world with better city management, faster emergency response times, and more accurate identification and apprehension of criminals. In surveillance, for example, AI is booming in the video analytics domain. Computer vision deep learning has drastically increased the accuracy of facial recognition (FR) and automatic number plate recognition (ANPR) technology. These have now become a standard feature in safe city solutions to track, trace and alert of known suspect persons and cars in real time. www.tahawultech.com
INSIGHT
In the command centre, AI language processing is being applied to decrease emergency response time. Voice-To-Text (V2T) technology transcribes emergency calls and uses V2T keyword and investigation analysis as part of intelligence-led policing in order to increase the efficiency of emergency services. Huawei is a global player in public safety industry and we provide multiple AI-based solutions. One is the world’s first AI-enabled softwaredefined camera (SDC), the M/X series. This series of cameras can be applied to a vast range of scenarios and improve image processing capabilities by 25 times. The other is the Industry Enabling Platform to flexibly orchestrate AI services and introduce components from different partners, such as intelligent analysis, to quickly solve cases and establish a new intelligent policing process. This approach enables intelligent infrastructure, efficient and collaborative government services, visualised city operations, and coordinated city emergency response. Through resource convergence, traditional siloed management transforms into integrated governance, and reactive city response transforms into active management.
In light of AI’s clear power to bring benefits to organisations across the world, in recent years global technology leaders like the US, China, the UK, and Germany have recognised the importance of AI and incorporated it into their national plans. Many countries are now racing to launch AI strategies so that they can lead the growth of this powerful industry. Countries in the Middle East should also prioritise the development of a national AI strategy. Many already are – the UAE appointed the world’s first Minister of Artificial Intelligence and launched the UAE Artificial Intelligence Strategy 2031. AI technology is central to the success of many components of Saudi Vision 2030. At Huawei’s flagship event, Huawei Connect, which took place in Shanghai on 10th October, we have unveiled a new AI Strategy and Full-Stack Portfolio. Following that, at this year’s GITEX Technology Week we have also launched and showcased an allscenario AI solutions portfolio, a first in the Middle East. Huawei is convinced of the value of building a digital ecosystem in the public safety industry, and we will continue to invest in industry-enabling platforms with our partners to drive
AI technology is bringing about major changes in the way businesses develop. It has also had a social impact, delivering public goods like precision medicine, environmental sustainability, and education.
www.tahawultech.com
Charles Yang, President, Huawei Middle East
the digital transformation of the sector. Currently we work with over 20 partners and have brought AI solutions to many of our end customers. In order to keep building the AI ecosystem, in July 2018 we launched the artificial intelligence engineering certification, which offers fundamental knowledge of AI and provides industry-specific applications. We do this out of our commitment to bring digital to every person, home and organisation for a fully connected, intelligent world. In the new era, safety will be as fundamental as air and water, protecting citizens in every city, supporting the old and weak, and bringing peace and prosperity to all. We aim to support the region’s longterm economic and development goals, and integral to this is the development new public safety solutions. We are working with global industry leaders in the security field to create new endto-end public safety solutions driven by AI and new ICT innovations, to create a safer Middle East. 11.2018
15
INTERVIEW
THE SECURITY SPECIALIST Bulwark Technologies managing director Jose Thomas Menacherry shares insights into the driving force behind the fast-growing security business in the region.
16 11.2018
www.tahawultech.com
INTERVIEW
H
ow important is security’s role in helping regional organisations succeed in their digital transformation journeys? How can Bulwark support companies in such endeavours? We need to build security into everything we do to ensure that business’ transformation to digital is a success. The key areas of focus would be embedding security as part of the development lifecycle, the technology architecture and appropriate monitoring through threat intelligence. Differentiation, speed of response and customer-centric approach to solution selling enables us to support organisations to undertake such transitions. Bulwark has solutions to ensure end to end security to protect data in all forms – whether it is in storage or transit – with proper expertise. What are the trends and technologies impacting today’s regional security landscape? Increasing cloud adoption, artificial intelligence, mobility and IoT technologies among those driving growth in the security industry. The region has also witnessed an increase in cyber-attacks, such as ransomware and data breaches. This then fuels the increasing demands in security solutions, which translates to a bigger and fast-growing security business in the region. We have been also seeing the security concerns in SMB sector and lot of requirements for the security solutions come from this sector as well. What are the challenges in the security distribution space and how is Bulwark addressing them? As a specialised cybersecurity valueadded distributor, Bulwark also face challenges with respect to the current market conditions. However, we managed to overcome the impact from such challenges by adopting adequate measures with a systematic and www.tahawultech.com
We will continue to expand in the region, adding more strategic partners. We have been regularly scanning the technology space for the latest products that can help address the most prevalent threats today.
time-bound approach. The solutions portfolio we offer provide a unique value proposition to our partners and customers in the region. With our constant endeavour on customer service and ROI, we have been able to effectively demonstrate a pragmatic approach that clients need to adopt while choosing the right solutions to strengthen the cyber security postures of their organisations. We are very much focused on our product portfolio and offerings to partners and customers in the region. This would enable in the optimum utilisation of skills and resources within the organisation and deliver world-class and customer centric approach to serve our partners and customers in the region. What is Bulwark’s strategy when it comes to onboarding new vendors? We will continue to expand in the region, adding more strategic partners. We have been regularly scanning the technology space for the latest products that can help address the most prevalent threats today. In terms of growth, we have strengthened our team with onsite presence in some of the countries like Oman, Kuwait and Saudi Arabia among others. In the recent past, we have made some major partnerships with security vendors - Mimecast, Radware and 42Gears and have demonstrated their ‘Best in
Class’ products and solutions at GITEX 2018. We plan to announce new vendor partnerships in the coming months. What are your priorities and objective for the business in 2019? What technologies will you be focusing on going forward? It is our constant endeavour to support our channel community to achieve the desired levels of success by positioning our solutions portfolio with proper expertise to customers in the region. To achieve that, we regularly interact with our partners, arrange sales and technical enablement programmes with proper training and partner certifications. We conduct roadshows, events and participate in relevant trade shows in the region, thus, engaging with partners and their customers. By doing this, we aim to help the channel partners identify and position the right solutions needed by customers to address their security concerns. Our primary focus in the coming year will be security for cloud, mobility and IoT. We seek solutions that leverage advance technologies based on artificial intelligence and machine learning. We also plan to further enhance our training programmes to empower customers and security professionals attain the right expertise to address the challenges in the regional cybersecurity landscape. 11.2018
17
INSIGHT
SECURING THE ROAD TO A MULTI-CLOUD ENVIRONMENT By Mike Bushong, vice president, enterprise and cloud marketing, Juniper Networks
T
he two trends with the most momentum in IT have to be cloud and security. And interestingly, the one makes the other
more difficult. When it comes to security, there are a few things to consider. Certainly, the days when strong perimeter security was enough are long gone. But how do companies provide any perimeter security when cloud and multi-cloud mean that the perimeter of the infrastructure is somewhat (and literally) nebulous and potentially changing? And how should companies reconcile a drop in control and visibility as workloads move offpremises? Finally, and perhaps most importantly, don’t cloud and multi-cloud represent an expanded attack surface at a time when managing the existing security umbrella is already difficult? Yes, security is challenging. But there are things that enterprise IT should be 18
11.2018
considering as they embark on the multicloud path. Perimeter security might not be enough, but it still matters There is no question that the drawbridgemoat style of securing infrastructure is ageing. But it is also true that there must still be some perimeter security in place. In the classic data centre sense, this is why network teams deploy network security in the form of firewalls with nextgen capabilities. This same model has a place in the cloud. As teams deploy pools of resources, it is critical to front-end them with a secure www.tahawultech.com
INSIGHT
gateway. A virtual private cloud (VPC) should operate with many of the same security best practices as a physical data centre. And that means deploying a capable security device—albeit a virtual one—in that gateway role. Of course, in addition to providing next-gen firewall capabilities, this virtual device is also a key element in ensuring that all traffic between data centres and clouds is encrypted. Microsegmentation has a place outside of the data centre Most security-minded people are familiar with the emergence of microsegmentation as a means of beefing up security. But segmentation is more than a data centre imperative. In a multi-cloud world, the definition of east-west traffic expands to cover off any traffic between workloads anywhere in the enterprise. For example, microbursting—using public cloud resources to temporarily boost application capacity—means that workloads might drive traffic dynamically between the private data centre and one or more public clouds. The security requirement does not drop as the traffic leaves the data centre. And that means that tools like microsegmentation must extend beyond the data centre into the public cloud. In fact, as edge computing continues its rapid adoption, companies will find that workloads will run at the network edge as well. Movements like IoT, for example, will favor distributed clouds in some instances, meaning microsegmentation solutions will not even be confined to the (private and public) data centre realm. Indeed, remote sites (both campus and branch) will also need to be folded into the multi-cloud security mix. From bare metal servers to containers Security policies will also need to be more granular. It’s not enough to enforce at aggregation points like the data centre edge, the VPC gateway, or the access port www.tahawultech.com
Organisations now recognise that the ability to integrate disparate security technologies is the main challenge to achieving an effective security automation architecture.
on a top-of-rack switch. As workloads diversify, enterprises will need to have a means of securing everything from bare metal servers to virtual machines to containers, across both private and public environments. Minimally, this places additional requirements on security architectures. But it also forces an enterprise-wide rationalisation of security capabilities. In this case, the diversity of a multi-cloud environment represents an increasingly complex distributed security problem. Diversity is the enemy Security environments are more complex and cybercriminals are more determined than ever, yet organisations are utilising security solutions built on standalone security tools, resulting in vendor sprawl and ineffective security strategies. Organisations now recognise that the ability to integrate disparate security technologies is the main challenge to achieving an effective security automation architecture. According to a recent study conducted with Ponemon Institute, 59 percent of respondents believe that their organisation needs to streamline its number of vendors. But what happens when the operational load exceeds an enterprise’s capacity? During booming economic times, the problem is already present. If the economy slows down or retracts, enterprises that have not explicitly designed for operational efficiency will find themselves facing a difficult decision: keep a security measure in place or meet OPEX targets.
Enterprises should be looking, wherever possible, to a common means of administering security over diverse environments. The push for multicloud has brought with it a movement towards multi-cloud management platforms. These platforms represent a common means of specifying and ultimately enforcing security policy, allowing enterprises to rise above cloud-specific solutions. This has the added advantage of unifying security policy over a diverse set of resources. Regardless of where the resource is, the security requirement ought to be the same. Using a common management approach to ensure that is the case will ultimately bring both stronger security and operational advantage. Not everything starts with multi-cloud It is certain that most enterprises will begin their path to multi-cloud with a lightweight move to a single cloud. If, in that initial planning, security is either bolted on or designed with a single cloud in mind, enterprises will find themselves in a difficult position when it is time to scale. But perhaps most importantly, enterprises need to consider the operational aspects of security early on. While it can be straightforward to deploy incremental tools and solutions in support of new challenges, operations tends to maneuver like a large ship at sea. It’s better to survey the horizon for looming obstacles than be caught needing to adjust quickly. 11.2018
19
FEATURE
‘LOGIC LOCKING’ Professor Ozgur Sinanoglu and his team at the Design for Excellence Lab at NYU Abu Dhabi have devised a system that improves the security and reliability of microchips. Find out how the new innovation can fend off copycats looking to make counterfeits.
20
11.2018
FEATURE
T
he theft of intellectual property can take many forms, ranging from the production of fake Adidas sports gear in sweatshop factories to the crafting of imitation – and often very convincing – Apple iPhones. Whether it is stealing the cache of a clothing brand or copying a premium electronic product created through multi-million dollar investments in research and development, the costs to genuine producers can be high. Beyond the counterfeiting of household-name products, IP theft can also involve the reverse engineering of sophisticated components, such as microchips, that are found within electronic devices. Yet just as pirates, armed with microscopes and sophisticated imaging technology, are able to deploy complex and painstaking methods to copy such www.tahawultech.com
FEATURE
components down to the finest details, so researchers are developing new ways of keeping these criminals at bay. The UAE has become a key location for such efforts to defeat the cyber pirates through centres such as the Design for Excellence Lab at New York
University Abu Dhabi, where scientists are focused on improving the security and reliability of microchips. Professor Ozgur Sinanoglu, a professor of electrical and computer engineering at NYU Abu Dhabi, is director of the laboratory, where an important strand of the research involves creating types of microchip that are much harder to copy. Not only is the “unhackable” chip developed Sinanoglu and his coresearchers aimed at tripping up copycats looking to make counterfeits. It could also be developed into a form that would help to improve the cybersecurity of the actual devices in which the chip is used. That means everything from largescale systems such as power grids, public transport networks, satellites and aviation services through to smartphones and connected devices in the home, which can range from thermostats to televisions, could ultimately benefit from the research. Reverse-engineering a microchip is not the work of a moment, as an integrated circuit is made up of countless connections that the copy must duplicate if it is to function properly. However, fraudsters are able to make such copies by using chemicals to open up the chip’s layers before photographs are taken.
Today chip designers are concerned because of fabrication by third-party chip foundries. That could be in some remote location. When people send their hardware design to these foundries, they’re concerned their intellectual property may be pirated by the potentially untrusted foundry.
www.tahawultech.com
Professor Ozgur Sinanoglu (Courtesy of NYU Abu Dhabi) “Today chip designers are concerned because of fabrication by third-party chip foundries. That could be in some remote location,” said Sinanoglu. “When people send their hardware design to these foundries, they’re concerned their intellectual property may be pirated by the potentially untrusted foundry. “The other concern is the untrusted end users. It’s been shown that people can take the chip from the product. They open up the chip layer by layer and take detailed images and reconstruct the design from silica. It’s another form of reverse engineering.” Sinanoglu’s research has centred on incorporating an element into the function of the chips that cannot be easily copied, as this can prevent piracy by both end users, who do not have the design blueprints for the chip, and foundries, which are given the detailed design. This security element, known as a secret key, consists of a sequence of 0s and 1s that must be loaded onto the memory of the chip to make it work. “If you fail to load this key, the chip will be producing garbage,” said Sinanoglu. 11.2018
21
FEATURE
“If you send a design to a fabrication foundry, the foundry will have the structural details. Logic locking aims to hide some part of the hardware functionality in the form of 0s and 1s.” Sinanoglu’s laboratory has demonstrated this visually by designing a chip that expects a key and having it fabricated at the Singapore site of GlobalFoundries, the semiconductor foundry owned by Mubadala, the Abu Dhabi government’s investment company. The chip is connected to a small LED display. If the key is loaded onto the chip, the device carries out the function required of it, which is to display several letters on the LED display. When an otherwise identical chip that has not had the key loaded onto it is used instead, it will not work and the letters will fail to show. Chips that require such a key are locked when they come out of a manufacturing facility, and without the key they will remain locked, meaning that only those who are authorised can use them. So any attempts to reverseengineer the chip or to fabricate it using the original design, but without authorisation, will in all likelihood fail. Because the technology is based around locking the chips, its use is known as logic locking or logic obfuscation. Sinanoglu has been researching logic locking for about seven years and one of his key collaborators currently is Dr Jeyavijayan Rajendran, an assistant professor in the Department of Electrical and Computer Engineering at Texas A&M University. Much of the funding for the work comes from the United States Department of Defence’s Defence Advanced Research Projects Agency (DARPA). “They’re interested in solutions that would protect against untrusted foundries because chips are no longer manufactured in the United States,” said Sinanoglu. “They don’t want the design details to be stolen, especially for defence 22
11.2018
If you send a design to a fabrication foundry, the foundry will have the structural details. Logic locking aims to hide some part of the hardware functionality in the form of 0s and 1s.
applications. We’ve been working with them to fully automate the technology and make it available to them.” Indeed the potential security vulnerabilities introduced by the internationalisation of design, manufacturing and testing, among other functions, is one of the central issues that logic locking is aimed at combating. While there are clear benefits to the use of logic locking technology, deploying it has potential drawbacks too: the cost of producing the chips increases, while their speed of operation decreases. In simulations, area, power and performance are affected by between about 1.5 percent and three percent. However, these simulations involve microchips that have what Sinanoglu describes as a “small design”. If industrial-scale microprocessors are manufactured, Sinanoglu estimates that the loss of power and the increase in cost would be less than one percent. Logic locking is not the only way of safeguarding microchips from predatory reverse engineers. Another method that Sinanoglu has worked on to prevent the copying of chips is the use of “camouflaged gates”, which are dummy electrical connections in a chip that end users cannot distinguish from functioning elements. Their use makes it difficult for end users to make a functioning copy of the microchip, as determining whether the contact points in a chip are real or not
is a slow process that only fraudsters who are well funded and who have high-level expertise could contemplate carrying out. Unlike logic locking, however, this method does not additionally secure the microchips against copying by the foundries where they are originally manufactured, because the design blueprints that foundries are provided with in order to carry out the manufacturing are enough to make a functioning copy. “In that sense, logic locking is more comprehensive. If you want to make it more complicated, you could use them as two layers of defence,” said Sinanoglu. “The foundry needs to cooperate for camouflaged gates, but they wouldn’t know the key for logic locking, so you can use the two together.” As it stands, logic locking has not been developed with the aim of securing devices against standard cybersecurity threats. However, Sinanoglu’s laboratory is working on a project that could use the technology this way. And the lab is also hoping that, ultimately, a commercial partner could become involved and start to produce logic locked microchips commercially. So, in years to come, technology developed in the UAE could be safeguarding the multi-million dollar investments of chip designers and manufacturers, and the devices that contain these chips. www.tahawultech.com
FEATURE
SECURITY AT THE EDGE By Daniel Bardsley
www.tahawultech.com
A
casino, a fishtank and a daring band of cyberhackers – it sounds like the starting point for an offbeat film, like a hi-tech modern-day remake of the classic Michael Caine criminal caper The Italian Job. Yet these three unlikely elements were brought together, not in fiction, but in real life in a bizarre tale recounted recently by the cybersecurity company Darktrace.
11.2018 23
FEATURE
As the business and technology press reported, Darktrace said that it was involved in a situation in late 2017 where hackers sneaked their way into a casino’s network via the thermometer of an aquarium in the reception area. “The attackers used [the fishtank thermometer] to get a foothold in the network,” Nicole Eagan, Darktrace’s coCEO, told media. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.” While the incident sounds unusual, the concerns that it raises are mainstream: “edge” devices on the periphery of a network offer an entry point for criminals, typically through either vulnerability exploitation or privileged credentials attacks. And such edge devices are increasingly common. Indeed edge computing is often seen as the next big thing. IDC FutureScape has forecast that as soon as next year, the network edge and its surroundings
will be where 40 percent of data generated by IoT devices will be processed, analysed, actioned or stored. Edge computing is frequently associated with the Internet of Things (IoT) and, as the capability of devices grows, data is often processed on the periphery of a network, cutting the delays linked to sending it to the cloud to be dealt with there. It may be regarded as a partial replacement for the cloud, since data can be dealt with locally, but equally it may be considered as being complementary, given that the two often work in conjunction with one another. Either way, it is clear that cybersecurity concerns are being created. Everything from internetconnected ovens to staff laptops can create vulnerabilities, especially because, as is widely discussed, many IoT devices are imperfectly secured. Edge computing – and its vulnerabilities – encompasses the Industrial Internet of Things (IIoT), which is forecast to be creating trillions
Having devices at the edge opens up vulnerabilities because of ‘cheap microcontrollers.’ You cannot afford complex or sophisticated hardware. They cannot handle encryption, support peer-to-peer. In general the resources you have allocated are only enough for the functionality. - Shams Shapsough
24
11.2018
of dollars in value in less thana decade from now. IIoT covers a huge array of edge computing devices, from wind turbines to industrial controllers to databases, and can help with everything from predictive maintenance to safety. But all sorts of vulnerabilities may be being created. “If you can see some lamp posts, these are cyber-physical systems. Several years’ effort has gone into the design of the software – put the lights on and of, what happens if there’s a power cut,” says Dr Shamal Faily, a senior lecturer (academic) in systems security engineering at Bournemouth University in the United Kingdom. “You compare that to an IoT system – nowhere near the engineering. People are putting stuff out there a lot faster. If you put in technology where you haven’t made sense of the technology, [vulnerabilities will be created], any security person will tell you that.” Researchers at the American University of Sharjah (AUS) are among those looking at edge cybersecurity vulnerabilities, and their work has been making waves. A paper, “Securing Low-Resource Edge Devices for IoT Systems,” scooped an award when the scientists presented it at the International Symposium on Sensing and Instrumentation in IoT era in Shanghai in September. Shams Shapsough, a postgraduate student and co-author of the paper, says having devices at the edge opens up vulnerabilities because of “cheap microcontrollers”. “You cannot afford complex or sophisticated hardware. They cannot handle encryption, support peer-topeer. In general the resources you have allocated are only enough for the functionality,” he says. In their paper, Shapsough, Professor Fadi Aloul and Dr Imran Zualkeman looked at the security vulnerabilities www.tahawultech.com
FEATURE
of a number of microchip devices and operating systems. “We tried to analyse the effect of the hardware itself and if we could implement security measures to fortify the system as a whole,” says Shapsough. They considered the price of implementing security measures and ran dozens of experiments while making detailed observations of the power usage. They found that power demand did increase when additional security measures were used, but Shapsough says the use of encryption and other safeguards is costly, but possible. “They can be secured, but at a bit more cost,” says Shapsough. The processing of data locally, rather than sending it to the cloud, does open up additional cybersecurity vulnerabilities, albeit modest ones, according to Shapsough. “The problem is, you can infiltrate this device even if it’s not processing [the data]; you can make sense of it yourself,” he says. “In general, it’s a bit more difficult to hack into cloud sensors: they’re secure, they’re well paid for. It’s giving a short cut. It’s an additional issue [having data processed locally], but it’s not the exactly the main one. You still have the vulnerability from the edge being the edge.” Many of the issues linked to edge security come under the umbrella of shadow IT – devices installed without the green light from the central IT department. As Morey Haber, chief technology officer for BeyondTrust, a US-based cybersecurity company that offers a privileged access management platform, says, many such shadow IT systems will be highly vulnerable. As an example he cites a camera system that a small business might install. The passwords may only be half a dozen characters long and the www.tahawultech.com
Any business sees a need for a good, affordable camera system and it’s a perfect example of a technology that’s inexpensive, works well, but completely insecure. I would say never put an IoT device on the edge or any of these other systems. Keep them in a separate network, and use remote tools or VPN tool or authorised access. - Morey Haber, BeyondTrust
data might go through a cloud server in China. “Any business sees a need for a good, affordable camera system and it’s a perfect example of a technology that’s inexpensive, works well, but completely insecure,” he says. “I would say never put an IoT device on the edge or any of these other systems. Keep them in a separate network, and use remote tools or VPN tool or authorised access.” When selecting devices, Haber advises purchasers to check how often security patches are released. If they are rarely or never issued, it is likely to indicate a vulnerable system. Enquiries should also be made regarding when end of life is expected. “The least thing you expect is maybe six months. Or is it already at end of life and the manufacturer will not provide any updates or security patches?” he says.
A number of security measures need to be considered to protect devices and to ensure that, if an attack takes place, its consequences are kept to a minimum. Many of BeyondTrust’s clients are, he says, in the financial sector, healthcare and manufacturing, as well as other industries with a big presence in the Middle East. “The oil and gas industry is a perfect example of industrial IoT. They’re using it to eliminate admin rights. Even if there’s a compromise, the lateral movement or threat vectors don’t have the privileges to get to data or disrupt operations. “BeyondTrust in the Middle East for large oil and gas [clients] is eliminating admin rights for user access to prevent any type of privileged access to systems or edge devices that could be used in a privileged attack.” 11.2018
25
FEATURE
BANKING ON SECURITY With the increasing number and frequency of sophisticated attacks on the banking sector in the region, the need to develop a comprehensive cybersecurity programme is now more pertinent than ever, Daniel Bardsley reports.
26 11.2018
www.tahawultech.com
FEATURE
F
ew organisations are more inviting targets for cyberattackers than banks. It is unsurprising, therefore, that news reports are full of cases of banks from all over the world that have fallen victim. Just recently, for example, a North Korean hacking group, APT38, was identified by a cybersecurity organisation as being responsible for incidents that had defrauded banks of vast sums of money. Banks in the UAE and elsewhere in the GCC are not immune to the dangers, having been attacked in various ways and on multiple occasions. A 2016 report, Top 5 Cybercrime Attacks and Trends on GCC Banks, published by the International Quality and Productivity Center (IQPC), indicated how wide the range of threats that the region’s banks face is. There is data theft, such as the “Hacker Buba” November 2015 incident in which hundreds of customers’ data was stolen from a Sharjah bank. Another data theft attack on banks, this one a few years earlier and affecting institutions in the UAE and Oman, resulted in tens of millions of money being taken from cashpoints outside the UAE after prepaid debit card details were stolen. Banks in the region also face Distributed Denial of Service (DDoS) attacks, such as when, at the end of June 2015, several UAE banks saw their operations disabled because of efforts by the group Anonymous. The report by IQPC, which has run the Cyber Security in Banking conferences in Dubai, also highlighted the problem of ransomware attacks. Both banks and customers are at risk, and the report said that an extraordinary $1.36 billion was lost by UAE bank customers in 2015 due to these types of incidents. Often coming from well organised cyber-criminal gangs, the threats www.tahawultech.com
If you look at a lot of the things that have been going on recently, quite often it’s not hackers, it’s an inside job. It’s people bribing bank employees for account details and that sort of thing. A lot of these people are vulnerable to social attack. - David Birch, Consult Hyperion
appear to be intensifying. According to an early 2018 estimate from John Drzik, president of Global Risk and Digital at the insurance broking and risk management company Marsh, annual worldwide cybercrime losses – from attacks on banks, other institutions and individuals – are estimated to total $1 trillion. Figures recently reported by the media indicate that, in the first six months of this year, $658.04 million (£503.40 million) was stolen from customers of British banks alone. Fraudsters used a variety of ways to get hold of other people’s money, including coming up with scams that made them pay for goods and services that never existed or did not arrive. Such scams are a type of authorised push payment (APP) fraud, which lost consumers and businesses a total of £145.4 million, only about one fifth of which banks and other financial providers were able to return to consumers. Other types of non-authorised fraud, such as theft after the takeover of an account, were responsible for the remainder of the half billion pounds or so stolen.
David Birch, a commentator on digital financial services and a founder of Consult Hyperion, a digital transactions consultancy, says there are “all sorts of risk” facing banks. “The risk of credit-card fraud is different from the risk of small business bank account takeover, which is different from payment misdirection,” he says. Breaches are not the result only of technology. As is so often the case with cybersecurity vulnerabilities, the human factor is also of key importance. “If you look at a lot of the things that have been going on recently, quite often it’s not hackers, it’s an inside job,” says Birch. “It’s people bribing bank employees for account details and that sort of thing. A lot of these people are vulnerable to social attack.” As more people carry out banking transactions using mobile phones, new cybersecurity risks are opened up, such as those that come from the use of mobile banking trojans. These are a form of malware, typically an app, used to steal money from users’ accounts. As the cybersecurity company Kaspersky Lab has previously 11.2018
27
FEATURE
described, people are lured into installing these apps because they are disguised to appear to be legitimate. “Once the banking app is launched, the trojan displays its own interface overlaying the banking app’s interface. When the user inputs credentials, the malware steals the information,” Kaspersky Lab says. According to figures reported by Kaspersky Lab, there was a significant increase in the number of installations of mobile banking trojans in the second quarter of this year, with the figure reaching more than 61,000, a statistic that represented “a massive influx”. This number is certainly a cause for worry: in the first quarter of this year, the total was less than 20,000, while over the past three years the quarterly figure has never before exceeded 30,000. When the numbers were published in August this year, Victor Chebyshev, a cybersecurity specialist at Kaspersky Lab, said in a statement that the growth showed that “cybercriminals are constantly creating new modifications to their malicious software to make
it more sophisticated and discreet for cybersecurity vendors to detect”. “Users and the industry should be extremely cautious and vigilant in the coming months as the trend continues to grow,” he says. Yet while new vulnerabilities are created, Birch thinks that, overall, the growing popularity of mobile banking is a good thing in cybersecurity terms, at least “when it’s managed properly”. “It’s a much more secure mechanism than the traditional things – phoning up or walking into a shop for a debit card,” he says. “There’s a lot of new technology around. They can tell whether it’s a different SIM; is it doing what you normally do; are you in a different place. These are really big positives. There’s a lot of work going on about passive biometrics; I’m quite bullish about the possibilities.” The way the keys are being tapped can indicate whether the legitimate user is in charge of a device or not. “You have the first steps in machine learning that looks for unusual patterns or behaviour, then it moves to full AI
Cybercriminals are constantly creating new modifications to their malicious software to make it more sophisticated and discreet for cybersecurity vendors to detect. Users and the industry should be extremely cautious and vigilant in the coming months as the trend continues to grow. - Victor Chebyshev, Kaspersky Lab
28
11.2018
How consumers and businesses can reduce their chances of falling victim to Mobile Banking Trojans (adapted from information from Kaspersky Lab): • never click on links on spam emails • ideally, only install applications from the official app store or, if not, then other trusted sources • unscrupulous apps can sometimes be identified by the permissions that they request. If there are permissions requested that are unrelated to the app’s task (such as asking to access calls and messages), caution is advised • ensure the device has an up-todate anti-malware software; free versions are available • do not carry out the rooting procedure for the device that will give limitless capabilities to cybercriminals
[artificial intelligence], which holds out the greatest hope,” says Birch. “The ability to spot unusual patterns is fantastic and by itself makes a vast different in what people can or cannot get away with.” One reason why Birch sees the increased use of machine learning and AI as such a significant development when it comes to bank cybersecurity is the asymmetry in terms of who has the data: the banks have such a lot, and the criminals not as much. This, he says, is the banks’ “trump card in the future against fraudsters”. “The sheer volume means your AI will be better than other people’s data. These fraudsters’ AI may be very good, but the banks have more data. What’s crucial to spotting patterns is the volume of data you can feed into it. Machine learning needs huge amounts of data. That’s a cause for optimism,” he says. www.tahawultech.com
11th December 2018
Renaissance Downtown Hotel, Dubai TahawulTech.com’s seventh edition of Hot 50 Awards is scheduled to take place on 11th December, 2018. Each year, the event inspires channel stakeholders to go above and beyond and truly optimise market opportunities to be considered as an esteemed Hot 50 brand. The exclusive event pays tribute to channel players who are resolute in their strategies to craft value and equally successful relationships for customers, partners and themselves.
#Hot50ME
www.tahawultech.com/hot50/2018/ For sponsorship enquiries Kausar Syed Group Sales Director kausar.syed@cpimediagroup.com +971 4 440 9130 / +971 50 758 6672
Youssef Hariz Business Development Manager youssef.Hariz@cpimediagroup.com +971 4 440 9111 / +971 56 665 8683
Sabita Miranda Senior Sales Manager sabita.miranda@cpimediagroup.com +971 4 440 9128 / +971 50 778 2771
STRATEGIC VAD PARTNER
EVENT PARTNERS
HOSTED BY
OFFICIAL PUBLICATION
ORGANISER
Nasir Bazaz Sales Manager nasir.bazaz@cpimediagroup.com +971 4 440 9147 / +971 50 101 2027
INSIGHT
THE BATTLE FOR BUSINESS BUY-IN By Maxim Frolov, Vice President of Global Sales at Kaspersky Lab
30 11.2018
www.tahawultech.com
INSIGHT
P
roving ROI in IT security has traditionally been a struggle for IT professionals, who need to balance budget limitations while constantly fighting to stay ahead of the dynamic threat landscape. However, businesses are now starting to treat IT security as an investment, rather than simply a cost-center – according to a recent Kaspersky Lab report. Despite this trend, justifying IT security spend can still be a challenge. Below are three key points that highlight why it’s so important for businesses to keep their cybersecurity updated, both in terms of budgets and approach. Costly cybersecurity incidents are affecting current and future business operations Businesses of all sizes and industries are realising that they have to prioritise cybersecurity spend. Enterprises are now spending almost a third of their IT budget ($8.9M) on cybersecurity and budgets are expected to rise over the next three years across all segments. Both SMBs and Enterprises predict they will spend up to 15 percent more on cybersecurity over this period. Why? Because the consequences of a cybersecurity incident can spread far and wide. WannaCry stopped the production lines of five Renault factories, while exPetr disrupted business operations at Maersk, the world’s largest container ship and supply company, resulting in losses of between $200 and $300 million. Along with undermining current business operations, cyberthreats are also impacting future-focused initiatives. Digital transformation and business mobility require organisations to operate a growing IT infrastructure, meaning they often lack visibility into their hybrid clouds. Consequently, data is being put at risk of compromise or even encryption. The Zepto ransomware, which was spread via cloud storage apps, provides a prime example of this threat in action. Moreover, the costs of dealing with the consequences of a cybersecurity threat www.tahawultech.com
are on the rise – due to factors such as having to hire external consultants, acquire new software, deal with PR risks and litigations, etc. With costs rising and crucial business operations being put at risk, it’s no surprise that top management is now getting involved in the cybersecurity provisioning debate. But it’s not just their own infrastructure that they have to be thinking about. Even if your corporate perimeter is protected, you cannot be so sure about your suppliers It’s important to understand that a breach can happen even if the business’s own corporate network has the necessary level of protection — through supply chain attacks or breaches as a result of vulnerabilities in third-party legitimate software. We saw the groundbreaking breach of American retailer Target, when criminals gained access to the company’s network credentials through its ventilation and air conditioning vendor. This was followed by the Equifax breach, which was hacked through a vulnerability in legitimate open source software. The hackers gained access to databases, stealing 145.5 million accounts with crucial client data such as names, social security numbers, dates of birth, addresses and even credit card numbers. For enterprises, data protection remains a critical issue even if a threat is somewhere outside the corporate perimeter: data breaches resulting from incidents affecting suppliers businesses share data with cost them up to $1.16 million, on average. And, with data being stored in multiple locations, cybersecurity becomes a significant challenge. Business data must be protected, wherever it is It’s no secret that cloud services offer many benefits to businesses, from taking advantage of a more efficient mobile workforce, to reducing infrastructure costs and optimising
business operations. As such, 73 percent of SMBs use at least one SaaS hosted business application, while 45 percent of enterprises have either already raised or are planning to grow their use of hybrid cloud in the next 12 months. However, as businesses move more and more data to the cloud, they often end up losing visibility of their data exposure. Data ‘on the go’ that is actually stored outside of the corporate data center — e.g. in 3rd party IT infrastructure — is presenting businesses with new security issues and new costs. The most expensive incidents over the past year were related to cloud environments and data protection issues. For example, for SMBs, two-thirds of the most expensive cybersecurity incidents are related to the cloud and 3rd party hosted IT infrastructure failures result in an average $179,000 loss. That’s why it is so important to consider a dedicated level of cybersecurity when moving workloads to cloud platforms. These three insights can help explain why cybersecurity should be prioritised across companies in any industry – it is a prevalent issue for companies of any size, because virtually every company today deals with third-party contractors, cloud infrastructure and a growing amount of sensitive business data. Therefore, to achieve an advanced level of cybersecurity, businesses must implement cybersecurity as one of the core functions across their IT infrastructure. A set of appropriate cybersecurity solutions can then be deployed, enabling the adaptive and manageable protection of workloads across physical and virtual machines, containers and public cloud. It’s critical to achieve seamless administration and visibility across a hybrid cloud infrastructure. And last but not least, businesses have to realise their responsibility for data and workloads that are stored in cloud applications and platforms. A false sense of safety and relying on providers to ensure security can be extremely costly – your data is your responsibility. 11.2018
31
INTERVIEW
THWARTING THREATS US-based firm SAI Global executive Paul Johns discusses why the UAE is such an attractive nation when it comes to cyber-attacks.
T
he UAE is the second most frequently cyberattacked country after the United States, according to a leading integrated risk management firm in Dubai. SAI Global, a Chicago-based firm, which recently opened its full-fledged offices in the region, says most of the attacks target the UAE are due to the high net worth individuals and corporate firms in the country. Paul Johns, chief marketing officer at SAI Global, says a vibrant technology presence in the region, coupled with a strong regulatory environment, is driving the momentum forward. SAI Global, which recently enhanced its global presence especially in Europe, Middle East, and Africa (EMEA), has been working among its growing clientele across the region, in enhancing their abilities to manage risks, especially the growing threat of cyber-attacks. “Cyber risk continues to be the number one threat in the region, especially in the UAE,” says Johns. “The reason why hackers have been targeting UAE based individuals and companies is because of the wealth concentrated in the region. They know 32
11.2018
there is a lot of money here and so want to target this market more vigorously,” he says, adding that UAE is the second most attractive country after the United States when it comes to cyber-attacks. In September this year, SAI Global has introduced its Integrated Risk
The reason why hackers have been targeting UAE based individuals and companies is because of the wealth concentrated in the region. They know there is a lot of money here and so want to target this market more vigorously.
Management (IRM) software SAI360, a suite of solutions that enables organisations to confidently address the proliferation of emerging disruptive threats as well as numerous regulatory requirements. It enables clients to connect SAI Global’s risk and compliance capabilities in a more integrated, adaptable, and user-friendly way. Talking of compliance and regulations Johns says, the UAE can be rated as one of the leaders in compliance and has a very advanced regulatory environment. “For me, regulatory environment is a key driver. UAE is very strong when it comes to regulations. It has been adopting the best practices from various markets like Singapore and the US. The region as a whole is very serious about regulation. Here, we see that technology is being adopted to help customers understand regulatory issues and risks,” he says. According to him, SAI Global has been working with various firms through its eLearning offering in GDPR, even as customers look to navigate the challenges faced by the data privacy regulation. “Today we are working with some marquee names such as Agility, SABIC, NAS in Kuwait and CBD in the UAE among others. www.tahawultech.com
AGC'S DIGITAL TRANSFORMATION SOLUTIONS AND APPLICATIONS Harnessing emerging tech to enable true transformation:
ACCELERATING YOUR
DIGITAL JOURNEY #AGCDigital
Customer Experience Contact Centers, Omni Channels, Self-Service, Voice Biometrics
AGC Networks understands the digital wave and can help plan your digital transformation strategy
Customer Journey Interaction Analytics
Customer Engagement & Loyalty CX Measurement , NPS Analytics, Customer Effort Score
Automation RPA, Desktop Automation, Chat and Speech Bots
Gamification E- learning, Contact Centers
/AGC.Networks.Limited /AGCNetworksLTD /company/agc-networks
About AGC Networks AGC Networks (AGC) is a Global Solution Provider representing the world’s best brands in Unified Communications, Data Center and Edge IT, Cyber Security (CYBER-i) and Digital Transformation & Applications to evolve the customer’s digital landscape. AGC’s ability to tailor solutions is strengthened by seamless services. For more details visit www.agcnetworks.com
info@agcnetworks.com | www.agcnetworks.com
INSIGHT
SECURING THE NEW PERIMETER By Morey Haber, chief technology officer, BeyondTrust
F
or all of information technology’s benefits, most organisations are well acquainted with the by-product of rapid IT advances and expansion increased cybersecurity risk. Indeed, growing cybersecurity concerns correlate directly with your organisation’s expanding digital universe and the number of people given some level of authority to operate within it. A swiftly expanding digital perimeter— both physical and logical—inevitably makes organisations more vulnerable to the so-called cyberattack chain, 34
11.2018
regardless of how far the perimeter has extended. The attack process starts with a successful perimeter breach or insider malfeasance, followed by the theft of “privileged” user credentials through either poor privilege security management or exploitation of a vulnerability. With privileged user IDs and passwords in hand, an attacker can then move laterally throughout an organisation, seeking its most valuable digital resources. As the IT perimeter continues to evolve, threats and risks become increasingly difficult for IT and security teams to manage as they try to connect
the dots between privileged accounts, vulnerabilities, exploits, and successful data and system breaches. However, not all of these breaches involve cyberthieves or other outsiders stealing and then exploiting privileged credentials. In many cases, privileged users cause problems on their own, usually inadvertently through poor security practices but sometimes malevolently. Whether intentional or accidental, privilege-related breaches can bring devastating consequences. The expanding IT perimeter The adoption of mobile devices and www.tahawultech.com
INSIGHT
cloud computing dramatically expanded the digital footprint of companies. The more recent emergence of Internet of Things (IoT) devices is accelerating this expansion, and the spread of new processes and technologies, from DevOps to artificial intelligence, is adding ever more complexity across the digital landscape. This emergence of next-generation technologies (NGTs) makes it hard for IT and security teams to keep up. According to our 2018 study of NGT trends and issues, 78 percent of the participating IT professionals said security was a challenge associated with NGT adoption. What was more revealing was that the cause of 85 percent of all NGT-related breaches involved privileged access—either authorised users unintentionally or intentionally doing inappropriate things or outsiders gaining privileged access to steal credentials. Further complicating matters, an organisation’s connected community now extends well beyond employees to include vendors, contractors, cloud services providers, and others who have various levels of authority to access digital resources. Adopting a privilege-centric approach There’s no turning back the clock when it comes to our expanding and increasingly complex digital footprint. It’s time for organisations to get serious about placing their privileged accounts under tight control, regardless of their digital presence. Organisations need a comprehensive approach to privileged access management (PAM) that encompasses not just the full community of credentialed users but also the many technologies and systems—existing and emerging—that they can access. As with almost any other cybersecurity solution, the first step to a successful PAM deployment is to perform a comprehensive inventory www.tahawultech.com
The more recent emergence of Internet of Things (IoT) devices is accelerating this expansion, and the spread of new processes and technologies, from DevOps to artificial intelligence, is adding ever more complexity
of your organisation’s digital assets, processes, and—in this case—privileged accounts. Only after completing this initial discovery process can you perform a detailed risk analysis that identifies the most valuable or most sensitive data and systems, along with the most likely threats to their security. Another major element of a successful PAM strategy is controlling user and application access rights as securely as possible. Often that means rescinding existing privileged credentials if a user’s or application’s need to access sensitive resources should be limited. By enforcing least privilege and appropriate credential usage and providing the lowest level of actual privileges needed to perform a task, some PAM solutions can help control mushrooming numbers of privileged accounts. PAM solutions can also block access on the fly, by inspecting scripts; verifying commands; and, in some cases, performing dynamic vulnerability management. The goal is to reduce
an asset’s risk, whether targeted via a privileged attack vector or through a vulnerability and exploit combination. With 80 percent of attacks traced to privileged credentials, deploying a comprehensive PAM solution is among the most effective ways to greatly reduce the risk of cyber breaches, regardless of the attack vector. Lastly, organisations need to take a risk-based approach to planning, prioritising, and implementing PAM solutions. Organisations new to PAM may consider applying a PAM layer to their traditional business infrastructure and processes, or they may opt to prioritise deployment for the NGTs that pose the greatest risk. In either case, it’s crucial to select a PAM solution that provides the flexibility and capability to not only address current challenges but also grow and mature in step with evolving business needs. The answer – a sophisticated solution To provide these and other advanced PAM functions, organisations should consider a fully integrated and comprehensive PAM platform that provides one set of interfaces for password and session management, privilege management, vulnerability management. The solution should also be able to be deployed in any format: as software; as a virtual or physical appliance; or as a cloud service on Amazon Web Services, Microsoft Azure, or Google Cloud. By deploying multiple platform components as software or appliances, organisations can scale their solution to accommodate any environment by using a simple, role-based model for features, functions, and secure architecture. Such an extensible-platform approach can provide best-of-breed capabilities to protect privileges across traditional, emerging, and next-generation technologies. 11.2018
35
INTERVIEW
AT YOUR SERVICE Amit Roy, EVP and regional head, EMEA, Paladion, on how the solutions provider is committed to continue providing innovative services to safeguard the Middle East.
W
hat are the most prevalent threats surrounding the industry today? We see two big emerging cybersecurity threats right now. Firstly, with the continued digitalisation of the enterprise and cloud adoption, countless new vulnerability points have emerged in every organisation. Additionally, the increasing adoption of IoT will further accelerate this challenge. The second emerging threat that we see are criminals automating their attacks, which is allowing them to deploy much more sophisticated attacks to many more targets than ever before. This means even small and medium sized businesses are suffering big-ticket attacks previously reserved for larger enterprises. What kind of business value can MDR and SOC-as-a-service deliver? How have managed security services enhanced the way security teams function? First, let’s look at the business impact of a successful breach. Ponemon’s 2018 Cost of a Data Breach study found the average cost of a global data breach is now $3.86 million. If an MDR and SOCas-a-service prevents impact from just one successful breach, it has produced 36
11.2018
millions of dollars of bottom-line business value. MDR services augment internal teams, bringing them next-generation security technology (like AI in threat detection and Response) and advance skills such as threat hunters, data scientists, incident responders, and more, which most organisations cannot afford to develop or hire on their own. What should CISOs look for in an MDR provider? CISOs must perform due diligence to ensure the MDR provider they are looking to partner with is, in fact, an actual MDR provider. Many traditional MSSPs are now claiming to offer MDR services while continuing to offer the same conventional security services. Their services remain focused on defending perimeters (despite the fact organisational perimeters have dissolved) and preventing known attacks (even though most modern attacks are unknown before they strike). How have AI and machine learning technologies helped evolve incident detection and response processes? What are Paladion Networks’ offerings in this field? We launched the industry’s first AI-driven MDR programme earlier
this year during Gartner’s security summit. In addition, earlier this year we also launched the Middle East’s first AI-driven SOC—in Dubai— reinforcing our commitment to bring next-generation cybersecurity to the MEA region. AI and machine learning enables us to analyse the tremendous volume of data required in modern cybersecurity— whether organisational data or global threat data—while automating many security tasks, allowing us to detect and respond to threats in near-real-time. What can regional customers expect from Paladion in the next 12 months? We operate MDR Command Centres in every time zone and we recognise that the Middle East is a huge target due to its economic and political importance. This pushes us to strengthen our capabilities in delivering services and solutions needed to protect organisations in this market. Our commitment to this region is reflected by our most recent accolade, which is winning TahawulTech.com Future Security Awards’ ‘Best Managed Detection and Response Service Provider Award’ for our work in the Middle East. This further motivates us to adapt and evolve our offerings to address the growing needs of our customers. www.tahawultech.com
刀攀瀀漀最爀愀昀椀砀
夀漀甀爀 刀攀氀椀愀戀氀攀 倀爀椀渀琀椀渀最 倀愀爀琀渀攀爀
眀眀眀⸀爀攀瀀漀最爀愀昀椀砀搀甀戀愀椀⸀挀漀洀 猀愀氀攀猀䀀爀攀瀀漀最爀愀昀椀砀搀甀戀愀椀⸀挀漀洀 ⬀㤀㜀 㐀 ㈀㐀 㘀㐀㈀㌀ 䐀甀戀愀椀Ⰰ 唀䄀䔀
䠀椀最栀 䌀愀瀀愀挀椀琀礀 琀漀 瀀爀椀渀琀 洀漀爀攀 瀀愀最攀猀
䘀爀攀攀 搀攀氀椀瘀攀爀礀 昀漀爀 琀眀漀 漀爀 洀漀爀攀 挀愀爀琀爀椀搀最攀 愀渀礀眀栀攀爀攀 椀渀 琀栀攀 唀䄀䔀 匀椀洀椀氀愀爀 瀀愀最攀 礀椀攀氀搀 愀渀搀 瀀攀爀昀漀爀洀愀渀挀攀 琀漀 琀栀攀 伀䔀䴀 一攀砀琀 搀愀礀 搀攀氀椀瘀攀爀礀 ㈀㐀 洀漀渀琀栀猀 眀愀爀爀愀渀琀礀 漀渀 漀甀爀 吀漀渀攀爀 䌀愀爀琀爀椀搀最攀猀 䘀爀攀攀 瀀爀椀渀琀攀爀 猀攀爀瘀椀挀攀 䌀漀洀瀀愀琀椀戀氀攀猀 琀漀 䠀倀Ⰰ 䈀爀漀琀栀攀爀Ⰰ 匀愀洀猀甀渀最Ⰰ 䌀愀渀漀渀Ⰰ 堀攀爀漀砀Ⰰ 䬀漀渀椀挀愀 䴀椀渀漀氀琀愀Ⰰ 䬀礀漀挀攀爀愀Ⰰ 刀椀挀漀栀 攀琀挀⸀
䌀漀洀瀀愀琀椀戀氀攀 吀漀渀攀爀 䌀愀爀琀爀椀搀最攀 簀 倀爀椀渀琀攀爀 漀渀 䰀攀愀猀攀 䄀䴀䌀 簀 伀渀猀椀琀攀 匀甀瀀瀀漀爀琀 簀 伀䔀䴀 倀爀椀渀琀攀爀
INSIGHT
HOW TO SECURE THE BLOCKCHAIN ECOSYSTEM Blockchain is early in its development, and long-term investments may be risky, says Mark Horvath, research director, Gartner.
L
ike many emerging technologies enjoying a sudden increase in popularity, there are many myths and inflated expectations surrounding blockchain — all due to an incomplete understanding of the capabilities and vulnerabilities of these technologies. Blockchain technology certainly has a lot of promise. It has the potential to shape and disrupt many industries from banking to government, and overall digital business. But with that promise comes risk. Security and risk management (SRM) leaders must take a critical look not only at the possible benefits of blockchain, but also the threats. Consider using a multilayered model of blockchain security, so risks are clear at the business, technical and cryptographic levels. Public or private blockchain? As many organisations look to capitalise on the benefits of blockchain, SRM leaders must ensure that they involve themselves in the planning process. Their core responsibility will be to define, frame, recommend and implement security best practices to mitigate organisational risk. But with blockchain technology being relatively new in the enterprise, SRM leaders will need to extract these best practices from a variety of sources. 38
11.2018
Blockchain can be viewed as a protocol — and as such, must support an existing or needed business process in the same way that the HTTP protocol supports e-commerce. Ensuring blockchain makes sense for the business is the key priority. Enterprises should ensure the implementation of blockchain technology enhances or creates a new digital business initiative that otherwise could not be recognised. Once you decide that blockchain can help solve your business problem, you need to decide if you need a public blockchain where anyone can join, a private one in which only select members can participate or a hybrid model that combines features of both. Additionally, many blockchains operate within a business context that includes several other groups or organisations that form a consortium as the governance model. Plan how to recover if things go wrong Blockchain depends on networks, yours and others — and on client software. Both have long histories of compromises, security events and human error, so it makes sense to look at these layers and plan how to recover when things go wrong. A public blockchain may be more exposed, but similar problems can also turn up in a privately managed blockchain. Private keys can be managed both in
software and on smartcards, but both require a degree of maintenance and protection to keep the keys safe. This is in addition to the aforementioned network management issues. If a blockchain project involves physical goods, for example, money or freight, understanding how to translate blockchain or smart contract events into physical processes will be fundamental to your success. What’s secure today may not be tomorrow Plan for critical security events and evaluate your preparedness and incident response plans. One of the strengths of blockchain is that it uses established technologies to build common cryptographic properties like identity and integrity into a dynamically changing document. It’s well-known that hashing algorithms, which are considered safe today, may, in a few years, be deemed unsafe. SHA-1 is a good example of a widely used hashing algorithm that was weakened over time and replaced. Gartner expects a period of heavy consolidation of blockchain technologies and platforms. Prepare for turnovers in the technology and be ready for critical security events. This will enable you as SRM leaders to design resiliency at the heart of your security and risk approaches. www.tahawultech.com
THE REGION’S NUMBER ONE PROVIDER OF IT SOLUTIONS
DRIVE REAL BUSINESS RESULTS WITH OUR LATEST IT TECHNOLOGIES COGNITIVE SOLUTIONS
IOT
CLOUD
SECURITY
ANALYTICS
www.gbmme.com
On-demand Adaptation Layered Intelligence Collaboration Continuous Evolution
Software Defined Camera
For more information, please visit e.huawei.com/ae Leading New ICT, The Road to Digital Transformation Please contact us at enterpriseME@huawei.com to know more