Security Advisor Middle East | Issue 38

ISSUE 38 | MAY 2019

WWW.TAHAWULTECH.COM

CISO50 Awards WINNERS REVEALED

GDPR: ONE YEAR ON The business of cybersecurity

SMART CITY SURVEILLANCE

SECURITY VS PRIVACY

THE FUTURE OF CONNECTIVITY HUAWEI MIDDLE EAST PRESIDENT CHARLES YANG ON DELIVERING TRUE CYBERSECURITY IN THE AGE OF 5G

Get Everything SD-WAN Has To Offer

SD-WAN can deliver reduced WAN costs. But it can’t be at the expense of Security. Fortinet’s Secure SD-WAN solution provides full SD-WAN capabilities with all of the Next Generation Security features needed for today’s ever-changing threat landscape.

www.fortinet.com Copyright © 2019 Fortinet, Inc. All rights reserved.

CONTENTS FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015) Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 EDITORIAL Managing Editor Michael Jabri-Pickett mjp@cpimediagroup.com +971 4 440 9158 Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135

14

Contributing Editors James Dartnell james.dartnell@cpimediagroup.com +971 4 440 9153 Janees Reghelini janees.reghelini@cpimediagroup.com +971 4 440 9167 DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140 Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111 PRODUCTION Operations Manager Shweta Santosh shweta.santosh@cpimediagroup.com +971 4 440 9107 DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh Photographer Charls Thomas Maksym Poriechkin

17

10

THE FUTURE OF CONNECTIVITY

22

Huawei ME president on securing the 5G era

webmaster@cpimediagroup.com +971 4 440 9100 Published by

4

SMART CITY SURVEILLANCE

7

GDPR: ONE YEAR ON

Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Al Ghurair Printing and Publishing Regional partner of

© Copyright 2019 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.

How to keep the balance between security and privacy Reflecting on GDPR’s first anniversary

KNOWLEDGE 26 THE QUOTIENT

Mimecast’s Marc French explains why threat intelligence is the key to thwarting advanced threats.

33 A WEAPON OF MASS DISRUPTION

Industry experts discuss how organisations can steer clear of DDoS attacks.

38

42

THE BUSINESS OF SECURITY

Are cybersecurity firms as good as business investments?

GETTING VULNERABILITY

MANAGEMENT RIGHT

Why vulnerability management and response are more than just checking patches

FEATURE

THE SAFE CITY CONUNDRUM

AS THE SMART CITY RACE REVERBERATES AROUND THE WORLD, GOVERNMENTS ARE INCREASINGLY LOOKING AT IMPLEMENTING THE LATEST TECHNOLOGIES INCLUDING SMART VIDEO SURVEILLANCE AS A MEASURE TO ENSURE PUBLIC SAFETY. HOW CAN CITIES KEEP THE BALANCE BETWEEN SECURITY AND PRIVACY?

4

MAY 2019

www.tahawultech.com

Brought to you by

A

www.tahawultech.com

recent study by the United Nations noted that 68 percent of the global population might live in urban areas by 2050. Smart cities will likely be a part of this future, promising to make people’s lives more convenient, more sustainable and more secure. In this future, experts predict driverless cars, renewable energy powering infrastructures, smart buildings, digitally-enabled public systems and services, and, of course, video monitoring and surveillance. Today, video surveillance systems like Closed Circuit Television (CCTV) are extensively being deployed in a variety of settings, including public areas, public infrastructures, commercial buildings and even more so as we build up to the smart city vision. With the help of strategically placed cameras around a smart city, surveillance can be improved significantly. However, the pervasiveness of technologies around is also a cause for concern among citizens in terms of privacy. Top experts weigh in on how cities can strike a balance between security and privacy:

the main rights of any citizen. But as populations increase, governments face ever-evolving challenges that make creating a truly smart and safe city harder. Cities must progress by implementing innovative technologies to handle security issues and deploying smart video monitoring and analytics are among the key solutions they are looking into. Governments can keep the balance by implementing standardised safety and privacy protocols for its citizens. They need to uphold the people’s rights to privacy by devising policies that clearly state the parameters of surveillance and communicating this properly to the public. Here in the UAE, local regulative authorities such as SIRA and ADMCC are tasked with maintaining the standards of public area surveillance in terms of setting stringent rules as to where to place a camera and the types of video surveillance standards. The local regulators stipulate that citizens should have proper notifications about the monitoring levels in a public area, for example if the monitoring system records audio as well as videos. In addition, to properly address the privacy concerns of citizens, governing bodies should ensure that they educate the people and help them understand how such deployments will benefit them in the long-run.

Joseph John, general manager, Norden Communication: Security is one of the key responsibilities of every city – feeling safe is one of

Maher Yamout, senior security researcher, Kaspersky Lab: Getting ahead of the problem is crucial for governments to maintain a positive

MAY 2019

5

Brought to you by

FEATURE

relationship between providing their citizens with security and ensuring their privacy. If a security breach is discovered in a camera’s operating system or hackers discover a loophole, the government needs to ensure that their first plan of action is to protect their citizen’s privacy. To do this, government authorities need to ensure that public and private sector organisations are collaborating and are sharing threat data with one another. Only then can they gain a holistic view of the threat landscape and how to address these challenges. Smart and connected cities around the world have already started adopting this approach. It allows for an improved real-time video surveillance system which makes citizens feel safer. Governments should also be careful not to over-place video surveillance in private locales to ensure that they don’t violate privacy rights. An ideal step to take is assessing which areas within the cities should be marked as the critical entry/exit points (choke points) or locations of interest for surveillance.

Marwan Bin Dalmook, SVP, ICT Commercial & Business Development, du: The use of digital technologies in the formation of smart cities is pertinent to ensure an improved quality of life for

6

MAY 2019

the people who inhabit them. Mature technology solutions such as smart video surveillance play a vital role in facilitating safer city environments for citizens and residents. Furthermore, the smart cities of the future will feature a wide array of intelligent sensors. This means that networked surveillance systems will play a key role in monitoring the welfare of citizens and visitors in smart cities and making the city experience more interactive. With comprehensive and sophisticated video solutions, response times to incidents can be more immediate thanks to having an interoperable, core platform in place. Although the immediate benefit would be realised in the Security domain, these Smart City technology solutions will also facilitate other municipalities to plan ahead for future Smart City developmental considerations with secure data sharing. In general, data security is a superior objective, especially for unstructured video and audio data. Regionally, the UAE is taking the leadership role in this area relative to other aspiring Smart Cities with the publication of applicable data and security laws along with the oversight of regulatory compliance bodies such as SIRA. Ensuring public safety while maintaining data privacy of citizens and residents is a key objective for all countries investing in smart city programs. Addressing security and privacy concerns should be on top of the agenda in the development of smart cities, it is an area that will greatly contribute to accelerating the digital revolution of other domains and is critical in protecting the people’s well-being.

Nick Jheng, regional manager – Middle East, Synology: A surveillance system consists of several equipment and appliances, especially when we are talking about mass deployment on a city scale, more than cameras it also includes networking devices, storage devices, a handful of IoT devices, and many more instruments that operate on various protocols. Moreover, deep learning and facial recognition are also crucial features when we are considering a complete video management system (VMS). More than ensuring the security of surveillance devices, governments implementing smart city initiatives should also ensure that the storage solutions that they are using to host this data are also secure. It is essential to ensure data’s integrity is kept intact and its availability on top of security. Of course, this is only one of the many facets of smart surveillance. There are so much more questions and deployments need to be carefully considered in a smart city. No matter how complex the issues are, the integrity of the data, insight given by the data, and privacy protection built upon the data, should all be carefully thought through by not just solution providers but also everyone that is part of the ecosystem.

www.tahawultech.com

FEATURE

GDPR: ONE YEAR ON THE MONTH OF MAY MARKS THE FIRST ANNIVERSARY OF THE IMPLEMENTATION OF GDPR. INDUSTRY EXPERTS REFLECT ON THE YEAR GONE BY.

www.tahawultech.com

O

ne of the biggest events in the IT security industry last year was the enactment of the EU General Data Protection Regulation (GDPR). The legislation is regarded by some as the toughest privacy and security law in the industry. It was meant to ensure that organisations handle customer data more responsibly and as well as enable users to have better control over their personal data. GDPR imposes privacy fines of up to EUR 20 million or four percent of a company’s global annual revenue for the previous year for the most egregious violations. As an example for a tech giant such as Facebook, an upper-level fine could therefore potentially reach up to $1.6 billion. According to the European Data Protection Board, during first nine months that the GDPR was in effect,

MAY 2019

7

FEATURE

the total penalties imposed under the statute added up to EUR 55,955,871. The enactment of the law has served as a big wake up call for organisations to take data protection more seriously. It has brought new and enhanced privacy and security obligations for companies not just in the EU but all over the world. However, a recent study by legal and financial advisory form EY revealed that only more than 50 percent of regulated organisations are GDPR compliant. So, a year later, where are we? We spoke to industry experts about the impact of GDPR. A year since its enactment, have organisations fully grasped the requisites of GDPR? What kinds of challenges are organisations still facing when it comes to GDPR?

Karl Lankford, Director – Solutions Engineering, BeyondTrust: One year on, GDPR still presents challenges for organisations as many are still not truly compliant. A lot of companies continue to have problems due to the ever-increasing volume of data, which makes it challenging for businesses to get a complete view of where all data resides and who has access to it. This can be compounded with an increase in outsourcing, merger and acquisition activity taking place frequently across sectors, creating increased uncertainty around data ownership in the new entities. As such, organisations are in this unique, unenviable position where there is an ever-increasing volume of data, coupled with increasingly empowered consumers that understand why their data needs to be

8

MAY 2019

protected, resulting in amplified pressure to demonstrate compliance. Not only this, but the reputation and revenue of businesses is now on the line if they haven’t committed to a requisite long-term compliance strategy. Due to this, businesses shouldn’t be complacent and should act quick in demonstrating compliance. How has the implementation of GDPR impacted regional firms?

Duncan Brown, security strategist – EMEA, Forcepoint: GDPR certainly impacted firms across EMEA, as companies scrambled to become compliant – or at least to understand how compliant they were, and then make decisions on what to do next. There are many firms who spent millions investigating and protecting the personal data they held – but there are just as many who did not act. Essentially, we’re looking at a state of manual compliance. Companies across the region have introduced new processes and policies – enough to satisfy an internal audit - but they haven’t yet been tested. What kind of advantages has it brought to businesses so far?

Petter Nordwall, director, Product Management, Sophos: Leading up to the introduction of the GDPR in May 2018, many companies

were under intense pressure to meet the regulations complex goals. However, as with any privacy and data protection regulation, many of the controls and policies for the GDPR are common across markets. For companies outside the European Union, the GDPR contains an impressive set of best practices that will prepare any organisation for most local data protection regulations. We are also starting to see that minimum requirements for contracts in the European Union are moving toward having the supplying party needing to demonstrate that they have made appropriate preparations for the GDPR. So, being well-prepared for the GDPR can be a great competitive advantage. Sharon Heys, legal counsel, SANS Institute: GDPR has forced business to reassess how they are marketing to customers and whether their processing is lawful given the new provisions. Many companies have undertaken extensive audit activities and have rationalised their customer relationship databases and therefore there have been tangible benefits for customers. The regulation has also served to increase public trust in the handling of their personal data and with most modern business now being ‘data driven’ this is a key issue when attracting and retaining new customers. How has GDPR transformed enterprises’ outlook and strategies toward data privacy and protection?

Rick Vanover, senior director – Product Strategy, Veeam Software: In my cases, organisations are being a bit

www.tahawultech.com

too conservative with their data privacy. In particular, they may be sacrificing IT agility in the name of having a data privacy and protection technique due to not having the right tools in place. This is an area that we at Veeam look to dispel. When the right tools and processes are both in place, organisations can have the IT agility they need and achieve the privacy needs. The protection part goes hand in hand from an availability perspective. This aligns to the long-term definition of IT security from the CIA Triad, which stands for ensuring Confidentiality, Integrity and Availability of critical data.

be tested in a court but GDPR has also brought a stronger recognition of the need for data governance. The legislation should be seen as a solid best practice for security and marketing guidance instead of just another compliance burden. Other countries around the world are already contemplating similar laws, therefore, it would be ideal for organisations to evaluate their security and privacy projects through a GDPR methodology to ensure that they are adequately future-proofed. In your opinion, what aspect of the regulation needs to be fine-tuned or revised to help organisations better understand and comply to GDPR?

David Grout, EMEA CTO, FireEye: I see two key changes thanks to the implementation of GDPR: changes in communications and changes in documentation. When it comes to communication, enterprise organisations have become much more transparent, including being more open to discussing breaches and notifications that were previously considered off-limits. In addition, organisations are now challenged to rethink how they are handling data. They have had to transform from solely collecting loads of data to now learning how to they store, manage and use that properly.

Jeff Ogden, general manager - Middle East & India, Mimecast: Much of the regulation has yet to

www.tahawultech.com

Patrick Grillo, senior director, Solutions Marketing, Fortinet Because of the steep penalties for non-compliance, government agencies responsible for data privacy have been inundated by organisations notifying them of possible data breaches as specified in the regulation. Understandably organisations have taken a very literal interpretation of the data breach reporting requirements in the regulation under the philosophy of “better to be safe than sorry”. Hopefully, as we enter the second year of the GDPR era organisations will be more adept at judging for themselves what constitutes a data breach serious enough to be reported. These same agencies should also consider issuing data breach reporting guidelines to help organisations determine when they need to report.

What kind of changes will GDPR bring to businesses and to the overall security landscape this year?

Philip Schreiber, regional director, Middle East, Africa, and South Asia, nCipher Security We can expect two significant changes. The first will be around organisations’ move to the cloud, which will intensify in the region as Microsoft and Amazon launch their services in the Middle East. GDPR and other data protection regulations will influence organisations’ Governance Risk and Compliance (GRC) departments in their assessments of which services can move to the cloud and what sets of controls need to be in place to ensure this happens safely. These controls will include technology, processes and policies and will require behavioural change in both IT personnel and the business departments they support. Secondly, one year after GDPR came into effect, we are now seeing the first fines imposed by the data protection regulators. So far, the fines have been fairly limited in size (even Google’s €50 million in France is short of the maximum permitted). They’ve also been focused on recognising where appropriate disclosure steps have been taken and implementing regulators’ remediation steps. However, the “honeymoon” period is coming to an end. These fines are going to become more common and more impactful.

MAY 2019

9

COVER FEATURE

Charles Yang, President, Huawei Middle East

10

MAY 2019

www.tahawultech.com

SECURING THE AGE OF 5G HUAWEI MIDDLE EAST’S PRESIDENT CHARLES YANG GIVES HIS TAKE ON BUILDING SAFER NETWORKS AND SECURING THE PATH TO AN INTELLIGENT WORLD.

“TO ENSURE CYBERSECURITY, INDUSTRIES AND REGULATORS NEED TO COME TOGETHER TO DEVELOP UNIFIED STANDARDS AND VERIFICATION MECHANISMS.”

www.tahawultech.com

H

ow will Huawei work to ensure security concerns expressed by the US around 5G do not affect its customers and partners in the Middle East? Although Huawei has been banned from the US and Australia, we believe different countries and carriers have their own ideas and policies. The UK, France, Germany, Italy and Portugal— among others—are welcoming Huawei in their own way. Countries like Hungary even sees Huawei as strategic partner despite security concerns. We believe the facts tell the true story. By the end of March, we had signed 40 commercial contracts for 70,000 5G base stations across the world. All countries and carriers can make their own judgement. It may be that true cybersecurity can only be achieved through Huawei. 5G is actually more secure than 4G. One example is

encryption. 4G uses 128-bit encryption, while 5G uses 256-bit encryption. In order for 5G to be compromised by its encryption being broken, it needs 2 billion years. 5G concerns were largely due to accusations that the US made which were never proved with solid evidence. They have put Huawei under the microscope and are using all of the power at their disposal to contain our business, including political and diplomatic pressure, selective use of the law, and launching an all-out smear campaign. It’s without precedent. It’s not often you see actions like this from a big country against a company. We believe fairness needs to be proven in what they claim and that truth will be observed over time. It needs to be proven with evidence. Despite all this, we continue to have faith in the openness and fairness of the US judicial system. As these legal proceedings unfold, we trust the truth will eventually be known.

MAY 2019

11

COVER FEATURE

In terms of cybersecurity, we need to refer to the past 30 years. We’ve served over 3 billion users in over 170 countries and maintained good performance and stability. There are no backdoors installed into Huawei equipment and we’ll never engage in espionage activities. Since we have operated in the Middle East for 20 years, our customers trust and understand Huawei, and that’s why our business here has not been impacted by these accusations. What are Huawei’s top tips for building a culture of digital security? Cybersecurity is a global challenge that we all share. To ensure cybersecurity, industries and regulators need to come together

and verifying the security of our products based on agreed standards. What do you believe are the biggest cyber threats in existence today? We believe that, as a technology provider, it’s our responsibility to build security through innovation & enhance security. A safer network is our common obligation. We need to make global standards for network security and make sure it works for all industry players. For Huawei, we are taking the initiative to transform our software engineering capabilities so that we can provide our customers with more secure and trustworthy products. Our aim is to help customers more deftly adapt to future needs.

“WE WILL WORK EVEN MORE CLOSELY WITH GOVERNMENTS AND OUR CUSTOMERS, AND HAVE MORE DIALOGUE ABOUT THE VALUE OF ICT.” to develop unified standards and verification mechanisms. These should apply to all equipment providers and carriers. Equipment providers are responsible for making secure equipment according to industry standards, and carriers are responsible for ensuring the secure operations of their own networks. In that spirit, we have established effective cybersecurity collaboration and communication mechanisms with the governments of many countries, including the UK, Canada, Germany, and France. We also opened a Cyber Security Transparency Centre in Brussels in March 2019. This new centre will become a platform for our communication and collaboration with governments, customers, and industry partners in Europe. At the centre, our customers can better understand the security of Huawei products and solutions by testing

12

MAY 2019

Moreover, the ICT industry involves very complicated software and hardware systems, in which vulnerabilities are difficult to avoid. Huawei has established a product security incident response team, or the PSIRT Team, which is a specialised global team responsible for collecting, troubleshooting, resolving, and disclosing product vulnerabilities according to ISO/IEC 29147 and ISO/ IEC 30111 standards. The vulnerabilities identified by HCSEC have already entered Huawei’s vulnerability management process. Tell us about Huawei’s portfolio of cybersecurity products and services today. Over 30 years, none of our customers have ever had a cybersecurity incident, and Huawei continues to invest billions in internal and customer-facing cybersecurity efforts. At Huawei Connect 2018, Huawei

released HiSec, a leading intelligent security solution. Based on the Identify, Protect, Detect, Respond, and Recover (IPDRR) architecture, HiSec provides customers with intelligent, efficient, and future-oriented end-to-end security, offers comprehensive protection and provides public-security capabilities for IoT, SoftCOM, private cloud, Safe City, and 5G solutions. Huawei are also mindful of advanced persistent threats (APTs) which use customised malware, zero-day vulnerabilities, or advanced evasion technologies to break through traditional defenses, such as firewalls, intrusion prevention systems, and antivirus devices. Huawei’s APT Defense and Big Data Security Solution uses a big data system to collect network-wide information, perform multidimensional assessments, accurately identify APT attacks, and effectively prevent attacks from compromising core information assets. Huawei also weaves security advancements into its wider portfolio of solutions, which can be seen in areas like Wi-Fi 6, which will meet future development requirements in terms of bandwidth, latency, connection quality, transmission efficiency, but also heightened security protocol. Ultimately, Huawei has built more than 1,500 networks together with our carrier customers over the past three decades. We have a solid and proven track record in security including product anti-attack and anti-penetration capabilities. Are cyber-attacks on critical infrastructure likely to increase in the coming years? Moving forward, technology will continue to evolve, and new security risks will emerge, which will require more open and candid communication and closer collaboration. Cyber security is a matter of technology and management. However,

www.tahawultech.com

the US government has politicized the issue in order to hinder the deployment of advanced 5G technology. This will ultimately hurt consumers by limiting their right to the best technology available. We need to get back to rational discussion and work on real solutions for real challenges. In the future, we will build similar open and transparent security management mechanisms. We will work even more closely with governments and our customers, and have more dialogue about the value of ICT and what we can do, collectively, to increase protection. Will future warfare be conducted in cyberspace? For Huawei, our priority is to closely collaborate, innovate and establish international standards with other global organisations to ensure that the integrity and security of our digital solutions and services meet or exceed the needs of our customers — providing the confidence required by their own customers.

www.tahawultech.com

At the end of 2018, our Board of Directors approved a formal resolution to invest an initial budget of USD 2 billion for a company-wide transformation aimed at enhancing our software engineering capabilities. As part of this transformation, we will re-factor all of our legacy code against future-proof standards, make our code easier to read and upgrade, and build trust and quality into all of our products and solutions. Are organisations in the Middle East prepared for the next generation of cyber-attacks? Ultimately customers make their own decisions, and our role is to offer them the best selection to choose from. Our unmatched portfolio of products and solutions gives us confidence that organisations will continue to choose us. Many of our Middle East customers have been working with us for over

two decades. They know Huawei best and know what motivates us. We also understand that emerging technologies from 5G to AI have the potential to help GCC governments reach their long-term development strategies to become diversified, knowledge-based economies through digital transformation. We want to empower our partners and customers here in the Middle East to make the most of these new opportunities and forge ahead on the path to an intelligent world.

MAY 2019

13

ANALYSIS

THE NAME W OF THE GAME SECURITY ADVISOR ME HOSTED A ROUNDTABLE IN PARTNERSHIP WITH GULF IT NETWORK DISTRIBUTION AND SAILPOINT, WHICH FOCUSED ON HOW ORGANISATIONS CAN ACHIEVE SECURITY AND BUSINESS AGILITY WITH IDENTITY AND ACCESS MANAGEMENT. 14

MAY 2019

ith the increasing number of cyber threats, unauthorised access and mounting regulatory pressures, many security leaders are turning their focus on securing end-users, which are often regarded as “weak links” within organisations. In addition, the growing number of applications, platforms and devices have made the need to provide a safe and secure place to store critical information more and more prevalent. A demand that can be met properly implementing an effective identity and access management (IAM) programme. Sailpoint regional director Tariq Jan kicked off the discussions by shedding light on how the IAM market has evolved over

www.tahawultech.com

Mohammed Darwish Azad, Emirates NBD

Tariq Jan, Sailpoint

Abdul Rahman, Gulf IT Network Distribution

the years. “What we’ve seen in the region over the past 12-24 months is that a lot of organisations today are optimising identity to enhance other security solutions such as privileged access management, data loss prevention tools and GRC among others. This makes IAM a critical aspect of cybersecurity now more than ever.” According to Jan, identity and access management revolve around three key pillars: single sign-on and multi-

factor authentication (MFA), identity governance and privileged access management (PAM). “The first pillar, single sign-on and MFA, focuses on ensuring that the person accessing the system is who they say they are. Oftentimes, this is done through fingerprint authentication, access cards or password access,” Jan explained. He continued, “The second pillar is around identity governance. This centres

“ORGANISATIONS TODAY ARE OPTIMISING IDENTITY TO ENHANCE OTHER SECURITY SOLUTIONS SUCH AS PRIVILEGED ACCESS MANAGEMENT, DATA LOSS PREVENTION TOOLS AND GRC AMONG OTHERS. THIS MAKES IAM A CRITICAL ASPECT OF CYBERSECURITY NOW MORE THAN EVER.” www.tahawultech.com

on understanding what people have got access to, what they are doing with that access and verifying whether they should or should not have access to that data. These are important questions to address as identity ties with security.” Furthermore, Jan also noted that identity governance is crucial in giving visibility to all the data and systems that a specific privileged user has touched. Last but not least is PAM. “This third pillar is all about understanding who’s got the ‘keys to the kingdom’,” said Jan. “This pertains to being able to manage and monitor the activities of those people who have access to your organisation’s critical infrastructure.” Today, the need for a robust IAM strategy has become an integral part of

MAY 2019

15

ANALYSIS

enterprise IT. Strong IAM solutions can enable enterprises to boost employee productivity and bolster their overall security postures. However, increasing endpoints make IAM deployments more challenging than ever to get right. The roundtable session saw the panellists share their views, challenges and best practices around IAM implementations. Throughout the discussions, it became apparent that identity management can be especially challenging as it is not just about deploying a plug and play solution. More than choosing and implementing the best IAM technologies in the market, security leaders also need to ensure that the people and processes within an organisation are all working with one another to be successful.

16

MAY 2019

Mohammed Darwish Azad, CISO, Emirates NBD, then gave his perspectives as an end-user and shared his experience and success in IAM deployment. “Many organisations face difficulties in their IAM programmes because they are often hesitant to let go of the legacy systems and processes that they have set in place,” said Darwish. “When we embarked on our journey to transform our IAM processes, our main goal was to ensure that our systems remain agile and that our services are secure without hindering our customers’ experiences,” he added. He then highlighted that a key step the ytook was standardising their IAM tools, processes and governance schemes. “We made sure to remove the different

customisations that we had applied to some of our existing solutions and applications. The reason behind this was that we found that these customisations make it challenging to upgrade and improve these tools,” he explained. Moreover, Darwish emphasised that organisations need to understand that identity and access management is not an IT project nor a security project, but rather it is a business project. “That’s why we made sure to determine a business objective for our IAM project,” said Darwish. “The objective was to ensure that access to systems and information is secured. It was also aimed at making sure that we can manage and monitor who has access to specific data and how they use it.” Following this, Darwish said that as people are the primary aspect of IAM, Emirates NBD also set up a governance body to ensure the effectiveness of the implementation. “The governance body is comprised of different business stakeholders across multiple departments of the organisation and is headed by the CISO,” he said. According to Darwish, the committee is instrumental in helping the CISO to better communicate the risks and vulnerabilities to all stakeholders. In addition, they are responsible for spreading awareness and in evolving the security culture within the workplace. Jan then rounded off the discussion by reiterating that to succeed in identity and access management, organisations need to give significant focus on all three aspects of the deployment – technology, people and processes. “IAM is about bringing all these three aspects together and aligning them with your business’ objectives,” he said. “It’s a multi-faceted programme and requires time, investment and commitment.”

www.tahawultech.com

CISO 50 AWARDS AND FORUM

Brought to you by

THE FUTURE OF SECURITY

T

ahawulTech.com and Security Advisor ME have successfully hosted the second annual CISO50 Awards and Forum. Held on 27th March at the Habtoor Grand Hotel in Dubai, the CISO50 Awards and Forum rallied together top security thought-leaders from the region who have demonstrated excellence and achievement in security and driven business value. The CISO 50 Awards and Forum featured a keynote presentation from serial entrepreneur and co-founder and CEO of VUL9 Security Solutions

www.tahawultech.com

Mohamed Amine Belarbi who shed light on the different technologies that will impact the future of cybersecurity. In his presentation, Belarbi noted that increasing unprecedented largescale attacks could potentially lead to a world where hackers, cyber terrorists and state actors use cyber to paralyse companies, nations and cause real physical damage that will put millions of lives at risk. “Tomorrow’s cybersecurity discussions will be less about inconveniences and more about fatalities,” he warned. However, all hope is not lost, said Belarbi. “Developments in new areas of technology could significantly enhance our cyber capabilities, especially when it comes to the intersection of

cybersecurity and artificial intelligence, machine learning, blockchain and Quantum Computing.” According to Belarbi, the Quantum era presents both the most risks and opportunities for cybersecurity. “With enough time and computing power, anything is breakable,” he explained. “Quantum computing will allow the data decryption processes to be reduced from years to merely hours.” To address this, some technology pioneers are already working on possible solutions to counter the risks brought by Quantum Computing. “Experts today are now working on solutions such as Quantum Key Distribution (QKD) which relies on Quantum mechanics to generate keys,

MAY 2019

17

Brought to you by

hence leveraging a Quantum solution to counter a Quantum problem. QKD builds on a physics phenomenon, wherein observing a quantum state necessarily changes it, which means the key holders exchanging encrypted data will be able to detect if a third-party is accessing or eavesdropping in a system as doing so will alter and disturb the quantum state of the transmitted information.” Ingram Micro head of consultancy services Dr Arijana Trkulja then took the stage and shared insights into how modern enterprises can leverage threat intelligence in developing their cybersecurity strategy. “Traditional approaches to security are simply not enough to combat today’s cyberattacks,” she said. “We are at a time when we no longer have ‘cybersecurity threats’ instead we have ‘advanced cybersecurity threats’.” She added, “Threat intelligence will play a big role in helping organisations understand the different vulnerabilities in their systems; ensure that they have the right protocols and resources in place; and select the right security tools and solutions.”

18

MAY 2019

ManageEngine president Raj Sabhlok rounded off the day’s presentations by sharing insights into what IT organisations today should be focusing in terms of cybersecurity. “Our security strategies today are only as good as the last cyber-attack. The threat landscape is constantly growing and evolving. Therefore, organisations today need to think not only of preventative measures but also how they can respond to a breach,” he said. Sabhlok also highlighted the increasing role and importance of such as endpoint management, and privileged access management and automation. “Almost all of our technologies today are secured through passwords. However, most people today do not have the ability to create strong passwords. As a result, people end up using the default passwords making it easy for hackers to crack; or they write it down and often keep it where it’s easily accessible,” Sabhlok said. “This is a problem that can be solved by automation. Organisations can integrate automation technologies with their privileged access

management solutions to authenticate and have better control over data access,” he added. Sabhlok also highlighted that solutions around audit and compliance, vulnerability management, patch management and user behaviour analytics among others will increasingly be vital in enhancing an organisation’s security posture. The CISO 50 Awards and Forum also featured a thought-provoking panel discussion on, “The next chapter: securing the digital future,” which featured top cybersecurity experts including Mohamed Amine Belarbi; John Hathaway, regional vice president, BeyondTrust; Niraj Mathur, director for cybersecurity, GBM; Raviraj Doshi, COO and co-founder, Smokescreen and Suresh Nair, CISO, GE – MENAT. The conference concluded with an awards ceremony celebrating the achievements of top 50 security leaders and organisations in the Middle East. The honourees were chosen for the prowess they had demonstrated in embracing today’s challenges and pioneering security innovation.

www.tahawultech.com

Brought to you by

www.tahawultech.com

MAY 2019

19

Brought to you by

20

MAY 2019

www.tahawultech.com

Brought to you by

www.tahawultech.com

MAY 2019

21

INSIGHT

DIGITAL DEFENCES JUNIPER NETWORKS’ HEAD OF EMEA CHANNELS, SANDER GROOT, SPOKE WITH SECURITY ADVISOR MIDDLE EAST ON HOW THE COMPANY WILL ENABLE SECURITY IN A MULTI-CLOUD WORLD.

Sander Groot, head of EMEA channels, Juniper Networks

G

ive us some background on yourself. I’ve been at Juniper for a long time. During the past 17 years I’ve covered a variety of roles, but the majority have been channel roles. On 1st November, I became Head of EMEA Channels. I carry a lot of pride in leading the distribution and reseller team. To be able to visit GISEC is also a great opportunity for Juniper because of the unique view on things we have, like use the entire network as a connection of elements to build into one big firewall. What feedback are you receiving from customers regarding their biggest security challenges? From Juniper’s point of view, it’s clear a lot of end users struggle with increasing security threats. We believe approximately 75% of threats come from outside the organisation. The other 25% happen by accident, or maliciously from inside the organisation. While threats have become more advanced, it’s also important to never underestimate basic threats. One of the reasons for this is that security departments are often under pressure and stretched, while there also is the challenge of increasingly higher data consumption, making it impossible to analyse all the data and filter out threats. At Juniper, we are focusing on automation to help with this. We have a unique approach to security – our connected

22

MAY 2019

security approach means we use all elements of existing end user networks for routing and switching ports to connect and create one big firewall. To do this, we need some level of Juniper security elements in the network, but if necessary, we can use all Juniper ports and other ports in the network as a collective hole to tie into third party equipment. We have a very unique characteristic: we are 100% open. We work with everyone out there and welcome everyone who would like to work with us. By working together, we can enforce security policies to all endpoints and protect the system. Our entire network is set up as a very big firewall in order to use automation to help understaffed security teams of end users. We categories our end users into three groups. From day one, we have been a service provider company and we have now evolved to the cloud category, as some of our largest customers are cloud providers, part of a strong enterprise segment. Tell us about Juniper’s approach to R&D. A large portion of our revenue flows into R&D to strengthen solutions in the three different users’ domains. This is because we realise each one needs a different solution. Our R&D teams work is purely based on what the end users need. We believe networking needs will continue to grow because of the increasing demand for

bandwidth. And with apps and devices constantly connected, an ‘A-Z’ protection is needed. In order to be better suited against security threats and to avoid putting a strain on security teams, organisations need all the information presented clearly and quickly. Thanks to automation, we can present all the data in the end user network – it’s ‘total data’. The entire network can be easily presented to determine what decisions to take. We push this concept in everything we have, it’s always embedded in all our solutions and products. Juniper very recently announced the intent to acquire Mist – an AI-driven company. We want to take this tech on board and embed it into wireless routing solutions. This is a seamless fit for us in the era of cloud and of multi cloud. In fact, end users will soon move or have already moved to multi cloud environments. We realise that end users are on journey to get there, and each organisation is at different phases and moves at different speeds. There is a 5-step approach to the multi cloud environment, and through strengthening our partner programme, we want to help our partners in this journey. Juniper is very partner friendly, it’s in our DNA. Together with our partners, we will continue to guide end users to multicloud and a multi-vendor environment.

www.tahawultech.com

INTERVIEW

AT THE HELM AT THE SIDELINES OF THE RECENTLY HELD GISEC, BULWARK DISTRIBUTION MD JOSE THOMAS MENACHERRY SAT DOWN WITH SECURITY ADVISOR ME TO DISCUSS HOW THE FIRM IS WELL-POSITIONED TO HELP REGIONAL FIRMS STAY CYBER RESILIENT.

W

hy are events like GISEC an important platform for Bulwark? GISEC is the only show in the region that’s fully focused on information security solutions. We have been participating at GISEC ever since its inception. Visitors that come here have extensive experiences and knowledge on the industry. So, this event is a great platform for us to interact with them,

connect them to our vendor partners and inform them about our latest offerings. We are witnessing a huge demand for cybersecurity in the region and events like GISEC are instrumental in spreading awareness about the latest opportunities and challenges in the industry. It also presents us with a chance to understand the latest security concerns from the market, which gives us insights into what we can do to better help them address these issues. As a security-focused VAD, how are you helping regional firms stay cyber resilient? The security landscape is continuously evolving. Cyber-attacks are increasingly growing in volume and sophistication. While increased digitisation and connectivity across

the door or in thwarting those that slip through the cracks. However, as the security industry is increasingly becoming saturated, organisations often face a significant challenge in choosing the right tools and solutions for them. As a securityfocused VAD, we are regularly scanning the technology space for cutting-edge products that can help organisations address the latest threats. How does Bulwark enable security innovation? We are committed to continuously expanding our knowledge and expertise on the latest technological trends such as artificial intelligence, machine learning and Internet of Things, and how it impacts the security space. We make sure that we work with our vendor

“AS A SECURITY-FOCUSED VAD, WE ARE REGULARLY SCANNING THE TECHNOLOGY SPACE FOR CUTTING-EDGE PRODUCTS THAT CAN HELP ORGANISATIONS ADDRESS THE LATEST THREATS.” various industries bring organisations multiple benefits, it also opens them up for more risks and vulnerabilities. This means organisations need to be vigilant and swift in either stopping the threats at

24

MAY 2019

and channel partners to deliver only the most innovative security solutions to the regional market. We do so by ensuring that we provide them with the right resources, training and other enablement support they need.

www.tahawultech.com

INTERVIEW

STORED VALUE

TINA SYMEON, MARKETING MANAGER, ISTORAGE, DISCUSSES WHY SECURING STORAGE DEVICES ARE NOW MORE IMPORTANT THAN EVER.

C

an you please share some of the highlights at iStorage over the past 12 months? The past 12 months have been extremely successful and rewarding for iStorage. Over the past year, we have made significant achievements being the first and only vendor to attain the following government certifications on the diskAshur PRO2 and diskAshur DT2 range of PIN authenticated, hardware encrypted, HDDs and SSDs: FIPS 140-2 Level 2/3, NCSC CPA, NLNCSA BSPA and NATO Restricted Level. The diskAshur PRO2 also garnered multiple recognition from various technology publications awards programmes. In addition to the iStorage certified range receiving two prestigious awards, John Michael, CEO and Founder of iStorage Limited was awarded a ‘BAME Award’ and was featured in the list of ‘top 100 most influential BAME leaders in Tech.’ How have customer demands for secure storage devices evolved? It wasn’t that long ago when we were

all guilty of using unsecured (nonencrypted) flash drives, hard drives and other data storage devices to store personal, company data or a combination of both. This carefree attitude has opened plenty of backdoors for cybercriminals to cause widespread mayhem and profit from our unwitting ignorance towards data security. One such data breach in 2011 was when an unencrypted flash drive containing the names of over 1,000 police informants was stolen from the home of a detective. The incident ended in an unpleasant outcome, which could have been avoided had the drive been encrypted. Thankfully, attitudes toward data security have since changed and the only question now is whether to opt for software-based or hardware-based encryption, with the scales heavily tipped in favour of hardware-based encryption. How can your solutions help keep insider threats at bay? Designed to the highest standards, iStorage has developed ultra-secure portable USB data storage drives to meet all the main government

“ATTITUDES TOWARD DATA SECURITY HAVE SINCE CHANGED AND THE ONLY QUESTION NOW IS WHETHER TO OPT FOR SOFTWARE-BASED OR HARDWARE-BASED ENCRYPTION.” www.tahawultech.com

accreditation standards. In fact, iStorage is currently the only vendor to attain NCSC CPA (UK), NLNCSA BSPA (Netherlands) FIPS 140-2 Level 3 and NATO certifications for the new generation range of hardware encrypted hard drives and solid-state drives. One of the unique and underlying security features of our GDPR compliant ultra-secure drives is the dedicated hardware-based secure microprocessor. This employs built-in physical protection mechanisms designed to defend against external tamper, bypass laser attacks, fault injections and incorporates active-shield violation technology. The data encryption key is randomly generated by a Common Criteria EAL4+ ready Random Number Generator and protected by FIPS validated wrapping algorithms. Unlike other solutions, the drives react to an automated brute force attack by entering the deadlock frozen state, which render all such attacks as useless. In plain and simple terms, the security features of these drives are so advanced that without the PIN there’s no way in. What can regional customers expect from iStorage this year? iStorage will be launching a brand new and innovative product at the InfoSecurity Exhibition on 4th to 6th June 2019 at Olympia in London.

MAY 2019

25

INTERVIEW

THE KNOWLEDGE QUOTIENT DURING HIS MOST RECENT VISIT TO DUBAI, MARC FRENCH, SENIOR VICE PRESIDENT AND CHIEF TRUST OFFICER, MIMECAST, SAT DOWN WITH SECURITY ADVISOR ME AND SHARED INSIGHTS INTO WHY THREAT INTELLIGENCE IS THE KEY TO THWARTING ADVANCED THREATS.

W

hat was Mimecast’s primary focus at this year’s GISEC? There are two key areas that we have highlighted at this year’s show – awareness and intelligence. On the awareness side, we are showcasing Ataata which is a security awareness training and cyber risk management platform that helps organisations combat information security breaches caused by employee mistakes. Today, almost all organisations have some semblance of a security awareness programme in place. However, what we found is that as with any human condition, eventually, people forget. That’s why security awareness requires a continuous learning process to ensure that the organisation achieves an adequate defensive posture.

From an intelligence perspective, we have unveiled our new Threat Centre which is engineered to combine email, and web data to offer actionable threat insights to security professionals helping to manage today’s evolving advanced threats. This adds to Mimecast’s robust suite of cyber resilience capabilities, including advanced security, continuity, archiving, web security and awareness training solutions. A new study by Mimecast and Vanson Bourne found that 69 percent of UAE respondents felt that threat intelligence was extremely important for their organisation. Furthermore, 26 percent of email systems can’t consume and apply threat intelligence data to security systems. The Threat Centre is designed to produce a wide variety of reports, including threat research on vulnerabilities, analysis on targeted malware, deeper insights on targeted threats hitting specific industries and quarterly Email Security Risk Assessments (ESRAs). This will allow us to provide customers with actionable insight that can be used to help them

“OUR NEW THREAT CENTRE IS ENGINEERED TO COMBINE EMAIL, AND WEB DATA TO OFFER ACTIONABLE THREAT INSIGHTS TO SECURITY PROFESSIONALS HELPING TO MANAGE TODAY’S EVOLVING ADVANCED THREATS.” 26

MAY 2019

better manage and prioritise today’s evolving threats. What advice would you give security leaders to help them keep the balance between security and productivity? I’ve been on both sides of the spectrum. I’ve been a business leader as well as a security professional. I think where CISOs fail is when they don’t realise that their role is aimed to support the business and not to be the security police. This is the case 99.9 percent of the time. Most CISOs take a full-on FUD approach – fear, uncertainty, and doubt. They tend to overprescribe the organisation, which then hinders productivity. Another mistake that most CISOs commit is taking all the responsibility for security. While to some extent this is expected, as a CISO your main role is to lead and advise, and not run all security mechanisms. This is where awareness comes in. It’s the force multiplier that will enable you to become cyber resilient. What kinds of skills do you think future CISOs need to acquire to combat the next generation of cyber threats? I mentor a few up-and-coming CISOs, and one piece of advice I often give is for them to take a job that’s not related to security for at least a year or two. I think doing this will enable them to gain a perspective that will help them to be successful later in their careers. If aspiring CISOs spend their whole careers in the security field, once they reach an executive rank they might find it difficult to be objective and make the decisions that align with the goals of the business.

www.tahawultech.com

EVENT

HIKVISION UNVEILS LATEST ADDITION TO ULTRA SERIES

ON 18TH APRIL, HIKVISION BROUGHT TOGETHER ITS KEY PARTNERS AND CUSTOMERS FOR THE LAUNCH OF ITS PROJECTFOCUSED ULTRA SERIES PRODUCTS. AT THE EVENT, TOP EXECUTIVES FROM HIKVISION HIGHLIGHTED THAT FIRM’S GROWTH OVER THE PAST FEW YEARS AND SHOWCASED THEIR LATEST OFFERINGS FOR THE PROJECT MARKET.

28

MAY 2019

www.tahawultech.com

“WE ARE MORE THAN JUST A CAMERA MANUFACTURER. WE HAVE A WIDE RANGE OF SECURITYFOCUSED PRODUCTS CHIEF AMONG WHICH ARE OUR SMART AND SAFE CITY OFFERINGS.”

W

hat was the driver behind the latest innovations you have integrated into your Ultra Series product

lineup? Hikvision’s business is divided into two main parts – distribution and project. The distribution space entails selling our products through our channel partners and delivering our offerings to small to medium-sized businesses. Whereas the project-based arm of the business is focused on delivering endto-end solutions targeted at large-scale deployments across multiple sectors such as government, industry, finance and so on. Hikvision has a strong presence in the distribution market for surveillance, CCTV and video monitoring solutions. However, we found that there is still a lot to improve when it comes to our project-based offerings. That’s what the latest additions to the Ultra Series are focused on.

ECHO ZHAO, PRODUCT MANAGER, HIKVISION, EXPLAINS HOW THE COMPANY IS DELIVERING END-TO-END SECURITY TO ITS CUSTOMERS.

How can your products and solutions enable organisations to enhance their security? We have added numerous intelligent functions to our products. Surveillance is a key aspect of cybersecurity. That’s why we are committed to ensuring that the data acquired by our products are secure. We also make sure that the data gathered by our solutions can be effectively translated into actionable intelligence to help organisations enhance their defence strategies.

www.tahawultech.com

How do you differentiate your offerings as compared to your competitors in the market? What makes your offerings unique? Firstly, we are focused on delivering end-to-end solutions to our customers. We are more than just a camera manufacturer. We have a wide range of security-focused products chief among which are our smart and safe city offerings. The second thing is our dedication in adopting the latest technologies in the market. In fact, we have over 16,000 R&D engineers who are working on ensuring that our products and services are not only cutting-edge but are also leading in the market.

MAY 2019

29

EVENT

“THE CONNECTED FUTURE DEPENDS ON A ROBUST INFRASTRUCTURE”: BICSI THE THREE-DAY CONFERENCE EXPLORED THE INCREASING RELIANCE ON DIGITAL INFRASTRUCTURE AND HOW ADVANCED TECHNOLOGIES WILL IMPACT THE FUTURE OF THE INDUSTRY. 30

MAY 2019

www.tahawultech.com

“BICSI’S MAIN FOCUS IS TO HELP EDUCATE ITS MEMBERS, INSTALLERS, INTEGRATORS AS WELL AS END-USERS IN THE NEWER ADVANCING TECHNOLOGIES SUCH AS 5G, AI AND AUGMENTED REALITY.”

O

ne of the main highlights of the 2019 edition of BICSI Middle East and Africa Conference, which took place in Dubai, UAE, last month, was the discussions around the increasing dependence on digital infrastructure. Keynote speaker Mark Acton, independent consultant and non-exec director, Ekkosense, Chelmsford, Essex, United Kingdom, said that digital infrastructure should be considered as a new utility today, similar to water and electricity. “The importance of digital infrastructure including data centres to our daily lives cannot be underestimated. However, at the same

www.tahawultech.com

time, it is also crucial to understand the risk associated with these digital requirements and the implications we face as an industry.” According to Acton, advancing technologies such as cloud, edge, AI, 5G, IoT and Blockchain do play a critical role in building robust digital environments. He went on to explain how each of these technologies are developing and impacting the way we work and live. “AI takes the ‘machine’ out of the man. It will help us automate repetitive tasks that was otherwise carried out by humans.” While Acton is certain that AI technologies will automate the industry, he doesn’t think it will fundamentally change networks. “But it has the potential to fundamentally change cybersecurity. Most cybersecurity products now come with intelligence embedded in them. Humans are not quick enough to spot the risks before it happens.” He added, “I have not seen a data centre where humans are not needed, although it might happen over time. However, right now humans are

required for maintaining and in some cases still doing repetitive tasks.” The three-day conference also saw a presentation by Todd Taylor, RCDD, NTS, OSP, BICSI president-elect, which explored technology growth, the top technologies driving change and the importance of having a strong infrastructure to support a connected future. Taylor said, “BICSI’s main focus is to help educate its members, installers, integrators as well as end-users in the newer advancing technologies such as 5G, AI and augmented reality. Another reason why we come to these events is to gain education and training on the growing infrastructure to support those advancing technologies.” He emphasised how fast technology is advancing today and why it is important for customers to keep up. His presentation also encouraged attendees to not to forget the basic infrastructure, as strong digital infrastructures are necessary for a connected future. “We have to remember that the basis for a connected future is a robust infrastructure, which includes wired as well as wireless technologies.”

MAY 2019

31

FEATURE

A WEAPON OF MASS DISRUPTION AS ORGANISATIONS TAKE THEIR BUSINESSES ONLINE, THEY BECOME VULNERABLE TO CYBER-ATTACKS THAT ARE INCREASING IN FREQUENCY, INTENSITY AND SOPHISTICATION. DISTRIBUTED DENIAL-OF-SERVICE (DDoS) ATTACK REMAINS AS ONE OF THE MOST POPULAR CYBER THREATS. SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS THE CURRENT STATE OF DDoS ATTACKS AND HOW ORGANISATIONS CAN STEER CLEAR. www.tahawultech.com

A

ny doubt about the scale of the threat posed by Distributed Denial-of-Service attacks is swept away by looking at A10 Networks’ “DDoS Weapons Intelligence Map”. This map from the Californianheadquartered cybersecurity company A10 Networks offers a dynamic, constantly active depiction of DDoS threats around the world. Areas with high levels of existing Distributed Denial of Service (DDoS) weapons activity are shown as patches of white, while new DDoS weapons are revealed as blinking orange circles, several of which flash up each second.

MAY 2019

33

FEATURE

Meanwhile, entries in the DDoS weapons database that are deemed to no longer be a threat (because they are no longer active as weapons, or the agent no longer exists with that IP address) show up in as short-lived blue circles. As with the orange dots, every second several of these blue dots appear and disappear every second. The map’s frenetic pace of change depicts in vivid terms the scale and dynamic nature of the threats posed by DDoS attacks, which involve multiple computers simultaneously sending data to a network, causing it to become paralysed. A ticking number of total DDoS weapons detected worldwide can be brought up near the centre of the map. The number changes continuously, but about 21 million is typical. Clicking on individual countries highlights their particular level of activity, in terms of total DDoS weapons they host. In China there might be about six million DDoS weapons at any given time – the largest number of any country. For the United States, a typical figure is about 2.75 million while for India, about half a million is to be expected. The numbers of DDoS weapons that other countries host are often much smaller, but not insignificant, and that includes the figure for the UAE.

Zoom in on the Emirates and click on the country, and the counter might display about 75,000 or 85,000, which will typically be more than double the number for Saudi Arabia, and many times the figure for other neighbouring countries, such as Oman and Kuwait. Therefore, the scale of threats posed by DDoS attacks is not in doubt. However, the threat they pose now could, in future, appear relatively modest compared to the hazards they create in future. The reason for this is the burgeoning popularity of Internet of Things (IoT) devices.

Don Shin, A10 Networks

“KNOWING WHERE THE COMMAND AND CONTROLS ARE IS IMPORTANT, BUT DURING THE DDOS ATTACK, A HUGE PORTION IS BEING ABLE TO IDENTIFY WHERE THE WEAPON SYSTEM IS, AND BLOCKING THAT ACTION.” 34

MAY 2019

Rich Macfarlane, a lecturer in the School of Computing at Edinburgh Napier University in the United Kingdom who has researched DDoS attacks, said this growth in the number of IoT devices “certainly increases the likelihood and increases the possibilities” of DDoS attacks. “A lot of these IoT devices have huge problems. The IoT stuff has taken our thinking back 20 years where computers had some of these vulnerabilities,” says Macfarlane. A recent report by A10, The State of DDoS Weapons, highlights the way in which IoT will likely make DDoS attacks an even more significant problem than they are now. As is well known, malware can cause IoT devices to flood target sites with traffic. “We’re right at the very beginning of the massive growth of IoT devices,” says Don Shin, a senior product marketing manager for the A10 Networks. The growth in the numbers of IoT devices is, indeed, likely to be dramatic. According to figures from IoT Analytics, in 2016 there were 4.7 billion

www.tahawultech.com

Rich Macfarlane, Edinburgh Napier University, UK

“A LOT OF THESE IOT DEVICES HAVE HUGE PROBLEMS. THE IOT STUFF HAS TAKEN OUR THINKING BACK 20 YEARS WHERE COMPUTERS HAD SOME OF THESE VULNERABILITIES.”

devices connected to the internet. Forecasts published by Norton suggest that in 2021 there will be 11.6 billion IoT devices, and by 2025 the number will have reached 21 billion, a rapid increase driven in part by the spread of 5G. Reports have noted that IoT is seeing a shift away from Real Time Operating Systems (RTOS) to Linux-based devices. Shin says that these Linux-based systems “have very weak security parameters”. “IoT devices running Linux don’t have things like antivirus on them. As a result, it makes it simpler for attackers to exploit IoT devices and use them as weapons for DDoS attacks,” he says. “It’s driving the intensity, the total number, the frequency and, to a certain degree, the sophistication as well.” A key talking point in The State of DDoS Weapons is the way in which a protocol generated by IoT devices, the Constrained Application Protocol (CoAP), could be used to launch attacks. CoAP attacks are implemented through the User Datagram Protocol (UDP), a communications protocol.

www.tahawultech.com

A10 Networks describes CoAP as “a lightweight machine-to-machine protocol that can run on smart devices where memory and computing resources are scarce”. It is used particularly with applications in fields such as building automation and smart energy. According to the company, more than 400,000 of these weapons are now being used in attacks. “As an industry, we’ve decided to implement the protocol for CoAP for machines to be able to talk to each other. The problem with this particular communication is that it’s being developed with some security holes inside it,” says Shin. These openings can, says Shin, be exploited by attackers for the launching of reflected amplification attacks, also known as amplified reflection attacks. As A10 Networks defines them, amplified reflection attacks are “a type of DDoS attack that exploits the connectionless nature of the UDP protocol with spoofed requests to misconfigured open servers on the internet”. “As an attacker, you will go and search for machines with this CoAP running on them. You will make a request to these machines, but spoof the IP address of the victim. These machines will send their responses back to the victim,” he says.

Shin says that A10 Networks is trying to help people to understand the way in which the nature of DDoS attacks is being affected by the emergence of this new protocol. In the first quarter of this year, A10 Networks tracked a total of 22.9 million DDoS weapons and found that a number of protocols other than CoAP still play a dominant role. The five most commonly used in attacks were the Domain Name System (DNS) protocol, the Network Time Protocol (NTP) based weapons, the Simple Service Discovery Protocol (SSDP), Simple Network Management Protocol (SNMP) and the Trivial File Transfer Protocol (TFTP), this last of which is a new entrant into the top five. So, as new protocols are being highlighted as the source of DDoS weapons, and the total number of attacks looks set to grow, what security measures can be taken? Cybersecurity companies compile millions-strong inventories of DDoS weapons, allowing blacklisted IP addresses to be blocked. Shin says that A10 Networks can create up to 96 million entries in a blacklist. “If you can get ahead and identify them, we can use this as a strategy to prevent DDoS attacks,” says Shin. A10 Networks and its partners use several approaches, including tracking botherders, analysing forensic data, scanning the internet for weapons signatures and tapping networks. Shin says it is important to have an “actionable defence”. “Knowing where the command and controls are is important, but during the DDoS attack, a huge portion is being able to identify where the weapon system is, and blocking that action,” he says. “So by creating a strategy to block IP addresses, you can take a proactive approach to defend against them.”

MAY 2019

35

INTERVIEW

TRUSTED ADVISORS

SECURITY CONSULTING FIRM CYBER RESILIENT GROUP’S FOUNDER KAPIL MATTA SHARES INSIGHTS INTO THE BIGGEST SECURITY THREATS ORGANISATIONS WILL FACE IN 2019 AND BEYOND, AND HOW THEY CAN HELP ORGANISATIONS STAY RESILIENT.

P

lease give us a brief overview of Cyber Resilient Group’s business. Cyber Resilient Group is a niche cyber security consulting and technology solutions firm. We are committed to creating a cyber resilient ecosphere through our unique approach. Our core consulting expertise includes information security, business continuity management, technology advisory and solutions, and compliance advisory services for PCIDSS and GDPR. What do you think are the biggest data and security risks now facing businesses? We have seen organisations being breached in 2018 and this number will

grow exponentially this year. The first quarter of this year has already seen this trend with govt. institutes and fortune 100 companies being breached which will only see the uptrend. One of the key reasons being hackers are using the same AI-based deep learning and behaviour technique which we are trying to protect our organisations. Most peers forget this elementary but crucial fact while embracing cyber security solutions. Phishing still remains to be the largest of threat vectors with more than 90 percent of malwares, backdoors and ransomware among others being targeted through email campaigns. Multiple variants of ransomware will

“PHISHING STILL REMAINS TO BE THE LARGEST OF THREAT VECTORS WITH MORE THAN 90 PERCENT OF MALWARES, BACKDOORS AND RANSOMWARE AMONG OTHERS BEING TARGETED THROUGH EMAIL CAMPAIGNS.” 36

MAY 2019

also continue to be present alongside malvertising campaigns which can be run on legitimate websites and without the users clicking any links the malware (payload) can be dropped and the users machine can be infected. In addition, regional firms will face threats and risks such as crypto jacking or crypto mining, which involves unauthorised use of computing resources that can have severe impact on organisations infrastructure and even damaging it. Another threat is cross site scripting attacks (XSS), which injects malicious scripts or code into legitimate and trusted websites and web applications. Regional firms can also expect increasing threats on IoT/OT/IoMT devices: unmanaged and single-purpose IoT devices present the biggest security challenge posed to organisations. Another threat organisations need to wary of is mobile malware, cybercriminals are taking advantage of the significant increase in mobile devices which are often targeted due to poor vulnerability management and outdated software patches. Geopolitical risks and state sponsored attacks remain as big threats in this part of the world. With the implementation of data protection policies cum GDPR organisations are now carefully considering where their data resides. By doing so, they are increasingly realising intricacy of third-party risks pushing them to put measures in place. Hence, enterprises are accepting geo-political risk as part of cybersecurity risk. Last but not the least shadow IT, a huge percentage of employees use shadow IT applications at work place which is a serious compliance and cyber security threat as IT department is unaware of its usage, unable to monitor and the difficulty in integrating within the existing infrastructure.

www.tahawultech.com

“WE ALSO AIM TO ENABLE ORGANISATIONS BUILD STRENGTH IN LINE WITH BUSINESS STRATEGY, FACILITATE CHANGE, ACHIEVE THEIR VISION, OPTIMIZE PERFORMANCE AND CYBER RESILIENCE.” How do your organisation’s services help Middle East firms to drive their digital and security transformation? We are committed in creating and assisting a cyber resilient ecosphere by delivering a broad range of consulting services and cyber security solutions. We also aim to enable organisations build strength in line with business strategy, facilitate change, achieve their vision, optimize performance and cyber resilience. Our unique approach towards digital and security transformation in terms of providing complete visibility, embedded with virtual reiteration, automated tools and information services works as a catalyst in providing value-added offerings which is unheard of in the industry. This unique approach and industry-wide experiences has enabled us to help customers address various cybersecurity risks.

What can regional firms expect from Cyber Resilient Group in 2019? Our vision is to set new industry benchmarks and impart knowledge to our customers. To achieve this we would like to be their strategic knowledge partners wherein we can foresee and identify their challenges. Our focus would be raising awareness through different mediums including digital inclusion to educate our clients with the current and future trends of cyber resilience.

Kapil Matta, Cyber Resilient Group

How important is the role of security consulting firms like Cyber Resilient Group in terms of helping modern enterprises stay secure in the digital era? CRG works closely with clients to understand their corporate DNA, align with business strategies and identify lacunae in their current environment from people, process and technology perspective. it’s imperative for CRG to stay ahead of the curve and predict cyber security landscape and recommend scalable, futuristic solutions to ensure cyber resilient ecosphere for enterprises.

www.tahawultech.com

MAY 2019

37

FEATURE

THE BUSINESS OF SECURITY CYBERSECURITY IS INCREASINGLY BECOMING A HUGE AREA FOR INNOVATION AND WITH RENEWED INTEREST IN ONLINE SAFETY AND PRIVACY THE INDUSTRY IS ATTRACTING ATTENTION FROM THE INVESTMENT WORLD. HOWEVER, WITH THE LANDSCAPE BECOMING SATURATED, ARE CYBERSECURITY FIRMS AS GOOD AS BUSINESS INVESTMENTS? DANIEL BARDSLEY INVESTIGATES.

38

MAY 2019

www.tahawultech.com

T

he amounts that investors are pumping into cybersecurity companies are nothing short of eye-watering – and it should come as no surprise. The sector is in the middle of what has been described as a gold rush, with corporations spending heavily to secure their networks as potential threats appear to grow and the regulatory framework over data tightens. It makes sense, then, that some of the companies that supply these defences are seen as having excellent prospects and being ideal investment targets. According to a Washington, DC-based cybersecurity investor, Strategic Cyber Ventures, venture capital funding in cybersecurity companies increased by one fifth last year, reaching $5.3 billion, with about three-quarters of this being made in the United States. Among the biggest reported deals were those involving Tanium, which brought in $375 million in two rounds of funding, and AnchorFree, which raised

$295 million. At least half a dozen other companies in the United States attracted $100 million or more in funding. And this is a sector where ambitions are as big as the investments. The London-based Hoxton Ventures, which has been backing cybersecurity companies for the past five years, is among the investors looking for supersized success. “As a venture firm, we think about where is the next billion-dollar company going to come from. We try to find companies that are going to become winners in their market,” says Hussein Kanji, a partner in Hoxton Ventures. This is not mere talk: Hoxton Ventures is an investor in Darktrace, a UK-based cybersecurity company that has been valued at more than $1 billion. Among the other billion-dollar companies the cybersecurity sector has created is CrowdStrike, an endpoint security software specialist headquartered in Sunnyvale, California. CrowdStrike has attracted hundreds of millions of dollars from investors and, with its value put at $3 billion, is thought to be considering an initial public offering in 2019.

Hank Thomas, Strategic Cyber Ventures

“IF YOU GO TO THE BIGGER SECURITY TRADE SHOWS LIKE THE RSA CONFERENCE IN SAN FRANCISCO, THERE’S ROWS AND ROWS OF PRODUCTS THAT ARE NOT DIFFERENTIATED; THEY’RE ESSENTIALLY ALL THE SAME THING.” www.tahawultech.com

“There’s a whole bunch of new companies and they’ve grown and there’s investment that’s goes into these companies to fuel their growth,” says Kanji, adding, however, that there is not really “an open playing field for brand new companies” “A lot of the investment is going to bigger actors rather than new entrants,” he says. While the industry’s brisk expansion suggests ample investment opportunities, understanding the sector may not be easy; it takes expertise to distinguish between the countless companies around. “If you go to the bigger security trade shows like the RSA Conference in San Francisco, there’s rows and rows of products that are not differentiated; they’re essentially all the same thing,” says Hank Thomas, co-founder and CEO of Strategic Cyber Ventures, which was launched three years ago with $100 million in funding. “It’s really difficult for the buyer of products or for the investor. We’re able to cut through and to determine if someone is vapourware, snake oil.” Others too express concerns that cybersecurity has attracted entrants who lack credibility and so would make less-than-ideal investment targets. Professor Kevin Curran, a professor of cybersecurity at the Ulster University in the United Kingdom, says that there are people pitching products that are “doing nothing that’s not in your standard intrusion-detection system”. “I’m so aware of it. We’re having people coming to the university. These guys are just chancers,” says Curran. “I was talking to someone who

MAY 2019

39

FEATURE

invested in companies. The last few companies he invested in happened to be security. I was surprised he hadn’t done much due diligence. I said, ‘That doesn’t make sense,’ because there can be a lot of smoke and mirrors in security.” There are also concerns that the sector as a whole is overheated. Thomas at Strategic Cyber Ventures says “there’s a bit of a bubble”. “There’s too much money chasing too little value,” he says. “They’re just pumping as much money as they can to grab as much market share as they can.” He says that some companies have failed to translate the investments that they have received into commercial success. “A lot don’t generate enough revenue. They become zombies. They will float to the top and acquired,” he says. “It will be good to have less venture capital money because these crazy valuations will come down to earth. People can grow organically, not just for the optics for valuation.” Others too see a downside to the vast scale of the venture capital investments. In a report, the Swiss private bank Julius Baer says that “ample venture capital funding has led to a proliferation of cybersecurity firms, slowly compromising unit economics for the industry” and causing fragmentation. Also, the transition to cloud computing has led to a shift away from hardware to software, creating “new winners and losers”. The current “fast-moving threat landscape” favours “best-of-breed”

THE GEOGRAPHY OF CYBERSECURITY The United States has overwhelmingly been the dominant player when it comes to creating multi-billion-dollar cybersecurity companies, with all of last year’s half-dozen or so largest investments in cybersecurity companies involving American firms. Within the United States, Silicon Valley has produced many of the biggest cybersecurity companies, to the extent that about half of worldwide venture capital investment in cybersecurity has taken place in California. Yet, for all of the Golden State’s dominant position, other territories have developed a reputation for cybersecurity. “You don’t have to be Silicon Valley to be successful; you just have to have a little bit of Silicon Valley in you. Silicon Valley is too expensive,” says Hank Thomas of Strategic Cyber Ventures. Thomas says he is “geography agnostic” when deciding where to invest and, indeed, Strategic Cyber Ventures has made investments in cybersecurity companies based in its own home city of Washington, DC, the cybersecurity prospects of which Thomas is “bullish” about.

solutions, which could make it harder to forecast market share. So the cybersecurity industry is in a state of flux, and consolidation is widely forecast. What does all of this mean for investors and where they should put their money? Julius Baer recommends “a selective approach”. “We favour cybersecurity companies

Professor Kevin Curran, Ulster University in the United Kingdom

“THERE CAN BE A LOT OF SMOKE AND MIRRORS IN SECURITY.” 40

MAY 2019

He is also upbeat about the United Kingdom, with the country’s large intelligence and military sector offering the ideal environment for the emergence of cybersecurity companies. Hussein Kanji from Hoxton Ventures says that much impressive cybersecurity technology is coming out of Europe, but there are few cases where companies have grown to a huge size. “The challenge in Europe is to find companies that will grow and scale … There are not many people with the commercial nous to grow a really great business,” says Kanji. As of now, the Arab world, including the Gulf region, has yet to become a major player when it comes to developing cybersecurity technology. “Saudi, Qatar, the Emirates are consumers of the technology, but in terms of the innovation capacity, they’re not the leaders; they’re adopters of the technology,” says Kanji. However, with vast investments in universities and technology in the Gulf region, this situation might change and the Arab world could yet become a key player.

with exposure to the highest-growth segments of the industry, such as cloud security, next-generation endpoint security, email security, threat vulnerability, and identity and access management,” the bank says. At Strategic Cyber Ventures, the focus includes non-traditional cybersecurity companies, such as those dealing with deception technology. Thomas says he is keen on solutions that prevent further fragmentation in the cybersecurity defences of users. “Security teams are bringing in these one-off cybersecurity options, and your security team has 15 dashboards instead of one. We’re trying to invest in the things that make it easier for security teams to do their job,” he said.

www.tahawultech.com

Your Data. Multiple Clouds. One 360 Approach. Data Visibility

Data Protection

Gain granular understanding of the entire unstructured data landscape.

Compliance Readiness

Prove regulatory compliance, automate archiving and respond to eDiscovery matters.

Business Continuity

Minimize interruptions with one-click failover to any environment.

Ensure data recoverability for any workload; enable self-service access to virtual data copies.

INTELLIGENT CORE ClassiďŹ cation, Discovery, Policy Automation

Data/Workload Portability

Ensure freedom of data/workload movement and migration across locations and platforms.

Storage Optimization

Boost performance, scalability and availability across any storage while dramatically reducing cost.

www.veritas.com

0553006109

INSIGHT

WHY VULNERABILITY MANAGEMENT AND RESPONSE ARE MORE THAN JUST CHECKING PATCHES BY DEEPAK JACOB, VP AND HEAD OF CUSTOMER ENGAGEMENT, PALADION

I

t’s all too easy to dismiss vulnerability management as an exercise in automated scanning. But vulnerability scanning on its own is like your physician using a standard checklist of symptoms to examine you, then making out a prescription based purely on the ticks and crosses of the results. You can see what a hazard that could be to health. It could lead to useless or harmful medication, or mean failure to spot deeper or more serious problems. You would probably reject such a perfunctory assessment of your health or illness. Yet in a business IT context, many enterprises consider vulnerability scanners operating on a similar ticks and crosses basis to be all the vulnerability management and response they need. That doesn’t mean that automated scanning is bad. 95 percent of attacks are on known vulnerabilities (weak configurations) and not on zero day or APT type of attacks. Frequent scanning and prioritisation help weed out these vulnerabilities. On the contrary, virus scanners that are run regularly and frequently can help by ploughing through and flagging the 90 percent of vulnerabilities that are caused by out of date software, factory default configurations not being changed, unsuitable user privilege levels, and other banal issues. That’s already a huge help.

42

APRIL 2019

In larger enterprises, there may be millions of vulnerabilities to be resolved. There are often more security holes to plug than there are resources to plug them. So, somebody or something is going to have to decide which vulnerabilities to prioritise. Human beings typically can’t handle decision making with huge numbers of vulnerabilities. On the other hand, machine learning and AI expert systems can help pick out the key security holes to address. They can also create playbooks with step by step instructions for IT teams to follow, leveraging the power of IT and network management software to apply multiple solutions in multiple places. When it comes to making meaningful assessments of overall risk however, humans have the most to offer. They are also aware of needs that would make no sense to vulnerability management programs predicated entirely on “find it and fix it”. For example, a software development team might need to deliberately prevent the installation of anti-virus programs on their systems. Why? Because the extra load might skew results in the testing of the applications being developed. Ultimately therefore, the best vulnerability management and response program is a trifecta of scanning, smart systems, and human expertise, all

organised into robust processes and feedback loops. This combination helps businesses achieve satisfactory cyber security consistently while keeping pace with changing cyber threats. If enterprises do not have all these resources in-house, they can bring them in as a service from a suitable vulnerability management and response service provider. This enables faster prioritisation, as the provider constantly analyses intelligence from global threat feeds and active threats exploiting vulnerabilities in other environments. Our own service called MDR-VM helps enterprises intelligently manage vulnerabilities with a combination of AI and human experts. In fact, in terms of cost-effectiveness, up-to-date skillsets, and scalability, it often makes more sense to use such a service provider anyway. In doing so, enterprises can then move towards “left of hack”, meaning to a situation where more incidents and breaches are prevented, instead of remaining “right of hack” and having to cope after attacker have struck. This is like having a smart physician to keep you well instead of having to cure you after you fell ill. And whether you measure the benefit in terms of peace of mind, risks averted, or hardship avoided, such cyber “well-being” is what every business should be aiming for.

www.tahawultech.com

Specialized Cyber Security & IT Distribution in META Region We cover all top 20 Critical Security Controls

emt.ae emtMETA.com