ISSUE 43 | NOVEMBER 2019
WWW.TAHAWULTECH.COM
INTERVIEW: MANAGEENGINE’S RAJESH GANESAN TLIGHT: EVENT SPO
URITY C E S R E N T GAR EMENT G A N A M K & RIS SUMMIT
REVIEW:
RING DO OR VIEW CA M DO YOU NEED TO GET A CYBERSECURITY CERTIFICATION?
TAKING
ACTION
CROWDSTRIKE’S RAWAD SARIEDDINE ON HOW PROACTIVE THREAT HUNTING CAN ENABLE RESILIENT CYBER DEFENCES
CONTENTS
18 20
12
TAKING ACTION
CrowdStrike’s Rawad Sarieddine on why enterprises need to develop proactive security strategies
22
8 TRUSTED ACCESS
32 A TALE OF TWO TECHNOLOGIES
16 EVENT SPOTLIGHT
29 THE COST OF STAYING SECURE
38
ManageEngine unveils its latest privileged access security offering
Gartner reveals top industry trends and predictions at Security and Risk Management Summit in Dubai
Industry experts discuss how business leaders can make wise security investments
How organisations can overcome security roadblocks in the IT-OT convergence
36 REVIEW
Why Ring’s Door View Cam is a standout in the smart home security market
ZERO TRUST SECURITY
How a zero trust world can make organisations more secure
Proven Innovation Since 1983
500+ Workloads
www.veritas.com
150+ Storage Targets
60+ Clouds
Any deployment model
EDITORIAL
HAPPY HUNTING Talk to us: E-mail: adelle.geronimo@ cpimediagroup.com
Adelle Geronimo Editor
EVENTS
Many organisations today are too preoccupied with responding to cyber-attacks that they are often just playing a cat and mouse game with the bad guys. Each year, the volume of threats continues to rise with industry experts indicating as many as 360,000 new types of malware being identified daily. As cybercriminals become more formidable than ever, enterprises can no longer afford to simply react to cyber-attacks. In order to overcome the evolving and growing number of threats, organisations need to embrace new approaches and be more proactive in their cyber defence strategies. A proactive approach attempts to thwart incidents before they evolve into a catastrophic security breach. It anticipates potential risks and weaknesses within a system and fixes them before they can be exploited. One of the key methods organisations can implement is threat hunting, which entails security teams proactively seeking out and engaging with
the enemy, rather than passively waiting for them to make their move. This month’s cover features CrowdStrike’s Rawad Sarieddine who detailed how threat hunting can enable enterprises to bolster their defence strategies by turning the tables against the threat actors. Last month also saw the Gartner Security and Risk Management summit held in Dubai. At the event top industry players and analysts shared insights into the trends impacting the threat landscape and how security leaders can prepare for what’s ahead. At the sidelines of the event, I had an interesting conversation with Gartner’s research VP Jeffrey Wheatman who shared insights into the human factor of cybersecurity and why everyone within the organisation has a role to play in the success of any security strategy. As there is no silver bullet when it comes to security, winning against the bad guys requires an all-hands on deck approach.
“ORGANISATIONS NEED TO EMBRACE NEW APPROACHES AND BE MORE PROACTIVE IN THEIR CYBER DEFENCE STRATEGIES.”
Published by FOUNDER, CPI MEDIA GROUP Dominic De Sousa (1959-2015)
Publishing Director Natasha Pendleton natasha.pendleton@cpimediagroup.com +971 4 440 9139 ADVERTISING Group Sales Director Kausar Syed kausar.syed@cpimediagroup.com +971 4 440 9130 Business Development Manager Youssef Hariz youssef.hariz@cpimediagroup.com +971 4 440 9111 Senior Sales Manager Sabita Miranda sabita.miranda@cpimediagroup.com +971 4 440 9128
EDITORIAL Online Editor Adelle Geronimo adelle.geronimo@cpimediagroup.com +971 4 440 9135
DESIGN Senior Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 440 9140
Contributing Editors Daniel Bardsley Mark Forker Giorgia Guantario Sharon Saldanha
Designer Mhar Delaben marlou.delaben@cpimediagroup.com +971 4 440 9156 PRODUCTION Operations Manager Cherylann D’Abreo cherylann.dabreo@cpimediagroup.com +971 4 440 9107
DIGITAL SERVICES Web Developer Jefferson de Joya Abbas Madh
Registered at Dubai Production City, DCCA PO Box 13700 Dubai, UAE
Photographer Charls Thomas Maksym Poriechkin
Tel: +971 4 440 9100 Fax: +971 4 447 2409
webmaster@cpimediagroup.com +971 4 440 9100
Printed by Al Ghurair Printing and Publishing © Copyright 2019 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
NEWS
US-BASED THOMA BRAVO MAKES ETISALAT TO ACQUIRE HELP AG’S UAE AND SAUDI $3.9 BILLION BID FOR SOPHOS ARABIA OPERATIONS $35 billion in investor commitments. UAE-based telco Etisalat has announced has signed a deal to acquire full ownership of cybersecurity firm Help AG’s businesses in the UAE and Saudi Arabia. The value of the deal was not disclosed. According to a statement to the Abu Dhabi bourse, Etisalat said the acquisition of the cybersecurity company is part of plans to diversify operations. It also said that the deal will enable the telco to accelerate the growth of its existing cyber security activities and allow for further expansion across the region. In statement published by Help AG on its website, the company said, “Postcompletion of the transaction, Help AG will continue to operate as a separate legal entity under Etisalat Digital focusing on the joint cybersecurity portfolio.” The company noted that the transaction is subject to applicable approvals and customary closing conditions. Founded in Germany in 1995, Help AG offers enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements.
$1.7 BILLION
FORECASTED VALUE OF SECURITY AND RISK MANAGEMENT SPENDING IN MIDDLE EAST BY 2020 SOURCE: GARTNER
6
NOVEMBER 2019
Global cybersecurity firm Sophos has announced that Thoma Bravo, a USbased private equity firm, has made an offer to acquire the firm for $7.40 per share, representing an enterprise value of approximately $3.9 billion. The board of directors of Sophos have stated their intention to unanimously recommend the offer to the company’s shareholders. Thoma Bravo is a private equity firm focused on the software and technology enabled services sector with more than
With a 40-year history, Thoma Bravo has acquired more than 200 software and technology companies representing more than $50 billion of value. Thoma Bravo is one of the most active and experienced private equity firms investing in software and technology companies, and cybersecurity in particular. It is known for working with a company’s management team to implement best practices, invest in growth initiatives, drive innovation, and deliver superior operating results. Kris Hagerman, CEO, Sophos, said, “Sophos is actively driving the transition in next-generation cybersecurity solutions, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more. We continue to execute a highly-effective and differentiated strategy, and we see this offer as a compelling validation of Sophos, its position in the industry and its progress.”
NEW THINK TANK TO SPOTLIGHT CYBERSECURITY IN DUBAI Dubai Electronic Security Center (DESC) has recently launched “Dubai Cyber Think Tank,” a first-of-its-kind initiative in the Middle East. The initiative has been launched to become an interactive platform for collective brainstorming via high level focus groups to conduct research, discussion and recommendations between DESC and all other participating public and private sector entities, to define and design innovative solutions to current and future cyber threats. Jassim Mohammed, Security Operations Manager, DESC, said, “’Dubai Cyber Think Tank’ is set to build a coordinative platform to synergise and liaise the ideas, viewpoints and propositions between DESC and other Dubai public departments and organisations. This will be achieved through high level group discussions
and workshops to exchange expert perspectives upon defining prioritised objectives. The priorities of the platform include confronting and resolving the current and future cyber challenges and risks as well as contributing to the development of proactive policies and frameworks for the cybersecurity of Dubai.” The think tank will focus on developing detailed reports with the results of all scientific research and studies that will help develop cyber security strategies, policies and methodologies for public and private organisations. This will be based on the recommendations culminating from these studies and research findings which will also be documented within an annual report highlighting conclusive findings of Dubai Cyber Think Tank editions and its role in developing new and innovative policies.
www.tahawultech.com
NEWS
HUMAN VULNERABILITIES CAUSE THE MOST DEVASTATING CYBERSECURITY BREACHES: STUDY EMILE ABOU SALEH, PROOFPOINT
A majority of targeted cyber-attacks are successful because of human error, according to the latest study by cybersecurity and compliance company Proofpoint. The survey, which was conducted by The Economist Intelligence Unit on behalf of Proofpoint, determined ways to help organisations gauge the frequency and severity of people-centric data breaches, and the steps companies are taking to address them. Respondents, which included CIOs and CISOs and corporate executives, overwhelmingly identified people-
centric threats as the cause for the most detrimental cybersecurity breaches, which include sociallyengineered attacks and human errors, rather than failure of technology or process. “More than 99 percent of targeted cyber-attacks depend on human interaction to be successful,” the study noted. The study also encouraged security teams need to know exactly who within their organisation is being targeted and why—and educate their people on best security practices. “Cybersecurity has clearly evolved into a human challenge as much as a technical challenge,” it said. “Cyber-attacks are affecting businesses worldwide and Middle East organisations are no exemption. We are committed to continue to
support our partners and customers by providing advanced intelligence along with cybersecurity awareness training for better protection against an ever-evolving threat landscape,” said Emile Abou Saleh, regional director, Middle East and Africa for Proofpoint. The study further highlighted that a majority of executives surveyed (85 percent) agree that human vulnerabilities cause the most detrimental cybersecurity breaches rather than failure of technology or process. It also revealed that 86 percent of executives surveyed have experienced at least one data breach in the past three years, with well over half (60 percent) having experienced at least four.
88% OF TOTAL COMPANY DATA IS DARK OR ROT: VERITAS JOHNNY KARAM, VERITAS
Veritas Technologies’ latest Middle East Databerg Report revealed that UAE businesses are failing to manage their dark (unclassified) and Redundant, Obsolete or Trivial (ROT) data, which is slowing cloud adoption. The study noted that sitting at 88 percent of total company data, dark and ROT data has significantly contributed to respondents failing to reach their own targets for cloud migration. While last year’s prediction of cloud storage uptake was 55 percent, the actual uptake this year was just 45 percent. The report indicated that the volume of data which is either dark or
www.tahawultech.com
ROT has remained consistently high over the past three years. Johnny Karam, Vice President of Emerging Markets at Veritas, said, “Data is central to the digital transformation in the UAE and yet, our study reveals that businesses are crying out for a better and simpler way to manage their data in order to reap the rewards of the cloud. Unfortunately, the UAE businesses surveyed fail to realise the true potential of the cloud because of poor data management, creating a vicious circle of rising IT costs and missed opportunities. Embracing a hybrid
cloud model will enable businesses to better manage their budgets while benefitting from improved backup and ransomware protection capabilities. In addition, prioritising the management and protection of valuable, missioncritical data, while illuminating dark and deleting ROT data, will help boost operational efficiencies and business transformation.”
NOVEMBER 2019
7
INTERVIEW
TRUSTED ACCESS IN AN EXCLUSIVE INTERVIEW WITH SECURITY ADVISOR ME, RAJESH GANESAN, VICE PRESIDENT, MANAGEENGINE, DISCUSSED HOW THE FIRM’S LATEST PRIVILEGED ACCESS SECURITY OFFERING CAN ENABLE ORGANISATIONS TO MAINTAIN CONTROL AND VISIBILITY INTO THEIR CRITICAL ASSETS AS THEY ADOPT ZERO-TRUST MODELS.
A
s organisations increasingly embrace digital technologies, many security teams are facing challenges in maintaining managing and protecting various assets and systems that reside in multiple environments. Traditional IT perimeters are becoming more fluid and dynamic as fast-growing technologies like cloud, mobile and virtualisation make the security boundaries of an organisation blurry.
“ENTERPRISES NEED TO HAVE A 360-DEGREE APPROACH TO PRIVILEGED ACCESS SECURITY TO GAIN COMPREHENSIVE VISIBILITY INTO WHO GETS ACCESS TO THEIR ASSETS AND STAY AHEAD OF THE GROWING THREATS.” 8
NOVEMBER 2019
In the face of growing threats, it is now more important than ever for organisations to implement strategies and solutions to manage and control access to enterprise systems and data. Today, privileged access security has become one of the top IT priorities for CISOs as they seek to reduce the risks of cyber-attacks by protecting their organisations from unauthorised access. The importance of implementing privileged access management (PAM) solutions is undeniable. Fundamentally, a user with privileged access holds the keys to the kingdom, access to the highly valuable and confidential information, which are attractive to cybercriminals. However, as privileged access solutions are typically centred on users, organisations need to implement a comprehensive PAM
www.tahawultech.com
solution that will allow them to gain the right visibility and control over who gets to access their assets. When privileged accounts are used in unintended ways, it can cause security incidents that could have a devastating impact on an organisation’s reputation and bottom line. “Monitoring and regulating access to privileged accounts are critical to enterprise security,” said Rajesh Ganesan, vice president, ManageEngine. “When people access systems and information that they are not supposed to, they leave their organisations susceptible to data security breaches,” he explained. According to Ganesan, organisations today need to employ a ‘zero-trust’ approach, which requires strict verification for every person or entity attempting to access critical controls and data, regardless of whether they are sitting within or outside of the network perimeter. “In addition, enterprises need to have a 360-degree approach to privileged access security to gain comprehensive visibility into who gets access to their assets and stay ahead of the growing threats,” said Ganesan. To enable organisations to achieve this, ManageEngine has launched PAM360, a complete privileged access security solution that offers enterprise-grade capabilities in privileged access governance, including just-intime controls and privileged user behaviour analytics (PUBA). “ManageEngine has strong security offerings such as password manager, active directory infrastructure, security information and event management (SIEM) and IT analytics among others,” said Ganesan. “With PAM360, what we have done
www.tahawultech.com
is integrated those solutions with PAM to provide organisations with a unified and comprehensive approach to privileged access security.” In addition, Ganesan noted that security should always be a business enabler and should not impede productivity within the organisation. That’s why PAM360 allows security teams to orchestrate and automate workflows from a central console. “PAM360 also record videos of privileged sessions, which allows security teams to better monitor users that access critical resources,” he explained. Equipped with user behaviour analytics, PAM360 also creates baseline behaviours and detect anomalies in privileged account activity by correlating privileged access data with endpoint event
logs. This accelerates remediation on privileged access misuse. When it comes to developing their security strategies, organisations often focus on external threats and overlook internal ones. The human factor plays a vital role in cybersecurity. “That’s why, more than having the latest tools in the market, we believe that there should be constant education and training within the workplace,” said Ganesan. “Organisations need to instill a security-aware culture by ensuring that everyone within the enterprise has a proper understanding of the cyber risks and the proper steps to take action. At ManageEngine, we are committed to providing our customers not only with the best security tools like PAM360 but also with proper training and education on the skills they need to stay cyber resilient,” he said.
NOVEMBER 2019
9
INTERVIEW
SECURING THE 5G FUTURE EKOW NELSON, MANAGING DIRECTOR, GLOBAL CUSTOMER UNIT FOR ETISALAT AT ERICSSON AND HEAD OF ERICSSON PAKISTAN, DISCUSSES HOW 5G TECHNOLOGY WILL TRANSFORM INDUSTRIES AND HOW SECURITY WILL ENABLE THE SUCCESS OF THE EVOLUTION OF MOBILE NETWORKS.
W
hat are the most exciting developments in the Middle East’s technology landscape over the last 12 months? Over the past year, we have seen the first commercial 5G networks go live. 5G is poised to be one of the fastest generations of cellular technology to be deployed globally, and we expect to see it make a profound impact within the MEA region. By 2024, 90 percent of subscriptions in the MENA region are expected to be for mobile broadband, reaching 30 million subscribers in the region. One of the first application for 5G will be enhanced mobile broadband primarily addressing consumers with new services and experiences. As advanced ICT markets, such as those of the GCC countries, increase their demand for new use cases powered by enhanced mobile broadband capabilities, the number of mobile broadband subscriptions to double from 860 million to 1630 million over the next six years. The majority of the 5G subscriptions in the MEA are expected to come from advanced ICT markets like Saudi Arabia, UAE and Qatar.
10
NOVEMBER 2019
What do you think are the biggest trends that will transform the telecommunications sector? Smartphone user behaviours are shifting with video consumption set to rise with 5G. Ericsson has released a new ConsumerLab report, 5G Consumer Potential, which highlights the value of 5G for consumers and outlines the opportunities available for communications service providers. We found that that consumers expect 5G to provide relief from network congestion in the future. Consumers also demand more home broadband choices to be available once 5G is launched. Saudi Arabia emerges as one of the markets with highest consumer awareness of 5G and its promises together with China, South Korea, the US and Italy. How are you innovating to ensure that your offerings are future-proof? Our increased our investment in Research and Development has put us in a leading position the market and we continue to redouble our efforts to stay ahead of the curve – anticipating what the market needs, and working with our operator customers, partners and standards to push the frontiers of innovation.
Ericsson is continuously testing, learning and pushing the boundaries of how 5G can meet the diverse needs of the future. We spotlight technologies enabling and driving 5G for new services, applications and industries, the role of the core and virtualisation in 5G investment as well as advancing network operations through analytics and AI. What role will security play in enabling the success of 5G? Security and privacy are cornerstones for 5G to become a platform for innovation. Mobile systems pioneered the creation of security solutions for public communication, providing a vast, trustworthy ecosystem – 5G will drive new requirements due to new business and trust models, new service delivery models, an evolved threat landscape and an increased concern for privacy. So far, the drivers for mobile network evolution have mainly been about improving throughput and latency as well as being able to better support the mobile internet. The drivers for security have remained in place to provide a trustworthy basic connectivity service. This basic trust will continue to be a driver for 5G networks as a high data-rate, mobile broadband service.
www.tahawultech.com
CABLE SOLUTIONS FOR BUILDINGS AND INDUSTRIAL
COPPER SOLUTIONS | FIBER SOLUTIONS | DATACENTER SOLUTIONS | TELECOMMUNICATION SOLUTIONS | FIREPROOF CABLES | COAXIAL CABLES INSTRUMENTATION & AUDIO CABLES | CABINET & ACCESSORIES
SURVEILLANCE SYSTEM
AUDIO MATRIX SYSTEM | FIREPROOF CEILING LOUDSPEAKERS | CEILING, HORN, PROJECTION, COLUMN & WALL MOUNTED LOUDSPEAKERS MIXER & POWER AMPLIFIER | HANDHELD & PAGING MICROPHONE
PUBLIC ADDRESS SYSTEM
ANALOG BULLET CAMERA | DOME CAMERA | PTZ CAMERA | DVR | IP BULLET CAMERA | DOME CAMERA | PTZ CAMERA BOX CAMERA | NVR | EXPLOSION PROOF CAMERA
Norden Brands
Norden Communication UK Ltd
Unit 13, Baker Close, Oakwood Business Park Clacton-on-Sea,CO15 4BD, Essex, United Kingdom Tel: +44 [0] 1255 474063. E-mail: support@norden.co.uk
www.nordencommunication.com
COVER FEATURE
TAKING ACTION
RAWAD SARIEDDINE, SENIOR DIRECTOR AT CYBERSECURITY AND THREAT RESPONSE SERVICES FIRM CROWDSTRIKE, DELVES INTO THE GROWING THREAT LANDSCAPE AND SHARES INSIGHTS INTO HOW ORGANISATIONS CAN TURN THE TABLES AGAINST THE BAD GUYS BY EFFECTIVELY TRACKING THREATS IN THE CYBER HUNTING GROUND.
E
very year organisations from across the world are increasing their security budgets to invest hundreds of billions of dollars into the latest cybersecurity products, services, and training. Yet, cyber-attacks and data breaches persist and remain a regular occurrence. A recent study by Cybersecurity Ventures revealed that cybersecurity spending is expected to exceed $1 trillion by 2021. However, it also noted that annual global losses from cyber-attacks are expected to hit $6 trillion by the same year. These concerning figures show how current cybersecurity models are becoming inept and outdated. Many security
12
NOVEMBER 2019
strategies are still only focused on building up perimeter defences and deploying solutions that are aimed at stopping malware. All the while, adversaries are growing more sophisticated and disruptive, outpacing the advancements in defence technologies, processes and policies. Among the latest threats permeating in the cyber landscape today is malware-free attacks. Malware-free attacks execute malicious scripts by piggybacking on legitimate software packages. “Typically, malware-free compromises involved taking a legitimate process, that is part of the operating system, hijacking it in some way and causing it to perform nefarious tasks at the bidding of the threat actor,” says Rawad Sarieddine, senior director, CrowdStrike. “One method might be to inject some malicious code, allowing the hacker to take
www.tahawultech.com
“ENTERPRISES CAN NO LONGER RELY ON PASSIVELY DEPLOYED TECHNOLOGY ALONE TO COMBAT MODERN THREATS.”
www.tahawultech.com
NOVEMBER 2019
13
COVER FEATURE
control of the process, or to simply use a browser or application to connect to command and control servers outside the organisation,” he explains. Following this, the attacker is free to take a variety of actions – downloading malicious content, creating backdoors to return later, or begin exfiltrating data at their leisure. A good example of this attack is the notorious Equifax breach in late 2017, which saw huge numbers of records compromised. Cybercriminals accessed the details of about 150 million consumers, across the US, UK and Canada. The breach entailed hackers exploiting a command injection vulnerability by remotely executing a malicious code that allowed them to manipulate an open-source enterprise software called Apache Struts. “Unfortunately, these kinds of attacks are becoming increasingly common and we can see more incidents like this happening in the future as fraudsters look for new ways to circumvent cyber defences,” says Sarieddine. According to Sarieddine, while legacy technologies and solutions such as antivirus, application control, whitelisting, Indicators of Compromise (IOCs) and sandboxing are still critical components for staying secure, they are simply no longer enough. “Given today’s threat landscape, enterprises need to re-think what measures they can put in place to protect themselves against these new breeds of attacks.” Sarieddine encourages them to use next-gen cybersecurity solutions that focus on stopping the breach, not just viruses and malware like in legacy solutions. “These kinds of solutions will give them a comprehensive view of the entire spectrum of attack tactics, techniques and procedures (also known as ‘TTPs’).” More than employing the latest tools and solutions in the market, Sarieddine
14
NOVEMBER 2019
“A MODERN WELLESTABLISHED THREAT HUNTING FUNCTION INSTANTLY AMPLIFIES THE SECURITY CAPABILITIES OF ORGANISATIONS.” also encourages organisations to shift their security approach from being reactive to a proactive one. “Enterprises can no longer rely on passively deployed technology alone to combat modern threats,” he says. “To prevent any kind of breach, proactively hunting for threats, investigating leads and examining behaviours that evade common security tools are vital in providing a last line of defence for organisations of all sizes.” Currently, the most common threat detection processes and technologies are still passive in nature. While they leverage automated tools, behavioural analytics and machine learning, they are mostly based on static rule sets, which still open risks of threats slipping through the cracks. “Threat hunting transforms an organisation into one that has an active detection mindset that embraces the human element in proactively looking for anomalies, suspicious behaviours and clues to uncover the stealthiest of attackers,” explains Sarieddine. The threat hunting process entails searching and discovering cyber threats — regardless of whether they have reached unexploited network vulnerabilities or have already bypassed defense solutions. It requires having a practical understanding of cyber threats, strong critical thinking, and problem-solving skills together with technical expertise.
“A modern well-established threat hunting function instantly amplifies the security capabilities of organisations,” says Sarieddine. “This is because this process augments the detection and protection offered by existing security teams, providing valuable insights and context and reducing alert fatigue, allowing organisations to outmatch sophisticated human attackers and insider threats.” Sarieddine points out that while threat hunting tools leverage some levels automation in the detection and response processes, by integrating machine learning and cloud analysis, the human factor plays an essential role in augmenting these capabilities. “This element, the human expertise, is crucial because much of the proactive hunting relies on human interaction and intervention,” he explains. Another key element for the success of a threat hunting strategy is threat intelligence. It provides valuable context, by cross referencing organisational data with external regional and global threat trends. “By assessing premium threat intel
www.tahawultech.com
“AS WE CONTINUE TO INVEST IN THE LATEST INNOVATIONS AND DEVELOP INDUSTRY BEST PRACTICES IN THREAT HUNTING AND IN CYBERSECURITY AS A WHOLE, WE BELIEVE WE WILL PLAY A PIVOTAL ROLE IN ENABLING MIDDLE EAST FIRMS BUILD STRONG AND RESILIENT CYBER DEFENCES.” feeds, organisations can benefit from gleaning insights from a large pool of crowdsourced attack data,” says Sarieddine. “This will help them in deriving the right context to alerts, weeding out false signals and focus on relevant leads. It will also enable them to deploy the appropriate indicators to security devices for preventing successful cyber intrusions.” Despite its discernible benefits and companies increasingly acknowledging the need to adopt proactive cyber threat hunting practices, many are struggling to adapt. There are two main reasons why organisations become unsuccessful in building their own threat hunting practice, according to Sarieddine.
www.tahawultech.com
“Firstly,” he says, “many organisations find maintaining a high-quality, roundthe-clock threat hunting operation as well as finding the right talents are prohibitively expensive. “Second is the lack of visibility and access to comprehensive threat data, which make hunting teams oblivious of the global trends and keep them in the dark,” he explains. Employing managed threat hunting services can pave the way to filling these critical gaps that enterprise security teams face. “We invite CISOs to partner with strong threat hunting providers that are equipped with top talent and global visibility of threat landscape, in their journey to build these capabilities in-house,” he says.
“They need to look for a threat hunting partner that has an ample and adept human capital, the ability to gather and store wealth of threat data and access to comprehensive threat intelligence.” CrowdStrike has been at the forefront of this market need for many years. It has a dedicated and holistic cybersecurity solution that offers prevention and endpoint detection and response (EDR) called Falcon Complete. “This comprehensive offering is complemented with a managed threat hunting service manned by world-class threat hunters,” says Sarieddine. “CrowdStrike Falcon OverWatch brings together all three prongs in a 24/7 security solution that proactively hunts, investigates and advises on threat activity in an organisation’s environment. He adds that Falcon Overwatch constantly looks into millions of indicators with weak signals and silent detections, that are guaranteed to fly under the radar of traditional endpoint protection and EDR solutions. In the Middle East, enterprises are increasingly employing the expertise of managed cybersecurity services, with 57 percent of the region’s organisations using MSS providers, according to a recent study by SANS Institute. Furthermore, rapidly emerging nations like the UAE are showcasing strong demands for proactive threat hunting as regional firms constantly update their cybersecurity measures. “We foresee high demands for pure threat hunting technologies, services and talents in the coming years,” says Sarieddine. “CrowdStrike is uniquely positioned to meet these future demands from regional firms. As we continue to invest in the latest innovations and develop industry best practices in threat hunting and in cybersecurity as a whole, we believe we will play a pivotal role in enabling Middle East firms build strong and resilient cyber defences.”
NOVEMBER 2019
15
GARTNER SECURITY AND RISK MANAGEMENT SUMMIT
THE BUSINESS OF RISK GARTNER SECURITY AND RISK MANAGEMENT SUMMIT, HELD AT THE CONRAD HOTEL IN DUBAI, SHED LIGHT ON SOME OF THE LATEST CYBERSECURITY THREATS AND SOLUTIONS IN THE INDUSTRY.
W
ith over 350 attendees ranging from industry experts to IT, security and business leaders, the Gartner Security and Risk Management Summit provided an update on the latest trends and developments in the security landscape. The two-day event saw top analysts from Gartner explore various security and risk management trends and share predictions as to how they will impact regional businesses in the longer term. According to Gartner, the enterprise information security and risk management spending in the Middle East and North Africa (MENA) will total $1.7 billion in 2020, an increase of 10.7 percent from 2019. Sam Olyaei, research director, Gartner, highlighted that the double-digit growth is a reflection of how organisations in MENA region are coming up to speed with their global counterparts in adopting information security and risk management solutions. He added that an evolving threat landscape
and the advent of digital transformation is forcing local security and risk leaders to re-evaluate their spending priorities. Another forecast that was highlighted at the summit was that security services and network security will continue to be the top two security and risk management spending priorities for CISOs in MENA. Both segments will account for 66 percent of total security and risk management spending in 2020. Managed Security Services include services that involve security processes such as monitoring, detection, and response. “We continue to see a pervasive shortage of talent in the region, especially as it relates to tactical functions, and this has pushed leaders to leverage managed security service providers (MSSPs) and other consultants to manage their operational capabilities,” said Olyaei. Gartner also noted that despite smaller levels of spending, cloud security and data security will continue to remain the fastest-growing
$1.7
BILLION FORECASTED SECURITY AND
RISK MANAGEMENT SPENDING IN MENA BY 2020
16
NOVEMBER 2019
segments for enterprise security and risk management spending. A shift to a cloud-first strategy remains a priority in MENA, especially as major cloud service providers set up shop in the region. Furthermore, the Data Protection Law (DPL) implemented in Bahrain in April 2019 and the possibility of United Arab Emirates (UAE) to deploy strict data privacy rules by the end of 2020 have compelled MENA organizations to rethink their data security framework to continue doing business in the region. As a result, Gartner predicts that by 2020, investment in data security will total $72 million, an increase of 26 percent year over year. The analyst firm attributed the growing spending in security and risk management to boardrooms finally making it a priority locally. It noted that CISOs in MENA are seeking to improve their communication with the board of directors who have more visibility on security, threats and vulnerabilities than ever. “Simply put, executives are beginning to realize the true business impact of cybersecurity,” said Olyaei. “It is no longer a matter of if, but when and executives are demanding that their leaders continue to facilitate business outcomes.”
www.tahawultech.com
Get Everything SD-WAN Has To Offer
SD-WAN can deliver reduced WAN costs. But it can’t be at the expense of Security. Fortinet’s Secure SD-WAN solution provides full SD-WAN capabilities with all of the Next Generation Security features needed for today’s ever-changing threat landscape.
www.fortinet.com Copyright © 2019 Fortinet, Inc. All rights reserved.
GARTNER SECURITY AND RISK MANAGEMENT SUMMIT
T
he human aspect is often considered as the weak link of any security strategy. Is the lack of communication a big factor as to why people still fail to see the importance of cybersecurity? Yes. I believe communication is ultimately about getting people with different perspectives and backgrounds to understand the issues around cybersecurity. So, for example, when you talk to executives about the fact that people within their workforce are causing the gaps in their security strategies, their solution is usually to issue stricter policies for reprimanding those who commit security blunders. However, this is not an ideal solution. Accountability and responsibility should not be projected as burdens that punish employees. Doing so will only stifle employee productivity and hinder them from supporting the goals of the business. So, the key thing to understand is how they can bring everyone within the organisation together and help them understand what the risks are. There are
18
NOVEMBER 2019
THE HUMAN FACTOR
AT THE SIDELINES OF THE RECENTLY HELD GARTNER SECURITY AND RISK MANAGEMENT SUMMIT, JEFFREY WHEATMAN, RESEARCH VICE PRESIDENT, GARTNER, SAT DOWN WITH SECURITY ADVISOR ME TO DISCUSS THE IMPORTANT ROLE THAT THE HUMAN FACTOR PLAYS IN CYBERSECURITY.
some people who are innately helpful and kind, and they will sometimes respond to emails or click on links without doing their due diligence to check if a certain communication is from a legitimate member of the company. This is what hackers are often banking on when conducting phishing attacks or social engineering. That’s why there should be constant
education within the workplace to help every individual recognise what a potential attack looks like. IT and business leaders need to find a way to get their employees to internalise these things and understand what the risks are to the business, their personal finance, their family and so on. There should also be regular training to help them understand the proper steps they
www.tahawultech.com
“THE CEO IS NOT RESPONSIBLE FOR SECURITY. HOWEVER, THE CEO AND THE EXECUTIVE MANAGEMENT TEAM NEED TO BE ACCOUNTABLE FOR THE DECISIONS THAT ARE BEING MADE AROUND SECURITY STRATEGIES AND INVESTMENTS.” can take to thwart these attacks. For a security strategy to be a success, there needs to be a security culture within the organisation.
informed and valid decisions. Unfortunately, that accountability is not shifting as rapidly as we would like. And CISOs and security risk leaders are often becoming the scapegoats when cyber incidents escalate.
What organisations need to understand is that there is a difference between being responsible and accountable? What organisations need to understand is that there is a difference between responsible and accountable. The CEO is not responsible for security. However, the CEO and the executive management team need to be accountable for the decisions that are being made around security strategies and investments. All organisations, whether they are in the public or private sectors, have to keep a balance between protecting and running the business. With every risk that an organisation face, someone needs to be responsible for evaluating them and say, ‘Yes, we’re okay to accept that risk,’ or ‘No, we are not.’ The business, the board and the C-level executives need to be making those decisions, be held accountable for them. As for CISOs and other security leaders, their responsibility is to provide all the necessary information to the C-level executives so they can make
Artificial intelligence and machine learning are the latest buzzwords in the industry today. So, how do you think will AI and machine learning help close the skills gap? AI and machine learning are doubleedged swords because the attackers are using the same technologies to exploit security vulnerabilities. For those organisations who are considering buying an AI-enable solution and deploying machine learning technologies, they need to ask their vendors first, ‘What does your tool do better with AI than it did without it?’, ‘What does your tool do that it didn’t do before you had AI?’ and ‘How did AI make your offering better than your competitors.’ When it comes to automating solutions, you first need to understand what the different processes are within your organisation. Failing to do so will only do more harm than good especially for large enterprises that use multiple processes. That being said, AI is very instrumental in reducing cumbersome
www.tahawultech.com
tasks like data and event management. If you have hundreds of millions of threat data that you need to evaluate automated tools can help you get rid of the background noise. It is also helpful in analysis aspects such as basic blocking and patching. Increasingly automation is also becoming helpful in penetration testing and vulnerability management. There are no perfect solutions, but these tools can get us closer to where we need to be. How do you think will security roles transform in the next 12 months? So, I think we need to see more security and risk leaders who have a business acumen and can understand a profit and loss (P&L) statement. We need those who can go in front of the board of directors and have an engaging conversation about why security is an important investment instead of just throwing technical jargon at them. I believe security and risk management leaders, both here in the Middle East and across the globe, will play an important role within businesses going forward. They will be instrumental in helping build a consensus between the IT and business functions of the organisation in terms of making decisions around security strategies.
NOVEMBER 2019
19
INTERVIEW
KEEPING NETWORKS SAFE PRINCIPAL SECURITY STRATEGIST RICHARD BEJTLICH DISCUSSES HOW ORGANISATIONS CAN LEVERAGE CORELIGHT TO BOLSTER BOTH THEIR PREVENTIVE AND PROACTIVE SECURITY STRATEGIES.
C
orelight is primarily leveraged for security use cases such as threat hunting with its network transaction logs. Can you explain what are the use cases for Corelight? First, Corelight, on its own, is a completely passive system. It is an observation platform, from which one can understand the network. No one is going to degrade, disrupt, or otherwise impair the network by properly deploying Corelight. The system simply listens for traffic provided by a network tap, traffic broker, switch span port, or virtual private cloud traffic mirroring source. Second, Corelight’s transaction logs are essentially compact, high-fidelity descriptions of how the network is being used. Its data is inherently “policy neutral,” meaning that the software observes, distills, and records what it sees, regardless of whether an outsider considers it good, bad, or indifferent. “Out-of-the-box” Corelight is keeping
20
NOVEMBER 2019
track of what it sees, working as a platform upon which many networkcentric capabilities can be built. Third, Corelight retains data that its programmers have found to be most useful for those trying to understand their network. Corelight gives administrators, engineers, analysts, scientists, and others, the data they need in a format they can most efficiently use. For example, when working with Javascript Object Notation (JSON) formatted output, the logs are essentially self-documented text files,
readable by humans and easy-to-share for collaborative analysis. Now that we know that Corelight is a passive system, describing network use, and offering the right data for analysis, what are the other applications for Corelight that goes beyond threat hunting? Let me give you an example that’s based on a real event and is applicable to many organisations. A component of a global company wanted to tighten up the security systems
“IF AT SOME POINT THE ORGANISATION SUSPECTS IT HAS BEEN COMPROMISED, THAT DATA WILL BE INVALUABLE. USING CORELIGHT DATA, ORGANISATIONS CONDUCTING INCIDENT RESPONSE CAN BETTER DETERMINE THE SCOPE AND DURATION OF THE INCIDENT, STRETCHING BACK AS FAR AS THE STORED DATA ALLOWS.” www.tahawultech.com
between itself and the firm’s other business units. This division wanted to restrict network access to those parties who required it for business purposes, while denying access to everyone else. However, the division did not know how its network was being used. It feared that if the security team began implementing new access control list entries on in-line security devices, primarily routers and firewalls, that legitimate business traffic might be disrupted. The division worried that interruptions to business operations would undermine its security measures and result in no improvement whatsoever. The security team realised that it needed to understand how its network was being used before implementing a single new access control list. They began collecting network security monitoring data in Corelight format at the locations where they expected to begin limiting network access. After 30 days, they analysed the data and developed a profile for normal business-to-business activity, which in the future would be whitelisted
www.tahawultech.com
and passed. They also discovered several instances of suspicious and malicious activity which prompted formal incident response processes. Once the analysis was complete, the security team implemented their new access control list, based on the 30 days of transaction logs. They did not hear a single complaint from any business representative. They had successfully improved the security of their businessto-business network connections while preserving legitimate operations. They decided to replicate the process in other parts of the company as well. The scenario you have described looks like an example of organisation implementing a preventive security measures, which means the business unit was trying to improve its posture. Can Corelight be instrumental for organisations that are on the other end of the spectrum and want to apply proactive security strategies? Absolutely, a previously stated, Corelight
data is compact, yet high-fidelity. In one experiment that I conducted, I found that Corelight data was 1/1000th the size of full content data in libpcap format (“pcap”). In other words, I had collected roughly 300 GB of network data in pcap format over two weeks, but Corelight summarised that data into logs occupying 300 MB of space, in a compressed and archived format (“gzip”). Some believe that security teams should only collect the data that they could reasonably be expected to review on a regular basis. The special nature of Corelight data turns this advice on its head. Because raw storage is cheap, it makes sense to collect Corelight data whether or not it is immediately or routinely reviewed. Consider the benefit of having weeks, months, or potentially years of Corelight data saved to disk. If at some point the organisation suspects it has been compromised, that data will be invaluable. Using Corelight data, organisations conducting incident response can better determine the scope and duration of the incident, stretching back as far as the stored data allows. One caveat to this strategy is important: beware cost or storage limitations imposed by a Security and Information Event Management (SIEM) solution. It does not make sense to load unending data into a SIEM if the cost model is volume-based. The advice here relates to saving to a cheap storage solution, whether an on-premise option or cloud-based offering.
An earlier version of this article mentioned that EMT Distribution is Corelight’s distributor in the region. EMT Distribution is not affiliated with Corelight’s regional operations. The company has not officially announced a distribution partner for the region.
NOVEMBER 2019
21
INTERVIEW
DUTY BOUND SEKHAR SARUKKAI, VP, MCAFEE, SAT DOWN WITH SECURITY ADVISOR ME TO SHARE INSIGHTS INTO WHY SECURITY AND COMPLIANCE ARE EVERYONE’S RESPONSIBILITY.
M
any organisations, large and small, are moving their data and processes to the cloud to take advantage of the flexibility, efficiency and cost savings it can bring. Over the recent past, fears over cloud security have subsided. Today, not only is cloud adoption rising steadily across geographies, industries and job functions, but confidence in cloud security is climbing as well. “When we started Skyhigh Networks in 2011, cloud technologies were only at their nascent stages,” said Sekhar Sarukkai, VP at McAfee. “Back then, many CIOs have little idea on what cloud solutions are suited for their business let alone how they can secure those technologies.”
22
NOVEMBER 2019
Anticipating the vital role that cybersecurity will play for cloud environments, Sarukkai together with Rajiv Gupta and Kaushik Narayan founded Skyhigh Networks eight years ago. In doing so, they pioneered an entirely new product category called cloud access security broker (CASB) that analysts have described as one of the fastest growing areas of information security investments. Last year, the company was acquired by global IT security firm McAfee. The acquisition is the vendor’s first foray into the CASB market segment, which the company believes will help its vision of enabling organisations optimise mission-critical cybersecurity environments for the future. Since being integrated into the McAfee business, Sarukkai said that they have
been focused on how they can integrate and reconcile different security policies in the cloud. “Our whole MVISION family of innovations is focused on that,” he explained. “It offers a single point of visibility, comprehension, and control across your entire digital infrastructure. With solutions that span endpoints, servers, mobile, cloud, and IoT devices, MVISION products aim to increase the effectiveness of enterprise security teams.” CLOUD SECURITY SHARED RESPONSIBILITY MODEL An increasing number of organisations are embracing cloud technologies to the point where increased security has become a major reason why enterprises opt for cloud solutions. However, there is often a misconception that the move to
www.tahawultech.com
cloud also relieves the organisation from responsibility for security. In fact, a Gartner study warned that by 2022 at least 95 percent of cloud security failures will be the customer’s fault. “While cloud solutions today are becoming inherently secure that doesn’t mean that customers don’t have a role to play in keeping these technologies secure,” said Sarukkai. According to Sarukkai, a good practical analogy would be buying or renting a car. In this scenario, car manufacturers have the responsibility to produce vehicles that have security features built-in such as brakes and seatbelts. Once those cars are shipped to a dealership or car rental companies, it is then their responsibility to check that elements such as tire pressure, hand and foot brakes, seatbelts and so on are all in functioning properly. Finally, once the vehicle is already in the possession of the consumers, it is now their responsibility to make sure that they also take the proper measures to ensure their security while using the car. They need make sure that it has enough petrol, that they wear seatbelts when driving it and ensure that they are using the vehicle responsibly. “This is the same model that we need to follow in ensuring the effectiveness of cloud security,” explained Sarukkai. “Vendors and service providers are responsible for ensuring that cloud technologies and services the deliver are secure. But, ultimately, it is the responsibility of the end-users to know all the security measures delivered by the CSPs and how to enable them, including any additional security from services such as CASBs. They also need to ensure that developers and employees understand their position on the shared responsibility model.” McAfee’s has introduced a 360° Shared Responsibility model, which is designed to be an actionable bestpractice guide. It shows which groups
www.tahawultech.com
are either wholly or jointly accountable at each layer of the model, with a focus on those groups inside the enterprise. “We all need to work together and know what we are responsible for to ensure cloud security’s success,” he said. Looking ahead Sarukkai highlighted that automation will play a vital role in further enabling cloud security. “Automation tools can enable
“WE ALL NEED TO WORK TOGETHER AND KNOW WHAT WE ARE RESPONSIBLE FOR TO ENSURE CLOUD SECURITY’S SUCCESS.”
organisations to accelerate threat detection and mitigation. To help our customers address these needs, McAfee has invested significantly in integrating automation tools into our products. “We have also launched an initiative called ‘Shift Left’, which is a practice intended to find and prevent defects early in the software product lifecycle process. The vision is to improve security by moving tasks to the left as early in the lifecycle as possible.” The initiative urges IT teams to integrate security earlier into the DevOps process. It also enables security professionals can catch risky configurations before they become a threat in production. “We believe that cloud applications need to be born secure rather than be made secure after the fact,” he said.
NOVEMBER 2019
23
INSIGHT
S
ometimes it’s the little things. In hindsight, more often than not, getting hacked can stem from a minor misstep or completely preventable mistake. Common security mistakes and overlooked misconfigurations can open the door for malware or attackers, potentially leaving your environment and any exposed data ripe for the picking. Avoid these top five configuration gaffes to reduce the threat exposure to your organisation. Default credentials It almost seems too obvious to include here but leaving default usernames and passwords unconfigured for databases, installations, and devices, by far, is one of the most common and easy items for a hacker to exploit. Leaving default credentials on network devices such as firewalls, routers, or even operating systems, allows adversaries to simply use password checking scanners to walk right in. In more skilled setups, hackers can
24
NOVEMBER 2019
THE LITTLE THINGS COUNT TIM BANDOS, VICE PRESIDENT OF CYBERSECURITY, DIGITAL GUARDIAN, DISCUSSES HOW CONFIGURATION MISTAKES COULD PROVIDE FIELD DAYS FOR HACKERS. simply stage a series of scripted attacks geared at brute forcing devices by focusing on either default usernames and passwords, or basic passwords like “qwerty” or “12345.” A few months ago, researchers uncovered a Python-based web scanner, Xwo, that can easily scan the web for exposed web services and default passwords. After collecting default MySQL, MongoDB, Postgre SQL, and Tomcat credentials, the scanner forwards the results back to a command and control server. Leaving default credentials on any device is akin to leaving your keys in a locked door. Even a 12-year-old with some internet access at home could majorly breach a corporation just by using one of these freely available tools on the internet to check for default credentials.
Password reuse Having strong and complex passwords isn’t the only action that needs to be taken when securing your environment. Oftentimes, I see environments that’ll leverage the same user account and password across every device in a fleet of endpoints. Sure, to an IT administrator this may be convenient, but it’s not necessary and can grant an attacker the ability to pivot across every machine, even if only one of those computers has been breached. From there, attackers can leverage credential dumping programs to get their hands on the passwords or even the hashes themselves and then it’s open season. Avoid password reuse at all costs and disable any accounts that are not required.
www.tahawultech.com
Exposed remote desktop services and default ports Any externally facing device that’s connected to the internet should have layers upon layers of protection to combat attempts to gain access, like a brute force attack. Services like Remote Desktop Protocol, or RDP, a proprietary protocol developed by Microsoft, can provide administrators an interface to control computers remotely. Increasingly, cybercriminals have taken to leveraging this exposed protocol when it’s not configured properly. Administrators should leverage a combination of strong/complex passwords, firewalls, and access control lists in order to reduce the likelihood of a compromise. Delayed software patching This, like leaving default credentials on a server or system, may seem like another potential no-brainer. It’s worth pointing out that keeping operating systems up to date and patched appropriately can prove significantly effective at preventing a breach, however. While there are
www.tahawultech.com
“WHILE THERE ARE NUMEROUS EXPLOITS AND VULNERABILITIES FOUND DAILY — AND YES IT CAN BE DIFFICULT TO KEEP UP — IF ADMINISTRATORS AREN’T PROPERLY MAINTAINING THEIR PATCH LEVELS, THEN IT’S GAME OVER.” numerous exploits and vulnerabilities found daily — and yes it can be difficult to keep up — if administrators aren’t properly maintaining their patch levels, then it’s game over. Ironically, of the breaches I’ve worked on where the attacker’s gotten in via a vulnerability, a majority of them have been a vulnerability that was ridiculously old. It shouldn’t come as a surprise — attackers will continue exploiting old bugs as long as they’re effective. There’s hype around detecting and preventing zero days, but the most common vulnerabilities that are exploited can be classified as a fossil. Logging turned off Disabled logging doesn’t necessarily allow an attacker to get into a system,
but it does allow them to act like a ghost while they’re in there. Once in, hackers can move laterally through a network in search of data or assets to exfiltrate. Without logging, they can do all this while leaving zero tracks behind. This creates a true ‘needle in a haystack’ scenario for incident responders and forensic analysts and makes their job that much harder when trying to reconstruct what may have happened during an incident or intrusion. Enabling logging and having it sent to a centralised location, like a security information and event management (SIEM) platform is highly recommended. That data will provide the breadcrumbs needed by forensic analysts during an incident response investigation to reconstruct the attack and scope the intrusion. Additionally, it can prove highly useful when it comes to responding to threats that may have triggered an alert from an event in the collection of said logs. Having appropriate security configurations requires your applications, servers, and databases, to be hardened in accordance with best practices. Leaving these devices or platforms in a default state only makes the job of an attacker that much easier. It may not happen right away, but they’ll discover these misconfigurations at some point, gain unauthorised access — and depending on their intent — steal sensitive data or cause damage. Avoid becoming an easy target and follow these precautionary steps to protect yourself and your data.
NOVEMBER 2019
25
FEATURE
GETTING CERTIFIED WITH MANY ORGANISATIONS FACING SIGNIFICANT CHALLENGES WHEN IT COMES TO STAFFING THEIR CYBERSECURITY TEAMS IT IS NOW MORE IMPERATIVE THAN EVER FOR BUSINESSES TO TAKE STOCK OF THEIR EXISTING WORKFORCE AND CONSIDER WAYS TO IMPROVE THE RANGE OF SKILLS THEIR TEAMS CAN SHOWCASE.
26
NOVEMBER 2019
www.tahawultech.com
A
s cybersecurity has moved up the agenda for organisations large and small, the number of universities offering degree courses in the subject has, likewise, increased significantly. Some aspiring cybersecurity professionals specialise at an early stage by enrolling on a bachelor’s degree in the subject. Others may complete a more broadbased degree in IT – or even in an unrelated subject – before focusing on cybersecurity as the master’s degree level. Such postgraduate courses may also draw in people who have spent a number of years working, often in fields such as the military, and are retraining in cybersecurity. Once qualified, those who complete these courses should have ample career opportunities because, by most accounts, the skills shortage in cybersecurity is acute. Indeed, in a survey by the analysis company ESG published earlier this year, 74 percent of cybersecurity
professionals said that the skills shortage in cybersecurity had affected the organisation where they worked, up from 70 percent from a year earlier. When the survey results were released, Jon Oltsik, a senior principal analyst at ESG, wrote that it was “hard to say” whether the skills shortage was worsening. “What’s absolutely clear, however, is that there is no evidence to suggest that the cybersecurity skills shortage is improving,” he added. In a similar vein, research published late last year by the Florida-based International Information System Security Certification Consortium or (ISC)², the cybersecurity professional association, found that, globally, there was a shortage of almost 3 million cybersecurity specialists. In North America, the shortfall was estimated to be about half a million, while in the Asia-Pacific region it exceeded 2 million. So, no doubt, now is a good time for young people looking entering the job market for the first time, or for more mature individuals retraining, to gain skills and qualifications in cybersecurity. But what options are open to those who are already working in cybersecurity and who are looking to gain additional
Amanda Finch, Chartered Institute of Information Security Professionals
“AT THE MOMENT THERE ARE SO MANY COURSES AND QUALIFICATIONS OUT THERE. SOME OF THEM ARE BETTER THAN OTHERS. SOME ARE MORE APPROPRIATE DEPENDING UPON THE ROUTE YOU WANT TO TAKE.” www.tahawultech.com
skills and secure formal recognition for what they have learnt? Also speaking earlier this year, Oltsik indicated that many cybersecurity professionals may have to take responsibility for their own professional development, saying that employers were often not providing as much training as they should. “That means I, as a cybersecurity professional, need to go out on my own and figure out how to get that training,” he was quoted as saying. A burgeoning area of interest is cybersecurity certification, something that offers cybersecurity professionals the opportunity to make themselves more sought after by both employers and clients. Just as degree courses have sprung up in large numbers, so the certification field is expanding rapidly, with a plethora of organisations offering what might seem to be a bewildering array of certifications. Amanda Finch, CEO of the Chartered Institute of Information Security Professionals, a Britishbased organisation with a worldwide membership, acknowledges that it can be difficult to make sense of what is on offer. “At the moment there are so many courses and qualifications out there. Some of them are better than others. Some are more appropriate depending upon the route you want to take,” she said. There are broad-based certifications that cover all the key areas of cybersecurity, among them the Certified Information Systems Security Professional (CISSP) qualification offered by (ISC)². This certification programme is open to people who have been working in a related field for
NOVEMBER 2019
27
FEATURE
at least five years, so is popular with managers and senior executives. This programme has an examination covering eight “domains”, among them security architecture and engineering, identity and access management, software development security and asset security. According to those offering the course, individuals who become a CISSP will be able to “effectively design, implement and manage a best-in-class cybersecurity programme”. One of the best-known cybersecurity certifications, the CISSP is held by more than 130,000 people, nearly two-thirds of them in the United States. There are, of course, many other cybersecurity certifications offering training in a similarly broad range of skills. However, a key driver behind the growth in the number of certifications available, and in the number of people pursuing certification, is the desire to specialise. Finch describes cybersecurity as being “such a broad profession” much like, she suggests, medicine, with myriad sub-fields. As a result, there are certifications specialising in areas such as cloud security, ethical hacking and security architecture, to name just a few of the many options available. These programmes represent an investment in terms of time and money, so individuals taking them would hope for a significant impact in terms of career prospects. So, what do people working in the cybersecurity sector think of these courses and the potential added value that they offer? Anthony Perridge, vice president international at ThreatQuotient, a threat intelligence platform that has partnered with the Dubai-based value-added distributor StarLink, takes a largely
28
NOVEMBER 2019
Anthony Perridge, ThreatQuotient
“ANYTHING THAT DRIVES CONFORMITY AND STANDARDS AND GIVES YOU A SENSE BY WHICH YOU CAN MEASURE YOURSELF, A YARDSTICK, IS A GOOD THING.” positive view of certification. “Anything that drives conformity and standards and gives you a sense by which you can measure yourself, a yardstick, is a good thing. Our industry can be very confusing,” he said, speaking at the recent GITEX Technology Week 2019 in Dubai. Others appear less convinced by the need to become certified. Among them is Samir Kirouani, a senior sales engineer with Centrify, which offers privileged and access management products that are used by the public sector and in fields such as banking. He says a lot of people in the Middle East “have spent a lot of time on training,” but describes certification as “just an endorsement” that someone can actually do what they are supposed to be able to do. “The people that do them [cybersecurity certification courses] are those that want to move on in a job,” he said. “It’s an endorsement that you know what you do. Some people like that. Others think it’s just a certification.” If people are “good at what they do” he says that certification may not be necessary, although he describes the CISSP qualification as a “quite good” one to have. Finch suggests that formal certification offers a reliable indication that a person has particular skills. “You need to understand that that
person has that level of competency. We’ve been doing this for years – assessing people on their experience, not just their qualifications, but that they can practice it in the workplace. We’ve got a skills framework and a knowledge framework,” she said. Finch at the Chartered Institute of Information Security Professional expects that, in future, there will be “much more clarity” in what formal recognition is available, which might be welcomed by cybersecurity professionals, employers and clients trying to make sense of the myriad degree courses and certifications available. An interesting development is that Finch’s own organisation awarded a Royal Charter in the United Kingdom in July this year, allowing it to add the word to its name. This formalises the organisation’s role in offering professional qualifications, and is likely to mean that, in future, cybersecurity specialists will be able to secure chartered status, much as, for example, accountants and architects have long been able to. “We’ll be looking at chartered professionals in the future,” said Finch. So just as cybersecurity itself is a fastevolving area, so too is the field dealing with certifications and qualifications linked to it. Those working in the sector will be keeping a close eye on developments.
www.tahawultech.com
FEATURE
THE COST OF STAYING SECURE
S
DESPITE ORGANISATIONS INCREASING THEIR SECURITY BUDGETS AND INVESTING SIGNIFICANTLY IN THE LATEST CYBERSECURITY TOOLS, ENTERPRISES ARE STILL FACING RISKS OF MORE DATA BREACHES THAN EVER BEFORE. SECURITY CORRESPONDENT DANIEL BARDSLEY SPEAKS TO INDUSTRY EXPERTS TO DISCUSS HOW IT AND BUSINESS LEADERS CAN USE THEIR RESOURCES MORE WISELY.
pending on cybersecurity is increasing dramatically, with budgets growing much faster than those of the IT sector as a whole. According to figures from Gartner reported by Cybersecurity Ventures, the annual global spend on cybersecurity this year is likely to be $124 billion. Seen in isolation, this figure appears large enough. But when it is considered that is 35 times the size of the yearly spend from 13 years ago, it appears truly vast.
www.tahawultech.com
Statistics from RSA Conference, the annual cybersecurity event in San Francisco, indicate that global cybersecurity budgets rose by 141 percent between 2010 and 2018, with spending on cloud security alone having increased almost 1.5 times since 2017. And this is at a time when IT as a whole is not benefiting from the same level of growth in spending. In July, Gartner forecast that worldwide IT spending in 2019 would reach $3.74 billion, up just 0.6 percent on last year’s figure. There is no sign that the stratospheric growth in cybersecurity investments is going to tail off, even if IT budgets as a whole remain under pressure. Far from
it, in fact – last year’s total cybersecurity spend was 12.4 percent up on that of 2017, according to Gartner, and by 2022 global cybersecurity investments are forecast to reach $170.4 billion. The amounts being spent by some individual organisations on cybersecurity are eye watering. Microsoft’s cybersecurity budget exceeds $1 billion a year, Cybersecurity Ventures reports, while the financial organisation JP Morgan Chase spends around $600 million each year to protect its assets. And that’s even before the cybersecurity budgets of government departments are considered – in the United States, these can reach many, many billions.
NOVEMBER 2019
29
FEATURE
Yet, amid all of this rapid growth in cybersecurity spending, the number of breaches that organisations are facing is increasing too. The cost of a data breach study by the Ponemon Institute, carried out on behalf of IBM, found that the time to identify and contain a data breach is now 279 days, which is up nearly five percent on 2018, when the average time was about 266 days. Similarly, the cost of a data breach is growing, with the same study finding that the average penalty was $3.92 million this year, up from $3.86 million last year. While in other sectors of IT, as experts have noted, the pressure is on to reduce inefficiencies and to increase productivity, in cybersecurity such improvements in performance are harder to identify. So why, given the increased spending, is the cybersecurity sector failing to generate better outcomes? “As cybersecurity is changing all the time, the attackers are usually one step ahead of companies,” says Dimitris Raekos, general manager, ESET Middle East. “There is currently a lack of genuine cybersecurity awareness within organisations and a tendency for IT managers to be ‘misled’ when they are
selecting cybersecurity products and solutions,” he adds. They can be impressed by buzzwords or phrases, notably artificial intelligence,
Dmitris Raekos, ESET
“THERE IS CURRENTLY A LACK OF GENUINE CYBERSECURITY AWARENESS WITHIN ORGANISATIONS AND A TENDENCY FOR IT MANAGERS TO BE ‘MISLED’ WHEN THEY ARE SELECTING CYBERSECURITY PRODUCTS AND SOLUTIONS.” 30
NOVEMBER 2019
but the reality of the solutions they purchase may not live up to the hype. “They spend on products that are more marketing than solutions. In cybersecurity there are no silver bullets. It doesn’t [follow] if they spend more, you will have more security. Companies need to find products for their needs,” he explains. This issue – of companies buying products or solutions that turn out not to offer significant benefits – is also identified by Jeff Ogden, general manager – Middle East and India for the email security company Mimecast. He recalls a recent forum attended by numerous chief information officers (CIOs) and chief information security officers (CISOs) at which they were
www.tahawultech.com
SECURING A MOBILE WORKFORCE Jeff Ogden, Mimecast
“THE THREAT IS GROWING. THE INDUSTRY TARGETING ORGANISATIONS IS GROWING. THE ACCESSIBILITY OF THIS TECHNOLOGY TO ATTACK AN ORGANISATION IS ALSO GROWING.” asked how many technologies that they had purchased over the past three years had they switched off. This straw poll found that buying technologies, only to find that they were not solving problems, was the norm. Often, says Ogden, new products end up “making complex environments more complex”. “Why are they continuing to invest [greater amounts on cybersecurity]? We have a big focus in this region around technology. People have been budgeting for these particular technologies. That’s why the budgets are continuing to grow,” he says. “The mistake a lot of people make is to go and buy features. They buy such nice technology. It does a very good job in the niche, but when you have a complex problem you need a holistic solution.” He says that organisations are starting to realise this and are working towards getting more joined up solutions in place. Any discussion that highlights the growth in the number of breaches despite increases in cybersecurity spending should, of course, not ignore the primary factor – the threat landscape is increasing daily. As Cybersecurity Ventures notes, there has been a “dramatic rise” in cybercrime, ransomware attacks have reached “epidemic” levels, and billions of poorly protected Internet of Things (IoT) devices have been deployed.
www.tahawultech.com
“The threat is growing. The industry targeting organisations is growing. The accessibility of this technology to attack an organisation is also growing,” said Ogden. “This region is heavily targeted. Saudi Arabia is second globally in the number of targeted attacks.” So, in the current climate of bigger budgets, bigger threats and more breaches, what are the solutions? Ogden says that one conclusion of the gathering of CIOs and CISOs that he took part in recently was that simplification was “the number one priority”. “Every one of them said, ‘We’ve got to make things simpler,’” he said. Ogden says the products that Mimecast offers can offer 10 security products in a single console, something that can counter the problem of non-integration of security products, which complicates detecting and dealing with threats. He says other companies are consolidating products too. “If you look at Microsoft, they’re doing a great job of consolidating to a single platform – Azure,” he said, referring to the tech giant’s cloud computing platform. Indeed, Ogden says that the ongoing migration to the cloud “absolutely” could be part of the solution to the problem of companies spending more on cybersecurity only to end up with too many products, high bills and security gaps.
Providers often have their own perspective on where the solution lies to the question of why companies are spending more only to be breached more frequently. Their views are often linked to the particular field in which their companies operate. One reason sometimes identified to explain the increased risk of breaches is the migration to mobile devices. Marek Jedrzejczyk, vice president of Famoc, a Polish-based mobile security company, thinks that companies neglect to invest in mobile security. “People are coming from [an] old windows [approach], not from mobile … The IT guys, they come from the PC world, they don’t think about mobility,” he said. This lack of awareness around mobile security comes despite hackers tending to focus on mobile sites, according to Jedrzejczyk. Another approach is restricting access to networks. Samir Kirouani, a senior sales engineer for Centrify, a privileged access management company, says that this is key to improving cybersecurity. “That’s our message to the companies – despite spending this money, you still get breached. We believe identity is the number one vector. We try to bring the concept of the least accessed privilege. When we’re going to the customers, we’ll ask them to revoke access, he said. The company promotes a rules-based access and control approach, with individuals given their privileges in terms of access only when they need them and not by default. This approach, says Kirouani, would “definitely” reduce the number of breaches. “Eighty percent of attacks are coming from identity,” he said.
NOVEMBER 2019
31
FEATURE
A TALE OF TWO TECHNOLOGIES INCREASING INTERDEPENDENCE BETWEEN INFORMATION TECHNOLOGY (IT) AND OPERATIONAL TECHNOLOGY (OT) IS UNCOVERING NEW OPPORTUNITIES FOR MALICIOUS ATTACKS. HOW CAN ORGANISATIONS OVERCOME SECURITY ROADBLOCKS IN THE IT-OT CONVERGENCE? DANIEL BARDSLEY INVESTIGATES.
32
NOVEMBER 2019
www.tahawultech.com
W
hen breaches happen, they are often aimed at stealing data or, with
ransomware, trying to extort large sums of money to be paid to anonymous hackers in cryptocurrency. Serious though such attacks are, typically their worst impacts are financial, even if these can run into the tens of millions of dollars. When it comes to operational technology (OT), the hardware and software that manages physical systems, the consequences can be even more significant. There is the risk of power plants being paralysed, of military installations having operations disrupted and, in extreme cases, of lives being put at risk. “You have the same threat surfaces in the OT environment that you have in
the IT environment. But if something happens on the IT side, you won’t be able to access email; no one will die. In the OT environment it’s process disruption, safety,” says Marcus Josefsson, Middle East, Africa and Russia director for Nozomi Networks, which offers solutions for OT and IoT visibility and security. There have been a number of highprofile OT attacks, such as the Stuxnet computer worm that is blamed for damaging Iran’s nuclear programme or the highly publicised issue of possible United States cyberattacks on Russia’s power grid. Not only are security issues affecting OT critical, but their reach is growing, as internet-enabled devices become used ever more frequently in a wide swathe of industrial control systems (ICS). The increased OT security risks brought about by the growth in the number of connected devices were highlighted by a survey published earlier this year by the SANS Institute, an information security training and certification organisation.
Marcus Josefsson, Nozomi Networks
“HYPERCONNECTIVITY AND THE RAPID INTRODUCTION OF NEW TECHNOLOGY WITHIN OT IS PROVIDING TANGIBLE VALUE, BUT THE ADDED COMPLEXITY THAT COMES WITH EACH CONTINUES TO OUTPACE THE READINESS OF THOSE TASKED WITH SAFEGUARDING TODAY’S SYSTEMS FROM CYBER THREATS.” www.tahawultech.com
Of the hundreds of security professionals canvassed for the 2019 State of OT/ICS Cybersecurity Survey, 40 percent said that they were using a cloud service, while 37 percent said that their OT control system connections were wireless. The survey also found that engineering workstation applications were often being replaced by mobile applications, while data from sensor networks was often being communicated wirelessly. These developments are significant because they multiply the potential attack surfaces, yet, the survey found, security professionals often do not recognise the greater risks being created. Indeed, one of the key conclusions of the SANS Institute’s report was that OT is being compromised by a lack of visibility into the attack surfaces. Other studies have, likewise, found that identifying and keeping track of assets has become a central issue. Not helping matters is the reality that, as the technology evolves, there can be a lack of clarity over which parts of a company need to take responsibility for OT vulnerabilities. So, it is fortunate that making control system cyber assets more visible was a priority for almost half of those surveyed, although there is still much more to be done. In a statement released when the survey was published, Doug Wylie, the director of the SANS Industrials and Infrastructure practice area, said that the results showed “that practitioners struggle mightily” to deal with risks linked to IoT and mobile devices to ICS. “Hyperconnectivity and the rapid introduction of new technology within OT is providing tangible value, but the added complexity that comes with each continues to outpace the readiness of
NOVEMBER 2019
33
FEATURE
Song Jing, Shenzhen Y&D Electronics Information Company
“CYBER INCIDENTS TARGETING INDUSTRIAL CONTROLS COULD HAVE A DISASTROUS IMPACT ON THE PHYSICAL WORLD, SO PROTECTING PHYSICAL SYSTEMS REQUIRE A DIFFERENT APPROACH.” those tasked with safeguarding today’s systems from cyber threats,” he says. In this state of heightened concern over OT vulnerabilities, it was appropriate that, in October, a string of the world’s top IT companies joined forces to create an alliance focused on OT security. Well-known names including ABB, BlackBerry Cylance, Fortinet, Microsoft and Mocana created the Operational Technology Cyber Security Alliance (OTCSA). As media reports detailing the launch noted, the group has multiple aims, including trying to speed up the adoption of the best technology in the OT sphere, improving the interfaces between OT and IT, and providing assistance when it comes to regulations. Another focus is the development of a systems architecture for OT suppliers, and there will also be efforts to promote the procurement, installation and maintenance of secure OT infrastructure. As OT and IT convergence continues, there are significant opportunities created for players such as Nozomi Networks, which was founded in Switzerland in 2013 and is headquartered there and in San Francisco. Josefsson launched the company’s office in Dubai and, a year ago, was the
34
NOVEMBER 2019
sole representative; now there are 10 people based in the UAE, making it the company’s largest office outside the United States and Switzerland. While industries such as oil and gas are important customers for the likes of Nozomi Networks – indeed the company can trace its technology back to this sector – as digitisation continues, many other sectors are in need of OT security solutions. “With OT security, if you go back even a couple of years, it was oil and gas and utilities. Now we see airports – such as baggage carousels – and data centres,” he says. “If you take an airport, they have about 30 OT networks for waste, water, electricity, heating, ventilation and baggage management,” says Josefsson. A security issue that shuts down a baggage system could have serious knock-on effects that could even close the airport. Nozomi Networks offers a solution for OT and IoT security and visibility called Guardian, which is linked to a Central Management Console that consolidates data from appliances. Josefsson says that the solution gives users a highly detailed view of the asset inventory; predictive maintenance and troubleshooting are other functions performed by the company’s products. “It has to be very granular and it’s
very ICS-specific. Visibility in IT and OT is different and traditional vendors for cybersecurity don’t understand this environment,” explains Josefsson. “The pressure in a pipeline [for example], it’s not something you would see an IT network. The IT people don’t understand the operational world; that’s a bridge we try to cross for them.” Even schools or hotels, for example, can be put at risk because of OT vulnerabilities, such as if an air conditioning system is hacked. “Customers are starting to deploy [the company’s technology] more in a hybrid environment. Then we start running into a slightly different competitive landscape,” he says. Many other players are also interested in security issues affecting the OT environment. The Chinese firm Shenzhen Y&D Electronics Information Company was among those exhibiting at the recent GITEX Technology Week 2019 in Dubai. “In the future, physical systems will become more digitised blurring the lines between the physical and virtual worlds,” says Song Jing, the company’s pre-sales director. “That’s why cyber incidents targeting industrial controls could have a disastrous impact on the physical world, so protecting physical systems require a different approach.” There is, he says, a need for high accuracy and real-time monitoring and protection in the OT environment. “That’s how we provide our solutions within China, but we hope to extend beyond China [into] the Gulf market,” he explains. So, as ever more connected devices are used in the ICS and OT environments, more companies are likely to offer their security capabilities in the Middle East and around the world.
www.tahawultech.com
REVIEW
RING DOOR VIEW CAM GIORGIA GUANTARIO TAKES RING’S DOOR VIEW CAM FOR A SPIN AND REVEALS WHY ITS EASE OF INSTALLATION, GOOD VIDEO QUALITY AND MOTION SENSORS’ SETTINGS MAKE IT A STANDOUT IN THE SMART HOME SECURITY MARKET.
B
eing a home renter, I have never actually looked into smart doorbells, as I doubt any of my landlords would’ve been delighted to know I drilled holes into the outside of their property. Enter Ring’s newest addition to the market, the Ring Door View Cam – the first of its genre that will easily replace your peephole with a smart doorbell, no drilling involved whatsoever. For the ones who are not familiar with smart doorbells, the Door View Cam will send a notification to your phone through the Ring app whenever
36
NOVEMBER 2019
someone knocks on your door, triggers its motion sensor (depending on the selected level of sensibility – more on that later) or rings the built-in doorbell. Through the app, you will then be able to see, listen or talk to whoever is outside your door. The easy set up is arguably the best feature of this smart doorbell – so easy that it probably didn’t take me more than five minutes to complete (even though I did have to rely on Ring’s YouTube channel to walk me through some of the steps). After fully charging the Door View Cam’s battery, using a very handy tool
included in the box that can scrape away any paint and acts as a screwdriver, I was able to remove my flat’s peephole, something I didn’t even know was possible, in a matter of seconds. Then I just had to place the smart doorbell in the hole from outside, and connect it to the inside part, a white plastic box placed on the inside of your flat to connect the camera’s cable and battery. Ring even provides a spare connecting cable in case anything happens to the first one during or after installation. Once the physical set up is out of the way, all I had to do is connect the
www.tahawultech.com
tool for anyone, who like me, has stuff delivered to their flat all the time. Thanks to the app, you don’t just get to see whoever is outside your door at any time and wherever you are, but you can also communicate with that person using the doorbell’s two-way communication feature. The Door View Cam also features 1080p resolution, with a wide-angle 155-degree lens and IR lights during nighttime.
doorbell to my Wi-Fi connection and download the app to finish setting it up, which again probably took me less than a minute. The Door View Cam works on 2.4GHz Wi-Fi – not as good as Ring Video Doorbell Pro’s 5.0GHz Wi-Fi, but understandable as that requires hardwire configuration. When it comes to everyday use, Ring’s smart doorbell is the perfect
www.tahawultech.com
For the first 30 days, Ring also provides video recording on the cloud for free using Ring Protect Plan. Once the free period is up, you can purchase a monthly or yearly plan, or if you choose not, you will still be able to get alerts and answer the door, but no footage will be recorded. The first few days with the Door View Cam were a bit of a nightmare, mainly because I didn’t realise I could adjust the sensitivity of the motion sensors, which means that anytime a neighbour would pass in front of my door, I would get a notification – let’s just say there were a whole lot and it felt quite creepy to watch my neighbours’ movements. Once I explored the settings of the smart doorbell on the app, I discovered that Ring allows you regulate your motion settings in many different ways to avoid any unwanted notifications, including adding a motion schedule and frequency, turning on motion verification to reduce unwanted motion notifications and trim recordings if motion stops, and optimise the sensors using Ring’s Motion Wizard – a nice little questionnaire to give the doorbell more information about your door’s surroundings. The Door View Cam also works with Alexa by asking “Alexa, show me my front door”. For any Echo Show or Echo Spot’s owners, you will also be able to use the devices as you do your mobile phone to view, listen and talk to anyone in front of your door. The smart doorbell doesn’t however work with Google Smart Assistant. Last but not least, the smart doorbell includes a glass viewer, so if you’re home you can just use the Door View Cam as a normal peephole. The Door View Cam is priced at AED 699 and available at Ring.ae, Amazon.ae, Dubai Duty Free, Jumbo, Sharaf DG and Virgin Megastore.
NOVEMBER 2019
37
INSIGHT
HOW A ZERO TRUST WORLD CAN MAKE ORGANISATIONS MORE SECURE
W
e have all seen the popular movie Panic Room with leading actress Jodie Foster. The concept is an extraordinarily safe room inside a reasonably safe house, with an outer perimeter protected by camera surveillance and other commodity detectors and alarms. Intruders are able to gain access through the outer perimeter into the house, but once the occupants of the house enter the panic room the intruders are foiled. Organisations needs to protect their perimeters, but more importantly must assume that threat actors will be able to penetrate them and will have access to move around inside the organisation’s network. Building multiple safe, panic rooms inside the organisation’s network is therefore a great idea. Ensuring that absolutely no one can enter the panic room - except the proverbial Jodie Foster and her daughter is also equally important. What about an assumed identity? Suppose threat actors gained knowledge of the access codes to the proverbial panic room inside an organisation’s network? Then they could enter - right? But suppose the access codes were rotated after each use, and were generated only on request. No predetermined assumptions would be used.
38
NOVEMBER 2019
BY GRANTING MINIMUM PRIVILEGES TO COMPLETE A TASK AND ONLY PROVIDING ADDITIONAL PRIVILEGES ON REQUEST, ORGANISATIONS ARE PROTECTING THEMSELVES FROM HACKERS, WHO CAN ASSUME CREDENTIALS OF PRIVILEGED WORKERS, EXPLAINS KAMEL HEUS, REGIONAL DIRECTOR, NORTHERN, SOUTHERN EUROPE, MIDDLE EAST AND AFRICA, CENTRIFY. In the current modern-day environment of digital enterprises, digital technologies, mobile workers, connected devices, and hybrid platforms of computing, this approach of security access is increasingly the way forward - and is referred to as a Zero Trust approach. Zero Trust rejects the long-accepted adage of “Trust, but verify,” and replaces it with a new mandate more aligned to modern threats: “Never trust, always verify.” Organisations must always assume that the most privileged users in an organisation’s network will be the most targeted by threat actors. Moreover, once targeted, privileged credentials may invariably get stolen and threat actors will gain access to the organisation’s network using those credentials. The modern-day trend now is to limit the privileges linked to any access, so that even if the access credentials of privileged users are gained by threat actors their ability to enter the panic room is not assured. In tomorrow’s digital organisations, it’s no longer just people who are accessing critical systems and sensitive data, and the organisation’s network once controlled robustly within the brick and mortal walls of the organisation’s building has now expanded to be replaced by virtual walls of the cloud.
Not only do human workers need to be given access to this network, but digital services and applications, robot workers, autonomous devices, and edge network sensors will all need to log into the organisation’s distributed and virtual network. The once diligent but cumbersome process of manually giving access to known and named human employees, is giving way to an automated and intelligent processes of access control and access rights. There is no doubt that in the future, many of the day-to-day operational requests that are within a known context can be automated. This will ensure that work is not delayed and there is a basis of continuous operation for the users. However, whenever requests do not match a previous pattern or are out of context, behavioural analytics will subject such requests to additional checks or will automatically escalate it for human intervention. Privileged users will continue to be enabled, as in legacy systems, with the only rider that those privileges will be available on request in real time, and only for the time needed to perform the task required. Once the privileges have been used to complete a task, the privileges will be reversed once again to the minimum required.
www.tahawultech.com
YOUR DATA IS YOUR BUSINESS MAKE SURE YOUR COMPANY IS SAFE FROM DATA BREACHES OR LEAKS. EMPLOY OUR POWERFUL AND EASY TO DEPLOY SECURITY SOLUTIONS.
WWW.ESET.COM/ME (+971) 04 3754052
MORE THAN 110 M USERS AND 400K BUSINESS CUSTOMERS IN 200+ COUNTRIES AND TERRITORIES PLACE THEIR TRUST IN ESET SECURITY SOLUTIONS
PHYSICAL SECURITY LINES Access Control, Video Intercom and Alarm Products